codeigniter CSRF 错误
codeigniter CSRF error
我正在尝试使用启用了 CSRF 保护的 codeigniter。我已经阅读了已经回答的解决方案 here and here 但这似乎并没有解决问题。在某些时候 "Action you requested is not allowed"
错误已解决,但现在它不会加载表单验证助手。它抛出“无法加载请求的文件:helpers/form_validation_helper.php` 一定是出了什么问题?
控制器文件如下:
class Home extends CI_Controller {
function __construct(){
parent::__construct();
$this->load->helper('form');
}
public function index(){
$data['title'] = "Home";
$data['main_content'] = 'frontend/index';
$this->load->view("frontend/includes/template", $data);
}
public function contact(){
$data['title'] = "Contact Us";
$data['main_content'] = 'frontend/contact';
$this->load->view('frontend/includes/template', $data);
}
//submit functions
public function contact_submit(){
$send_clicked = $this->input->post('sub');
if(isset($send_clicked)){
$this->load->helper('date');
$this->load->helper('form_validation');
$this->form_validation->set_rules('name', 'Name', 'trim|required|max_length[40]|xss_clean');
$this->form_validation->set_rules('email', 'Email Address', 'trim|required|max_length[50]|xss_clean');
$this->form_validation->set_rules('subject', 'Subject', 'trim|required|max_length[100]|xss_clean');
$this->form_validation->set_rules('message', 'Message', 'trim|required|max_length[1000]|xss_clean');
if ($this->form_validation->run() == FALSE) {
} else {
$clean_name = $this->input->post('name');
$clean_email = $this->input->post('email');
$clean_subject = $this->input->post('subject');
$clean_message = $this->input->post('message');
$date = now();
$db_data = array(
'name' => $clean_name,
'email' => $clean_email,
'subject' => $clean_subject,
'message' => $clean_message,
'date_posted' => $date
);
print_r($db_data);
}
}
}
public function page_missing(){
$data['title'] = "404 Page Missing";
$data['main_content'] = 'frontend/404';
$this->load->view("frontend/includes/template", $data);
}
}
这是我对 config.php 的一些配置进行了更改:
$config['sess_cookie_name'] = 'qtd_sess';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'qtd_sess';
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
$config['global_xss_filtering'] = TRUE;
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
部分观点如下:
<!-- Start Contact Form -->
<?php $attributes = array('class' => 'contact-form', 'id' => 'contact-form');
echo form_open('home/contact_submit', $attributes); ?>
<div class="form-group">
<div class="controls">
<input type="text" placeholder="Name" name="name">
</div>
</div>
<div class="form-group">
<div class="controls">
<input type="email" class="email" placeholder="Email" name="email">
</div>
</div>
<div class="form-group">
<div class="controls">
<input type="text" class="requiredField" placeholder="Subject" name="subject">
</div>
</div>
<div class="form-group">
<div class="controls">
<textarea rows="7" placeholder="Message" name="message"></textarea>
</div>
</div>
<button type="submit" id="submit" name="sub" class="btn-system btn-large">Send</button>
<div id="success" style="color:#34495e;"></div>
</form>
<!-- End Contact Form -->
表单验证不是帮手。它是一个图书馆。
$this->load->helper('form_validation');// this is wrong
$this->load->library('form_validation');// this is correct.
有关详细信息,请参阅 here
我正在尝试使用启用了 CSRF 保护的 codeigniter。我已经阅读了已经回答的解决方案 here and here 但这似乎并没有解决问题。在某些时候 "Action you requested is not allowed"
错误已解决,但现在它不会加载表单验证助手。它抛出“无法加载请求的文件:helpers/form_validation_helper.php` 一定是出了什么问题?
控制器文件如下:
class Home extends CI_Controller {
function __construct(){
parent::__construct();
$this->load->helper('form');
}
public function index(){
$data['title'] = "Home";
$data['main_content'] = 'frontend/index';
$this->load->view("frontend/includes/template", $data);
}
public function contact(){
$data['title'] = "Contact Us";
$data['main_content'] = 'frontend/contact';
$this->load->view('frontend/includes/template', $data);
}
//submit functions
public function contact_submit(){
$send_clicked = $this->input->post('sub');
if(isset($send_clicked)){
$this->load->helper('date');
$this->load->helper('form_validation');
$this->form_validation->set_rules('name', 'Name', 'trim|required|max_length[40]|xss_clean');
$this->form_validation->set_rules('email', 'Email Address', 'trim|required|max_length[50]|xss_clean');
$this->form_validation->set_rules('subject', 'Subject', 'trim|required|max_length[100]|xss_clean');
$this->form_validation->set_rules('message', 'Message', 'trim|required|max_length[1000]|xss_clean');
if ($this->form_validation->run() == FALSE) {
} else {
$clean_name = $this->input->post('name');
$clean_email = $this->input->post('email');
$clean_subject = $this->input->post('subject');
$clean_message = $this->input->post('message');
$date = now();
$db_data = array(
'name' => $clean_name,
'email' => $clean_email,
'subject' => $clean_subject,
'message' => $clean_message,
'date_posted' => $date
);
print_r($db_data);
}
}
}
public function page_missing(){
$data['title'] = "404 Page Missing";
$data['main_content'] = 'frontend/404';
$this->load->view("frontend/includes/template", $data);
}
}
这是我对 config.php 的一些配置进行了更改:
$config['sess_cookie_name'] = 'qtd_sess';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'qtd_sess';
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
$config['global_xss_filtering'] = TRUE;
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
部分观点如下:
<!-- Start Contact Form -->
<?php $attributes = array('class' => 'contact-form', 'id' => 'contact-form');
echo form_open('home/contact_submit', $attributes); ?>
<div class="form-group">
<div class="controls">
<input type="text" placeholder="Name" name="name">
</div>
</div>
<div class="form-group">
<div class="controls">
<input type="email" class="email" placeholder="Email" name="email">
</div>
</div>
<div class="form-group">
<div class="controls">
<input type="text" class="requiredField" placeholder="Subject" name="subject">
</div>
</div>
<div class="form-group">
<div class="controls">
<textarea rows="7" placeholder="Message" name="message"></textarea>
</div>
</div>
<button type="submit" id="submit" name="sub" class="btn-system btn-large">Send</button>
<div id="success" style="color:#34495e;"></div>
</form>
<!-- End Contact Form -->
表单验证不是帮手。它是一个图书馆。
$this->load->helper('form_validation');// this is wrong
$this->load->library('form_validation');// this is correct.
有关详细信息,请参阅 here