codeigniter CSRF错误:“您请求的操作不被允许。 [英] codeigniter CSRF error: "The action you have requested is not allowed."
本文介绍了codeigniter CSRF错误:“您请求的操作不被允许。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我启用了codeigniter的配置文件中的csrf_protection选项,并使用form_open()函数来创建我的表单。但是当我提交表单时,会发生此错误:
不允许您请求的操作。
我做了这个话题的答案(taht与我的问题最相关):问题
但他们没有工作和问题仍然存在。
config.php
<?php if(!defined('BASEPATH'))exit允许脚本访问);
/ *
| ----------------------------------- ---------------------------------------
|基本网址URL
| ------------------------------------------ --------------------------------
|
|您的CodeIgniter根的URL。通常这将是您的基本URL,
|带有斜杠:
|
| http://example.com/
|
|如果这没有设置,CodeIgniter将猜测协议,域和
|安装路径。
|
* /
$ config ['base_url'] ='';
/ *
| ----------------------------------- ---------------------------------------
|索引文件
| ------------------------------------------- -------------------------------
|
|通常这将是您的index.php文件,除非您已将其重命名为
|别的。如果你使用mod_rewrite删除页面设置这个
|变量,使其为空白。
|
* /
$ config ['index_page'] ='index.php';
/ *
| ----------------------------------- ---------------------------------------
| URI PROTOCOL
| ------------------------------------------- -------------------------------
|
|此项目确定应使用哪个服务器全局来检索
| URI字符串。默认设置AUTO适用于大多数服务器。
|如果你的链接似乎不工作,尝试其他美味的风味:
|
| 'AUTO'默认 - 自动检测
| 'PATH_INFO'使用PATH_INFO
| 'QUERY_STRING'使用QUERY_STRING
| 'REQUEST_URI'使用REQUEST_URI
| 'ORIG_PATH_INFO'使用ORIG_PATH_INFO
|
* /
$ config ['uri_protocol'] ='AUTO';
/ *
| ----------------------------------- ---------------------------------------
| URL后缀
| ------------------------------------------- -------------------------------
|
|此选项允许您为CodeIgniter生成的所有URL添加后缀。
|有关更多信息,请参阅用户指南:
|
| http://codeigniter.com/user_guide/general/urls.html
* /
$ config ['url_suffix'] ='';
/ *
| ----------------------------------- ---------------------------------------
|默认语言
|
------------------------------------------ --------------------------------
|
|这决定了应该使用哪一组语言文件。确保
|有一个可用的翻译如果你打算使用其他
|比英语。
|
* /
$ config ['language'] ='persian';
/ *
| ----------------------------------- ---------------------------------------
|默认字符集
| ------------------------------------------ --------------------------------
|
|这决定了默认情况下在各种方法
|中使用的字符集需要提供字符集。
|
* /
$ config ['charset'] ='UTF-8';
/ *
| ----------------------------------- ---------------------------------------
|启用/禁用系统挂钩
| ---------------------------------------- ----------------------------------
|
|如果你想使用'hooks'功能,你必须通过
|启用它将此变量设置为TRUE(布尔)。有关详细信息,请参阅用户指南。
|
* /
$ config ['enable_hooks'] = FALSE;
/ *
| ------------------------------- -------------------------------------------
|类扩展名前缀
| ------------------------------------------ --------------------------------
|
|此项允许您在扩展
|时设置文件名/类名前缀本地库。有关更多信息,请参阅用户指南:
|
| http://codeigniter.com/user_guide/general/core_classes.html
| http://codeigniter.com/user_guide/general/creating_libraries.html
|
* /
$ config ['subclass_prefix'] ='MY_';
/ *
| ------------------------------- -------------------------------------------
|允许的网址字符
| ------------------------------------------ --------------------------------
|
|这允许您使用正则表达式指定允许的字符
|在您的网址。当有人尝试提交不允许的网址
|字符,他们会收到一个警告消息。
|
|作为一项安全措施,强烈建议您将URL限制为
|尽可能少的字符。默认情况下,只允许这些:a-z 0-9〜%。:_-
|
|留空以允许所有字符 - 但仅当您是疯了。
|
|除非你完全理解,否则不要改变这个!
|
* /
$ config ['permitted_uri_chars'] ='a-z 0-9〜%。:_ \-';
/ *
| ------------------------------- -------------------------------------------
|启用查询字符串
| ------------------------------------------ --------------------------------
|
|默认情况下CodeIgniter使用基于搜索引擎友好型段的URL:
| example.com/who/what/where/
|
|默认情况下,CodeIgniter允许访问$ _GET数组。如果对于某些
|原因你想禁用它,将'allow_get_array'设置为FALSE。
|
|您可以选择启用基于标准查询字符串的URL:
| example.com?who=me&what=something&where=here
|
|选项是:TRUE或FALSE(boolean)
|
|其他项目让你设置查询字符串'words'将
|调用您的控制器及其功能:
| example.com/index.php?c=controller&m=function
|
|请注意,当
|时,某些帮助程序将无法正常工作此功能已启用,因为CodeIgniter主要设计为
|使用基于细分的网址。
|
* /
$ config ['allow_get_array'] = TRUE;
$ config ['enable_query_strings'] = FALSE;
$ config ['controller_trigger'] ='c';
$ config ['function_trigger'] ='m';
$ config ['directory_trigger'] ='d'; //实验性目前未使用
/ *
| ---------------------------- ----------------------------------------------
|错误记录阈值
| ------------------------------------------ --------------------------------
|
|如果已启用错误日志记录,则可以将错误阈值设置为
|确定什么被记录。阈值选项是:
|您可以通过将阈值设置为零来启用错误日志记录。
|阈值确定什么被记录。阈值选项是:
|
| 0 =禁用日志记录,错误日志记录TURNED OFF
| 1 =错误消息(包括PHP错误)
| 2 =调试消息
| 3 =参考消息
| 4 =所有消息
|
|对于活动网站,您通常只会启用错误(1)记录,否则
|您的日志文件将填满非常快。
|
* /
$ config ['log_threshold'] = 0;
/ *
| ----------------------------------- ---------------------------------------
|错误记录目录路径
| ----------------------------------------- ---------------------------------
|
|除非你想设置默认的
|以外的东西,否则留下这个空格application / logs /文件夹。使用带有尾部斜杠的完整服务器路径。
|
* /
$ config ['log_path'] ='';
/ *
| ----------------------------------- ---------------------------------------
|日志的日期格式
| ----------------------------------------- ---------------------------------
|
|每个记录的项目都有一个相关的日期。您可以使用PHP date
|代码设置您自己的日期格式
|
* /
$ config ['log_date_format'] ='Y-m-d H:i:s';
/ *
| ----------------------------------- ---------------------------------------
|缓存目录路径
| ------------------------------------------ --------------------------------
|
|除非你想设置默认的
|以外的东西,否则留下这个空格系统/缓存/文件夹。使用带有尾部斜杠的完整服务器路径。
|
* /
$ config ['cache_path'] ='';
/ *
| ----------------------------------- ---------------------------------------
|加密密钥
| ------------------------------------------- -------------------------------
|
|如果使用加密类或Session类
|必须设置加密密钥。有关信息,请参阅用户指南。
|
* /
$ config ['encryption_key'] ='b {{h#/ Ib; pd<%+ H0?ujvv9KLRc0LR-o8otK * so.J&} 4\qCQ + Ij81ih \d48fx5_';
/ *
| ------------------------------ --------------------------------------------
| Session变量
| -------------------------------------------- ------------------------------
|
|'sess_cookie_name'=您要的名称cookie
|'sess_expiration'=您希望会话持续的SECONDS数量
|默认会话持续7200秒(两小时)设置为零没有到期
| sess_expire_on_close'=是否使会话自动过期
|在浏览器窗口关闭时
|'sess_encrypt_cookie'=是否加密cookie
|'sess_use_database'=是否保存会话数据
|'sess_table_name'=会话数据库表的名称
|'sess_match_ip'=读取会话数据时是否匹配用户的IP地址
| 'sess_match_useragent'=是否在读取会话数据
|时匹配用户代理'sess_time_to_update'= CI刷新会话信息
|之间的秒数
* /
$ config ['sess_cookie_name'] ='ins_mngm_system';
$ config ['sess_expiration'] = 7200;
$ config ['sess_expire_on_close'] = TRUE;
$ config ['sess_encrypt_cookie'] = TRUE;
$ config ['sess_use_database'] = TRUE;
$ config ['sess_table_name'] ='user_sessions';
$ config ['sess_match_ip'] = TRUE;
$ config ['sess_match_useragent'] = TRUE;
$ config ['sess_time_to_update'] = 300;
/ *
| ----------------------------------- ---------------------------------------
| Cookie相关变量
| ------------------------------------------ --------------------------------
|
| 'cookie_prefix'=如果您需要避免冲突,请设置前缀
| 'cookie_domain'=设置为.your-domain.com网站范围的Cookie
| 'cookie_path'=通常为正斜杠
| 'cookie_secure'=仅当存在安全HTTPS连接时才设置Cookie。
|
* /
$ config ['cookie_prefix'] =;
$ config ['cookie_domain'] =;
$ config ['cookie_path'] =/;
$ config ['cookie_secure'] = TRUE;
/ *
| ----------------------------------- ---------------------------------------
|全局XSS过滤
| ------------------------------------------ --------------------------------
|
|确定在GET,POST或
|时XSS过滤器是否始终处于活动状态遇到COOKIE数据
|
* /
$ config ['global_xss_filtering'] = TRUE;
/ *
| ----------------------------------- ---------------------------------------
|跨站点请求伪造
| ----------------------------------------- ---------------------------------
|启用要设置的CSRF Cookie令牌。当设置为TRUE时,令牌将为
|检查提交的表单。如果你接受用户数据,强烈
|建议启用CSRF保护。
|
| 'csrf_token_name'=令牌名称
| 'csrf_cookie_name'= cookie名称
| 'csrf_expire'=令牌应该到期的秒数。
* /
$ config ['csrf_protection'] = TRUE;
$ config ['csrf_token_name'] ='relt';
$ config ['csrf_cookie_name'] ='csrf_cookie_name';
$ config ['csrf_expire'] = 7200;
/ *
| ----------------------------------- ---------------------------------------
|输出压缩
| ------------------------------------------- -------------------------------
|
|启用Gzip输出压缩以加快页面加载速度。启用时,
|输出类将测试您的服务器是否支持Gzip。
|即使它,但是,并不是所有的浏览器都支持压缩
|因此只有在您合理地确保您的访问者可以处理它时才启用。
|
|非常重要:如果您在压缩时启用了空白页面,则
|意味着您过早地将某些内容输出到浏览器。它可以
|甚至在你的一个脚本的结尾处有一行空格。对于
|压缩工作,在输出缓冲区调用
|之前不能发送任何内容由输出类。不要'echo'任何值,启用压缩。
|
* /
$ config ['compress_output'] = FALSE;
/ *
| ----------------------------------- ---------------------------------------
|主控时间参考
| ------------------------------------------ --------------------------------
|
|选项是'local'或'gmt'。这个pref告诉系统是否使用
|您的服务器的本地时间作为主'现在'引用,或将其转换为
|格林威治标准时间。有关信息
|,请参阅用户指南的日期助手页面关于日期处理。
|
* /
$ config ['time_reference'] ='local';
/ *
| ------------------------------- -------------------------------------------
|重写PHP短标签
| ----------------------------------------- ---------------------------------
|
|如果您的PHP安装没有启用短标记支持CI
|可以实时重写标记,使您能够使用语法
|在您的视图文件。选项为TRUE或FALSE(布尔)
|
* /
$ config ['rewrite_short_tags'] = FALSE;
/ *
| ------------------------------- -------------------------------------------
|反向代理IP
| ------------------------------------------ --------------------------------
|
|如果您的服务器位于逆向代理之后,则必须将代理IP
|列入白名单CodeIgniter应该信任HTTP_X_FORWARDED_FOR
|的地址标题,以便正确标识访问者的IP地址。
|逗号分隔,例如'10 .0.1.200,10.0.1.201'
|
* /
$ config ['proxy_ips'] ='';
/ *文件结束config.php * /
/ *位置:./application/config/config.php * /
controller(main.php):
<?php if(!defined('BASEPATH'))exit('不允许直接脚本访问);
class Main extends CI_Controller {
// public function __construct()
// {
// $ this-> load-> controller ');
//}
public function index()
{
redirect('auth / login');
}
public function login()
{
}
public function registration()
{
$ this-> ; load-> view('register');
}
public function forgot()
{
}
}
/ *文件结尾main.php * /
/ *位置:./application/controllers/main.php * /
查看(login.php):
<!DOCTYPE html>
< html lang =en>
< head>
< meta charset =utf-8>
< meta name =viewportcontent =width = device-width,initial-scale = 1.0>
< meta name =descriptioncontent =>
< meta name =authorcontent =>
< link rel =shortcut iconhref =<?php echo base_url();?> template / img / favicon.png>
< title>ورودبهحسابکاربری< / title>
<! - Bootstrap core CSS - >
< link href =<?php echo base_url();?> template / css / bootstrap.rtl.css =stylesheet>
<! - 此模板的自定义样式 - >
< link href =<?php echo base_url();?> template / style.css =stylesheet>
<! - HTML5 shim和Respond.js IE8对HTML5元素和媒体查询的支持 - >
<! - [if lt IE 9]>
< script src =js / html5shiv.js>< / script>
< script src =js / respond.min.js>< / script>
<![endif] - >
< / head>
< body id =login>
< div class =login-content>
< div class =widget-content>
< h1>سامانهمدیریتمشتریان< / h1>
< div class =alert alert-dangerous><?php echo $ message;?>< / div>
<?php echo form_open('auth / login',array('role'=>'form')); >
< div class =form-group>
< label for =identity>شناسهکاربری:< / label>
< div class =input-group> < span class =input-group-addon>< i class =glyphicon glyphicon-user>< / i>< / span>
<?php echo form_input(array('name'=>'identity','type'=>'text','placeholder'=>'نامکاربرییاایمیل','class' >'form-control','id'=>'identity')); >
< / div>
< / div>
< div class =form-group>
< label for =pass>گذرواژه:< / label>
< div class =input-group> < span class =input-group-addon>< i class =glyphicon glyphicon-lock>< / i>< / span>
<?php echo form_input(array('name'=>'pass','type'=>'password','placeholder'=>'گذرواژه','class'=&形式控制')); >
< / div>
< / div>
< div class =checkbox>
< div class =col-sm-offset-1 col-sm-12>
< label>
<?php echo form_checkbox(array('name'=>'remember','value'=> 1,'type'=>'checkbox' >
مرابهخاطربسپار< / label>
< / div>
< / div>
< div class =form-group>
< div class =col-sm-offset-1 col-sm-12>
< input type =submitclass =btn btn-defaultvalue =ورود/>
< / div>
< / div>
<?php echo form_close(); >
< div class =forgot>
< ul class =list-unstyled>
< li> < i class =glyphicon glyphicon-chevron-left>< / i> < a href =<?php echo site_url(main / registration);?>>>& < / li>
< li> < i class =glyphicon glyphicon-chevron-left>< / i> < a href =<?php echo site_url(main / forgot);?"">& nbsp; < / li>
< / ul>
< / div>
< / div>
< / div>
<! - /.container - >
<! - Bootstrap核心JavaScript
============================== ================== - >
<! - 放置在文档的末尾,以便页面加载更快 - >
< script src =js / jquery.js>< / script>
< script src =js / bootstrap.rtl.min.js>< / script>
< / body>
< / html>
解决方案
此解决方案解决的问题:
如果您使用的是HTTP,则在配置文件中将$ block
<$> $
$ config ['cookie_secure'] 。
i enabled the csrf_protection option in the codeigniter's config file, and used form_open() function to creat my forms. but when i submit the form, this error occurs:
The action you have requested is not allowed.
i have done the answers like this topic (taht is most related to my question): question
but they didn't work and The problem still remains. config.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
|--------------------------------------------------------------------------
| Base Site URL
|--------------------------------------------------------------------------
|
| URL to your CodeIgniter root. Typically this will be your base URL,
| WITH a trailing slash:
|
| http://example.com/
|
| If this is not set then CodeIgniter will guess the protocol, domain and
| path to your installation.
|
*/
$config['base_url'] = '';
/*
|--------------------------------------------------------------------------
| Index File
|--------------------------------------------------------------------------
|
| Typically this will be your index.php file, unless you've renamed it to
| something else. If you are using mod_rewrite to remove the page set this
| variable so that it is blank.
|
*/
$config['index_page'] = 'index.php';
/*
|--------------------------------------------------------------------------
| URI PROTOCOL
|--------------------------------------------------------------------------
|
| This item determines which server global should be used to retrieve the
| URI string. The default setting of 'AUTO' works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
| 'AUTO' Default - auto detects
| 'PATH_INFO' Uses the PATH_INFO
| 'QUERY_STRING' Uses the QUERY_STRING
| 'REQUEST_URI' Uses the REQUEST_URI
| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
|
*/
$config['uri_protocol'] = 'AUTO';
/*
|--------------------------------------------------------------------------
| URL suffix
|--------------------------------------------------------------------------
|
| This option allows you to add a suffix to all URLs generated by CodeIgniter.
| For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/urls.html
*/
$config['url_suffix'] = '';
/*
|--------------------------------------------------------------------------
| Default Language
|
--------------------------------------------------------------------------
|
| This determines which set of language files should be used. Make sure
| there is an available translation if you intend to use something other
| than english.
|
*/
$config['language'] = 'persian';
/*
|--------------------------------------------------------------------------
| Default Character Set
|--------------------------------------------------------------------------
|
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
*/
$config['charset'] = 'UTF-8';
/*
|--------------------------------------------------------------------------
| Enable/Disable System Hooks
|--------------------------------------------------------------------------
|
| If you would like to use the 'hooks' feature you must enable it by
| setting this variable to TRUE (boolean). See the user guide for details.
|
*/
$config['enable_hooks'] = FALSE;
/*
|--------------------------------------------------------------------------
| Class Extension Prefix
|--------------------------------------------------------------------------
|
| This item allows you to set the filename/classname prefix when extending
| native libraries. For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/core_classes.html
| http://codeigniter.com/user_guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'MY_';
/*
|--------------------------------------------------------------------------
| Allowed URL Characters
|--------------------------------------------------------------------------
|
| This lets you specify with a regular expression which characters are permitted
| within your URLs. When someone tries to submit a URL with disallowed
| characters they will get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters -- but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
/*
|--------------------------------------------------------------------------
| Enable Query Strings
|--------------------------------------------------------------------------
|
| By default CodeIgniter uses search-engine friendly segment based URLs:
| example.com/who/what/where/
|
| By default CodeIgniter enables access to the $_GET array. If for some
| reason you would like to disable it, set 'allow_get_array' to FALSE.
|
| You can optionally enable standard query string based URLs:
| example.com?who=me&what=something&where=here
|
| Options are: TRUE or FALSE (boolean)
|
| The other items let you set the query string 'words' that will
| invoke your controllers and its functions:
| example.com/index.php?c=controller&m=function
|
| Please note that some of the helpers won't work as expected when
| this feature is enabled, since CodeIgniter is designed primarily to
| use segment based URLs.
|
*/
$config['allow_get_array'] = TRUE;
$config['enable_query_strings'] = FALSE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
$config['directory_trigger'] = 'd'; // experimental not currently in use
/*
|--------------------------------------------------------------------------
| Error Logging Threshold
|--------------------------------------------------------------------------
|
| If you have enabled error logging, you can set an error threshold to
| determine what gets logged. Threshold options are:
| You can enable error logging by setting a threshold over zero. The
| threshold determines what gets logged. Threshold options are:
|
| 0 = Disables logging, Error logging TURNED OFF
| 1 = Error Messages (including PHP errors)
| 2 = Debug Messages
| 3 = Informational Messages
| 4 = All Messages
|
| For a live site you'll usually only enable Errors (1) to be logged otherwise
| your log files will fill up very fast.
|
*/
$config['log_threshold'] = 0;
/*
|--------------------------------------------------------------------------
| Error Logging Directory Path
|--------------------------------------------------------------------------
|
| Leave this BLANK unless you would like to set something other than the default
| application/logs/ folder. Use a full server path with trailing slash.
|
*/
$config['log_path'] = '';
/*
|--------------------------------------------------------------------------
| Date Format for Logs
|--------------------------------------------------------------------------
|
| Each item that is logged has an associated date. You can use PHP date
| codes to set your own date formatting
|
*/
$config['log_date_format'] = 'Y-m-d H:i:s';
/*
|--------------------------------------------------------------------------
| Cache Directory Path
|--------------------------------------------------------------------------
|
| Leave this BLANK unless you would like to set something other than the default
| system/cache/ folder. Use a full server path with trailing slash.
|
*/
$config['cache_path'] = '';
/*
|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
| If you use the Encryption class or the Session class you
| MUST set an encryption key. See the user guide for info.
|
*/
$config['encryption_key'] = 'b{{h#/Ib;pd<%+H0?ujvv9KLRc0LR-o8ot"K*so.J&}4\qCQ+Ij81ih\d48fx5_';
/*
|--------------------------------------------------------------------------
| Session Variables
|--------------------------------------------------------------------------
|
| 'sess_cookie_name' = the name you want for the cookie
| 'sess_expiration' = the number of SECONDS you want the session to last.
| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
| 'sess_expire_on_close' = Whether to cause the session to expire automatically
| when the browser window is closed
| 'sess_encrypt_cookie' = Whether to encrypt the cookie
| 'sess_use_database' = Whether to save the session data to a database
| 'sess_table_name' = The name of the session database table
| 'sess_match_ip' = Whether to match the user's IP address when reading the session data
| 'sess_match_useragent' = Whether to match the User Agent when reading the session data
| 'sess_time_to_update' = how many seconds between CI refreshing Session Information
|
*/
$config['sess_cookie_name'] = 'ins_mngm_system';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'user_sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
/*
|--------------------------------------------------------------------------
| Cookie Related Variables
|--------------------------------------------------------------------------
|
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path' = Typically will be a forward slash
| 'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists.
|
*/
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = TRUE;
/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
/*
|--------------------------------------------------------------------------
| Cross Site Request Forgery
|--------------------------------------------------------------------------
| Enables a CSRF cookie token to be set. When set to TRUE, token will be
| checked on a submitted form. If you are accepting user data, it is strongly
| recommended CSRF protection be enabled.
|
| 'csrf_token_name' = The token name
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
*/
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'relt';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
/*
|--------------------------------------------------------------------------
| Output Compression
|--------------------------------------------------------------------------
|
| Enables Gzip output compression for faster page loads. When enabled,
| the output class will test whether your server supports Gzip.
| Even if it does, however, not all browsers support compression
| so enable only if you are reasonably sure your visitors can handle it.
|
| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
| means you are prematurely outputting something to your browser. It could
| even be a line of whitespace at the end of one of your scripts. For
| compression to work, nothing can be sent before the output buffer is called
| by the output class. Do not 'echo' any values with compression enabled.
|
*/
$config['compress_output'] = FALSE;
/*
|--------------------------------------------------------------------------
| Master Time Reference
|--------------------------------------------------------------------------
|
| Options are 'local' or 'gmt'. This pref tells the system whether to use
| your server's local time as the master 'now' reference, or convert it to
| GMT. See the 'date helper' page of the user guide for information
| regarding date handling.
|
*/
$config['time_reference'] = 'local';
/*
|--------------------------------------------------------------------------
| Rewrite PHP Short Tags
|--------------------------------------------------------------------------
|
| If your PHP installation does not have short tag support enabled CI
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files. Options are TRUE or FALSE (boolean)
|
*/
$config['rewrite_short_tags'] = FALSE;
/*
|--------------------------------------------------------------------------
| Reverse Proxy IPs
|--------------------------------------------------------------------------
|
| If your server is behind a reverse proxy, you must whitelist the proxy IP
| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR
| header in order to properly identify the visitor's IP address.
| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'
|
*/
$config['proxy_ips'] = '';
/* End of file config.php */
/* Location: ./application/config/config.php */
controller (main.php):
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Main extends CI_Controller {
//public function __construct()
//{
// $this->load->controller('access_controll');
//}
public function index()
{
redirect('auth/login');
}
public function login()
{
}
public function registration()
{
$this->load->view('register');
}
public function forgot()
{
}
}
/* End of file main.php */
/* Location: ./application/controllers/main.php */
view (login.php):
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="<?php echo base_url();?>template/img/favicon.png">
<title>ورود به حساب کاربری</title>
<!-- Bootstrap core CSS -->
<link href="<?php echo base_url();?>template/css/bootstrap.rtl.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="<?php echo base_url();?>template/style.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<script src="js/respond.min.js"></script>
<![endif]-->
</head>
<body id="login">
<div class="login-content">
<div class="widget-content">
<h1>سامانه مدیریت مشتریان</h1>
<div class="alert alert-danger"><?php echo $message;?></div>
<?php echo form_open('auth/login', array('role'=>'form')); ?>
<div class="form-group">
<label for="identity">شناسه کاربری:</label>
<div class="input-group"> <span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
<?php echo form_input(array('name'=>'identity', 'type'=>'text', 'placeholder'=>'نام کاربری یا ایمیل', 'class'=>'form-control', 'id'=>'identity')); ?>
</div>
</div>
<div class="form-group">
<label for="pass">گذرواژه:</label>
<div class="input-group"> <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
<?php echo form_input(array('name'=>'pass', 'type'=>'password', 'placeholder'=>'گذرواژه', 'class'=>'form-control')); ?>
</div>
</div>
<div class="checkbox">
<div class="col-sm-offset-1 col-sm-12">
<label>
<?php echo form_checkbox(array('name'=>'remember', 'value'=>1, 'type'=>'checkbox')); ?>
مرا به خاطر بسپار </label>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-1 col-sm-12">
<input type="submit" class="btn btn-default" value="ورود" />
</div>
</div>
<?php echo form_close(); ?>
<div class="forgot">
<ul class="list-unstyled">
<li> <i class="glyphicon glyphicon-chevron-left"></i> <a href="<?php echo site_url("main/registration");?>">ایجاد حساب کاربری جدید</a> </li>
<li> <i class="glyphicon glyphicon-chevron-left"></i> <a href="<?php echo site_url("main/forgot");?>">رمز عبور خود را فراموش کرده اید؟</a> </li>
</ul>
</div>
</div>
</div>
<!-- /.container -->
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="js/jquery.js"></script>
<script src="js/bootstrap.rtl.min.js"></script>
</body>
</html>
解决方案
The problem solved by this Solution:
set
$config['cookie_secure']in config file to FALSE if you're using HTTP.
这篇关于codeigniter CSRF错误:“您请求的操作不被允许。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
