This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.

Example Log Entry

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 C:\Programme\XAMPP Lite\htdocs\vb310\includes\functions.php line 2420: eval()
#1 C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php line 417: fetch_error(security_token_missing,ltr,sendmessage .php)
#2 C:\Programme\XAMPP Lite\htdocs\vb310\global.php line 20: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php)
#3 C:\Programme\XAMPP Lite\htdocs\vb310\newthread.php line 49: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\global.php)

POST Variables
===============
Array
(
[do] => foo
[f] => 3
[forumid] => 3
[securitytoken] =>
)

Request URI
===========
/vb368pl1/newthread.php?do=foo

Datum: 24.04.2008 11:36:08
Benutzername: Kirby
IP-Adresse: 127.0.0.1


If you do not know what this is about, you most likely won't need it :)

For 3.6.9 only?

No, actually for 3.6.10+ and 3.7 RC4+

Just what I need. Thanks Andreas. :)

Thank you, sir. This will be great to find out which hacks need to be updated. ;)

I get the following error when I try to import

XML Error: mismatched tag at Line 15

I get the following error when I try to import

XML Error: mismatched tag at Line 15

Same error on RC 4.

</templates>

just delete it or use this file .lol

Great work!

</templates>

just delete it or use this file .lol

What did you change in it? </templates> is still there.

Works just fine for me

What did you change in it? </templates> is still there.

in his original xml there were

<templates>
</templates>
</templates>

one of them have no need to be there. i believe he just fix it ,

Can somebody explain to me in more detail what this hack does ? First of all, what is a "security token" ?

Regards,
Razvan

OMFG! Thank you for this, with 3.6.10 and the fact that some Modifications wont work because of the new Security Token, now I can rest in peace to know which one those are when they are accessed ... :up: on a great Mod ...

First of all, what is a "security token" ?Security Tokens are small Hardware Devices that owners carries to authorize access to a Network Service. That means: Security Tokens provide an extra level of assurance thru a method known as TFA (Two-Factor Authentication). In this case the user has a PIN (Personal Identification Number which authorizes them as the owner of that particular device. So the device then shows a number which uniquely identifies the user to the service and allowing them to log in. The identification number for each user is changed frequently, usually every 3 min's. See also Wikipedia (http://en.wikipedia.org/wiki/Security_token) :)

Good explanation, Mike, but I think they want to know how it applies to vBulletin now. ;)

Can somebody explain to me in more detail what this hack does ? That what he wrotes...
This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.

See also the Plugin called "Detect Security Token Failure". The most important is the $backtrace variable and the rest is pretty self explained :)

so this will tell us which mod file needs to add define('CSRF_PROTECTION', true); immediately below define('THIS_SCRIPT', '... ???

Wouldn't this only be needed for v 3.6.10 and 3.7RC4?

Good explanation, Mike, but I think they want to know how it applies to vBulletin now. ;)

OK, clearly something significant occurred to necessitate 3.6.10. Can you guys not be so cryptic for the rest of us who are not up on what is going on?

How does this affect 3.6.10? How does this affect installed mods?

^ Read the vB.com Announcements for 3.6.10 and 3.7.0 RC4 and you will know.

Very nice mod. Thanks, Andreas.

Security Tokens are small Hardware Devices that owners carries to authorize access to a Network Service. That means: Security Tokens provide an extra level of assurance thru a method known as TFA (Two-Factor Authentication). In this case the user has a PIN (Personal Identification Number which authorizes them as the owner of that particular device. So the device then shows a number which uniquely identifies the user to the service and allowing them to log in. The identification number for each user is changed frequently, usually every 3 min's. See also Wikipedia (http://en.wikipedia.org/wiki/Security_token) :)

Thank you for taking the time to write this. I think I understand what this hack does.

Most probably, this is useless for the majority of the webmasters because few people are actually using a "security token".

OK, clearly something significant occurred to necessitate 3.6.10. Can you guys not be so cryptic for the rest of us who are not up on what is going on?

How does this affect 3.6.10? How does this affect installed mods?

You need not worry about this hack if you are not using a security token. And even if you are using one, you don't need to worry about this hack if you don't want to record security token errors into some VBulletin log.

Thank you!!!!!!! Just installed 3.6.10 today & was scrambling to find out what needs updates.

You need not worry about this hack if you are not using a security token. And even if you are using one, you don't need to worry about this hack if you don't want to record security token errors into some VBulletin log.

No mihai11 this isn't the case.

To fix a potential security issue Jelsoft has released a new version of vBulletin (3.6.10) and this adds something they've called a "security token", once you've upgraded to 3.6.10 you may find some Mods you've added stop working and your users will see a message telling them the "security token" is missing. This Mod helps you track down which parts of your vBulletin system need to be updated to deal with the new "security token" Jelsoft has added.

Thank you, Nice share

Just curious here... if this supposed to be in the xml file twice like this?

$backtrace = debug_backtrace();

$backtrace = debug_backtrace();

Hi,

Where abouts can i find the error log?

Great! Thank you.

@Boofo
Nope. But being there is not a big problem either ;)

I didn't think it would be any problem. I was just checking, sir. ;)

Hi,

this Hack does not work for me.

I get several Mails from Members telling me they get the Error Message for a Security Token but i dont get any Mail from the System about it. :confused:

When I try to install this mod I get this error.

Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

How do I fix it?

When I try to install this mod I get this error.

Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

Hi,

this Hack does not work for me.

I get several Mails from Members telling me they get the Error Message for a Security Token but i dont get any Mail from the System about it. :confused:

Have you enabled it in the settings? It installs as disabled.

Installed :D

Have you enabled it in the settings? It installs as disabled.

hmmmm,where in the settings?

Nought there in options,but as usual its 3:30 am and i'm blind :D

ME SEE now lol

vbOptions > Error Handling & Logging

OK... I got mail :)

Pardon my french but what the ++++ does all this mean :)

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/xxxxxx/public_html/forum/includes/functions.php line 2528: eval()
#1 /home/xxxxxx/public_html/forum/includes/init.php line 417: fetch_error(security_token_missing,ltr,/forum/sendmessage.php)
#2 /home/xxxxxx/public_html/forum/global.php line 20: require_once(/home/xxxxxx/public_html/forum/includes/init.php)
#3 /home/xxxxxx/public_html/forum/ajax.php line 58: require_once(/home/xxxxxx/public_html/forum/global.php)


POST Variables
==============
Array
(
[do] => insertmood
[mood] => Cannaebearsedsecuritytoken=d869994f6f11a8d80521950 e1ddd3b1264d19b36
[s] =>
[ajax] => 1
[securitytoken] =>
)

Request URI
===========
/forum/ajax.php


:confused:

Sounds like the mood hack.

@hIBEES
You are using 3.7 RC4 and did not apply the patch for clientscript/vbulletin_global.js
See
http://www.vbulletin.com/forum/project.php?issueid=25287

I didn't apply the patch and I never saw any error.

it;s install me succesfully but how it;s works

@hIBEES
You are using 3.7 RC4 and did not apply the patch for clientscript/vbulletin_global.js
See
http://www.vbulletin.com/forum/project.php?issueid=25287


Thanks I am sure I have done that but will check again
it;s install me succesfully but how it;s works

See post 38 :up:

vbOptions > Error Handling & Logging,its off by default,its at the bottom of the logging page

Thanks Andreas I did indeed have the & missing,thought I had done that too.


All is well with the mood hack,thanks for this excellent add-on :up:

OMG ty for this although still having issues. I did the global patch and am still getting notices regarding the security token with the help of your hack. So my question is now what? Thanks to your work I've been able to find out what's causing the error message and although it stopped popping up on my forums I'm still getting emails notifying me.

Should I be taking this now up with the creator of the mod? Or is there anything else I can do in the mean time since I've already left a message in the hack thread.

Thank you for the hack Andreas.

I'm having an issue with my hide hack (itsid). I hit quickreply and receive this error over the hidden content. (instead of revealing the content)

Knowing that, I installed this hack to see what the issue is. This is the e-mail I got.

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/hipho13/public_html/forum/includes/functions.php line 2528: eval()
#1 /home/hipho13/public_html/forum/includes/init.php line 417:
fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /home/hipho13/public_html/forum/global.php line 20:
require_once(/home/hipho13/public_html/forum/includes/init.php)
#3 /home/hipho13/public_html/forum/showthread.php line 102:
require_once(/home/hipho13/public_html/forum/global.php)
#4 /home/hipho13/public_html/forum/vbseo.php line 1129:
require(/home/hipho13/public_html/forum/showthread.php)

POST Variables
==============
Array
(
[do] => whatever
[p] => 725
[all] => 725
[postid] => 725
[securitytoken] =>
)

Request URI
===========
/forum/showthread.php

Anyone want to point me in the right direction? I'm aware I have to implement CSRF Protection, I just don't know where.

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/doshomik/public_html/includes/functions.php line 2528: eval()
#1 /home/doshomik/public_html/includes/init.php line 417: fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /home/doshomik/public_html/admincp/global.php line 34: require_once(/home/doshomik/public_html/includes/init.php)
#3 /home/doshomik/public_html/admincp/newsproxy.php line 25: require_once(/home/doshomik/public_html/admincp/global.php)

POST Variables
==============
Array
(
[ajax] => 1
[securitytoken] =>
)

Request URI
===========
/admincp/newsproxy.php

OK, can anyone describe in a normal language (:p) on how can I identify which hack is causing the problem by seeing this msg ?

thx

Hi Andreas,
Danke f?r dieses n?tzliche Script, nur komme ich mit den Fehlermeldungen nicht klar. Was l?uft hier verkehrt??

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 varwww/web54/html/includes/functions.php line 2528: eval()
#1 varwww/web54/html/includes/init.php line 417:
fetch_error(security_token_missing,ltr,sendmessage .php)
#2 varwww/web54/html/global.php line 20:
require_once(/var/www/web54/html/includes/init.php)
#3 varwww/web54/html/profile.php line 141:
require_once(/var/www/web54/html/global.php)
#4 varwww/web54/html/vbseo.php line 1121:
require(/var/www/web54/html/profile.php)

POST Variables
==============
Array
(
[s] =>
[do] => dst
[securitytoken] =>
)

Request URI
===========
/profile.php?do=dst

Thanks. I will try it.

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/doshomik/public_html/includes/functions.php line 2528: eval()
#1 /home/doshomik/public_html/includes/init.php line 417: fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /home/doshomik/public_html/admincp/global.php line 34: require_once(/home/doshomik/public_html/includes/init.php)
#3 /home/doshomik/public_html/admincp/newsproxy.php line 25: require_once(/home/doshomik/public_html/admincp/global.php)

POST Variables
==============
Array
(
[ajax] => 1
[securitytoken] =>
)

Request URI
===========
/admincp/newsproxy.php

OK, can anyone describe in a normal language (:p) on how can I identify which hack is causing the problem by seeing this msg ?

thx

Look for this file maybe?

newsproxy.php

Thanks Andreas for this Mod. At least it is pointing users on possible files that need to be debugged.

I have just installed (finalupgrade vB 3.7 CR3 ->) vB 3.7 Gold and the vBlog 1.0.5. Smooth installation completed and navigating through the site works fine, until one member tried to post a Blog entry. :( "Your submission could not be processed because a security token was missing or mismatched."

I have browsed through and read all threads at vB.com and vB.org regarding this issue and ended up here (via Boofo's referral in one of those many threads).

Here is what I got in my logs:


Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/++++++++++/public_html/forum/includes/functions.php line 2528: eval()
#1 /home/++++++++++/public_html/forum/includes/init.php line 417: fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /home/++++++++++/public_html/forum/global.php line 20: require_once(/home/++++++++++/public_html/forum/includes/init.php)
#3 /home/++++++++++/public_html/forum/blog_post.php line 111: require_once(/home/++++++++++/public_html/forum/global.php)

POST Variables
==============
Array
(
[title] => Just testing
[message] => Just testing<br>
[wysiwyg] => 1
[s] =>
[do] => updateblog
[b] =>
[posthash] => 019bc6a36c2d9a5ea4c8fd568e55ccc1
[poststarttime] => 1211619819
[loggedinuser] => 1
[sbutton] => Post Now
[allowcomments] => 1
[status] => publish_now
[publish] => Array
(
[month] => 5
[day] => 24
[year] => 2008
[hour] => 08
[minute] => 25
)

[parseurl] => 1
[emailupdate] => email
[blogid] =>
[securitytoken] =>
)

Request URI
===========
/forum/blog_post.php?do=updateblog



A similar issue has been reported at vB.com (here (http://www.vbulletin.com/forum/showthread.php?t=272803)).

The files (functions.php, init.php, sendmessage.php, global.php, blog_post.php) listed above are brand new (i.e. directly obtained from the finalupgrade).

All templates & styles up-to-date. All those security token are already present in files containing forms. All Mods & Plug-ings disabled.

:confused: What's going on with this vB 3.7 Gold? Has anyone figured out a good medecine for this "CSRF Protection"?

In the meantime, I have just took vB 3.7 Gold out of my forum and put back in place my vB 3.7 CR3 - working fine.

Security Tokens are small Hardware Devices that owners carries to authorize access to a Network Service. That means: Security Tokens provide an extra level of assurance thru a method known as TFA (Two-Factor Authentication). In this case the user has a PIN (Personal Identification Number which authorizes them as the owner of that particular device. So the device then shows a number which uniquely identifies the user to the service and allowing them to log in. The identification number for each user is changed frequently, usually every 3 min's. See also Wikipedia (http://en.wikipedia.org/wiki/Security_token) :)

I am definitely one of those who is not using a Security Token. Thus, from all 56 ".php" files in the "vB 3.7/upload" directory, I have changed all those
define('CSRF_PROTECTION', true);
to ->
define('CSRF_PROTECTION', false);

All my mods and plug-ings are working fine again and the board is running smoothly.

It will be good if the vBulletin Development team could give an option in the Admin CP (->vBulletin Options) to switch on/off this "CSRF_PROTECTION" depending on whether a customer uses a Security Token or not. This, as few people are actually using a "security token".

DO NOT REMOVE THIS CONSTANT FROM vBulletin SCRIPTS
Never!

The Wikipedia article Mike-D posted is about smth. else.

If you are using the default style, unmodified files and no plugins you should not have any problems.
If you do have problems, please make sure that all your plugins and templates are up to date.

As you can clearly see from the E-Mail, the token is missing!
Please check again if all your templates are up-to-date.
If they are please repeat this step until you have found the one that is not up-to-date.

DO NOT REMOVE THIS CONSTANT FROM vBulletin SCRIPTS
Never!

The Wikipedia article Mike-D posted is about smth. else.

If you are using the default style, unmodified files and no plugins you should not have any problems.
If you do have problems, please make sure that all your plugins and templates are up to date.

As you can clearly see from the E-Mail, the token is missing!
Please check again if all your templates are up-to-date.
If they are please repeat this step until you have found the one that is not up-to-date.


The constant is there, but set to false, until vBulletin Team comes out with a non retarded solution.

Being false is even worse than not being there at all - as that will also disable the POST referrer whitelist check.

So with this setup your board is more unsecure then 3.6.9/3.7.0 RC 3.

Fixing your issues is quite simple: Upload all original non-image files, revert all templates and disable the plugin system.
If there are still issues afterwards, open a support ticket @ vbulletin.com

If you do not want to go this route, you will have to fix the installed modifications/templates yourself - refer to the article about CSRF protection.
Detailed instructions have been posted there.

I am definitely one of those who is not using a Security Token. Thus, from all 56 ".php" files in the "vB 3.7/upload" directory, I have changed all those
define('CSRF_PROTECTION', true);
to ->
define('CSRF_PROTECTION', false);


Thats a bit like deciding to remove all the locks from the dorrs to your house in the hope that no one will try and break in. Not a very good idea.

#0 /home/xxxxxxxxxx/www/forums/includes/functions.php line 2529: eval()
#1 /home/xxxxxxxxxxx/www/forums/includes/init.php line 418: fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /home/xxxxxxxxxx/www/forums/global.php line 21: require_once(/home/xxxxxxxxxxxxx/www/forums/includes/init.php)

#3 /home/xxxxxxxxxx/www/forums/reputation.php line 46: require_once(/home/xxxxxxxxxxxx/www/forums/global.php)
#4 /home/xxxxxxxxx/php-cgi/phphandler line 37: include(/home/xxxxxxxxxx/www/forums/reputation.php)

POST Variables
==============
Array
(
[ajax] => 1
[securitytoken] =>
)

Request URI
===========
/forums/reputation.php?p=296211


Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/xxxxxxxx/www/forums/includes/functions.php line 2529: eval()
#1 /home/xxxxxxxxxx/www/forums/includes/init.php line 418: fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /home/xxxxxxxxx/www/forums/global.php line 21: require_once(/home/xxxxxxxxxxxx/www/forums/includes/init.php)

#3 /home/xxxxxxxxxx/www/forums/search.php line 53: require_once(/home/xxxxxxxxxx/www/forums/global.php)
#4 /home/xxxxxxxxxxxx/php-cgi/phphandler line 37: include(/home/xxxxxxxxxx/www/forums/search.php)

POST Variables
==============
Array
(
[s] =>
[do] => process
[sortby] => lastpost
[forumchoice] => 0
[query] => shottas
[securitytoken] =>
)

Request URI
===========
/forums/search.php



i keep getting different missing security token messages........and i dont know how to deal with them.............is this normal, should we do something about it?

i get a message or two from members saying they got the message....can any one explain why these different messages? every one from a different php.

Andreas, is there a way to set this hack up to be a little more specific on where the error is coming from maybe? That might help narrowing it down a bit in some places. I have gotten only a couple but they are in weird places as far as I can tell. One was even from the editpost.php and I don't have any hacks touching that.

Andreas, is there a way to set this hack up to be a little more specific on where the error is coming from maybe? That might help narrowing it down a bit in some places. I have gotten only a couple but they are in weird places as far as I can tell. One was even from the editpost.php and I don't have any hacks touching that.


I second that.........in other words................exactly what i wanted

I've added the Referrer, anything else?

Yeah, can I get that to go? ;)

And thank you for the update, sir. ;)

Can someone look at this Token error and tell me what you think?

https://vborg.vbsupport.ru/showthread.php?p=1533480

Thanks again,

-Jason

I posted an answer I got on the com about that in that thread. ;)

Andreas - thank you for releasing this :)

Works good with me

i got this
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/****/public_html/**/includes/functions.php line 2528: eval()
#1 /home/****/public_html/**/includes/init.php line 417: fetch_error(security_token_missing,rtl,sendmessage .php)
#2 /home/****/public_html/**/global.php line 20: require_once(/home/****/public_html/**/includes/init.php)
#3 /home/****/public_html/**/showthread.php line 102: require_once(/home/****/public_html/**/global.php)

POST Variables
==============
Array
(
[do] => whatever
[p] => 96750
[all] => 96750
[postid] => 96750
[securitytoken] =>
)

Request URI
===========
/ib/showthread.phpwhat should i do ?!!

Quick request.

On the past two forums I've worked on, the main web master email address did not come to me, yet I was responsible for the forums.

This is because the forums are a part of a business. It would be nice to be able to specific an email address for something like this.

In the mean time, I'm going to request that the person who does receive the webmaster email just create a rule that would automatically forward this email onto me.

perhaps just an option to use the webmaster email addy OR a specified email addy?

Another request...this seems to catch spam left and right, any way to prevent that?

OK, I have this installed for obvious reasons. Thanks to the author!

I am getting this code over and over, and over again:


Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /forum/includes/functions.php line 2592: eval()
#1 /forum/includes/init.php line 417: fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /forum/global.php line 20: require_once(/forum/includes/init.php)
#3 /forum/ajax.php line 58: require_once(/forum/global.php)

POST Variables
==============
Array
(
[securitytoken] => xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[do] => securitytoken
[ajax] => 1
)

Request URI
===========
/forum/ajax.php

Referrer
========
http:// site /forum/forumdisplay.php?f=2


I've updated all of my mods, and still I am getting it.

What am I missing? THANKS a LOT for any possibly guidance

3.71 pl1 gold

Anyone?

I've yet to see an explanation on how to decode, or what really needs done on any user in the thread. I understand it's missing a security code - for this error to show, but I don't know how to resolve it, or which template/page of code needs modified.

Am I looking at the stock vb pages that were ftp'ed, or what am I looking at?

Sorry for the pm I sent the mods asking for help. I didn't notice the "do not pm" warning until after I had sent the message.

3.72 patch 1 - stock vb template


Missing or Invalid Security Token detected. Script Call Backtrace =====================
#0 /forums/includes/functions.php line 2592: eval()
#1 /forums/global.php line 386: fetch_error(security_token_missing,sendmessage.php )
#2 /forums/editpost.php line 51: '
/forums/global.php)
#3 /home/civic8th/public_html/forums/vbseo.php line /forums/editpost.php)

POST Variables
============== Array ( [ajax] => 1 [securitytoken] => ) Request URI =========== /forums/editpost.php?do=updatepost&postid=undefined


Missing or Invalid Security Token detected. Script Call Backtrace =====================
#0 /forums/includes/functions.php line 2592: eval()
#1 /forums/global.php line 386: fetch_error(security_token_missing,sendmessage.php )
#2 /forums/ajax.php line 58: /forums/global.php)
#3 forums/vbseo.php line 1082: forums/ajax.php)

POST Variables ============== Array ( [ajax] => 1 [securitytoken] => ) Request URI =========== /forums/ajax.php?do=quickedit&p=3396930


Missing or Invalid Security Token detected. Script Call Backtrace =====================
#0 /forums/includes/functions.php line 2592: eval()
#1 /forums/global.php line 386: fetch_error(security_token_missing,sendmessage.php )
#2 /forums/attachment.php line 114: forums/global.php)
#3 forums/vbseo.php line 1129: /forums/attachment.php)

POST Variables ============== Array ( [ajax] => 1 [securitytoken] => ) Request URI =========== /forums/attachment.php?attachmentid=14365


Missing or Invalid Security Token detected. Script Call Backtrace =====================
#0 /forums/includes/functions.php line 2592: eval()
#1 /forums/global.php line 386: fetch_error(security_token_missing,sendmessage.php )
#2 /forums/editpost.php line 51: /forums/global.php)
#3 /forums/vbseo.php line 1129: forums/editpost.php)

POST Variables ============== Array ( [ajax] => 1 [securitytoken] => ) Request URI =========== /forums/editpost.php?do=updatepost&postid=undefined


Missing or Invalid Security Token detected. Script Call Backtrace =====================
#0 /forums/includes/functions.php line 2592: eval()
#1 /forums/global.php line 386: fetch_error(security_token_missing,sendmessage.php )
#2 /forums/newreply.php line 82: /forums/global.php)
#3 /forums/vbseo.php line 1129: /forums/newreply.php)

POST Variables ============== Array ( [ajax] => 1 [message] => [securitytoken] => ) Request URI =========== /forums/newreply.php?do=postreply&t=109619


Missing or Invalid Security Token detected. Script Call Backtrace =====================
#0 /forums/includes/functions.php line 2592: eval()
#1 forums/global.php line 386: fetch_error(security_token_missing,sendmessage.php )
#2 /forums/ajax.php line 58: /forums/global.php)
#3 /forums/vbseo.php line 1082: /forums/ajax.php)

POST Variables ============== Array ( [ajax] => 1 [securitytoken] => ) Request URI =========== /forums/ajax.php?do=quickedit&p=3393980

https://vborg.vbsupport.ru/showthread.php?t=177013
I went through this -

I see some of my things above say vbseo - and according to vbseo, it's not them

Since vbseo doesn't create or alter form elements, it's not related.

it's either a mod, or your skin. Did you revert all your templates?
http://www.vbseo.com/f77/vbseo-security-token-missing-24817/

vbulletin.com's answer?
If this problem is only happening to some people and cannot be reproduced, the probable cause is their browser cache. Have these users either try a different browser or clear their browser cache.

Otherwise an ISP cache may also be to blame.

http://www.vbulletin.com/forum/showpost.php?p=1567726&postcount=4

Some people have reported this problem when uploading very large file attachments.
can we define "large"


I've never SEEN this error, ............ help

<a href="http://www.vbulletin.com/forum/showthread.php?t=272803" target="_blank">http://www.vbulletin.com/forum/showthread.php?t=272803</a>

another member from VB not knowing what the problem is???

"vBulletin Developer
If it's not happening consistently, it's probably not that big of a deal."

vBulletin Team
It should be added that tokens are only valid for a limited time. The time ranges between 1 and 3 hours. In the normal scheme of things, this won't cause any problems. However if a user loads your page and then wanders off to do something else and comes back later, they can receive this error..........
http://www.vbulletin.com/forum/showpost.php?p=1598052&postcount=4

a comment or ANYthing would be amazing right now....staff online who've used this hack - you could comment please

Hi, please see this only one simple change. http://www.vbulletin.com/forum/showthread.php?t=269069

"...Go to your Style manager open your default theme Template Editor and find FORUM DISPLAY TEMPLATE - FORUMDISPLAY open and copy all content from that, now open your template are you using and Template Manager - Forum Display template - ForumDisplay and cut out the old one and paste new. Have a nice day..."

Done this... Still getting them.

I have done everything everyone has said, short of uninstalling or disabling hacks.

What does disabling hacks do, other than to prove it's a hack... these errors are sp sporadic that it's almost impossible to see the errors in the first place. so disabling hacks, you'd never see them again, and also not have any hacks... :(

Is there a method to follow that I could inspect the "code" for all of my hacks and find the offending party?

THANKS!

"...Go to your Style manager open your default theme Template Editor and find FORUM DISPLAY TEMPLATE - FORUMDISPLAY open and copy all content from that, now open your template are you using and Template Manager - Forum Display template - ForumDisplay and cut out the old one and paste new. Have a nice day..."

I am also still getting the error emails. I installed the STN a few months back, went over all the templates, made the edits but still getting error emails. I have checked and doubled checked many times but no joy. One very common error is /search.php?do=process. I checked all the search templates and they are all correct. The funny thing is, my users are not reporting any errors but before I patched the templates they would report them. It's almost like these errors are not displaying for users but the STN is reporting them. I finally just disabled STN till I can find a solution.

Any suggestions where to look?

excellent - saved me hours of searching

I'm randomly getting the missing security token errors so I loaded this plugin in hopes I could track down my problem. Yesterday I got this email, could someone tell me where I need to add the additional snippet of code at?

Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/domain/public_html/forum/includes/functions.php line 2704: eval()
#1 /home/domain/public_html/forum/global.php line 379: fetch_error(security_token_missing,sendmessage.php )
#2 /home/domain/public_html/forum/ajax.php line 74: require_once(/home/domain//public_html/forum/global.php)
#3 /home/domain//public_html/forum/vbseo.php line 1563: require(/home/domain//public_html/forum/ajax.php)

POST Variables
==============
Array
(
[ajax] => 1
[securitytoken] =>
)

Request URI
===========
/forum/ajax.php?do=quickedit&p=412707

Referrer
========
http://www.domain/.com/forum/sale-tr...or-ii-rod.html