Home  >  Article  >  Backend Development  >  Using the input class of codeigniter

Using the input class of codeigniter

WBOY
WBOYOriginal
2016-08-08 09:29:58982browse

I recently wrote a system without security filtering input. I wanted to use the input class of CI. After analysis, there are three files required under system/core

utf8.php, security.php, input.php

Okay Integrate them into one file, but it is more troublesome. It is better to use three files, which saves trouble.

It’s like this when used:

//Instantiate the security input class
$UNI = new utf8();
$SEC = new security();
$input = new input();

Then $ username = $input->post('username').

Of course, some configuration variables need to be modified, such as $cookiepath, $cookieprefix, $cookiedomain, $cookiesecure, etc.;

But there is also a key configuration, $this->_enable_csrf= FALSE; This variable corresponds to var $ _enable_csrf= FALSE; The default is false. If you set it to TRUE,

will add the key-value pair of _csrf_token_name after the url, because this will be checked in the following code


required There must be a cookie value of _csrf_cookie_name.

Reference:

There is a csrf (Cross Site Request Forgery) protection function in CI 2.0

If this function is turned on
posting the form to the server will spit out error 500
An Error Was Encountered
The action you have requested is not allowed.
It will not be executed
At this time, you need to add a token value to the value sent by the form
In order to use the form function normally

You can find the following lines in application/config/config.php

1

2

3

4

$config['csrf_protection'] = TRUE;

$config['csrf_token_name '] = 'csrf_test_name';

$config['csrf_cookie_name'] = 'csrf_cookie_name';

$config['csrf_expire'] = 7200;

Originally, the default value of $config['csrf_protection'] is FALSE Change it to TRUE and you can open it. After opening it, it will automatically save a value in the cookie for you. The name of the cookie can be set in the config.php mentioned above. After sending the form, you need to pass this token together.

The following Demonstration using jquery's ajax function

1
2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

$(

function(){ ]

$('#btn'). click(function(){                                                                                              

              

,url:'/ajax'接 // ajax receiving server terminal

, data: $ (

'#form') .Serialize ()+' & csrf_test_name = '++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ getCookie('csrf_test_name'

)                                                        alert(data.msg);                                                                                                         });

functiongetCookie(name){ var

arr = document.cookie.match(newRegExp(

"(^| )"+name+"=([^;]*)(;|$ )"

));​​​​if

(arr != null)

returnunescape(arr[2]); return

null;

}

getCookie() uses js to get the value of the cookie.
This is found on the Internet and can be used directly.

And csrf_test_name is a parameter that can be set in config.php.
Catch this cookie and send it to the form together.
It can be used normally

If you have any advice, please leave a message~

referer: http://ericlbarnes.com/blog/post/codeigniter_csrf_protection_with_ajax


The above introduces the input class using codeigniter, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn