0

Anyone knows how to prevent direct URL Access for Submitting Form?

So I have routes like this

$route['registration']=administration/register

When I typed

localhost/myweb/registration

There's a database error, indeed that's because we directly access it by URL without submiting form. I have succeed set validation on my form to prevent database error, but that's in case user submit our form. When it comes user typing "registration", database error.

Well, for some work and pages, I just simple set SESSION as ADMIN or USER, to prevent direct URL access, but we can't do that to form, right?

Notes: My Form Submit data was fine, I just don't know how to prevent user typing "registration" as words of submit execution

Hermes Djohar
  • 111
  • 1
  • 3
  • 16

2 Answers2

0

Manage your route in appliaction/config/routes.php. Like this

$route['registration']='administration/register';

This redirects localhost/myweb/registration to localhost/myweb/administration/register.

Hikmat Sijapati
  • 6,869
  • 1
  • 9
  • 19
  • That's not what I meant. So when user doing a form submit data, clicking the submit button, the URL will change from "administration" (page name) to 'registration'. I don't have problems with routes. So 'registration' word is simply have same function as submit button, but by URL. I can set concept of redirect user when form is empty, but how to put that concept in controler – Hermes Djohar Feb 10 '17 at 04:29
0

To stop direct form submission in Codeigniter you can use CSRF protection.

All you have to do is enable it in your $config['csrf_protection'] in application/config/config.php

$config['csrf_protection'] = TRUE;

and use the form_open() function for your form.

This will stop user from submitting form directly.

Here is are few links for clarification, https://www.codeigniter.com/user_guide/libraries/security.html Codeigniter CSRF - how does it work

Community
  • 1
  • 1
VINEET SHARMA
  • 173
  • 6