I encountered problem with codeigniter. I want to update my profile page. I have problem when passing data from textbox in view to controller. In controller Profile.php, i have print_r $data that show no data get from view. Hope you guys can help me. Thank you.
View profile.php
if(isset($profile)){
?>
<?php echo validation_errors();?>
<?php echo form_open('profile/update_profile'); ?>
<div class="field half first"><input type="password" name="pass" placeholder="Password" value="<?php echo $profile['password']; ?>" /></div>
<div class="field half"><input type="password" name="con_pass" placeholder="Confirm Password" value="<?php echo $profile['con_password']; ?>" /></div>
<div class="field half"><input type="text" name="phone_no" placeholder="Phone Number" value="<?php echo $profile['phone_no']; ?>" /></div>
<li><?php echo form_submit(array('id' => 'submit', 'value' => 'Update')); ?></li>
</ul>
<?php echo validation_errors();?>
<?php echo form_close(); ?>
<?php
}
?>
Controller Profile.php
public function update_profile(){
$email = $_SESSION['email'];
// $data['profile'] = $this->profile_model->getprofile($email);
$data = array(
'password' => $this->input->post('pass'),
'con_password' => $this->input->post('con_pass'),
'phone_no' => $this->input->post('phone_no')
);
print_r($data);
if($this->profile_model->updateprofile($email,$data))
{
$this->load->view('provider/profile', $data);
}
}
Model profile_model.php
public function updateprofile($email, $data){
$this->db->where('email', $email);
return $this->db->update('user', $data);
}
}
Try like below with form validation
https://www.codeigniter.com/user_guide/libraries/form_validation.html
https://www.codeigniter.com/user_guide/libraries/form_validation.html#rule-reference
EXAMPLE
public function update_profile() {
$this->load->library('form_validation');
// You can change what you want set for the rules your self this just example:
$this->form_validation->set_rules('pass', 'pass', 'trim|required');
$this->form_validation->set_rules('con_pass', 'con_pass', 'trim|required|matches[pass]');
$this->form_validation->set_rules('phone_no', 'phone_no', 'trim|required');
if ($this->form_validation->run() == TRUE) {
// Update model stuff
}
$email = $_SESSION['email']; // User id instead of email.
$profile_data = $this->users_model->getprofile($email);
if ($this->input->post('pass')) {
$data['pass'] = $this->input->post('pass');
} elseif (!empty($profile_data)) {
$data['pass'] = $profile_data['pass'];
} else {
$data['pass'] = '';
}
if ($this->input->post('con_pass')) {
$data['con_pass'] = $this->input->post('con_pass');
} elseif (!empty($profile_data)) {
$data['con_pass'] = $profile_data['con_pass'];
} else {
$data['con_pass'] = '';
}
if ($this->input->post('phone_no')) {
$data['phone_no'] = $this->input->post('phone_no');
} elseif (!empty($profile_data)) {
$data['phone_no'] = $profile_data['phone_no'];
} else {
$data['phone_no'] = '';
}
$this->load->view('provider/profile', $data);
}
Model function
public function getprofile($email) {
$this->db->where('email', $email);
$query = $this->db->get('users');
return $query->row_array();
}
View Example
<?php echo form_open('profile/update_profile'); ?>
<?php echo validation_errors();?>
<input type="password" name="pass" value="<?php echo set_value('pass', $pass);?>"/>
<input type="password" name="con_pass" value="<?php echo set_value('con_pass', $con_pass);?>"/>
<input type="text" name="phone_no" value="<?php echo set_value('phone_no', $phone_no);?>" />
<?php echo form_submit(array('id' => 'submit', 'value' => 'Update')); ?>
<?php echo form_close();?>
Related
Hi i am a blog page where i will be inserting blogs from admin panel.while inserting blogs into database i need to insert admin username as well into the database for the blogs.How to get the admin username and insert into blogs table.
Controller:
function addblogs()
{
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('<br /><span class="error"> ','</span>');
$this->form_validation->set_rules('blog_title','Blog Title');
$this->form_validation->set_rules('description','Blog Description');
if($this->form_validation->run()== FALSE)
{
$data['mainpage']='blogs';
$data['mode']='add';
$this->load->view('templates/template',$data);
}
else
{
$this -> blogs_model -> insertblogs();
$this->flash->success('<h2>blogs Added Successfully!</h2>');
redirect('blogs');
}
}
Model:
function insertblogs()
{
$username = $_SESSION['name'];
$title=$this->input->post('blog_title');
$result = str_replace(" ", "-", $title);
$data=array(
'blog_title'=>$this->input->post('blog_title'),
'blogtitle'=>$result,
'description'=>$this->input->post('description'),
'user'=>$username
);
$this->db->insert('blogs',$data);
}
}
View:
<?php
$form_attributes = array('name'=>'adds', 'id'=>'adds', 'enctype' => "multipart/form-data");
echo form_open('blogs/addblogs',$form_attributes);
?>
<div class="element">
<label for="blogtitle"><font color ="black">Blog Title</font></label>
<input class="text err" type="text" name="blog_title" id="blog_title" value="<?php echo set_value('blog_title');?>"/>
</div>
<div class="element">
<label for="description"><font color ="black">Blog Description</font></label>
<textarea name="description" id="myArea1" rows="4" cols="173"></textarea>
</div> <br/>
<div align="center">
<input type="submit" id="submit" value="Submit" />
</div>
<div class="clear"></div>
<?php echo form_close();?>
Login Controller:
if($this->session->userdata('admin_logged_in')){
$data['admin_details'] = $this->session->userdata('admin_logged_in');
$data['records']=$this->career_model->get_jobs_list();
$data['mode'] = "all";
$data['mainpage'] = "career";
$this->load->view('templates/template', $data);
}
else{
$this->load->view('login');
}
Login Model:
<?php
class login_model extends MY_Model
{
function login_user($user_name = '', $password=''){
$userdetails = array(
'user_name' => $user_name,
'password' => md5($password),
);
$this->db->where($userdetails);
$query = $this->db->get('login_details');
if($query->num_rows()):
$user = $query->result();
$sess_arry = array(
'user_id' => $user[0]->user_id,
'name' => $user[0]->name
);
$this->session->set_userdata('admin_logged_in', $sess_arry); //add admin details to session
return true;
else:
return false;
endif;
}
}
You can some change your model in insertblogs() method like that :
$this->load->library('session');
$logged_data = $this->session->userdata('admin_logged_in');
$user_id = $logged_data['user_id'];
$user_name = $logged_data['name'];
$username = $user_name;//$_SESSION['name'];
You can get the name of the logged-in user by:
$username = $this->session->userdata('username');
now you can use this $username to insert it in database or you can perform some other functionality.
I have this edit page that has gets its id and status from uri segments. The problem is that if the user doesn't select an image or complete a part of the form, the page is supposed to reload and show the validation errors for the form. However that page reload causes the data in the form to go missing. Is there a way to solve this issue? Any help would be greatly appreciated. I attached my view, and controller
View
<?php if($edit == "false"){
echo form_open_multipart('Control/Products/ProductDetail/addProduct','class="productdetail"');
}else{
echo form_open_multipart('Control/Products/ProductDetail/editProduct','class="productdetail"');
}?>
<label for="inputproductname">Product Name</label>
<input type="text" class="form-control" id="inputproductname" name="inputproductname" placeholder="Name" value="<?php echo $name; ?>">
<label for="inputproductdescription">Product Description</label>
<textarea class="form-control" id="inputproductdescription" name="inputproductdescription" placeholder="Description" rows="7"
><?php echo $description; ?></textarea>
<label for="inputproductprice">Product Price</label>
<input type="price" class="form-control" id="inputproductprice" name="inputproductprice" placeholder="Price" value="<?php echo $price; ?>">
<label for="inputproductimage">Product Image</label>
<p><input type="file" class="form-control-file" name="upload" id="upload" aria-describedby="fileHelp"></p>
<input type="hidden" class="form-control" id="inputcurrentid" name="inputcurrentid" value="<?php echo $currentid; ?>">
<input type="hidden" class="form-control" id="inputcurrentstatus" name="inputcurrentstatus" value="<?php echo $currentstatus; ?>">
<button type="submit" class="btn btn-primary">
<?php if($edit == "false"){
echo "Add";
}else{
echo "Edit";
}?>
</button>
Cancel
<?php echo form_close(); ?>
<?php echo validation_errors(); ?>
<p><?php echo $this->session->flashdata('Form'); ?></p>
Controller
public function index(){
$productid = $this->uri->segment(5);
$editstatus = $this->uri->segment(6);
if($editstatus == "false"){
$data['name'] = '';
$data['description'] = '';
$data['price'] = '';
$data['edit'] = "false";
$data['message']='';
$data['currentid'] = '';
$data['currentstatus'] = '';
}else{
$product = $this->ProductsModel->getProduct($productid);
foreach ($product as $productdetail){
$data['name'] = $productdetail->name;
$data['description'] = $productdetail->description;
$data['price'] = $productdetail->price;
}
$data['edit'] = "true";
$data['message']='';
$data['currentid'] = $productid;
$data['currentstatus'] = $editstatus;
}
$this->load->view('control/controlMenu/navigationLink');
$this->load->view('control/controlProducts/productDetail',$data);
$this->load->view('control/controlMenu/navigationJquery');
}
public function editProduct(){
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
$this->form_validation->set_rules('inputproductname', 'Name', 'trim|required');
$this->form_validation->set_rules('inputproductdescription', 'Description', 'trim|required');
$this->form_validation->set_rules('inputproductprice', 'Price', 'trim|required');
if (empty($_FILES['userfile']['name']))
{
$this->form_validation->set_rules('upload', 'Image', 'required');
}
$inputproductname = $this->input->post('inputproductname');
$inputproductdescription = $this->input->post('inputproductdescription');
$inputproductprice = $this->input->post('inputproductprice');
$inputdateadded = date('Y-m-d');
$inputcurrentid = $this->input->post('inputcurrentid');
$inputcurrentstatus = $this->input->post('inputcurrentstatus');
$config['upload_path'] = $this->getProductImageFolderPath();
$config['allowed_types'] = 'jpg|jpeg|png';
$config['max_size'] = 3000;
$config['remove_spaces'] = TRUE;
$config['overwrite'] = TRUE;
$config['file_name'] = $inputproductname;
$this->load->library('upload', $config);
if($this->form_validation->run()==false){
redirect('/Control/Products/ProductDetail/index/'.$inputcurrentid.'/'.$inputcurrentstatus);
}else{
if(!$this->upload->do_upload('upload')){
$this->session->set_flashdata('Form',$this->upload->display_errors());
redirect('Control/'.$this->getCurrentModule().'/'.$this->getClassName());
}else{
$extension = $this->upload->data('file_ext');
$productdetails = array(
'name'=>$inputproductname,
'description'=>$inputproductdescription,
'price'=>$inputproductprice,
'imagePath'=>$config['upload_path'].$config['file_name'].$extension,
'dateAdded'=>$inputdateadded
);
$this->db->trans_start();
$this->ProductsModel->editProduct($productid,$productdetails);
$this->db->trans_complete();
if($this->db->trans_status()===false){
}else{
$this->session->set_flashdata('Form', $inputproductname . ' has been altered on the database');
redirect('/Control/Products/Products');
}
}
}
}
if($this->form_validation->run()==false){
redirect('/Control/Products/ProductDetail/index/'.$inputcurrentid.'/'.$inputcurrentstatus);
I think the problem with this redirect stmt don't use it instead you need to use load view so that it will preserves the errors array.
just do ths in your controller
if ($this->form_validation->run() == FALSE) {
$this->session->set_flashdata('field', form_error('field', '<span class="text-danger pl-3">', '</span>'));
redirect("url");
} else {
# code...
}
and in your redirect page use
<?= $this->session->flashdata('field'); ?>
Tried to read though all the webpages and docs in google and stack flow but still could not solve the problem.
I tried to do a simple data validation for registration form and it turns out showing another form below the original one after I press submit to show the error messages with a new form.
I am a newbie in this language so please let me know if I attache not enough codes or information.
Controller account:
<?php
class Account extends MY_Controller {
public function __construct() {
parent::__construct();
session_start();
$this->load->model('user');
$this->load->helper(array('form','url','html'));
$this->load->library('session');
$this->load->library('form_validation');
}
public function registration() {
$data = $this->user->users_info();
$this->load->view('account/registration',$data);
$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[20]');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
$this->form_validation->set_rules('password', 'Password ', 'required|matches[passconf]|min_length[5]');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');
if($this->input->post('submit')) {
$username= $this->input->post('username');
$email= $this->input->post('email');
$query_u= $this->user->retrieve_by_username($username);
$query_e= $this->user->retrieve_by_email($email);
if ($this->form_validation->run() == FALSE){
$this->load->view('account/registration',$data); ←---------------- (I think this is wrong, it makes load the second form out.)
}
else{
if(!empty($query_u) or !empty($query_e)) {
redirect('account/registrat');
}
else {
$data = array(
'username'=>$this->input->post('username'),
'email'=>$this->input->post('email'),
'password'=>$this->input->post('password'),
'is_admin'=>0,
);
$this->user->create_user($data);
redirect('/account/login');
}
}
}
}
View Registration.php
<center>
<?php echo form_open_multipart('account/registration'); ?>
<h5><?php echo $b_username;?> (Minimum 5 characters)</h5>
<input type="text" name="username" id="username" value="<?php echo set_value('username'); ?>" size="50" /><?php echo form_error('username'); ?>
<h5><?php echo $b_email;?></h5>
<input type="text" name="email" value="<?php echo set_value('email'); ?>" size="50" />
<?php echo form_error('email'); ?>
<h5><?php echo $b_password;?> (Minimum 5 characters)</h5>
<input type="text" name="password" value="<?php echo set_value('password'); ?>" size="50" />
<?php echo form_error('password'); ?>
<h5><?php echo $b_passconf;?></h5>
<input type="text" name="passconf" value="" size="50" />
<?php echo form_error('passconf'); ?>
<h5></h5>
<div><?php echo form_submit('submit', 'Submit') ?></div>
</center>
Model user.php
<?php
class User extends CI_Model {
function __construct() {
parent::__construct();
$this->load->database();
}
function users_info() {
$data['b_id'] = 'id';
$data['b_username'] = 'Username';
$data['b_email'] = 'Email';
$data['b_password'] = 'Password';
$data['b_passconf'] = 'Enter Password Again';
$data['b_is_admin'] = 'Is_admin';
$data['b_default_privacy'] = 'Default_privacy';
$data['b_first_name'] = 'First_Name';
$data['b_last_name'] = 'Last_Name';
$data['b_gender'] = 'Gender';
$data['b_birthday'] = 'Birthday';
$data['b_friend_id'] = 'Friend_id';
$data['b_weight'] = 'Weight';
$data['b_height'] = 'Height';
$data['b_daily_cal_intake'] = 'Daily_calorie_intake';
$data['b_target_weight'] = 'Target_weight';
$data['b_regional_id'] = 'Region';
$data['b_profile_pic'] = 'Profile Picture';
return $data;
}
function retrieve_by_username($username) {
$query = $this->db->get_where('001_users',array('username'=>$username));
return $query->row_array();
}
function retrieve_by_email($email) {
$query = $this->db->get_where('001_users', array('email'=>$email));
return $query->row_array();
}
Change your function to this and try..
public function registration()
{
$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[20]');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
$this->form_validation->set_rules('password', 'Password ', 'required|matches[passconf]|min_length[5]');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');
if ($this->form_validation->run() == false) // if validation fails for first time and every time when ever condtion is not satisified
{
$data = $this->user->users_info();
$this->load->view('account/registration',$data);
}
else
{
$username= $this->input->post('username');
$email= $this->input->post('email');
$query_u= $this->user->retrieve_by_username($username);
$query_e= $this->user->retrieve_by_email($email);
if(!empty($query_u) or !empty($query_e)) {
redirect('account/registrat');
}
else {
$data = array(
'username'=>$this->input->post('username'),
'email'=>$this->input->post('email'),
'password'=>$this->input->post('password'),
'is_admin'=>0
);
$this->user->create_user($data);
// send sucess msg here
redirect('/account/login');
}
}
}
I am trying to set the joeauty / RememberMe-CodeIgniter-Spark. I added the rememberme.php inside the config forler, the Rememberme.php inside system/libraries/ made the changes inside autoload.php and config.php and created 2 tables( ci_cookies and ci_sessions) into the database.
If don't click the checkbox I can login, but if I select the checkbox nothing happens.
This is my controller:
function __construct()
{
parent::__construct();
$this->load->model('registerclient_model','',TRUE);
}
function index()
{
if($this->session->userdata('logged_in') || $this->session->userdata('user_id'))
{ redirect('client_private_area', 'refresh');}
else{
$this->load->library('form_validation');
$this->form_validation->set_rules('email_address', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE)
{
$data['error'] = 'Invalid email address and/or password.';
$this->load->view('templates/header');
$this->load->view('pages/login/client_login', $data);
$this->load->view('templates/footer');
}
else
{
//Go to private area
redirect('client_private_area', 'refresh');
}
}
}
function check_database($password)
{
$email = $this->input->post('email_address');
$result = $this->registerclient_model->login($email, $password);
if($result){
if($this->input->post('netid') == "on"){
$this->rememberme->setCookie($this->input->post('netid'));
if ($this->rememberme->verifyCookie()) {
// find user id of cookie_user stored in application database
$user = User::findUser($cookie_user);
// set session if necessary
if (!$this->session->userdata('user_id')) {
$this->session->set_userdata('user_id', $user);
}
$this->user = $user;
}
else if ($this->session->userdata('user_id')) {
$this->user = $this->session->userdata('user_id');
}
}
else
{
$sess_array = array();
foreach($result as $row)
{
$sess_array = array(
'id' => $row->id,
'first_name' => $row->first_name,
'email_address' => $row->email_address
);
$this->session->set_userdata('logged_in', $sess_array);
}
return TRUE;
}
}
else
{
$this->form_validation->set_message('check_database', 'Invalid email address and/or password.');
return false;
}
}
this is my model:
function login($email, $password) {
//create query to connect user login database
$this->db->select('id, first_name, email_address, password');
$this->db->from('client_register');
$this->db->where('email_address', $email);
$this->db->where('password', $this->registerclient_model->hash($password));
$this->db->limit(1);
//get query and processing
$query = $this->db->get();
if($query->num_rows() == 1)
{
return $query->result(); //if data is true
}
else
{
return false; //if data is wrong
}
}
this is my view:
<div class="client_login_content_form">
<h1>CLIENT LOGIN FORM</h1>
<p class="loginform_error"><?php echo validation_errors(''); ?></p>
<?php echo form_open('verifylogin'); ?>
<ul>
<li><input type="text" size="20" id="email" name="email_address" value="<?php echo set_value('email_address'); ?>" required placeholder="Email Address"/></li>
<li><input type="password" size="20" id="passowrd" name="password" value="<?php echo set_value('password'); ?>" required placeholder="Password"/></li>
<li><p><input type="checkbox" name="netid" id="netid" checked>Remember me</p></li>
<li><input type="submit" class="login_content_form_button" value="LOG IN"/></li>
</ul>
<p class="forgot_login">Forgot your password?</p>
</form>
</div>
<form action="<?php echo site_url('admin'); ?>"><input type="submit" value="Admin" class="admin_button" /></form>
I am using Ben Edmunds Ion Auth Library.
I am having a problem with any function that uses the csrf_nonce methods - it is failing the check on post.
I have checked that the flashdata is getting set (I can see it in the form as a hidden input [edit_user for example]), but when you submit the form the flashdata check is failing.
I am using the database for the session if that makes any difference.
Code snippets;
Controller
function edit_user($id) {
$this->data['title'] = "Edit User";
if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin()) {
redirect('auth', 'refresh');
} //!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin()
$user = $this->ion_auth->user($id)->row();
$groups = $this->ion_auth->groups()->result_array();
$currentGroups = $this->ion_auth->get_users_groups($id)->result();
//process the phone number
if (isset($user->phone) && !empty($user->phone)) {
$user->phone = explode('-', $user->phone);
} //isset($user->phone) && !empty($user->phone)
//validate form input
$this->form_validation->set_rules('first_name', $this->lang->line('edit_user_validation_fname_label'), 'required|xss_clean');
$this->form_validation->set_rules('last_name', $this->lang->line('edit_user_validation_lname_label'), 'required|xss_clean');
$this->form_validation->set_rules('email', $this->lang->line('create_user_validation_email_label'), 'required|valid_email');
$this->form_validation->set_rules('company', $this->lang->line('edit_user_validation_company_label'), 'required|xss_clean');
$this->form_validation->set_rules('groups', $this->lang->line('edit_user_validation_groups_label'), 'xss_clean');
if (isset($_POST) && !empty($_POST)) {
// do we have a valid request?
if ($id != $this->input->post('id')) {
show_error($this->lang->line('error_csrf'));
} //$this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id')
$data = array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'company' => $this->input->post('company'),
'email' => $this->input->post('email')
);
//Update the groups user belongs to
$groupData = $this->input->post('groups');
if (isset($groupData) && !empty($groupData)) {
$this->ion_auth->remove_from_group('', $id);
foreach ($groupData as $grp) {
$this->ion_auth->add_to_group($grp, $id);
} //$groupData as $grp
} //isset($groupData) && !empty($groupData)
//update the password if it was posted
if ($this->input->post('password')) {
$this->form_validation->set_rules('password', $this->lang->line('edit_user_validation_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
$this->form_validation->set_rules('password_confirm', $this->lang->line('edit_user_validation_password_confirm_label'), 'required');
$data['password'] = $this->input->post('password');
} //$this->input->post('password')
if ($this->form_validation->run() === TRUE) {
$check = $this->ion_auth->update($user->id, $data);
if (FALSE == $check) {
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect("auth/edit-user/$id", 'refresh');
} else {
//check to see if we are creating the user
//redirect them back to the admin page
$this->session->set_flashdata('message', "User Saved");
redirect("auth/users", 'refresh');
}
} //$this->form_validation->run() === TRUE
} //isset($_POST) && !empty($_POST)
//display the edit user form
$this->data['csrf'] = $this->_get_csrf_nonce();
//set the flash data error message if there is one
$this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
//pass the user to the view
$this->data['user'] = $user;
$this->data['groups'] = $groups;
$this->data['currentGroups'] = $currentGroups;
$this->data['first_name'] = array(
'name' => 'first_name',
'id' => 'first_name',
'type' => 'text',
'value' => $this->form_validation->set_value('first_name', $user->first_name)
);
$this->data['last_name'] = array(
'name' => 'last_name',
'id' => 'last_name',
'type' => 'text',
'value' => $this->form_validation->set_value('last_name', $user->last_name)
);
$this->data['company'] = array(
'name' => 'company',
'id' => 'company',
'type' => 'text',
'value' => $this->form_validation->set_value('company', $user->company)
);
$this->data['email'] = array(
'name' => 'email',
'id' => 'email',
'type' => 'email',
'value' => $this->form_validation->set_value('email', $user->email)
);
$this->data['password'] = array(
'name' => 'password',
'id' => 'password',
'type' => 'password'
);
$this->data['password_confirm'] = array(
'name' => 'password_confirm',
'id' => 'password_confirm',
'type' => 'password'
);
$this->_render_page('auth/admin/users/update', $this->data);
}
function _get_csrf_nonce() {
$this->load->helper('string');
$key = random_string('alnum', 8);
$value = random_string('alnum', 20);
$this->session->set_flashdata('csrfkey', $key);
$this->session->set_flashdata('csrfvalue', $value);
return array(
$key => $value
);
}
function _valid_csrf_nonce() {
if ($this->input->post($this->session->flashdata('csrfkey')) !== FALSE &&
$this->input->post($this->session->flashdata('csrfkey')) == $this->session->flashdata('csrfvalue')) {
return TRUE;
} //$this->input->post($this->session->flashdata('csrfkey')) !== FALSE && $this->input->post($this->session->flashdata('csrfkey')) == $this->session->flashdata('csrfvalue')
else {
return FALSE;
}
}
View;
<h1><?php echo lang('edit_user_heading');?></h1>
<p><?php echo lang('edit_user_subheading');?></p>
<!--<div id="infoMessage" class="info"><?php echo $message;?></div>-->
<?php
if (isset($message)) {
?>
<div id="infoMessage" class="alert alert-info">
<button type="button" class="close" data-dismiss="alert">×</button>
<h4>Message</h4>
<?php echo $message;?>
</div>
<?php
}
?>
<?php echo form_open(uri_string(), 'class="form-horizontal"'); ?>
<div class="control-group <?php echo form_error_class('first_name') ?>">
<label class="control-label" for="first_name">
<?php echo lang('edit_user_fname_label'); ?>
</label>
<div class="controls">
<input type="text"
id="first_name"
name="first_name"
placeholder="<?php echo lang('edit_user_fname_label'); ?>"
value="<?php echo set_value('first_name', $first_name['value']); ?>"
class="error"/>
<?php echo form_error('first_name'); ?>
</div>
</div>
<div class="control-group <?php echo form_error_class('last_name') ?>">
<label class="control-label" for="last_name">
<?php echo lang('edit_user_lname_label'); ?>
</label>
<div class="controls">
<input type="text"
id="last_name"
name="last_name"
placeholder="<?php echo lang('edit_user_lname_label'); ?>"
value="<?php echo set_value('last_name', $last_name['value']); ?>"
class="error"/>
<?php echo form_error('last_name'); ?>
</div>
</div>
<div class="control-group <?php echo form_error_class('company') ?>">
<label class="control-label" for="company">
<?php echo lang('edit_user_company_label'); ?>
</label>
<div class="controls">
<input type="text"
id="company"
name="company"
placeholder="<?php echo lang('edit_user_company_label'); ?>"
value="<?php echo set_value('company', $company['value']); ?>"
class="error"/>
<?php echo form_error('company'); ?>
</div>
</div>
<div class="control-group <?php echo form_error_class('email') ?>">
<label class="control-label" for="email">
<?php echo lang('edit_user_email_label'); ?>
</label>
<div class="controls">
<input type="text"
id="email"
name="email"
placeholder="<?php echo lang('edit_user_email_label'); ?>"
value="<?php echo set_value('email', $email['value']); ?>"
class="error"/>
<?php echo form_error('email'); ?>
</div>
</div>
<div class="control-group <?php echo form_error_class('password') ?>">
<label class="control-label" for="password">
<?php echo lang('edit_user_password_label'); ?>
</label>
<div class="controls">
<input type="password"
id="password"
name="password"
placeholder="<?php echo lang('edit_user_password_label'); ?>"
value="<?php echo set_value('password'); ?>"
class="error"/>
<?php echo form_error('password'); ?>
</div>
</div>
<div class="control-group <?php echo form_error_class('password_confirm') ?>">
<label class="control-label" for="password_confirm">
<?php echo lang('edit_user_password_confirm_label'); ?>
</label>
<div class="controls">
<input type="password"
id="password_confirm"
name="password_confirm"
placeholder="<?php echo lang('edit_user_password_confirm_label'); ?>"
value=""
class="error"/>
<?php echo form_error('password_confirm'); ?>
</div>
</div>
<div class="control-group <?php echo form_error_class('groups') ?>">
<div class="controls <?php echo form_error_class('groups') ?>">
<h3><?php echo lang('edit_user_groups_heading');?></h3>
<?php
foreach ($groups as $group) {
?>
<label class="checkbox">
<?php
$gID=$group['id'];
$checked = null;
$item = null;
foreach($currentGroups as $grp) {
if ($gID == $grp->id) {
$checked= ' checked="checked"';
break;
}
}
?>
<input type="checkbox" name="groups[]" value="<?php echo $group['id'];?>"<?php echo $checked;?>>
<?php echo $group['name'];?>
</label>
<?php
}
?>
</div>
</div>
<?php echo form_hidden('id', $user->id);?>
<?php echo form_hidden($csrf); ?>
<div class="control-group">
<div class="controls">
<input type="submit" class="btn btn-success" value="<?php echo lang('edit_user_submit_btn'); ?>" />
</div>
</div>
<?php echo form_close();?>
First check
$this->session->set_flashdata('message',
$this->ion_auth->errors()
);
having set value
I have found the solution (or this fix works just for me).
I changed the session driver in the config to use native sessions from cookie.
Line 284 of config.php => $config['sess_driver'] = 'native';
Golden rule: never trust CI sessions!
Some notions about FLASHDATA
CSRF and Flashdata:
FLASHDATA will only be available for the NEXT server request, and are then automatically cleared!
e.g.:
AJAX calls function_1, which sends CSRF key/value back to function_1_success
function_1_success sets hidden input fields for CSFR key and value
and enables function_2, which compares POST variables with flashdata
this is how it works (with or without AJAX, that was just an example).
How it doesn't work: if you create a php function which does
$this->session->set_flashdata('item', 'value') and then try to read with echo $this->session->flashdata('item') you will get an empty string, only after a refresh of this function,your flashdata values show