Codeigniter Tutorials
- What is codeigniter?
- Application_Architecture
- MVC Architecture
- HMVC Architecture
- Codeigniter Configuration
- Remove index.php from url in codeigniter
- MVC Concept
- View
- Alternate PHP Syntax for View Files
- Routing
- Codeigniter URL
- Get Current URL
- Previous page URL get
- Seo Friendly URL
- Slug Create in codeigniter
- What is _remap() function
- Remove controller name from url in codeigniter
- Codeigniter Controller Class
- Class Constructor
- GET $ POST method in Codeigniter
- Models
- Basepath, Apppath, FCPATH
- URI Segment
- Page Redirect
- Helper class
- Custom Helper class
- Form Helper
- Common Helper Functions
- Common Function
- Array Problems
- Call controller in Helper
- Add active class to menu using Helper class
- Custom Library
- Custom Library Example
- when to use get_instance()
- Codeigniter Hook
- how to work inline css in codeigniter
- Custom 404 page
- 404 custom error page
- Create custom config file in codeigniter
- How to set and get config item value
- How to Speed Up CodeIgniter App?
- Codeigniter Functions
- Session
- cookies
- How to Set & Get Tempdata in Codeigniter
- flash messages in Codeigniter
- Flashdata
- Encryption and Decryption In CodeIgniter
- Codeigniter security
- csrf token form security
- Password Hashing
- Form Validation
- Custom Validation
- Registration Form with validation
- Server Side Form Validation
- Validate Select Option Field
- Date Format Validation
- Date Format change in codeigniter
- Date Functions
- DOB Validation
- CI CRUD
- User SignUp
- User Login
- User Logout
- Login Account
- Login form with RememberMe
- Login Form with session
- User change password
- Change Password with Callback Validation to Check Old Password
- Forgot password
- Reset password
- Insert data in database
- Fetch data from database
- Update data in database
- Delete data in database
- File Upload
- Image Upload with resize Image
- Upload Multiple file and images
- Upload Multiple images with CRUD
- File and image update
- Upload Image Using Ajax.
- Email Send
- Email Send Using Email library
- Email Send Using SMTP Gmail
- Notification send
- store data in json format in DB
- Json parse
- Fetch data Using Ajax with Json data
- How to Show data Using Ajax with Json parse
- Get JSON Data from PHP Script using jQuery Ajax
- Insert data Using Ajax
- Submit data Using Ajax with form validation
- How to show data Using Ajax in codeigniter
- Insert & Update Using Ajax
- Registration Form With Validation Using Ajax in codeigniter
- Delete data Using Ajax Confirmation
- Delete All data Using checkbox selection
- Ajax CSRF Token
- Ajax Post
- Ajax serverside form validation
- Contact form using AJAX with form validation
- DataTable Using Ajax dynamically
- DataTables pagination using AJAX with Custom filter
- DataTables AJAX Pagination with Search and Sort in codeigniter
- DataTables in Codeigniter using Ajax
- Ajax Custom Serarch
- Ajax Live Data Search using Jquery PHP MySql
- Ajax Custom Serarch and sorting in datatable
- Dynamic Search Using Ajax
- Autocomplete using jquery ajax
- Jquery Ajax Autocomplete Search using Typeahead
- Dynamic Dependent Dropdown Using Ajax
- Dynamic Dependent Dropdown list Using Ajax
- Dynamic Dependent Dropdown in codeigniter using Ajax
- ajax username/email availability check using JQuery
- Check Email Availability Using Ajax
- Data Load on mouse scroll
- Ajax CI Pagination
- Pagination in codeigniter
- Ajax Codeigniter Pagination
- email exists or not using ajax with json
- CRUD using AJAX With Modal popup in CI
- Add / Show Data on modal popup using Ajax
- Modal popup Validation using Ajax
- Data show on Modal popup Using Ajax
- Add / Remove text field dynamically using jquery ajax
- How to Add/Delete Multiple HTML Rows using JavaScript
- Delete Multiple Rows using Checkbox
- Multiple Checkbox value
- Form submit using jquery Example
- REST & SOAP API
- Multi-Language implementation in CodeIgniter
- How to pass multiple array in view
- Captcha
- create zip file and download
- PhpOffice PhpSpreadsheet Library (Export data in excel sheet)
- data export in excel sheet
- Excel File generate in Codeigniter using PHPExcel
- Dompdf library
- tcpdf library
- Html table to Excel & docs download
- CI Database Query
- Database Query
- SQL Injection Prevention
- Auth Model
- Join Mysql
- Tree View in dropdown option list
- OTP Integration in codeigniter
- curl post
- download file using curl
- Sweet Alert
- Sweet alert Delete & Success
- Log Message in Codeigniter
- Menu & Submenu show dynamically
- Set Default value in input box
- Cron Jobs
- Stored Procedure
- Display Loading Image when AJAX call is in Progress
- Send SMS
- IP Address
- Codeigniter Tutorialspoint
- Website Link
- How To Create Dynamic Xml Sitemap In Codeigniter
- Paypal Payment Integration
- Get Latitude and Longitude From Address in Codeigniter Using google map API
- How To Create Simple Bar Chart In Codeigniter Using AmCharts?
- dynamic Highcharts in Codeigniter
- Barcode in Codeigniter
- Codeigniter Interview Questions
- Project
What is csrf?
XSS Prevention
XSS means cross-site scripting. CodeIgniter comes with XSS filtering security. This filter will prevent any malicious JavaScript code or any other code that attempts to hijack cookie and do malicious activities.
$data = array(
'name' => $name,
'address' => $address,
'dob' => $dob
);
$data = $this->security->xss_clean($data);
You should use this function only when you are submitting data in database.
SQL Injection
File Name :
Note : CodeIgniter's Active Record methods automatically escape queries for you, to prevent sql injection.
$this->db->select('*')->from('tablename')->where('var', $val1);
$this->db->get();
################ OR #############
$this->db->insert('tablename', array('var1'=>$val1, 'var2'=>$val2));
the escape() method if you prefer to run your own queries.
$val1 = $this->db->escape($val1);
$this->db->query("SELECT * FROM tablename WHERE var=$val1");
File Name :
While accepting value from client side, Better to use this code,
$client = $this->input->post('client',TRUE);
if the requested data is not found, it will return NULL and you can also decide whether to run the data through xss_clean() by passing a boolean value as the second parameter: 'TRUE'
The method returns NULL if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the XSS filter.
It’s enabled by setting the second parameter to boolean TRUE or by setting your $config['global_xss_filtering'] to TRUE.
$this->input->post('some_data', TRUE);
To return an array of all POST items call without any parameters.
To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean TRUE.
$this->input->post(NULL, TRUE); // returns all POST items with XSS filter
$this->input->post(NULL, FALSE); // returns all POST items without XSS filter
To return an array of multiple POST parameters, pass all the required keys as an array.
$this->input->post(array('field1', 'field2'));
CSRF Prevention
Cross Site Request Forgery token is a hash string which will include with each form request and form submission. and will checked with already saved token in cookie/session. if your both value matched it will accept your request else request will be decline. in codeigniter Cross Site Request Forgery token value adding in hidden input field and send with POST requests.
In codeigniter 2 Cross Site Request Forgery (CSRF or XSRF) protection is inbuilt feature. We need to just change the config variable in config file to use csrf protection. once you have enabled csrf protection your all forms has been secured. Now your codeigniter application forms POST requests has been secured using csrf token.
Enable CSRF protection in codeigniter :-
To enable CSRF protection in codeigniter application go to “application/config/config.php” and search for CSRF settings.
$config['csrf_protection'] = TRUE; // changed FALSE to TRUE
$config['csrf_token_name'] = 'csrftest_name';
$config['csrf_cookie_name'] = 'csrfcookie_name';
you can also change the name settings then you will get csrf token value with given names.
Use csrf token :-
$this->load->helper('form');
$autoload['helper'] = array('form');
After load form helper class we will use form_open() function to make a form on view:-
<?php echo form_open('login');?>
<input type="text" name="email" />
<input type="password" name="password" />
<input type="submit" name="submit" value="Submit" />
<?php echo form_close();?>
now save this file do a browser inspect element or view source code of form. Using form helper auto added an input field to form with a random or hash token value to prevent CSRF like below.
<form action="http://localhost/codeigniter/index.php/login" method="post" accept-charset="utf-8">
<div style="display:none">
<input type="hidden" value="ef8c930e54108d8ba04835dba87c9611" name="csrftest_name">
</div>
<input type="text" name="email" />
<input type="password" name="password" />
<input type="submit" name="submit" value="Submit" />
</form>
2. Manually :- if you don’t want to use form_open() function to make form you can add directly an input field with security class function to make CSRF token in codeigniter like below
<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>">
//will add like <input type="hidden" name="csrftest_name" value="0729bc908947526aa2e7951fb9066701" />
Now you have done with secure codeigniter application using csrf token.
Using with ajax call :-
Now when csrf protection is on you will get “500 internal server” when posting data with ajax call. so for this we need to send csrf token also with ajax request. so let’s see how to send csrf token with ajax call and secure codeigniter application using csrf token on ajax call.
<script type="text/javascript">
$.ajax({
url: "test.php",
type: "post",
data: {'<?php echo $this->security->get_csrf_token_name(); ?>':'<?php echo $this->security->get_csrf_hash(); ?>',/*....your data....*/},
success: function(){
alert("success");
},
error:function(){
alert("failure");
}
});
</script>
// uses
// $this->security->get_csrf_token_name() getting csrftoken name.
// $this->security->get_csrf_hash() getting csrftoken value
Now after update this code make a ajax call and you get a success response. so now you are done with secure codeigniter application using csrf token on basic forms and on ajax call.