Question

即使我正在写正确的输入，我也无法绕过$this->form_validation->set_rules("blah")。（使用数据库中存在的数据）。无论我做什么输入，form_validation->run()似乎总是返回false，会发生什么。请帮帮我:(

查看部分（我正在使用的表格）：

<div class="navbar-form navbar-right">
<?php
    $user = array('name' => 'username', 'class' => 'form-control', 'placeholder' => 'Username', 'autocomplete' => 'off');
    $pass = array('name' => 'password', 'class' => 'form-control', 'placeholder' => 'Password', 'autocomplete' => 'off');
    $button = array('id' => 'loginbutton', 'class' => 'form-control');
    echo form_open('bigphloginc/validateUser'); 
?>
    <div class="form-group">
        <?php echo form_input($user); ?>
    </div>
    <div class="form-group">
        <?php echo form_password($pass); ?>
    </div>
    <div class="form-group">
        <?php 
              echo form_submit($button,'Login');
              echo form_close();
        ?> 
    </div>
</div>

我正在使用的控制器：

public function validateUser(){
    //Gets the posted values
    $tempUsername = $this->input->post('username');
    $tempPassword = $this->input->post('password');

    //Set the rules for forms
    $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean');
    $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|md5');

    if($this->form_validation->run()==FALSE){ //If the form data isn't accepted, loads back to login
        redirect(bigphloginc/index);
    }else{ //If form data is accepted, checks the database

        if(isset($this->session->userdata($tempUsername))){
            redirect(bigphloginc/index);
        }else{
            $this->load->model('bigphuser');
            $query = $this->bigphuser->login($tempUsername,$tempPassword);
            if($query==FALSE){ //If the form data doesn't exist in db, loads back to login
                $this->load->view('warning');
                $this->load->view('ilogin');
            }else{ //If the form data exist on db, then continues to their respective pages
                $data = array(
                    'username' => $tempUsername,
                    'password' => $tempPassword,
                    'type' => $query[0]->type,
                    'employeeNumber' => $query[0]->employeeNumber,
                    'loggedIn' => true
                );
                $this->session->set_userdata($data); //Sets the data to the session
                if($query[0]->type=="admin"){ //if the user is an admin
                    redirect('bigphadmin/home');
                }else if($query[0]->type=="employee"){
                    redirect('bigphemployee/home'); //if the user is an employee
                }//Query Type
            }//Query false
        }
    }//validation false
}

Answer 1

xss_clean不再是codeigniter 3中表单验证的一部分。替代方法是不使用它，因为xss_clean正在进行清理而不是验证。

xss_clean是安全助手的一部分。您可以将其用作

$this->load->helper('security');
$value = $this->input->post('formvalue', TRUE); //TRUE enables the xss filtering

查看此link了解更多详情

表单输入无法绕过codeigniter 3.0.0版中的表单验证

1 个答案: