I've been reading about the crsf protection in codeigniter, but I can't seem to find a decent tutorial on how to proceed after enabling csrf in the config file.
I have a form generated by a controller function users/create
that submits to another function users/submit_new
.
I used the form helper class so that the crsf field is automatically generated.
I have this validation function on the submit function:
if ($this->input->post(get_csrf_token_name()) == get_csrf_hash()) {
$this->users_model->create(); }
But all I get is action not allowed error. What is the right way to validate csrf? Or am I doing something wrong?