[eluser]jonez[/eluser]
Hi I'm rebuilding a site in CI3-dev and in the process I'm fixing some of the mistakes I made learning the framework. What is the best practice for these two situations?
1. CSRF protection. The entire app lives behind a login page so I don't feel it's necessary to enable CSRF globally and go through the pain of updating every AJAX post to pass the token along. I'm using a controller hook to check the session and redirect as necessary.
Is there a built in way to only enable CSRF for a single form? Enabling the option sets it globally, I could manually include the field in the login form and validate it server side?
2. Inheritable controllers. The app uses a base MY_Controller that every controller extends and I have 3 special controllers that need an extra level of inheritance. They go MY_Controller -> PP_Editor -> Content.
Originally I had this structure:
/controllers/PP_Controller.php
/controllers/PP_Editor.php
/controllers/Content.php
Now I have this structure:
/core/MY_Controller.php
/???/PP_Editor.php
/controllers/Content.php
Where in the new directory structure should PP_Editor.php go? This controller's methods should not be directly accessible and the functionality would be a mess if I tried to turn it into a library.
I could put it in the controllers folder and inherit as before, then put a check in the constructor to see if the URL matches the controllers route and redirect. That seems a bit odd and I'm hoping there's a cleaner way to do it?
Thanks!