I'm trying to use codeigniter with CSRF protection enabled. I've read the already answered solutions here and here But that didnt seem to resolve the issue. At some point the "Action you requested is not allowed"
error is solved, but now it doesnt load the form validation helper. It throws 'Unable to load the requested file: helpers/form_validation_helper.php` What must have gone wrong?
Here's the controller file:
class Home extends CI_Controller {
function __construct(){
parent::__construct();
$this->load->helper('form');
}
public function index(){
$data['title'] = "Home";
$data['main_content'] = 'frontend/index';
$this->load->view("frontend/includes/template", $data);
}
public function contact(){
$data['title'] = "Contact Us";
$data['main_content'] = 'frontend/contact';
$this->load->view('frontend/includes/template', $data);
}
//submit functions
public function contact_submit(){
$send_clicked = $this->input->post('sub');
if(isset($send_clicked)){
$this->load->helper('date');
$this->load->helper('form_validation');
$this->form_validation->set_rules('name', 'Name', 'trim|required|max_length[40]|xss_clean');
$this->form_validation->set_rules('email', 'Email Address', 'trim|required|max_length[50]|xss_clean');
$this->form_validation->set_rules('subject', 'Subject', 'trim|required|max_length[100]|xss_clean');
$this->form_validation->set_rules('message', 'Message', 'trim|required|max_length[1000]|xss_clean');
if ($this->form_validation->run() == FALSE) {
} else {
$clean_name = $this->input->post('name');
$clean_email = $this->input->post('email');
$clean_subject = $this->input->post('subject');
$clean_message = $this->input->post('message');
$date = now();
$db_data = array(
'name' => $clean_name,
'email' => $clean_email,
'subject' => $clean_subject,
'message' => $clean_message,
'date_posted' => $date
);
print_r($db_data);
}
}
}
public function page_missing(){
$data['title'] = "404 Page Missing";
$data['main_content'] = 'frontend/404';
$this->load->view("frontend/includes/template", $data);
}
}
Here's some configs of config.php that i made changes to:
$config['sess_cookie_name'] = 'qtd_sess';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'qtd_sess';
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
$config['global_xss_filtering'] = TRUE;
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
Here some part of the view:
<!-- Start Contact Form -->
<?php $attributes = array('class' => 'contact-form', 'id' => 'contact-form');
echo form_open('home/contact_submit', $attributes); ?>
<div class="form-group">
<div class="controls">
<input type="text" placeholder="Name" name="name">
</div>
</div>
<div class="form-group">
<div class="controls">
<input type="email" class="email" placeholder="Email" name="email">
</div>
</div>
<div class="form-group">
<div class="controls">
<input type="text" class="requiredField" placeholder="Subject" name="subject">
</div>
</div>
<div class="form-group">
<div class="controls">
<textarea rows="7" placeholder="Message" name="message"></textarea>
</div>
</div>
<button type="submit" id="submit" name="sub" class="btn-system btn-large">Send</button>
<div id="success" style="color:#34495e;"></div>
</form>
<!-- End Contact Form -->