Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to add CSRF token to a form?
How to add CSRF token to a form?
  • El Forum
    Guest
  •  
#1
11-06-2012, 09:02 AM

[eluser]Lpeek[/eluser]
Hi all, just wondering how I would add a CSRF token to a form? I expected I'd see a form_csrf() function or something in the form helper but can't see anything like that.

I guess it's automatically added by using form_open() if I were to use the helper to create my forms but what about if I'm creating forms manually?

Thanks!
  • El Forum
    Guest
  •  
#2
11-06-2012, 10:40 AM

[eluser]PhilTem[/eluser]
I haven't found any "official" way of doing this. So either nor CSRF or using the form-helper to create your form_open() part Wink
  • El Forum
    Guest
  •  
#3
11-06-2012, 11:02 AM

[eluser]LuckyFella73[/eluser]
It wouldn't make sense to manually build the hidden input field
but however you could get the csrf hash value like this:
Code:
echo $this->security->get_csrf_hash();
  • El Forum
    Guest
  •  
#4
11-07-2012, 02:25 AM

[eluser]Lpeek[/eluser]
Thanks for both replies, so would it make more sense for me to turn off CSRF then? The issue is I dont want to use the forms helper as I would prefer building forms with html to give me more freedom with them.

Although I have just spotted that you can add attributes with an array using the form helper, so maybe using the helper isnt so bad after all. Are there any drawback with using the helper?
  • El Forum
    Guest
  •  
#5
11-07-2012, 02:43 AM

[eluser]LuckyFella73[/eluser]
If you want to use CSRF protection use the build-in way!
I can't think of anything you can't do using the form
helper compared to the manual way of writing a form tag.

The user guide describes well how to use it but if you have
problems using the form helper come back here and feel free to ask.
  • El Forum
    Guest
  •  
#6
11-07-2012, 03:14 AM

[eluser]Lpeek[/eluser]
Thanks LuckyFella, Just one more question, using form_open it adds index.php to the form link. Is it possible to specify the absolute url? or should I just overwrite the form_helper so it doesn't show?

Thanks!
  • El Forum
    Guest
  •  
#7
11-07-2012, 03:24 AM

[eluser]LuckyFella73[/eluser]
The form helper echoes out the absolute url. I guess you get
the index.php in between the form action-url if you don't remove
"index.php" in your config.php ( $config['index_page'] = ''; ).
I allways use mod_rewrite to get nicer urls so I don't have
that "index.php" in my form actions.
  • El Forum
    Guest
  •  
#8
11-07-2012, 03:30 AM

[eluser]Lpeek[/eluser]
Ah that could be it. I use mod_rewrite so the urls look nice but it was just in the forms that it was still added. I'll take a look in config. thanks!
  • El Forum
    Guest
  •  
#9
11-07-2012, 04:25 AM

[eluser]steveeshair[/eluser]
If you want to use CSRF protection use the build-in way!
I can’t think of anything you can’t do using the form
helper compared to the manual way of writing a form tag.

The user guide describes well how to use it but if you have
problems using the form helper come back here and feel free to ask.




Theme © iAndrew 2016 - Forum software by © MyBB