I’m trying to implement CSRF Token authentication on my system. Below is my config.phpI’m trying to implement CSRF Token authentication on my system. Below is my config.php
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'tokenizer';
$config['csrf_cookie_name'] = 'Qwerty&(*Asdsfdgf8564!@#)';
$config['csrf_expire'] = 3600;
$config['csrf_regenerate'] = FALSE;
$config['csrf_exclude_uris'] = array();And my form implementation :
<form class="login_form" id="login_form">
<?php
$csrf = array(
'name' => $this->security->get_csrf_token_name(),
'hash' => $this->security->get_csrf_hash()
);
?>
<input type="text" name="<?= $csrf['name']; ?>" value="<?= $csrf['hash']; ?>" />
<h1>Login Form</h1>
<div class="input-icons">
<input type="text" class="form-control" id="username" placeholder="Email/Phone No" name="username" required="" />
<span class="fa fa-user"></span>
</div>
<div class="input-icons">
<input type="password" class="form-control password" id="password" name="password" placeholder="Password" required="" />
<span class="fa fa-lock"></span>
</div>
<div>
<button class="btn" type="submit" >Login</button>
</br>
<label class="psw"> <a href="#">Forgot Password?</a></label>
</div>
<div class="separator">
<div>
<img src="<?php echo base_url(); ?>assets/login/images/moh.png" width="31%" height="40" >
<img src="<?php echo base_url(); ?>assets/login/images/nascop_logo.png" width="31%" height="40" >
<img src="<?php echo base_url(); ?>assets/login/images/logo_3.png" width="31%" height="40" >
<br/>
<p>©2016 . Powered by mHEALTH Kenya . Privacy and Terms</p>
</div>
</div>
</form>Through jquery , I submit the above form as a POST request in the following manner :
$('.login_form').submit(function (event) {
$(".loader").show();
dataString = $(".login_form").serialize();
$(".btn").prop('disabled', true);
$.ajax({
type: "POST",
url: "<?php echo base_url(); ?>login/check_auth",
data: dataString,
success: function (data) {
$(".loader").hide();
if (data == "Login Success") {
swal({
title: "Login Success!",
text: "You will be redirected to your Home page in a few.",
imageUrl: '<?php echo base_url(); ?>assets/images/thumbs-up.jpg'
});
setTimeout(function () {
window.location.href = "<?php echo base_url(); ?>";
}, 3000);
} else if (data == "User does not exist") {
$(".btn").prop('disabled', false);
swal("Oops", "User does not exist...", "info");
} else if (data == "Wrong Password") {
$(".btn").prop('disabled', false);
swal("Error", "Wrong password", "warning");
} else if (data == "Pass Exp") {
$(".btn").prop('disabled', false);
swal({
title: "Password Expired!",
text: "Your password has expired please reset before accessing the system."
});
setTimeout(function () {
window.location.href = "<?php echo base_url(); ?>";
}, 3000);
}
}
});
event.preventDefault();
return false;
});Without the activation of the CSRF Token , the page works very well but with the activation, I get a 403 Forbidden error. so help me