View Full Version : Security token error when submitting on custom page
MarcL
01-16-2011, 01:23 AM
Go to: http://saleage.com/fileupload.php
Enter a integer in and click next...
Then I get:
Your submission could not be processed because a security token was missing.
Look at the url after clicking next, a variable is in it if that would set the error?
Lynne
01-16-2011, 03:22 AM
Take a look at the forms in the templates used in vbulletin and you will see a security token in most all of them. You need to have that token in your own forms also.
MarcL
01-16-2011, 03:58 AM
Take a look at the forms in the templates used in vbulletin and you will see a security token in most all of them. You need to have that token in your own forms also.
So you mean a security token set in the acutal <form> code?
Also this is weird, I went to the page logged out and it worked, but when logged in I get the security token error.
Lynne
01-16-2011, 05:25 PM
Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.
MarcL
01-18-2011, 12:57 AM
Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.
Do I have to put the security token in the templates? I cant just run it from the php file? I ask because I am not sure .php would know what do with:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
Possible to set a variable in templates so I can get it from php?
Lynne
01-18-2011, 07:41 PM
Well, since the page is asking for it, it obviously wants it. You must have something in the code that is expecting to use it.
perfphysio
01-25-2011, 08:21 AM
Hi guys,
I am aware of the comment Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.
I am simply trying to permit some views of an external website I have (that pulls information from my forum) to place a search term/s in the top right search box and hit search. I am wanting this to open the forum in a new window with the search results.
see example on to right of www.physiolive.com
Can someone provide a little more details about this security token? Is it dynamic? Is there something I can pass with the search that is a default value so that this will always work? Or is this a page that I can exempt in the vbulletin code from requiring the search token. It seems weird as guests can search my forum so I am wondering why this token is required.
Any more detailed comment would be great
Many thanks :)
Lynne
01-25-2011, 05:15 PM
You can read up on this here - Implementing CSRF Protection in modifications (https://vborg.vbsupport.ru/showthread.php?t=177013)
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.