1

I've been reading about the crsf protection in codeigniter, but I can't seem to find a decent tutorial on how to proceed after enabling csrf in the config file.

I have a form generated by a controller function users/create that submits to another function users/submit_new.

I used the form helper class so that the crsf field is automatically generated.

I have this validation function on the submit function:

if ($this->input->post(get_csrf_token_name()) == get_csrf_hash()) {
$this->users_model->create(); }

But all I get is action not allowed error. What is the right way to validate csrf? Or am I doing something wrong?

Gerard Balaoro
  • 129
  • 2
  • 13

1 Answers1

0

If you're using CodeIgniter CSRF the way the user guide mentions, by setting:

$config['csrf_protection'] = TRUE; // this in application/config/config.php

And you are also using the form helper to generate your form open tag, then you do not need to check for the token and hash the way you are doing. CodeIgniter does this for you.

Read the docs: https://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf

If you still have problems, then see related questions:

codeigniter CSRF error: "The action you have requested is not allowed."

Action you have requested is not allowed error

Brian Gottier
  • 4,522
  • 3
  • 21
  • 37