Codeigniter Error 403即使存在CSRF也是如此

时间:2017-06-28 19:20:09

标签: php codeigniter bootstrap-modal

我点击删除按钮后调用模态

$button = '<button class="btn btn-xs btn-danger batch-delete" onclick="DeleteBatchModal(\'#delete_batch_modal_'.$no.'\');" data-toggle="modal" title="Delete Batch" id="batch-delete-'.$no.'" data-batch_id="'.$batches->id.'" data-staff_id="'.$this->session->user_id.'"><i class="glyphicon glyphicon-trash"></i></button>'
        .'<div class="modal fade" id="delete_batch_modal_'.$no.'" tabindex="-1" role="dialog" aria-labelledby="DeleteBatchModal">'
            .'<div class="modal-dialog" role="document">'
                .'<div class="modal-content">'
                    .'<div class="modal-header">'
                        .'<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>'
                            .'<h4 class="modal-title">Delete Batch</h4>'
                                .'</div>'
                                    .'<div class="modal-body">'
                                        .'<p class="text-left">Are you sure you want to delete the this batch?</p>'
                                        .'<table class="table table-hover table-bordered table-striped forex-datatable">'
                                        .'<thead>'
                                            .'<tr>'
                                                .'<th>Batch #</th>'
                                                .'<th>Quantity</th>'
                                                .'<th>Date</th>'
                                            .'</tr>'
                                        .'</thead>'
                                        .'<tbody>'
                                            .'<tr>'
                                                .'<form action="'.site_url('oss/admin/delete_batch').'" class="form form-horizontal" name="delete_batch_form" id="delete_batch_form" method="POST">'
                                                .'<td>'.$batches->batch_no.'</td>'
                                                .'<td>'.$batches->quantity.'</td>'
                                                .'<td>'.$batches->date_added.'</td>'
                                            .'</tr>'
                                        .'</tbody>'
                                    .'</table>'
                                    .'<input type="hidden" id="del_box_id_'.$no.'" value="'.$batches->id.'" />'
                                    .'<input type="hidden" name="'.$this->security->get_csrf_token_name().'" value="'.$this->security->get_csrf_hash().'">'
                                    .'</div>'
                                    .'<div class="modal-footer">'
                                                .'<button type="button" data-toggle="tooltip" title="Confirm Delete Box data" class="btn btn-primary confirm_batch_delete" onclick="DeleteBatchModalConfirm(\'delete_batch-form_'.$no.'\');";>Confirm</button>'
                                    .'</form>'
                                        .'<button type="button" data-toggle="tooltip" title="Cancel Delete Box data" class="btn btn-default" data-dismiss="modal">Cancel</button>'
                                    .'</div>'
                                .'</div>'
                            .'</div>'
                        .'</div>';

请注意我的模态包含在PHP变量中,因为我在控制器中使用它。

我的确认按钮:

function DeleteBatchModalConfirm(){
    $('#delete_batch_form').submit();
}

如果我将方法更改为 GET ,则没有问题,所以我确定它是CSRF。使用form_open()也不起作用。我错过了什么?

非常感谢任何帮助。谢谢!

1 个答案:

答案 0 :(得分:0)

最后我解决了这个问题。 它出现了,我在js文件中使用了错误的路由。 正确的操作顺序如下所示: 1)在文件routes.php中添加新行:

$route['jivosite/user'] = 'jivosite/user';

2)在js文件中添加代码: post_data = JSON.stringify(post_data);

    post_data = JSON.stringify(post_data);
    var url = baseurl + "jivosite/user"
    var xhr = new XMLHttpRequest();
    xhr.open("POST", url);
    xhr.setRequestHeader("Content-Type", "application/json");
    xhr.addEventListener("readystatechange", function () {
        if (xhr.readyState == 4 && xhr.status === 200) {
            console.log(xhr.response);
        }
    });
    xhr.addEventListener("error", function (err) {
        console.log(err);
    });
    xhr.send(post_data ? JSON.stringify(post_data) : null);

修改 如果您使用的是JQuery,最好像这样发送ajax:

$.ajax({
            url: url,
            type:'POST',
            data: {
                'id' : messageData[0],
                'csrf_token' : token
            },
            dataType: 'json',
            success: function(result, statut) {
                if (result == 'add') {
                    //do something
                }
                else if (result == 'remove') {
                    //do something
                }
            }

3)检查config.php文件。 $config['cookie_secure'] = FALSE;应该是这样的 并且$config['csrf_exclude_uris'] = array('jivosite/user');应该包含我的路线

4)在controllers文件夹中创建文件Jivosite.php,内容为:

class Jivosite extends CI_Controller
{
    public function user()
    {
        $id=$this->input->post('id');
        echo $id;
    }
}

它对我有用。