0

codeigniter で Ionauth ライブラリを使用し、Auth コントローラーで edit_user() メソッドを編集して、個々のユーザーが自分のユーザー設定を更新できるようにしています。したがって、ログインしたユーザーが siteurl/auth/edit_user にアクセスすると、ユーザー設定が正常に表示されます。しかし、保存ボタンを押すと、「このフォームの投稿はセキュリティチェックに合格しませんでした」というエラーが表示されました。デフォルトの URL (siteurl/auth/edit_user/userID) は正常に機能しますが、管理者以外の個々のユーザーについては、最後に userID を付けずに URL を保持したいと考えています。

ここに私の edit_user() メソッドがあります:

//edit a user
    function edit_user($id=NULL)
    {
        $this->data['title'] = "Edit User";
        if (!$this->ion_auth->logged_in() || (!$this->ion_auth->is_admin() && !($this->ion_auth->user()->row()->id == $id) && !($id==NULL )))
        //if (!$this->ionauth->logged_in() || !$this->ion_auth->is_admin())
        {
            redirect('auth', 'refresh');
        }
        if($id==NULL){
            $user = $this->ion_auth->user()->row();
        }else{
            $user = $this->ion_auth->user($id)->row();
        }
        $groups=$this->ion_auth->groups()->result_array();
        $currentGroups = $this->ion_auth->get_users_groups($id)->result();

        //process the phone number
        /**if (isset($user->phone) && !empty($user->phone))
        {
            $user->phone = explode('-', $user->phone);
        } **/

        //validate form input
        $this->form_validation->set_rules('first_name', $this->lang->line('edit_user_validation_fname_label'), 'required|xss_clean');
        $this->form_validation->set_rules('last_name', $this->lang->line('edit_user_validation_lname_label'), 'required|xss_clean');
        if(!($this->input->post('email')==$user->email)){
        $this->form_validation->set_rules('email', $this->lang->line('edit_user_validation_email_label'), 'required|valid_email|is_unique[users.email]');
        }else{
          $this->form_validation->set_rules('email', $this->lang->line('edit_user_validation_email_label'), 'required|valid_email');
        }
    /** $this->form_validation->set_rules('phone2', $this->lang->line('edit_user_validation_phone2_label'), 'required|xss_clean|min_length[3]|max_length[3]');
        $this->form_validation->set_rules('phone3', $this->lang->line('edit_user_validation_phone3_label'), 'required|xss_clean|min_length[4]|max_length[4]');
        $this->form_validation->set_rules('company', $this->lang->line('edit_user_validation_company_label'), 'required|xss_clean'); **/
        $this->form_validation->set_rules('groups', $this->lang->line('edit_user_validation_groups_label'), 'xss_clean');
        //$this->form_validation->set_message('is_unique[users.email]','Email already exists or Invalid');
        if (isset($_POST) && !empty($_POST))
        {
            // do we have a valid request?
            if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id'))
            {
                show_error($this->lang->line('error_csrf'));
            }

            $data = array(
                'first_name' => $this->input->post('first_name'),
                'last_name'  => $this->input->post('last_name'),
                'email'    => $this->input->post('email'),
            /** 'phone'      => $this->input->post('phone1') . '-' . $this->input->post('phone2') . '-' . $this->input->post('phone3'), **/
            );
            //if($this->ion_auth->is_admin()){
            //Update the groups user belongs to
            $groupData = $this->input->post('groups');

            if (isset($groupData) && !empty($groupData)) {

                $this->ion_auth->remove_from_group('', $id);

                foreach ($groupData as $grp) {
                    $this->ion_auth->add_to_group($grp, $id);
                }

            }
            //}
            //update the password if it was posted
            if ($this->input->post('password'))
            {
                $this->form_validation->set_rules('password', $this->lang->line('edit_user_validation_password_label'), 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
                $this->form_validation->set_rules('password_confirm', $this->lang->line('edit_user_validation_password_confirm_label'), 'required');

                $data['password'] = $this->input->post('password');
            }

            if ($this->form_validation->run() === TRUE)
            {
                $this->ion_auth->update($user->id, $data);

                //check to see if we are creating the user
                //redirect them back to the admin page
                $this->session->set_flashdata('message', "User Saved");
                redirect("auth", 'refresh');
            }
        }

        //display the edit user form
        $this->data['csrf'] = $this->_get_csrf_nonce();

        //set the flash data error message if there is one
        $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));

        //pass the user to the view
        $this->data['user'] = $user;
        //if($this->ion_auth->is_admin()){
        $this->data['groups'] = $groups;
        $this->data['currentGroups'] = $currentGroups;
        //}
        $this->data['first_name'] = array(
            'name'  => 'first_name',
            'id'    => 'first_name',
            'type'  => 'text',
            'value' => $this->form_validation->set_value('first_name', $user->first_name),
        );
        $this->data['last_name'] = array(
            'name'  => 'last_name',
            'id'    => 'last_name',
            'type'  => 'text',
            'value' => $this->form_validation->set_value('last_name', $user->last_name),
        );
        $this->data['email'] = array(
            'name'  => 'email',
            'id'    => 'email',
            'type'  => 'text',
            'value' => $this->form_validation->set_value('email', $user->email),
        );
    /** $this->data['phone1'] = array(
            'name'  => 'phone1',
            'id'    => 'phone1',
            'type'  => 'text',
            'value' => $this->form_validation->set_value('phone1', $user->phone[0]),
        );
        $this->data['phone2'] = array(
            'name'  => 'phone2',
            'id'    => 'phone2',
            'type'  => 'text',
            'value' => $this->form_validation->set_value('phone2', $user->phone[1]),
        );
        $this->data['phone3'] = array(
            'name'  => 'phone3',
            'id'    => 'phone3',
            'type'  => 'text',
            'value' => $this->form_validation->set_value('phone3', $user->phone[2]),
        ); **/
        $this->data['password'] = array(
            'name' => 'password',
            'id'   => 'password',
            'type' => 'password'
        );
        $this->data['password_confirm'] = array(
            'name' => 'password_confirm',
            'id'   => 'password_confirm',
            'type' => 'password'
        );
        $this->load->view('header');
        $this->_render_page('auth/edit_user', $this->data);
        $this->load->view('footer');
    }

これは私のビューファイル(edit_user.php)です:

<h1><?php echo lang('edit_user_heading');?></h1>
<div id="body">
<p><?php echo lang('edit_user_subheading');?></p>

<div id="infoMessage"><?php echo $message;?></div>

<?php echo form_open(uri_string());?>

      <p>
            <?php echo lang('edit_user_fname_label', 'first_name');?> <br />
            <?php echo form_input($first_name);?>
      </p>

      <p>
            <?php echo lang('edit_user_lname_label', 'last_name');?> <br />
            <?php echo form_input($last_name);?>
      </p>

      <p>
            <?php echo lang('edit_user_email_label', 'email');?> <br />
            <?php echo form_input($email);?>
      </p>
<!--
      <p>
            <?php echo lang('edit_user_phone_label', 'phone');?> <br />
            <?php echo form_input($phone1);?>-<?php echo form_input($phone2);?>-<?php echo form_input($phone3);?>
      </p>
-->
      <p>
            <?php echo lang('edit_user_password_label', 'password');?> <br />
            <?php echo form_input($password);?>
      </p>

      <p>
            <?php echo lang('edit_user_password_confirm_label', 'password_confirm');?><br />
            <?php echo form_input($password_confirm);?>
      </p>
<?php //if($this->ion_auth->is_admin()){ ?>
     <h3><?php echo lang('edit_user_groups_heading');?></h3>
    <?php foreach ($groups as $group):?>
    <label class="checkbox">
    <?php
        $gID=$group['id'];
        $checked = null;
        $item = null;
        foreach($currentGroups as $grp) {
            if ($gID == $grp->id) {
                $checked= ' checked="checked"';
            break;
            }
        }
    ?>
    <input type="checkbox" name="groups[]" value="<?php echo $group['id'];?>"<?php echo $checked;?>>
    <?php echo $group['name'];?>
    </label>
    <?php endforeach?>
<?php //} ?>
      <?php echo form_hidden('id', $user->id);?>
      <?php echo form_hidden($csrf); ?>

      <p><?php echo form_submit('submit', lang('edit_user_submit_btn'));?></p>

<?php echo form_close();?>
4

2 に答える 2

0

csrf チェックが失敗しています。

メソッド宣言で取り出してみてください$id = NULL(POST 経由で ID を送信する場合は必要ありません)。$id = $this->input->post('id');または、csrf チェックを行う前に明示的に設定します。

于 2013-05-01T18:01:23.230 に答える