0

I'm new at Codeigniter. I try to pass some data into a view. I have a route like this:

$route['accounts/(:any)'] = 'accounts/$1';

and in my Account class i have register function like this: 

public function register()
    {
        $csrf  = array(
            'name' => $this->security->get_csrf_token_name(),
            'hash' => $this->security->get_csrf_hash()
        );
        $this->load->view('partials/head');
        $this->load->view('partials/nav');
        $this->load->view('auth/register',$csrf);
        $this->load->view('partials/footer');
    }

then in my register.php i try to print that $crsf like this:

<input type="hidden" name="<?=$csrf['name'];?>" value="<?=$csrf['hash'];?>" />

when i access my page which in compro.xyz/accounts/register it give me this error:

A PHP Error was encountered
Severity: Notice

Message: Undefined variable: csrf

Filename: auth/register.php

Line Number: 13

Backtrace:

File: D:\xampp\htdocs\compro\application\views\auth\register.php
Line: 13
Function: _error_handler

File: D:\xampp\htdocs\compro\application\controllers\Accounts.php
Line: 19
Function: view

File: D:\xampp\htdocs\compro\index.php
Line: 315
Function: require_once

" value="
A PHP Error was encountered
Severity: Notice

Message: Undefined variable: csrf

Filename: auth/register.php

Line Number: 13

Backtrace:

File: D:\xampp\htdocs\compro\application\views\auth\register.php
Line: 13
Function: _error_handler

File: D:\xampp\htdocs\compro\application\controllers\Accounts.php
Line: 19
Function: view

File: D:\xampp\htdocs\compro\index.php
Line: 315
Function: require_once

" />

seem's like my register doesn't recognize $csrf. I really have no idea what can cause it, I usually using Twig and since it Codeiginter I don't know much about it. And currently I'm using latest version.

J_D
  • 740
  • 8
  • 17
Ying
  • 1,282
  • 4
  • 19
  • 34

2 Answers2

1

https://www.codeigniter.com/user_guide/general/views.html#adding-dynamic-data-to-the-view

$data = array(
        'title' => 'My Title',
        'heading' => 'My Heading',
        'message' => 'My Message'
);

$this->load->view('blogview', $data);

Therefore, you can see that $data is not available in the view, but $title, $heading, and $message are.

Likewise, $csrf won't be available in your view, but $name and $hash will. For clarity, rename $csrf to $data.

$data  = array(
    'name' => $this->security->get_csrf_token_name(),
    'hash' => $this->security->get_csrf_hash()
);
$this->load->view('auth/register', $data);

Edit - A cleaner way to write and understand it is:

$this->load->view('auth/register', array(
   'name' => $this->security->get_csrf_token_name(),
   'hash' => $this->security->get_csrf_hash()
));
waterloomatt
  • 3,662
  • 1
  • 19
  • 25
  • still got same problem now it said Undefined variable: data – Ying Jul 15 '19 at 11:57
  • The variable passed to `$this->load->view` is never available to the view. It's _contents_ are extrapolated into new variables for use. Try using `$name` and `$hash` instead. – waterloomatt Jul 15 '19 at 12:00
  • one more thing, do you know how to check this csrf is valid? – Ying Jul 15 '19 at 12:02
  • It should be handled for you automatically - https://stackoverflow.com/questions/6244669/codeigniter-csrf-how-does-it-work. – waterloomatt Jul 15 '19 at 12:06
  • that when i'm using form_open and your solution above still won't work. – Ying Jul 15 '19 at 12:09
  • when i'm not using form_open i have to check it manually. but i think i found already on the documentation. – Ying Jul 15 '19 at 12:10
  • 1
    Your AJAX form needs to pass it to your application but the actual validation happens automatically - as long as you're sending a _post_ request. – waterloomatt Jul 15 '19 at 12:19
1

$csrf will not be an variable on the view.

name and hash will.

If you want to have $csrf you need this data array:

$csrf  = array(
    'csrf'=> array(
        'name' => $this->security->get_csrf_token_name(),
        'hash' => $this->security->get_csrf_hash()
    )
);

But, if you use the helper form_open you don't need to write your own input hidden.

Also, you can use $this->security inside the view.

lcssanches
  • 995
  • 12
  • 33