我使用CSRF创建登录javascript和codeigniter,登录后的结果 False 我的代码是否有问题。
我的CSRF:
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'st21Ol02sec94';
$config['csrf_cookie_name'] = 'true6log_suc';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();
我的观点:
<?php echo form_open('',array('id' => 'form-loginx'));?>
<div class="input-group" style="margin-bottom:10px;">
<span class="input-group-addon lab"><span class="glyphicon glyphicon-user"></span></span>
<input type="text" name="username" id="username" class="form-control inp usernamex" placeholder="username" required>
</div>
<div class="input-group" style="margin-bottom:10px;">
<span class="input-group-addon lab"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="password" id="password" class="form-control inp passwordx" placeholder="password" required>
</div>
<button type="submit" name="submit" class="log_btn btn btn-md btn-primary">Login</button>
<label><input type="checkbox" class="lihat"> lihat password</label>
<?php echo form_close();?>
<?php echo br();?>
<div class="text-center">Copyright © 2017 PT. Stars Internasional.</div>
<div class="text-center">server time <strong>{elapsed_time}</strong> secs.</div>
<?php echo br();?>
<div style="display:none;" class="alert-gagal"></div>
<div style="display:none;" class="alert-sukses"></div>
我的javascript:
$('#form-loginx').submit(function(e){ // Create `click` event function for login
e.preventDefault();
var csrf_hash = $.cookie('true6log_suc');
var me = $(this).serialize();
$.ajax({ // Send the credential values to another checker.php using Ajax in POST menthod
type : "POST",
url : baseURL + "trueaccon2194/info_type_user_log/log_admin",
data : {me,st21Ol02sec94: csrf_hash},
beforeSend: function(){
$('.log_btn').html('Loading ...'); //Loading button text
$('.log_btn').prop('disabled', true);
},
success: function(log){ // Get the result and asign to each cases
$('.log_btn').html('Login'); //Loading button text
$('.log_btn').prop('disabled', false);
if(log == "openupsystemlogtrueaccess21"){
$(".alert-sukses").html("Sedang mengarahkan..").slideToggle("fast").delay(3000).slideToggle("fast");
window.location.href = 'trueaccon2194/info_type_user_log';
}else if(log == "blockingaccesssystemlogerror210294"){
$(".alert-gagal").html("Username atau password salah!").slideToggle("fast").delay(3000).slideToggle("fast");
//location.reload();
}
}
});
return false;
});
我使用jquery cookie以及我的代码是否有问题
答案 0 :(得分:0)
问题在于ajax调用中的数据。数据中的“csrf_hash”不会给出确切的值。
用
替换csrf$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'st21Ol02sec94';
$config['csrf_cookie_name'] = 'true6log_suc';
$config['csrf_expire'] = 7200;
在js
$('#form-loginx').submit(function(e){ // Create `click` event function for login
e.preventDefault();
var csrf_hash = $.cookie('true6log_suc');
var dataObject = {};
dataObject[st21Ol02sec94] = csrf_hash;
dataObject[me] = $(this).serialize();
$.ajax({ // Send the credential values to another checker.php using Ajax in POST menthod
type : "POST",
url : baseURL + "trueaccon2194/info_type_user_log/log_admin",
data: dataObject,
beforeSend: function(){
$('.log_btn').html('Loading ...'); //Loading button text
$('.log_btn').prop('disabled', true);
},
success: function(log){ // Get the result and asign to each cases
$('.log_btn').html('Login'); //Loading button text
$('.log_btn').prop('disabled', false);
if(log == "openupsystemlogtrueaccess21"){
$(".alert-sukses").html("Sedang mengarahkan..").slideToggle("fast").delay(3000).slideToggle("fast");
window.location.href = 'trueaccon2194/info_type_user_log';
}else if(log == "blockingaccesssystemlogerror210294"){
$(".alert-gagal").html("Username atau password salah!").slideToggle("fast").delay(3000).slideToggle("fast");
//location.reload();
}
}
});
return false;
});
这可能会对你有所帮助。