The action you have requested is not allowed. Codeigniter
Solution 1
Check your config.php If,
$config['csrf_protection'] = TRUE;
If it is set to true you need to use form_open(), this will auto append the ci_csrf_token. Otherwise you can just set to FALSE.
But its advisable to set it to TRUE. But you need to make sure all your request includes the ci_csrf_token including AJAX request.
https://www.codeigniter.com/user_guide/helpers/form_helper.html
Solution 2
Try this
<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>">
Solution 3
With me it was browser cache, once I cleared it, the form started working again.
Sander Van Keer
Updated on July 07, 2020Comments
-
Sander Van Keer almost 4 years
I'm trying to make a simple login system in codeigniter. When I click on my button login I get an error:
The action you have requested is not allowed.
When I open my console I see this:
POST
http://localhost/PHP/PROJECT/CodeIgniter/403 (Forbidden)This is my view:
<body> <h1>LOG IN!</h1> <form action="" method="post"> <label for="username">Username:</label> <input type="text" id="username" name="username" > <label for="password">Password</label> <input type="password" id="password" name="password" > <br> <button id="btn_login" name="btn_login" >LOG IN!</button> </form> <div class="errors" ><?php echo validation_errors(); ?></div> </body>This is my model:
<?php class User_model extends CI_Model { public $m_sUsername; public $m_sPassword; public $m_sEmail; public $m_sPicture; function __construct() { parent::__construct(); } function get_user($username, $password) { $this->db->select("username","password"); $this->db->from(user); $this->db->where('username',$username); $this->db->where('password',$password); $this->db->limit(1); $query = $this->db->get(); return $query->num_rows(); } }and this is my controller:
<?php class Login extends CI_Controller { function __construct() { parent::__construct(); $this->load->library('session'); $this->load->helper('form'); $this->load->helper('url'); $this->load->helper('html'); $this->load->database(); $this->load->library('form_validation'); $this->load->model("User_model", "", true); } public function index() { if ($this->input->server('REQUEST_METHOD') == 'POST') { $username = $this->input->post("username"); $password = $this->input->post("password"); $this->form_validation->set_rules("username", "Username", "trim|required"); $this->form_validation->set_rules("password", "Password", "trim|required"); if ($this->form_validation->run() == FALSE) { //validation fails echo "Vul alle velden in"; } else { //validation succeeds if ($this->input->post('btn_login') == "Login") { //check if username and password is correct $usr_result = $this->User_model->get_user($username, $password); if ($usr_result > 0) { //active user record is present echo 'Ingelogd!'; } else { echo "Wrong!"; } } } } $this->load->view("admin/login_view.php"); } }How do I solve this problem?
-
Adnan over 8 years+1 besides the selected answer this is also a handy solution if developer is not usingform_open() -
Faizan Anwer Ali Rupani over 2 yearssame error I faced now.