Amir Hussain
Learner
Codeigniter CSRF Error on Ajax Submit Post Error 403
I’m trying to implement CSRF Token authentication on my system. Below is my config.phpI’m trying to implement CSRF Token authentication on my system. Below is my config.php
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'tokenizer';
$config['csrf_cookie_name'] = 'Qwerty&(*Asdsfdgf8564!@#)';
$config['csrf_expire'] = 3600;
$config['csrf_regenerate'] = FALSE;
$config['csrf_exclude_uris'] = array();And my form implementation :
<form class="login_form" id="login_form">
<?php
$csrf = array(
'name' => $this->security->get_csrf_token_name(),
'hash' => $this->security->get_csrf_hash()
);
?>
<input type="text" name="<?= $csrf['name']; ?>" value="<?= $csrf['hash']; ?>" />
<h1>Login Form</h1>
<div class="input-icons">
<input type="text" class="form-control" id="username" placeholder="Email/Phone No" name="username" required="" />
<span class="fa fa-user"></span>
</div>
<div class="input-icons">
<input type="password" class="form-control password" id="password" name="password" placeholder="Password" required="" />
<span class="fa fa-lock"></span>
</div>
<div>
<button class="btn" type="submit" >Login</button>
</br>
<label class="psw"> <a href="#">Forgot Password?</a></label>
</div>
<div class="separator">
<div>
<img src="<?php echo base_url(); ?>assets/login/images/moh.png" width="31%" height="40" >
<img src="<?php echo base_url(); ?>assets/login/images/nascop_logo.png" width="31%" height="40" >
<img src="<?php echo base_url(); ?>assets/login/images/logo_3.png" width="31%" height="40" >
<br/>
<p>©2016 . Powered by mHEALTH Kenya . Privacy and Terms</p>
</div>
</div>
</form>Through jquery , I submit the above form as a POST request in the following manner :
$('.login_form').submit(function (event) {
$(".loader").show();
dataString = $(".login_form").serialize();
$(".btn").prop('disabled', true);
$.ajax({
type: "POST",
url: "<?php echo base_url(); ?>login/check_auth",
data: dataString,
success: function (data) {
$(".loader").hide();
if (data == "Login Success") {
swal({
title: "Login Success!",
text: "You will be redirected to your Home page in a few.",
imageUrl: '<?php echo base_url(); ?>assets/images/thumbs-up.jpg'
});
setTimeout(function () {
window.location.href = "<?php echo base_url(); ?>";
}, 3000);
} else if (data == "User does not exist") {
$(".btn").prop('disabled', false);
swal("Oops", "User does not exist...", "info");
} else if (data == "Wrong Password") {
$(".btn").prop('disabled', false);
swal("Error", "Wrong password", "warning");
} else if (data == "Pass Exp") {
$(".btn").prop('disabled', false);
swal({
title: "Password Expired!",
text: "Your password has expired please reset before accessing the system."
});
setTimeout(function () {
window.location.href = "<?php echo base_url(); ?>";
}, 3000);
}
}
});
event.preventDefault();
return false;
});Without the activation of the CSRF Token , the page works very well but with the activation, I get a 403 Forbidden error. so help me
Share