Codeigniter, Ajax (POST), CSRF (Regenerate) and Bootstrap3 Validator

Codeigniter, Ajax (POST), CSRF (Regenerate) and Bootstrap3 Validator

Main Purpose
- preventing new/existing user sign up with email or username that already exist in the system

Obstacle
- for every each of a keystroke, ajax will send a data to the server and will be checked if the value existed in the database.
- along with the keystroke data send by the ajax, there is also the CSRF(Cross Site Request Forgery) data
- CSRF will make sure that the request comes from the same domain where the server is, not from the outside. Otherwise we will have big trouble of security. :-)
- so CSRF data need to be update with each of the keystroke so the form can be submitted with the updated CSRF.
- without it, the server will reject the request from the submission due to expiry of CSRF.

Solution
- update CSRF value with each of the keystroke using Ajax Success which will read the CSRF from the JQuery Cookie and "paste" it to hidden input.

- CI configuration
application/config/config.php
<?php
$config['csrf_regenerate'] = TRUE;
?>

- Back End (controller to handle the response)
application/controller/SomeController.php
<?php
public function remote_user()
{
$valid = TRUE;

$users1 = $this->account->GetAll();

$users = array();
foreach($users1->result() as $wer) {
$users[$wer->c_id] = $wer->c_headerb;
}

if (NULL !== $this->input->post('username') && array_key_exists($this->input->post('username'), $users)) {
$valid = FALSE;
} else if (NULL !== $this->input->post('email')) {
$email = $this->input->post('email');

foreach ($users as $k => $v) {
if ($email == $v) {
$valid = FALSE;
break;
}
}
}
echo json_encode(array('valid' => $valid,));
}
?>

- Front End (view for handling the request)
application/views/register.php
<html>
<?=form_open('', array('class' => 'mbr-form', 'autocomplete' => 'off', 'id' => 'productForm'))?>
<div class="form-group row">
<?=form_label('Email : ', 'pass3', array('class' => 'col-sm-2 col-form-label mbr-fonts-style display-7')) ?>
<div class="col-sm-10"> <?=form_input(array('name' => 'email', 'value' => set_value('email'), 'class' => 'form-control', 'id' => 'pass3', 'placeholder' => 'Email'))?>
<br />
<?=form_error('email')?>
</div>
</div>
<?=form_close() ?>
</html>

- JQuery/Javascript (Ajax Request and Response)
application/views/register.php
remote: {
type: 'POST',
url: 'remote_user',
message: 'Please use another email ',
data: function(validator) {
return {<?=$this->security->get_csrf_token_name()?>: $.cookie("<?=$this->config->item('cookie_prefix').$this->config->item('csrf_cookie_name')?>")};
},
delay: 1, // wait 0.001 seconds
onSuccess: function(e, data) {
//hidden input csrf must be refresh, otherwise submit data wont go through the process
$('input[name="<?=$this->security->get_csrf_token_name()?>"]').val($.cookie("<?=$this->config->item('cookie_prefix').$this->config->item('csrf_cookie_name')?>"));
},
}

Laravel : Biggest Security Breach

well... please dont be fool cos of the title..


i recommend you watch this clip and please comment it nicely.. haha

codeigniter : sending email using phpmailer

hi there,

im going to share with you, how im going to send email with the help of new library, phpmailer.

there is 2 part to make this things happen.

1. front end
2. backend

1. frontend

in this part, im using bootstrap and ckeditor via cdn. please take note, im not using ckeditor 5 as its not in stable release yet. so, lets wait for it become stable.

2. backend

for this part, im installing phpmailer via composer. this is the command that i use, but before that, i run

composer update

and right after that im using

composer require phpmailer/phpmailer

well, enjoy this video..

integrating fpdf and tcpdf in codeigniter

hi

sometimes creating pdf on the fly can be tricky part in my coding world. if its scratch coding then its fine but the mess is inevitable. to make it clean, i gotta put it into the codeigniter. its easier to track.
i use these 2 php classes when dealing with pdf file.

• Tcpdf
• Fpdf

if u ask the advantage or the disadvantage between these 2 php classes,
i said, thats depends on u. which one do u like cos it will be u will do the works... haha
as for me, i use both, sometimes tcpdf n sometimes fpdf when creating the pdf.
at the beginning, im having trouble when i tried to create pdf with header n footer cos the involvement of the class within the classes. at that time, im trying to write the header and the footer of the pdf inside the controller. yea, i admit, im not that smart untill recently i learn to write the header n the footer in the view file. this will make my controller clean. left only process in the controller.
easier to see n to track all the things through the controller in case of debugging.

anyway, enjoy the video.

template inheritance in codeigniter

hi,

when it comes to $this->load->view('view_file') in controller, usually i saw something like this.

$this->load->view('header');
$this->load->view('body', $data);
$this->load->view('footer');


its to maintain the design template that they create or use. for me, ill try to make my controller clean as possible. its easier for me in case i need to debug my code. so the code in my controller must be as minimal as it can be. only a form process and a few things that is very important should be there in the controller.

in order to do that, i need help from a helper which is

template inheritance

. u can download n study from this site.

http://www.phpti.com

pls do take note, its not the same as

Smarty template inheritance

because the file i meant was based on

Django project

u can get the file from this link.

template_inheritance_helper.php

enjoy!

Data sanitizing, cross scripting and XSS filtering

hi,

its been a while. im rusted a lot. havent done codeigniter n php for nearly 2 years..

ok, im going to share how i sanitized a data from user before that data can be taken n record to the database. to validate and sanitized data is quite a tedious process if we do it from a scratch.

usually its depends a lot of regex. for example, how we make sure that our user insert his email to our input?
we need to know the pattern of the input. in php this is the regex for any email address.

/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD

credit to Email Address Regular Expression That 99.99% Works

that makes our code r very long n its hard to track.

when u r in the process of debugging. just use the built in function that comes with the codeigniter. simple right?

ok, we come to cross scripting or XSS features. this is quite intesting topic for me cos previously i havent thought how "naughty people" violate the whole system website untill i reach this page. Cross-site Scripting (XSS) Attack. u can learn more cos im not going to cover this topic, whats important to me is that i must use this feature in codeigniter..haha

well, enjoy my 2 part of clips... thank you.

Introduction To CRUD (Update Statement)

Hi and welcome to update tutorial.

Enjoy!!