The action you have requested is not allowed. Codeigniter

Question

I'm trying to make a simple login system in codeigniter. When I click on my button login I get an error:

The action you have requested is not allowed.

When I open my console I see this:

POST http://localhost/PHP/PROJECT/CodeIgniter/ 403 (Forbidden)

This is my view:

<body>
    <h1>LOG IN!</h1>
    <form action="" method="post">
        <label for="username">Username:</label>
        <input type="text" id="username" name="username" >
        <label for="password">Password</label>
        <input type="password" id="password" name="password" >
        <br>
        <button id="btn_login" name="btn_login" >LOG IN!</button>
    </form>
    <div class="errors" ><?php echo validation_errors(); ?></div>
</body>

This is my model:

<?php 
class User_model extends CI_Model {
    public $m_sUsername;
    public $m_sPassword;
    public $m_sEmail;
    public $m_sPicture;

    function __construct()
    {
        parent::__construct();
    }

    function get_user($username, $password)
    {
        $this->db->select("username","password");
        $this->db->from(user);
        $this->db->where('username',$username);
        $this->db->where('password',$password);
        $this->db->limit(1);
        $query = $this->db->get();
        return $query->num_rows();
    }
}

and this is my controller:

<?php

class Login extends CI_Controller {

    function __construct()
    {
        parent::__construct();
        $this->load->library('session');
        $this->load->helper('form');
        $this->load->helper('url');
        $this->load->helper('html');
        $this->load->database();
        $this->load->library('form_validation');
        $this->load->model("User_model", "", true);
    }

    public function index()
    {
        if ($this->input->server('REQUEST_METHOD') == 'POST') {
            $username = $this->input->post("username");
            $password = $this->input->post("password");
            $this->form_validation->set_rules("username", "Username", "trim|required");
            $this->form_validation->set_rules("password", "Password", "trim|required");

            if ($this->form_validation->run() == FALSE) {
                //validation fails
                echo "Vul alle velden in";
            } else {
                //validation succeeds
                if ($this->input->post('btn_login') == "Login") {
                    //check if username and password is correct
                    $usr_result = $this->User_model->get_user($username, $password);
                    if ($usr_result > 0) { //active user record is present
                        echo 'Ingelogd!';
                    } else {
                        echo "Wrong!";
                    }
                }
            }
        }

        $this->load->view("admin/login_view.php");
    }
}

How do I solve this problem?

Answer 1

Check your config.php If,

$config['csrf_protection'] = TRUE;

If it is set to true you need to use form_open(), this will auto append the ci_csrf_token. Otherwise you can just set to FALSE.

But its advisable to set it to TRUE. But you need to make sure all your request includes the ci_csrf_token including AJAX request.

https://www.codeigniter.com/user_guide/helpers/form_helper.html