PDA

View Full Version : security token was missing

chikuru
10-01-2013, 07:21 PM
Im getting this message from my custom plugin:

Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

I have included these on the plugin codes but im still getting the error.
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

I also added
define('CSRF_PROTECTION', true);
Inside my plugin file..

It seems like security token is changing after the Paypal redirects back to my forums..
ozzy47
10-01-2013, 08:11 PM
I think the whole code would need to be seen in order to debug it.
chikuru
10-01-2013, 08:22 PM
Here is the code of the form..

<form action="{vb:raw ptpnt_action}" method="post">
<vb:if condition="$ptpnt_total_price">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="business" value="{vb:raw ptpnt_ppemail}" />
<input type="hidden" name="item_name" value="{vb:rawphrase post_new_thread}" />
<input type="hidden" name="item_number" value="{vb:raw ptpnt_item}" />
<input type="hidden" name="currency_code" value="{vb:raw foruminfo.ptpnt_currency}" />
<input type="hidden" name="amount" value="{vb:raw ptpnt_total_price}" />
<input type="hidden" name="no_shipping" value="1" />
<input type="hidden" name="shipping" value="0.00" />
<input type="hidden" name="return" value="{vb:raw vboptions.bburl}/forumdisplay.php?{vb:raw session.sessionurl}f={vb:raw foruminfo.forumid}" />
<input type="hidden" name="cancel_return" value="{vb:raw vboptions.bburl}/forumdisplay.php?f={vb:raw foruminfo.forumid}" />
<input type="hidden" name="notify_url" value="{vb:raw vboptions.bburl}/buythread.php?do=paypal" />
<input type="hidden" name="custom" value="{vb:raw bbuserinfo.username}" />
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
<input type="hidden" name="do" value="process" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="tax" value="0.00" />
<vb:else />
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
<input type="hidden" name="do" value="process" />
<input type="hidden" name="f" value="{vb:raw foruminfo.forumid}" />
<input type="hidden" name="do" value="{vb:raw ptpnt_do}" />
</vb:if>

<h2 class="blockhead">{vb:rawphrase post_new_thread} - {vb:rawphrase ptpnt_payment_required}</h2>
<div class="blockbody formcontrols settings_form_border">
<div style="width:100%">
<div style="float:left;width:50%;"><h3 class="blocksubhead">{vb:rawphrase title}</h3></div>
<div style="float:left;width:50%;"><h3 class="blocksubhead">{vb:rawphrase ptpnt_description}</h3></div>
</div>
<div class="section"">
<div class="blockrow">
<div style="float:left;width:50%;">{vb:rawphrase ptpnt_forum_for_thread}</div>
<div style="float:left;width:50%;"><a href="forumdisplay.php?{vb:raw session.sessionurl}f={vb:raw foruminfo.forumid}">{vb:raw foruminfo.title}</a></div>
</div>
<div class="blockrow">
<div style="float:left;width:50%;">{vb:rawphrase ptpnt_price_per_thread}</div>
<div style="float:left;width:50%;">{vb:raw ptpnt_price} {vb:raw foruminfo.ptpnt_currency}</div>
</div>
<div class="blockrow">
<div style="float:left;width:50%;">{vb:rawphrase ptpnt_maximum_threads_allowed}</div>
<div style="float:left;width:50%;">{vb:raw foruminfo.ptpnt_threads}</div>
</div>
<vb:if condition="$ptpnt_total_price">
<div class="blockrow">
<div style="float:left;width:50%;">{vb:rawphrase ptpnt_number_of_threads}</div>
<div style="float:left;width:50%;">{vb:raw ptpnt_num_threads}</div>
</div>
<div class="blockrow">
<div style="float:left;width:50%;font-weight:bold;">{vb:rawphrase ptpnt_total_price}</div>
<div style="float:left;width:50%;">{vb:raw ptpnt_total_price} {vb:raw foruminfo.ptpnt_currency}</div>
</div>
<vb:else />
<div class="blockrow">
<div style="float:left;width:50%;">{vb:rawphrase ptpnt_enter_number_of_threads_to_purchase}</div>
<div style="float:left;width:50%;"><input type="text" name="num_threads" value="1" /></div>
</div>
</vb:if>
</div>

</div>

<div class="blockfoot actionbuttons settings_form_border">
<div class="group">
<vb:if condition="$ptpnt_total_price">
<input type="submit" class="buybutton" value="{vb:rawphrase ptpnt_purchase}" />
<vb:else />
<input type="submit" class="buybutton" value="{vb:rawphrase submit}" tabindex="1" accesskey="r" />
</vb:if>
</div>
</div>
</form>