PDA

View Full Version : Security token error when submitting on custom page


MarcL
01-16-2011, 01:23 AM
Go to: http://saleage.com/fileupload.php

Enter a integer in and click next...

Then I get:
Your submission could not be processed because a security token was missing.


Look at the url after clicking next, a variable is in it if that would set the error?

Lynne
01-16-2011, 03:22 AM
Take a look at the forms in the templates used in vbulletin and you will see a security token in most all of them. You need to have that token in your own forms also.

MarcL
01-16-2011, 03:58 AM
Take a look at the forms in the templates used in vbulletin and you will see a security token in most all of them. You need to have that token in your own forms also.

So you mean a security token set in the acutal <form> code?

Also this is weird, I went to the page logged out and it worked, but when logged in I get the security token error.

Lynne
01-16-2011, 05:25 PM
Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.

MarcL
01-18-2011, 12:57 AM
Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.

Do I have to put the security token in the templates? I cant just run it from the php file? I ask because I am not sure .php would know what do with:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

Possible to set a variable in templates so I can get it from php?

Lynne
01-18-2011, 07:41 PM
Well, since the page is asking for it, it obviously wants it. You must have something in the code that is expecting to use it.

perfphysio
01-25-2011, 08:21 AM
Hi guys,

I am aware of the comment Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.

I am simply trying to permit some views of an external website I have (that pulls information from my forum) to place a search term/s in the top right search box and hit search. I am wanting this to open the forum in a new window with the search results.

see example on to right of www.physiolive.com

Can someone provide a little more details about this security token? Is it dynamic? Is there something I can pass with the search that is a default value so that this will always work? Or is this a page that I can exempt in the vbulletin code from requiring the search token. It seems weird as guests can search my forum so I am wondering why this token is required.

Any more detailed comment would be great

Many thanks :)

Lynne
01-25-2011, 05:15 PM
You can read up on this here - Implementing CSRF Protection in modifications (https://vborg.vbsupport.ru/showthread.php?t=177013)