-
2/21/2015 Secure Your CodeIgniter Application using CSRF Token | Sujit Shah
http://www.sks.com.np/secure-your-codeigniter-application-using-csrf-token/ 1/6
Suj i t ShahW e b D e v e l o p e r N e p a l
Secure Your CodeIgniter Application usingCSRF Token
October27,2014 byadmin inCodeIgniter
Inthistutorial,wewilllearnhowtomakeourwebsitemoresecure&protectfromCSRFwhenweareusingCodeIgniterwebapplicationframework.WethanksCodeIgniterteamwhogivinginbuiltsupportCrossSiteRquestForgery(CSRForXSRF).
ToenableCSRFprotectionCodeIgniterFrameworkwillautomaticallyprotectformsorAJAXcallsfromCSRFwhenweuseformhelperandincustomform,weneedtocallCSRFtokenname&itsvalueinhiddeninputfieldandsendwithPOSTrequests.
Enable CSRF in Config fileToenableCSRFprotectionweneedtomodifyconfigfileofCodeIgniterFramework.WejustneedtochangeTUREinsteadofFALSEinourapplication/config/config.phpfileforexample:$config['csrf_protection']=TRUE
AfterchangingourwebapplicationissecurewithCSRFprotection.ButifweusedcustomforminsteadofCodeIgniterformhelperthePOSTrequestwillfailandshowingfollowingerror:
ItmeansourCSRFprotectionisworking,andweneedtoupdatetheformstoaddaCSFRtokentothePOSTdata.
Why Hire Me?
7+yearsofexperienceinWeb
Development
ExpertiseinCustomPHP&
MySql
ExpertiseinPHPFramework
Yii&CI
ExpertiseinOpenSource
CMS&Wordpress
ExpertiseinOpenSource
Ecommerce
ExpertiseinVariousPayment
GatewayIntegrations
ExperienceinResponsive
CSSFrameworkBootstrap&
Foundation
Workunderyourspecialized
visionandconcepts
PricingisbothFairand
Reasonable
Home My Profile CodeIgniter PHP & MYSQL Ajax & jQueryOthers Contact us
-
2/21/2015 Secure Your CodeIgniter Application using CSRF Token | Sujit Shah
http://www.sks.com.np/secure-your-codeigniter-application-using-csrf-token/ 2/6
Used CSRF Tokens using formhelper or ManuallyWehavetwowaytoaddCSRFtokensifwearethinkingtoupdateyourformwithCodeIgniterformhelperclassthenCSRFtokenswillautomaticaddedorifyouarethinkingtoadjustincustomformthenweneedtoaddcustomhiddeninputnameanditsvalue.
Whenwewilluseformhelperclass:
UsingformhelperclasswillautomaticallyaddedinputfiledintotheformwitharandomtokenvaluetopreventCSRF.
Output:
Whenweusecustomform:
WeneedtoaddainputfiledtopreventourcustomformwithCSRF.
Forexample:
-
2/21/2015 Secure Your CodeIgniter Application using CSRF Token | Sujit Shah
http://www.sks.com.np/secure-your-codeigniter-application-using-csrf-token/ 3/6
How to use in AJAX/jQuery CallIfweareusingAJAXinourwebapplicationandtokenisnotpasswithPOSTdatathenCodeIgniterwillreturnaerror500(InternalServerError).ItmeanweneedtousedCSRFtokenalltheformsandpasswiththePOSTdata.TherearemanywaytopassCSRFtokenwithPOSTdataanditsdependsonyoubecausethereareformshelperclasswhichisautomaticallyaddedandcustomfieldwhereweneedtomanuallycodedandcallCSRFtokennameanditsrandomvalue.
ForExample:
varcsrf_token=''
$.post('POSTURL',{data:'value','csrf_test_name':
csrf_value},function(response){
//response
},'json')
How to use CSRF in AJAX/jQuerySerializationIfyouarethinktousedAJAXSerializationthenyouhaveveryeasyandjustopenandclosedyourformusingformhelperclassofCodeIgniter.
Forexample:
Tag Cloud
Ajax&jQuery BasicBasicsecurityvulnerabilitiesinphp
code BasicSEO Beginner
BeginningSearchengineoptimization
BestPracticesforSpeedingUpYour
WebSite CodeIgniter
CodeIgniter CodeIgniterFramework CSRFinAJAX/jQuery
CSRFToken DatabaseOverload
Enablejavascriptmozillafirefox
googlesearchengineoptimization
HowdoIenableJavaScriptinmy
browser HowtoreduceCPUusage?
HowtouseCSRFToken? IE6 IE7
Makeyourwebsiteloadfaster MySql
CPUusage nuSOAP
Others PHPPHP&MYSQL PHPSecurityphpwebservice PHPwebsitesecurity
issue ReduceHighCPUusage
overload Regex Rule SEOConsult
SOAP ThirdPartyAPI Top10SEO
him.100%recommended.JamesPowAustralia
Heisprofessionalandprovidinggreatjobalways.Iwillrecommendhimtomyfriendsalso.Thanks!!!BinayAryalCEO
-
2/21/2015 Secure Your CodeIgniter Application using CSRF Token | Sujit Shah
http://www.sks.com.np/secure-your-codeigniter-application-using-csrf-token/ 4/6
Previous
$.post(ajax_url,$('#login).serialize(),function(response
){
//response
},'json')
Disable CSRF for Third Party APIWhenweareusingThirdPartyAPIorFacebookAPI/TwitterAPIinourwebsiteapplicationthenweneedtodisableCSRFprotectionintheresponsecontrollerorfunction(method).Forthisweneedtodisableourcontrollerorfunctiononly,
Forexample:
if(isset($_SERVER["REQUEST_URI"])){
if(stripos($_SERVER["REQUEST_URI"],'/ajax/')===
FALSEAND#allajaxcontrollers
stripos($_SERVER["REQUEST_URI"],'/facebook_app/)
===FALSEAND#allfacebookcontrollers
stripos($_SERVER["REQUEST_URI"],'/twitter_app/login')
===FALSEAND#onlyloginfunction
){
$config['csrf_protection']=TRUE
}else{
$config['csrf_protection']=FALSE
}
}else{
$config['csrf_protection']=TRUE
}
Tags: CodeIgniter CodeIgniterFramework CSRFinAJAX/jQuery
CSRFToken HowtouseCSRFToken? ThirdPartyAPI
Post a Comment
Youremailaddresswillnotbepublished.Requiredfieldsaremarked*
Name*
Tips Validation webservice Web
SiteOptimization XML
-
2/21/2015 Secure Your CodeIgniter Application using CSRF Token | Sujit Shah
http://www.sks.com.np/secure-your-codeigniter-application-using-csrf-token/ 5/6
Email*
Website
Captcha*
4+5=
Comment
SUBMIT
TechnicalExperience
PHP&MySql
PHPFramework
CodeIgniter&Yii
Wordpress
Drupal
Foundation
Framework
Bootstrapframework
JavaScript,Ajax,
jQuery
HTML,HTML5,
CSS,CSS3
WebsiteServices
WebDesign/
Responsive
WebDevelopment&
Maintenance
Custom&Open
SourceCMS
Custom&Open
SourceEcommerce
Auction/Bidding
Software
Classified/Real
State/JobsWebsite
PaymentGateway
Solution
APIIntegration/
webService
Popular Posts
SecureYour
CodeIgniter
Applicationusing
CSRFToken
MultipleThemesin
CodeIgniterlike
WordPress
HowtocreateREST
APIinPHP?
ReduceHighCPU
usageoverload
problemcausedby
MySql
SimpleJQuery
Accordionmenu
Ajaxautocomplete
usingPHP&
MySQL
FreelanceWebDeveloper
761 orang menyukaiFreelance WebDeveloper.
Suka
-
2/21/2015 Secure Your CodeIgniter Application using CSRF Token | Sujit Shah
http://www.sks.com.np/secure-your-codeigniter-application-using-csrf-token/ 6/6
SolutionXMLWebService
usingPHPand
SOAP
Copyright20122013SujitShah..
Tags:PHPProgrammerNepal,WebDeveloperNepal,WebsiteDesigner,CodeIgniterDeveloper,YiiFramework,
Wordpres,OpenCart,Drupal,FrontEndDeveloper,ResponsiveDeveloper,Bootstrap,Foundation,FreelancePHP
MySqlProgrammerNepal,ExpertProgrammerNepal,PHP,MySql,LAMP,Linux,Apache,SVN,JavaScript,Ajax,
jQuery,HTML,HTML5,CSS,CSS3,XML,SOAP,PSDtoXHTML,ResponsiveWebDesign,WebDevelopment,CMS,
Ecommerce,Classified,Jobportal,Travel&tours,PennyAuction,LowestUniqueBidAuction,ReverseAuction,Price
RevealAuction,PaymentGatewayIntegration,Nepal,India,HongKong,Australia,UK,USA,Singapore,Germany,
Canada,Netherlands,NewZealand,Norway,Italy