I have a small webpage that I include in a widget.
I basicly just is a form.
But when I submit the form, I get a error:
(For some reason, the error message is in swedish, but it's something like this)
Ditt bidrag kunde inte hanteras eftersom ett s?kerhetsbevis var ogiltigt.
Your contribution could not be handled because a security token/proof(?) was not valid.

I have searched in the forum for this, and found some anwsers that stated that I should include this line in the form:<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

This I have done, but it won't work anyway.

Any ideas?

<?php
if(isset($_POST['add_Application_Submit']))
{
include 'dbConnection.php';

$firstname = get_magic_quotes_gpc($_POST['add_Application_Firstname']);
$lastname = get_magic_quotes_gpc($_POST['add_Application_Lastname']);
$mobilephone = get_magic_quotes_gpc($_POST['add_Application_Mobilephone']);
$pnumber = get_magic_quotes_gpc($_POST['add_Application_p-number']);
$bnumber = get_magic_quotes_gpc($_POST['add_Application_b-number']);
$dnumber = get_magic_quotes_gpc($_POST['add_Application_d-number']);
$distict = get_magic_quotes_gpc($_POST['add_Application_district']);
$userID = get_magic_quotes_gpc($_POST['add_Application_UserID']);
$presentation = get_magic_quotes_gpc($_POST['add_Application_Presentation']);
$status = "0";




$query = "INSERT INTO ovse_applications (firstName, lastName, mobile, p-number, b-number, d-number, district, userID, presentation, application_status) VALUES ($firstname, $lastname, $mobilephone, $pnumber, $bnumber, $dnumber, $district, $userID, $presentation, $status)";
mysql_query($query) or die('Error, insert query failed');

$query = "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

mysql_close($conn);
echo "New MySQL user added";
}
else
{
?>

<form id="form1" method="post" action="">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td> F&ouml;rnamn </td>
<td><input type="text" name="add_Application_Firstname" id="add_Application_Firstname" /></td>
</tr>
<tr>
<td> Efternamn </td>
<td><input type="text" name="add_Application_Lastname" id="add_Application_Lastname" /></td>
</tr>
<tr>
<td>Mobilnummer: </td>
<td><input type="text" name="add_Application_Mobilephone" id="add_Application_Mobilephone" /></td>
</tr>
<tr>
<td>Personnummer: </td>
<td><input type="text" name="add_Application_p-number" id="add_Application_p-number" /></td>
</tr>
<tr>
<td>Bricknummer: </td>
<td><input type="text" name="add_Application_b-number" id="add_Application_b-number" /></td>
</tr>
<tr>
<td>Diarienummer: </td>
<td><input type="text" name="add_Application_d-number" id="add_Application_d-number" /></td>
</tr>
<tr>
<td>L&auml;n: </td>
<td><select name="add_Application_district" id="add_Application_district">
<option value="Inget l&auml;n valt">Inget l&auml;n valt</option>
<option value="Blekinge">Blekinge</option>
<option value="Dalarna">Dalarna</option>
<option value="Gotlands l&auml;n">Gotlands l&auml;n</option>
<option value="G&auml;vleborg">G&auml;vleborg</option>
<option value="Halland">Halland</option>
<option value="J&auml;mtland">J&auml;mtland</option>
<option value="J&ouml;nk&ouml;pings l&auml;n">J&ouml;nk&ouml;pings l&auml;n</option>
<option value="Kalmar l&auml;n">Kalmar l&auml;n</option>
<option value="Kronoberg">Kronoberg</option>
<option value="Norrbotten">Norrbotten</option>
<option value="Sk&aring;ne">Sk&aring;ne</option>
<option value="Stockholms l&auml;n">Stockholms l&auml;n</option>
<option value="S&ouml;dermanland">S&ouml;dermanland</option>
<option value="Uppsala l&auml;n">Uppsala l&auml;n</option>
<option value="V&auml;rmland">V&auml;rmland</option>
<option value="V&auml;sterbotten">V&auml;sterbotten</option>
<option value="V&auml;sternorrland">V&auml;sternorrland</option>
<option value="V&auml;stmanland">V&auml;stmanland</option>
<option value="V&auml;stra G&ouml;taland">V&auml;stra G&ouml;taland</option>
<option value="&Ouml;rebro l&auml;n">&Ouml;rebro l&auml;n</option>
<option value="&Ouml;sterg&ouml;tland">&Ouml;sterg&ouml;tland</option>
</select>
<input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="<? print(vB::$vbulletin->userinfo['userid']); ?>" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
</td>
</tr>
<tr>
<td>Kort personlig presentation:</td>
<td><textarea name="add_Application_Presentation" rows="10" id="add_Application_Presentation"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="add_Application_Submit" id="add_Application_Submit" value="Ans&ouml;k" /></td>
</tr>
</table>
</form>
<?php
}
?>

Try
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Same error :(

Try
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />


Edit: Should I do something with this in the reciving part of the code?
Or should it just be enough with just passing it along with the form?

Also, the widget loads a "external" webpage:
// UNTESTED
ob_start();
include("test/addApplication.php");
echo "<br />\n";
$output .= ob_get_contents();
ob_end_clean();

on a plus note the code is not with in the PHP braces so its basicly html. You might need to do


<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />

Well, this time I got the error message in english anyway :)
Your submission could not be processed because a security token was missing.


Just to clearify everything.
I have created a widget (PHP Direct Execution) with this content:
// UNTESTED
ob_start();
include("test/addApplication.php");
echo "<br />\n";
$output .= ob_get_contents();
ob_end_clean();

the file (addApplication.php) that the widget refers to is this:
<?php
if(isset($_POST['add_Application_Submit']))
{
include 'dbConnection.php';

$firstname = get_magic_quotes_gpc($_POST['add_Application_Firstname']);
$lastname = get_magic_quotes_gpc($_POST['add_Application_Lastname']);
$mobilephone = get_magic_quotes_gpc($_POST['add_Application_Mobilephone']);
$pnumber = get_magic_quotes_gpc($_POST['add_Application_p-number']);
$bnumber = get_magic_quotes_gpc($_POST['add_Application_b-number']);
$dnumber = get_magic_quotes_gpc($_POST['add_Application_d-number']);
$distict = get_magic_quotes_gpc($_POST['add_Application_district']);
$userID = get_magic_quotes_gpc($_POST['add_Application_UserID']);
$presentation = get_magic_quotes_gpc($_POST['add_Application_Presentation']);
$status = "0";




$query = "INSERT INTO ovse_applications (firstName, lastName, mobile, p-number, b-number, d-number, district, userID, presentation, application_status) VALUES ($firstname, $lastname, $mobilephone, $pnumber, $bnumber, $dnumber, $district, $userID, $presentation, $status)";
mysql_query($query) or die('Error, insert query failed');

$query = "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

mysql_close($conn);
echo "New MySQL user added";
}
else
{
?>

<form id="form1" method="post" action="">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td> F&ouml;rnamn </td>
<td><input type="text" name="add_Application_Firstname" id="add_Application_Firstname" /></td>
</tr>
<tr>
<td> Efternamn </td>
<td><input type="text" name="add_Application_Lastname" id="add_Application_Lastname" /></td>
</tr>
<tr>
<td>Mobilnummer: </td>
<td><input type="text" name="add_Application_Mobilephone" id="add_Application_Mobilephone" /></td>
</tr>
<tr>
<td>Personnummer: </td>
<td><input type="text" name="add_Application_p-number" id="add_Application_p-number" /></td>
</tr>
<tr>
<td>Bricknummer: </td>
<td><input type="text" name="add_Application_b-number" id="add_Application_b-number" /></td>
</tr>
<tr>
<td>Diarienummer: </td>
<td><input type="text" name="add_Application_d-number" id="add_Application_d-number" /></td>
</tr>
<tr>
<td>L&auml;n: </td>
<td><select name="add_Application_district" id="add_Application_district">
<option value="Inget l&auml;n valt">Inget l&auml;n valt</option>
<option value="Blekinge">Blekinge</option>
<option value="Dalarna">Dalarna</option>
<option value="Gotlands l&auml;n">Gotlands l&auml;n</option>
<option value="G&auml;vleborg">G&auml;vleborg</option>
<option value="Halland">Halland</option>
<option value="J&auml;mtland">J&auml;mtland</option>
<option value="J&ouml;nk&ouml;pings l&auml;n">J&ouml;nk&ouml;pings l&auml;n</option>
<option value="Kalmar l&auml;n">Kalmar l&auml;n</option>
<option value="Kronoberg">Kronoberg</option>
<option value="Norrbotten">Norrbotten</option>
<option value="Sk&aring;ne">Sk&aring;ne</option>
<option value="Stockholms l&auml;n">Stockholms l&auml;n</option>
<option value="S&ouml;dermanland">S&ouml;dermanland</option>
<option value="Uppsala l&auml;n">Uppsala l&auml;n</option>
<option value="V&auml;rmland">V&auml;rmland</option>
<option value="V&auml;sterbotten">V&auml;sterbotten</option>
<option value="V&auml;sternorrland">V&auml;sternorrland</option>
<option value="V&auml;stmanland">V&auml;stmanland</option>
<option value="V&auml;stra G&ouml;taland">V&auml;stra G&ouml;taland</option>
<option value="&Ouml;rebro l&auml;n">&Ouml;rebro l&auml;n</option>
<option value="&Ouml;sterg&ouml;tland">&Ouml;sterg&ouml;tland</option>
</select>
<input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="<? print(vB::$vbulletin->userinfo['userid']); ?>" />
<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />
</td>
</tr>
<tr>
<td>Kort personlig presentation:</td>
<td><textarea name="add_Application_Presentation" rows="10" id="add_Application_Presentation"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="add_Application_Submit" id="add_Application_Submit" value="Ans&ouml;k" /></td>
</tr>
</table>
</form>
<?php
}
?>


on a plus note the code is not with in the PHP braces so its basicly html. You might need to do


<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />



Edit: If I do a simple <?php echo $bbuserinfo['securitytoken']; ?>, it dosen't show anything, but that's maybe normal?

Any ideas about this?

Sorry for bumping this thread again, but I can't get it to work and I need it to be done soon :)

I found another thread with the same problem (sort of...) in witch someone told him to add:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
to the form.

So did I, but with no success.

Anyone?

Edit: When I looked in the source, it seems as neither the securitytoken nor the sessionhash is implemented correctly on my page:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="" />

Clearly, I use the "{vb:raw session.sessionhash}" wrong, but why isn't the token generated?

Edit 2:
I solved the sessionhash with:
<input type="hidden" name="s" value="<?php echo $_COOKIE['bb_sessionhash'];?>" />
But I still have problem with the securitytoken.