Codiginter prevent direct access to method used by form action

时间:2015-10-30 23:58:16

标签: php forms codeigniter

I am fairly new to the codeigniter framework, and have encountered an issue I am unsure how to solve properly. Most of my application requires authentication, but I have one public non authenticated controller for a form. But the uri for the form is encoded with a single use token. So the form can only be accessed once. The code for my form action... <?php echo form_open('my_form/submit_form' . $id , 'id=”theForm”'); … I want to prevent someone from accessing/visiting http://my-site.com/my_form/submit_form/someID and instead throw an message. Below is the way I have it working now, but I am not sure if it is secure. I am using codeigniter's csrf protection, so each $_POST is submitted with a csrf_token. class My_Form extends MX_Controller { … public function submit_form($id){ // my attempt to prevent direct access if (!isset($_POST["input_id"])) { exit('Sorry this page is inaccessible.'); } } So basically if the value of a hidden input field on the form is not set then the script exits. Is this a secure way to handle this?

1 个答案:

答案 0 :(得分:1)

试试这个,

public function submit_form($id){
    // my attempt to prevent direct access
    if (!$this->input->post(null, false)) {
        exit('Sorry this page is inaccessible.');
    } else {
        //your code
    }

}