Sander Van Keer Sander Van Keer - 1 month ago 12
PHP Question

The action you have have requested is not allowed. Codigniter

I'm trying to make a simple login system in codeigniter. When I click on my button login I get an error: "The action you have requested is not allowed."

When I open my console I see this: "POST http://localhost/PHP/PROJECT/CodeIgniter/ 403 (Forbidden)"

This is my view:


<h1>LOG IN!</h1>

<form action="" method="post">

<label for="username">Username:</label>
<input type="text" id="username" name="username" >

<label for="password">Password</label>
<input type="password" id="password" name="password" >
<br>
<button id="btn_login" name="btn_login" >LOG IN!</button>



</form>

<div class="errors" ><?php echo validation_errors(); ?></div>


</body>


This is my model:


public $m_sUsername;
public $m_sPassword;
public $m_sEmail;
public $m_sPicture;

function __construct()
{
parent::__construct();
}


function get_user($username, $password)
{

$this->db->select("username","password");
$this->db->from(user);
$this->db->where('username',$username);
$this->db->where('password',$password);
$this->db->limit(1);

$query = $this->db->get();
return $query->num_rows();
}


}


and this is my controller:

<?php

class Login extends CI_Controller
{
function __construct()
{
parent::__construct();
$this->load->library('session');
$this->load->helper('form');
$this->load->helper('url');
$this->load->helper('html');
$this->load->database();
$this->load->library('form_validation');
$this->load->model("User_model", "", true);

}

public function index()
{
if($this->input->server('REQUEST_METHOD') == 'POST'){
$username = $this->input->post("username");
$password = $this->input->post("password");


$this->form_validation->set_rules("username", "Username", "trim|required");
$this->form_validation->set_rules("password", "Password", "trim|required");

if ($this->form_validation->run() == FALSE)
{
//validation fails
echo "Vul alle velden in";
}
else
{
//validation succeeds
if ($this->input->post('btn_login') == "Login")
{
//check if username and password is correct
$usr_result = $this->User_model->get_user($username, $password);
if ($usr_result > 0) //active user record is present
{
echo 'Ingelogd!';
}
else
{
echo "Wrong!";
}
}

}
}
$this->load->view("admin/login_view.php");


}
}


Does anyone know how to solve this problem?

Thanks!

Answer

Check your config.php if $config['csrf_protection'] = TRUE;

If it is set to true you need to use form_open(), this will auto append the 'ci_csrf_token'. Otherwise you can just set to FALSE.

But its advisable to set it to TRUE. But you need to make sure all your request includes the ci_csrf_token including AJAX request.

https://ellislab.com/codeigniter/user-guide/helpers/form_helper.html

Comments