vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)
-   -   Implementing CSRF Protection in modifications (https://vborg.vbsupport.ru/showthread.php?t=177013)

Sworm 06-14-2008 07:40 PM

Hi all, for now, i have this error only in the polls voted from VBA homepage..... what is the template that i go to edit?

PoetJA-1975 06-29-2008 04:48 AM

Wow - Thank GAWD for Google LOL - did a search and this is the very 1st thread I found.... After editing over 50 or more templates in the past hour or so - I thank you all who have helped - notably the very informative post here AND the query that made it so very easy here.

It's not very often I see a HELP ME JESUS! thread that actually has the solution on the 1st page :D

Thanx GUYZ!

Jacquii.

nhuhuu 07-07-2008 02:04 AM

hi dear all.
when i add new styles into my forum. it ok.
then i want to show 3 styles on my forumhome for my member enjoy it. but i can't save display oder. i got note below :

Quote:

Your submission could not be processed because a security token was missing or mismatched.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

please help me why my Admincp got Error... i want to fix it, but i don't know to fix in Admincp. i had been fixed at templates ok

CEO254 07-09-2008 12:51 AM

Quote:

Originally Posted by Wayne Luke (Post 1498706)
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.

I have done this and I have also Re upped all my files and im still getting an error:(

xoutlawz00x 07-13-2008 05:45 PM

Quote:

Originally Posted by Dismounted (Post 1497947)
Also, you need to add the security token to AJAX requests using POST. This can be simply added using the variable "SECURITYTOKEN". An example is below.
Code:

YAHOO.util.Connect.asyncRequest('POST', scriptpath + '?do=ajax', {
        success: this.handle_ajax_response,
        failure: this.handle_ajax_error,
        timeout: vB_Default_Timeout,
        scope: this
}, SESSIONURL + 'securitytoken=' + SECURITYTOKEN + '&foo=' + foo);


would you be kind and help me implement this into my templete.. i dont understand

--------------- Added [DATE]1215989398[/DATE] at [TIME]1215989398[/TIME] ---------------

i upgraded the script and everything is fine now thanksss

denman75 07-18-2008 01:35 PM

Quote:

Originally Posted by CEO254 (Post 1570580)
I have done this and I have also Re upped all my files and im still getting an error:(

same here
this is really frustrating
i don't care where its coming from ,i know it has to be fixed
since i am not a coder
if i purchace a board and its running great and after a update its not
than there is not much i cant do a as a total non coder

gbox master 08-02-2008 02:31 PM

hi

can some one explain this to me please
i get the error also on my forum since some fool invented a new way of protection or something

Template Changes

The following should be added to all of the forms which POST back to vBulletin or a vBulletin script. This will automatically be filled out with a 40 character hash that is unique to the user.


Quote:

Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Again it is worthwhile adding this to your templates even if it is currently not using the CSRF protection.
i dont understand this very well
i use a modified template not from vB but from phpbb
on 3.6 all is ok en works fine
now on 3.7 the problems start

ps if someone can help me do this it would be apriciated by paypal

meissenation 08-06-2008 02:32 PM

My users are getting the error when uploading attachments to their album or to a thread. Both templates have the <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> already, so what is the next course of action to fix this?

mokujin 08-06-2008 09:08 PM

Quote:

Originally Posted by xoutlawz00x (Post 1574390)
would you be kind and help me implement this into my templete.. i dont understand

--------------- Added [DATE]1215989398[/DATE] at [TIME]1215989398[/TIME] ---------------

i upgraded the script and everything is fine now thanksss

I dont understand too :( Where are coders now?

Triky 08-11-2008 05:00 PM

I am trying to reproduce my usercp.php file on my site root, I have copyed also my profile.php file and all my /includes/ folder.. and when I'm sending data from it, I got this error:

Code:

Fatal error:  Call to undefined function:  verify_security_token() in c:\programs\server\www\install_test\includes\init.php on line 416
Why? I have this line of code on init.php at line 416:

PHP Code:

            if (!verify_security_token($vbulletin->GPC['securitytoken'], $vbulletin->userinfo['securitytoken_raw'])) 

Can please somebody help me?


All times are GMT. The time now is 11:27 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03401 seconds
  • Memory Usage 1,751KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (1)bbcode_php_printable
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete