I am fairly new to the codeigniter framework, and have encountered an issue I am unsure how to solve properly.
Most of my application requires authentication, but I have one public non authenticated controller for a form. But the uri for the form is encoded with a single use token. So the form can only be accessed once.
The code for my form action...
<?php
echo form_open('my_form/submit_form' . $id , 'id=”theForm”');
…
I want to prevent someone from accessing/visiting http://my-site.com/my_form/submit_form/someID and instead throw an message. Below is the way I have it working now, but I am not sure if it is secure. I am using codeigniter's csrf protection, so each $_POST is submitted with a csrf_token.
class My_Form extends MX_Controller
{
…
public function submit_form($id){
// my attempt to prevent direct access
if (!isset($_POST["input_id"])) {
exit('Sorry this page is inaccessible.');
}
}
So basically if the value of a hidden input field on the form is not set then the script exits. Is this a secure way to handle this?
1 个答案:
答案 0 :(得分:1)
试试这个,
public function submit_form($id){
// my attempt to prevent direct access
if (!$this->input->post(null, false)) {
exit('Sorry this page is inaccessible.');
} else {
//your code
}
}