I'm having an issue with Codeigniter 3 and CKfinder regards the CSRF Protection
If I use the below in my Codeigniter Config file CKFinder image upload works fine
$config['csrf_protection'] = FALSE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();
if I change the $config['csrf_protection'] = TRUE; CKFinder image uploads fail
What I need is to be able to exclude CKFinder from falling under the CSFR Protection - I've tried the below but nothing seems to work:
$config['csrf_exclude_uris'] = array('assets/plugins/ckfinder/.*+', 'assets/plugins/ckfinder/ckfinder.js', 'assets/plugins/ckfinder', 'admin/news/.*+');
Any pointers would be appreciated
Hope this may work. it worked in my case.
$config['csrf_exclude_uris'] = array('assets/plugins/ckfinder/[\s\S]*');
but as far my knowledge "assets" resources don't need any csrf protection.
# Its work fine #
$config['csrf_protection'] = TRUE;
if(isset($_SERVER["PHP_SELF"])){
$parts = explode("/",$_SERVER["PHP_SELF"]);
$exclude_url_arr = array('login');
if (!empty($exclude_url_arr[0])) {
foreach($parts as $part) {
if (in_array($part,$exclude_url_arr)) {
$config['csrf_protection'] = FALSE;
break;
}
}
}
}
URL which submit the form data.
Add lines below in config.php file. This will work.
$config['**csrf_exclude_uris**'] = array(
*'device/deviceProcess/pushData'*
);
-- deviceProcess : Controller
--- pushData : Method
----- URL : http://hostname/index.php/device/deviceProcess/pushData
Related
I am trying to output the cookies I get from the user, when I open the network section in the Developer Tools,if I open the request I find the cookie in the Request Headers, but when I am output the cookie
$this->input->cookie();
I am getting;
array(0) { }
Session Config
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = FCPATH . 'application/ci_sessions/';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
Cookies Config
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;
I am using Codeigniter 3.0.0, OS Fedora 27, Server Apache I tried this on different browsers, Chrome and Firefox
Request Headers and Response Headers
Thanks in advance.
What solved my problem was replacing my Session folder with a new one from a newer version of Codeigniter.
System -> libraries -> Sesssion
I have a seriuos problem with codeigniter sessions using database, on Chrome:
when i use chrome developers tool and i refresh the page , the session is destroyed.
This my session config:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'cisessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
Have you any idea about that ?
are you sure that the session is destroyed? I think that it's just not getting updated as supposed and it creates a new one on every page request. (common Codeigniter's setting issue)
here's my suggestions:
double check your Application/Config/config.php file to ensure that the part of session domain looks like that if you host the site on the main directory:
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "yourdomain.com";
$config['cookie_path'] = "var/sessions/";
$config['cookie_secure'] = FALSE;
and like that if you host the site on a sub-directory:
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "yourdomain.com";
$config['cookie_path'] = "siteSubDirectory/var/sessions/";
$config['cookie_secure'] = FALSE;
and also make sure that the 2 directories are writable by fixing their permissions to 755 or so, and I strongly recommend that you enable database session, it's more secure and will help you find out the real problem by checking the session table. good luck :)
I have been trying to upload an image using CodeIgniter's File Upload class. The image is used for a user's avatar. Here is a snippet for my code:
//upload file
if($_FILES['image']['name'] != ''){
if (!file_exists($dirpath))
mkdir($dirpath);
$this->load->library('upload');
$config['upload_path'] = $dirpath;
$config['allowed_types'] = 'gif|jpg|jpeg|png|GIF|JPG|JPEG|PNG';
$config['max_size'] = '0';
$config['max_width'] = '0';
$config['max_height'] = '0';
$config['file_name'] = $_FILES['image']['name'];
$config['overwrite'] = true;
$config['remove_spaces'] = false;
$this->upload->initialize($config);
$data = "";
$error = "";
$photo_result = $this->upload->do_upload('image');
if ($photo_result)
if($action == 'update'){
foreach (glob($dirpath.'/'.$old_image.'*') as $file)
if (file_exists($file))unlink ($file);
}
if($new_resto->resized == 0){
if(resize_image($widths,$theuser))
$this->usermodel->update($theuser->id, array('resized'=>1), 'object',$authorization);
}
echo json_encode(array('config'=>$config,'upload_data'=>$this->upload->data()));
}
}
The file upload is supposedly successful, because when I print out $this->upload->data(), it shows that the upload data is not empty. The strange thing is, this code works for creating new users, but when I try to update users, the file is not uploaded. I have tried using chmod($dirpath, 0777) before the upload, and chmod($dirpath, 0755) after, still no luck.
Any ideas? Thanks.
My mistake, I assigned $old_image after I updated the data, so $old_image contains the current image name, causing it to be deleted when i call unlink($file).
Problem solved :)
Please update your Upload.php class with previous version of CodeIgniter
I installed CodeIgniter latest version and Modular extension HMVC Wiredesignz HMVC Bitbucket.
It is showing annoying error in my server. If I refresh the same page for 100 times 5-10% of total refresh show this error.
A Database Error Occurred
Unable to connect to your database server using the provided settings.
Filename: /Library/WebServer/Documents/modular/third_party/MX/Loader.php
Line Number: 96
Screenshot of the Error
Code in Autoload Configuration file ./autoload.php.
$autoload['packages'] = array(APPPATH.'third_party');
$autoload['libraries'] = array('database');
Code in database configuration file ./database.php.
$active_group = 'default';
$active_record = TRUE;
$db['default']['hostname'] = 'localhost';
$db['default']['username'] = '*****';
$db['default']['password'] = '*****';
$db['default']['database'] = '*****';
$db['default']['dbdriver'] = 'mysql';
$db['default']['dbprefix'] = '';
$db['default']['pconnect'] = TRUE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = '';
$db['default']['char_set'] = 'utf8';
$db['default']['dbcollat'] = 'utf8_general_ci';
$db['default']['swap_pre'] = '';
$db['default']['autoinit'] = TRUE;
$db['default']['stricton'] = FALSE;
Hope I am clear. Thanks in advanced.
Try setting one or both these attributes to FALSE:
$db['default']['pconnect'] = TRUE;
$db['default']['db_debug'] = TRUE;
It was not HMVC issue, when I change the host it is working perfectly. There might be some database server issue or file permission issue with some hosting or your settings.
Phil, Author of HMVC explained here
Trouble with HMVC modular extensions for CodeIgniter
change password of database user
set it simple like mydb.123
and test
in my case it works
I'm using CodeIgniter, and I'm not able to use my database with it. I'm following this tutorial exactly, but when I open in localhost I receive a 404 page.
You need to set up your application/config/database.
Here you need to add your information for your database.
$active_group = "default";
$active_record = TRUE;
$db['default']['hostname'] = "localhost";
$db['default']['username'] = "yourdbusername";
$db['default']['password'] = "password_for_db";
$db['default']['database'] = "name_of_db";
$db['default']['dbdriver'] = "mysql";
$db['default']['dbprefix'] = "";
$db['default']['pconnect'] = TRUE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = "";
$db['default']['char_set'] = "utf8";
$db['default']['dbcollat'] = "utf8_general_ci";
Have you done it?
If you're getting a 404, it may not be your database connection. Check your routing, and be sure that you are accessing a page that does indeed exist. If you're accessing a controller that loads a view, stop loading the view for now and test the connection directly from the controller - output "YES" if it is, and "NO" if anything else.
If your problem persists, double-check your database-connection configuration. Lastly, I would suggest you follow the documentation rather than another website when you are getting familiar with a framework. You can view the documentation for the Database class at http://codeigniter.com/user_guide/database/index.html
Do you try http://localhost/CodeIgniter/index.php/employee/GetAll ?
Are you using CodeIgniter 2 ?