Codeigniter CSRF错误:“不允许请求操作。”

时间:2017-08-16 04:00:36

标签: php csrf codeigniter-3

我的网站工作正常,没有问题,然后突然收到错误“遇到错误 - 在每个表单提交过程中都不允许您请求的操作。”

我正在使用带有SSL的Codeigniter 3并且我已启用CSRF保护。我最近没有改变任何东西所以我不知道为什么我的网站停止工作。如果我关闭CSRF,表单提交工作正常。

设置

$config['base_url'] = 'https://www.mywebsite.com';
$config['index_page'] = '';

$config['cookie_prefix']    = '';
$config['cookie_domain']    = '.mywebsite.com';
$config['cookie_path']      = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']  = FALSE;

$config['csrf_protection']   = TRUE;
$config['csrf_token_name']   = 'msmm_tn';
$config['csrf_cookie_name']  = 'msmm_cn';
$config['csrf_expire']       = 7200;
$config['csrf_regenerate']   = TRUE;
$config['csrf_exclude_uris'] = array();

表格

<form action="https://www.mywebsite.com/" class="navbar-form navbar-left" id="search" method="post" accept-charset="utf-8">
<input type="hidden" name="msmm_tn" value="caeea1bc65c09f29691a1a692e09a30a" style="display:none;" />
<input type="hidden" name="token" value="ada2832a" style="display:none;" />
<input type="hidden" name="date-search-form" id="date-search-form" value="X">
<div class="form-group">
<input type="date" class="form-control input-md" name="from_date" id="from_date" value="2017-08-15" />
</div>
<div class="form-group">
<input type="date" class="form-control input-md" name="to_date" id="to_date" value="2017-08-16" />
</div>
<div class="form-group">
<input type="search" class="form-control input-md" name="search_text" id="search_text" placeholder="Search" value="">
</div>
<div class="form-group">
<button type="submit" class="btn btn-default btn-sm" name="go" id="go"><i class="fa fa-search" aria-hidden="true"></i>
</button>
</div>
</form>
</div>

服务器端表单代码:

<?php 
        $attributes = array('class' => 'form-horizontal', 'id' => 'signup');
        echo form_open('', $attributes);
    ?>
    <?php 
    if( isset( $login_error_mesg ) )
    {
        echo '<div class="alert alert-danger input_bump" role="alert">';
        echo 'Invalid Username, Email Address, or Password.<br>Username, email address and password are all case sensitive.';
        echo '</div>';
    }
    if( $this->input->get('logout') )
    {
        echo '<div class="alert alert-success input_bump text-center" role="alert"><p>You have successfully logged out.</p></div>';
    }
    ?>

      <div class="form-group form-padding">
        <label class="form-label" for="login_name">User Name or Email</label>
        <input type="text" class="form-control form-fixer input-md" name="login_string" id="login_string" value="<?php echo $this->input->post('login_string'); ?>">
      </div>
      <div class="form-group form-padding">
        <label class="form-label" for="pwd">Password</label>
        <input type="password" class="form-control input-md" id="login_pass" name="login_pass" maxlength="<?php echo config_item('max_chars_for_password'); ?>" autocomplete="off" />
      </div>
      <div class="input_bump">
      <?php
        $link_protocol = USE_SSL ? 'https' : NULL;
      ?>
        <p>
            <a href="<?php echo site_url('recover', $link_protocol); ?>">Can't access your account?</a>
        </p>
      </div>
      <div class="form-group form-padding">
      <button type="submit" class="btn btn-success btn-full">Sign In</button>
      </div>
    <?php echo form_close(); ?>

1 个答案:

答案 0 :(得分:0)

只需将Controller uri添加到:

$config['csrf_exclude_uris'] = array();

//e.g. $config['csrf_exclude_uris'] = array('register/add_member');

其中register是您的控制者,而add_member是方法。