CODEWITHSUNDEEP
phpcodeignitersessioncsrf
cyberrspiritt
cyberrspiritt

Reputation: 946

codeigniter CSRF error

I'm trying to use codeigniter with CSRF protection enabled. I've read the already answered solutions here and here But that didnt seem to resolve the issue. At some point the "Action you requested is not allowed" error is solved, but now it doesnt load the form validation helper. It throws 'Unable to load the requested file: helpers/form_validation_helper.php` What must have gone wrong?

Here's the controller file: 

class Home extends CI_Controller {

function __construct(){
    parent::__construct();
    $this->load->helper('form');
}

public function index(){
    $data['title'] = "Home";
    $data['main_content'] = 'frontend/index'; 
    $this->load->view("frontend/includes/template", $data);
}

public function contact(){
    $data['title'] = "Contact Us";
    $data['main_content'] = 'frontend/contact';
    $this->load->view('frontend/includes/template', $data);
}

//submit functions
public function contact_submit(){
    $send_clicked = $this->input->post('sub');
    if(isset($send_clicked)){

        $this->load->helper('date');
        $this->load->helper('form_validation');

        $this->form_validation->set_rules('name', 'Name', 'trim|required|max_length[40]|xss_clean');
        $this->form_validation->set_rules('email', 'Email Address', 'trim|required|max_length[50]|xss_clean');
        $this->form_validation->set_rules('subject', 'Subject', 'trim|required|max_length[100]|xss_clean');
        $this->form_validation->set_rules('message', 'Message', 'trim|required|max_length[1000]|xss_clean');

        if ($this->form_validation->run() == FALSE) {

        } else {

            $clean_name = $this->input->post('name');
            $clean_email = $this->input->post('email');
            $clean_subject = $this->input->post('subject');
            $clean_message = $this->input->post('message');
            $date = now();

            $db_data = array(
                'name' => $clean_name, 
                'email' => $clean_email, 
                'subject' => $clean_subject, 
                'message' => $clean_message, 
                'date_posted' => $date
                );

            print_r($db_data);
        }
    }
}

public function page_missing(){
    $data['title'] = "404 Page Missing";
    $data['main_content'] = 'frontend/404'; 
    $this->load->view("frontend/includes/template", $data);
}

}

Here's some configs of config.php that i made changes to:

$config['sess_cookie_name']     = 'qtd_sess';
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'qtd_sess';
$config['sess_match_ip']        = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']      = "/";
$config['cookie_secure']    = FALSE;

$config['global_xss_filtering'] = TRUE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;

Here some part of the view:

<!-- Start Contact Form -->
        <?php $attributes = array('class' => 'contact-form', 'id' => 'contact-form');
         echo form_open('home/contact_submit', $attributes); ?>
          <div class="form-group">
            <div class="controls">
              <input type="text" placeholder="Name" name="name">
            </div>
          </div>
          <div class="form-group">
            <div class="controls">
              <input type="email" class="email" placeholder="Email" name="email">
            </div>
          </div>
          <div class="form-group">
            <div class="controls">
              <input type="text" class="requiredField" placeholder="Subject" name="subject">
            </div>
          </div>

          <div class="form-group">

            <div class="controls">
              <textarea rows="7" placeholder="Message" name="message"></textarea>
            </div>
          </div>
          <button type="submit" id="submit" name="sub" class="btn-system btn-large">Send</button>
          <div id="success" style="color:#34495e;"></div>
        </form>
        <!-- End Contact Form -->

Upvotes: 0

Views: 1126

Answers (1)

Niranjan N Raju
Niranjan N Raju

Reputation: 11987

Form validation is not a helper. Its a library.

$this->load->helper('form_validation');// this is wrong

$this->load->library('form_validation');// this is correct.

for more information see here

Upvotes: 2

Related Questions