堆栈内存溢出
  繁体   English   中英

使用CSRF Codeigniter和Ajax登录

[英]Login with CSRF codeigniter and ajax

 原文  2017-02-14 03:19:21       javascript/ php/ jquery/ ajax/ codeigniter

问题描述

我将使用CSRF codeigniter和ajax进行安全登录。 但是我的语法有问题。 和$ config ['csrf_protection'] = TRUE;

这是我的形式: 

<?php echo form_open('admin/info_type_user_log/log_admin',array('id' => 'form-loginx'));?>
        <div class="input-group" style="margin-bottom:10px;">
            <span class="input-group-addon lab"><span class="glyphicon glyphicon-user"></span></span>
            <input type="text" name="username" id="username" class="form-control inp usernamex" placeholder="username" required>
        </div>
        <div class="input-group" style="margin-bottom:10px;">
            <span class="input-group-addon lab"><span class="glyphicon glyphicon-lock"></span></span>
            <input type="password" name="password" id="password" class="form-control inp passwordx" placeholder="password" required>
        </div>
        <button type="submit" name="submit" class="submit_login btn btn-md btn-primary">Login</button>
        <label><input type="checkbox" class="lihat"> lihat password</label>
        <?php echo form_close();?>

这是我的javascript: 

$('#form-loginx').submit(function(e){ // Create `click` event function for login
        e.preventDefault();
        var csrfName = '<?php echo $this->security->get_csrf_token_name(); ?>',
            csrfHash = '<?php echo $this->security->get_csrf_hash(); ?>';
        var me = $(this);
        $('.submit_login').html('Loading ...'); //Loading button text 

        $.ajax({ // Send the credential values to another checker.php using Ajax in POST menthod
            url  : me.attr('action'),
            type : 'POST',
            data : {csrfName:csrfHash,me.serialize},
            dataType : 'json',
        success: function(response){ // Get the result and asign to each cases
            $('.submit_login').html('Login'); //Loading button text 
            if(response == true){
                $(".alert-sukses").html("Sedang mengarahkan..").slideToggle("fast").delay(3000).slideToggle("fast");
                window.location.href = 'admin/info_type_user_log';
            }else {
                gagal();
            }
        }
        });
    });

和我的控制器: 

function log_admin(){       
    $reponse = array('success' => true);
    $user = $this->security->xss_clean($this->input->post('username'));
    $pass = $this->security->xss_clean($this->input->post('password'));

     $reponse = array(
            'csrfName' => $this->security->get_csrf_token_name(),
            'csrfHash' => $this->security->get_csrf_hash()
            );

    $cek = $this->model_admst->valid_log($user, md5($pass));

    if($cek->num_rows() > 0){

        foreach($cek->result() as $data){
            $sess_data['id']            = $data->id;
            $sess_data['nama_depan']    = $data->nama_depan;
            $sess_data['nama_belakang'] = $data->nama_belakang;
            $sess_data['email']         = $data->email;
            $sess_data['username']      = $data->username;
            $sess_data['gb_user']       = $data->gb_user;
            $sess_data['last_login']    = $data->last_login;
            $sess_data['log_access']    = "TRUE_OK_1";

            $this->session->set_userdata($sess_data);
            $this->model_admst->updateLastlogin($data->id);
            log_helper("login", "akses login sukses");
        }

        $reponse['success'] = true;
    }else{
        $reponse['success'] = false;
    }
    echo json_encode($reponse);
 }

我的模型是: 

function valid_log($user,$pass){
    $this->db->where('username', $user);
    $this->db->where('password', $pass);
    $this->db->where('status', 'aktif');
    $this->db->where('level', 'admjosslog21');
    $this->db->where('akses', '1');
    return $this->db->get('user');
}

3 个解决方案

解决方案1
 0  2017-02-14 05:55:45

在ajax中传递token namehash key ,然后通过控制器中的post获得它 

  data : {csrfName:csrfName,csrfHash:csrfHash,me.serialize},

在控制器中 

 $reponse = array(
        'csrfName' => $this->input->post('csrfName'),
        'csrfHash' => $this->input->post('csrfHash')
        );

解决方案2
 0 已采纳  2017-02-16 08:55:14

试试这个代码 

$("#state1").change(function () {
            $.ajax({
                url: "<?php echo base_url('admin/get_districtsfromstates'); ?>",
                type: "POST",
                data: {id: $(this).val(),'<?php echo $this->security->get_csrf_token_name(); ?>': '<?php echo $this->security->get_csrf_hash(); ?>'},
                success: function (data)
                {
                    $("#district1").html(data);
                }
            });
        });

解决方案3
 0  2017-05-29 14:44:01

Javascript中的PHP是一个丑陋的解决方案,只需将脚本列入白名单,如下所示: 

$config['csrf_exclude_uris'] = array(
'admin/log_admin', '...', '...',
);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Codeigniter CSRF Ajax错误 Codeigniter ajax CSRF问题 Codeigniter(CSRF)jQuery ajax问题 用于ajax的csrf令牌在codeigniter中序列化数据 Codeigniter使用CSRF从ajax获取数据 使用数据表Ajax URL的Codeigniter CSRF保护 Codeigniter AJAX JQuery csrf_protection星级脚本 Codeigniter Ajax表单使用CS cookie的jQuery cookie提交不需要的帖子 TypeError:使用codeigniter的登录/注册ajax,数据为null CodeIgniter CSRF 403错误
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM