do i need to do this i just ugraded to 3.7.2 pl2 it should be fixed in that right..as i am still having the problem but only with the thanks hack any help will be appreciated
|
i m having probs to
does it fixed in 3.7.3?? |
I am getting a token error when editing a Blog comment. I use the latest VB Blog. How can I fix the token error here? Also I get a error when I am inside the admin CP and I try and email a user their password?
I had a mod installed called "force useres to read a thread" when I uninstalled that mod I began to see the token errors. I need these two erros fixed ASAP! HELP PLEASE! |
This is stupid. What the hell is this all about?
--------------- Added [DATE]1220819847[/DATE] at [TIME]1220819847[/TIME] --------------- Quote:
--------------- Added [DATE]1220820450[/DATE] at [TIME]1220820450[/TIME] --------------- Quote:
|
I just installed the latest version of vBulletin, have no mods installed, made a test thread, and I cant delete it. I get this security token error. Contact admin it says. Why does this happen on a newly installed forum with no hacks installed. Could it be the template I am using which is ambience.
|
i have the problem with thank you hack..any time someone clicks on thanks they get a security token warning....
i looked throudh the plugin this is where i saw the word securitytoken...what changes do i need to make <template name="post_thanks_button" templatetype="template" date="1217138974" username="Abe" version="7.7"><![CDATA[<a href="post_thanks.php?$session[sessionurl]do=post_thanks_add&p=$post[postid]&&securitytoken=$bbuserinfo[securitytoken]" id="post_thanks_button_$post[postid]"<if condition="$vboptions[disable_ajax] != 2"> onclick="return post_thanks_give($post[postid], <if condition="$vboptions[post_groan_integrate]">true<else />false</if>);"</if> <if condition="$display_thanks_image == 'none'">style="display:none"</if> rel="nofollow"><img src="$stylevar[imgdir_button]/post_thanks.gif" alt="$vbphrase[post_thanks_thanks]" border="0" /></a>]]></template> <template name="post_thanks_javascript" templatetype="template" date="1198126814" username="Abe" version="7.0"><![CDATA[<script type="text/javascript" src="clientscript/post_thanks.js"></script>]]></template> |
I have certain users getting this error when updating their albums.
Rest of the forum seems okay. Can anyone fix this? |
ok so for my template to work without getthing the token error WHAT do i edit/fix
|
Hi, I have this function, how can I add CSRF for this:
Code:
function tab(URL) { |
Below is a code for a product, there is no value="$session[sessionhash]" so I am not sure where to add <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />. Anyone have an idea??
Code:
$stylevar[htmldoctype] |
I had the same trouble this took care of it -
Open the template "onetouchban" in Styles and Templates/edit templates - Find Code:
<form action="misc.php" method="post" name="spamconfirm" id="spamconfirm"> Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> No more errors - Remember to turn off the IP ban for your test run or you may ban your own IP!! I also had a security token pop up in a style that has not been updated with the onset of daylight savings in some parts of the world. The error occurs when the time trys to adjust to daylight savings on profile.php?do=dst. This is incorperated into the footer template and the security token needs to go on the nesxt line after - Code:
<input type="hidden" name="s" value="$session[sessionhash]" /> |
Has anyone gotten this security token error when you click on "Go Advanced" on the QuickReply editor?
If so, what template did you have to edit, (or what form in what template) to fix it?? EDIT - Never mind. I found it. I reverted the Showthread template and it's now fixed. :) |
Hi guys, I have a second site that uses a small bit of code at the top to search my forum. basically you type the search term on my site, hit search and it feeds that info to the search page on my forum and opens a new window on the forum with the results.
It works fine with the user not logged in to the forum when searching from the other site but when the user is also logged in forum and is then also searching from the other site I get the error "Your submission could not be processed because a security token was invalid." I tried commenting out the lines <input type="hidden" name="s" value="$session[sessionhash]" /> <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> from my search_forums template but this made no difference This is my code <div class="span-8 push-4 last margin_bottom"> <form id="form" action="http://www.******.com/forum/search.php" method="post" name="search" target="_blank"> <input type="hidden" name="s" value="$session[sessionhash]" /> <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> <input type="hidden" name="do" value="process"/> <input type="hidden" name="quicksearch" value="1"/> <input type="hidden" name="showposts" value="1"/> <label for="query">Search</label> <input type="text" id="search_field" class="text" name="query" size="18" value="" /> <input type="image" src="/**********/templates/******/images/search.gif" /> </div> Any ideas on how to work around on this? |
Yeah Exactly same here. This is crap and not good. I wish more help was around I see people asking to explain it 5th grade style and they are ignored. GRRR how many people does it take to scream before somethings done???
Quote:
|
Run the following query and you should see a list of possible templates that need editing - Then you have to edit each template for each installed style manually:
Code:
SELECT templateid , title , styleid FROM template WHERE template_un NOT LIKE '%<input type="hidden" name="s" value="$session[sessionhash]" />%<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />%' AND template_un LIKE '%<input type="hidden" name="s" value="$session[sessionhash]" />%' ORDER BY title ASC, styleid ASC; Hope this helps - but if you are in the position to hire someone - perhaps you might post a thread in the Paid Requests section or check out my design site ;) Jacquii. Quote:
|
I have reciently upgraded to the lastest vb, I am now having an issue with a "security token" I was redirected to this perticular post by vb support.. I am using a "Form" created by Elricstorm called "Elricstorm's World of Warcraft Recruitment Form" I have modified the form to be up to date with the changes in the game, everything works fine all the changes show up fine, however when attempting to "post" the form I get the security error, I am in no way a programmer, so my question is what Do I fix and where...? If this has already been answered somewhere pointing me there would be great, I searched but came up[ empty.
I will try and give you the code here.. If anyone can help, and you need more data, please let me know... Thanks a ton.. this is from the top of the form... PHP Code:
|
I'm not sure if this has been suggested yet and I don't care to search through all 10 pages of this to find out.
This is simply what I did to fix my Security Token issues for my custom theme for my board. Go to your Administrator Control Panel, then choose: Styles & Templates >> Search in Templates Inside there you will use the "Find and Replace in Templates" function. Where it says "Search in Style" you will choose the custom style that is giving you problems. Where it says "Search for Text" put: Code:
<input type="hidden" name="s" value="$session[sessionhash]" /> Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> And finally choose "Yes" for the "Case-Insensitive" option. (Just to be sure. =D) Click Find and then keep hitting next till it updates the skins. That's what I did and now it works like a charm. =D |
Ummm maybe someone should tell me exactly WHERE to put all this stuff... this is like reading chinese when i cant even read symbols and make out what they mean.. only thing now im worrying about is missing security tokens :( think i screwed up big time and lost it all and now i may have to restart over...
but will this fix all token issues or certain areas? im trying to figure out why im having this one in my flashchat... |
Quote:
--------------- Added [DATE]1232445952[/DATE] at [TIME]1232445952[/TIME] --------------- Here's a list with (default) templates missing the hidden-field for the securitytoken. These where found in a 3.7.2 version which is updated from 3.5.4 till 3.7.2. The number in front of the template name are the number of fields to be added in total: 2x calenderjump 1x FAQ 2x FORUMDISPLAY 1x forumjump 1x JOINREQUESTS 1x moderation_filter 1x moderation_posts 1x moderation_threads 1x pm_messagelist 6x SHOWTHREAD 1x tag_cloud_page 1x threadadmin_easyspam_skipped_prune 1x WHOSONLINE Open each of these templates, search for: HTML Code:
<input type="hidden" name="s" value="$session[sessionhash]" /> HTML Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /> |
Shouldn't this be posted in vb category and not programming?
Because you can just use this with vB, it has nothing to do with normal "programming". |
ok . now witch template have to be edited ? would you please tell me ? all templates ?
--------------- Added [DATE]1235223321[/DATE] at [TIME]1235223321[/TIME] --------------- i did everything but all the users get this message !!! Your submission could not be processed because a security token was missing. If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error the latest release of vbulletin ! please help to slove this ! |
i get this error only with mozilla when users try to search forums
|
Could you please tell me which of the Templates I have to change so I donĀ“t get the "Securitytoken" error anymore when submitting the Score for the IbProArcade ? If someone would already know, it would save me a lot of work finding that.
Thanks |
1 Attachment(s)
Hi, I did the query posted earlier and when I check the Style ID's, one of the results is -1, as shown in the attachment. When I hover over my styles in style manager none of them come up as -1. When I click on a style to go to the url and change the style id at the end of the url to -1 it comes up as the andromeda style, but in style manager, andromeda comes up as styleid 58. Any clues as to why this is like that? I fixed all the security token issues except for the 7 occurences that happen in this -1 styleid.
Any help would be appreciated. :) |
-1 means the Master Style which you can only see in debug mode.
|
Thank you - how would I change those templates then?
|
Quote:
|
ThanQ Lynne - I appreciate your help. I guess I will ignore them for now.
On another note, I'm no longer getting a flood of emails for security tokens missing, but I have received two of these: HTML Code:
Missing or Invalid Security Token detected. |
Make sure the security token is present in the footer where the profile.php form is called.
|
Thanks again Lynne, I have about 7 skins total and from what I can see all the footer templates have the security token. The sql query only shows these results. I have received 8 email notificactions of missing security tokens, all with exactly the same information as what I posted above. Any other ideas?
|
That query will most likely not catch modification templates or plugins where they don't have the securitytoken nor will it catch if it is a javascript problem. You can try disabling your modifications and seeing if the error goes away.
|
Hello,
I'm trying to implement an add-on (ZP Poll) that shows vb polls in a non-vb page (joomla). Everything works well until users try to vote , then they get the security token issue. This hack is not resident in vbulletin and the only line with a form is Code:
<form action=\"" . $directory . "/poll.php?do=pollvote&pollid=\"" . $pollid . "\" method=\"post\">" |
You should ask the author of that modification for help adding the securitytoken.
|
1 Attachment(s)
Hi Lynne,
I've been trying to get hold of the developer for days. I was hoping there is a generic way to add tokens to such non-vb pages. I'm attaching the script so you can advise on where I could add the token ? |
I'm no CSRF expert at all. I was able to just add the line to all my custom mods and everything worked perfectly. You can try adding the securitytoken right after the form line you posted above and see if that works.
|
i have problem with a theme header ( i think so ) quick search (java one) doesnt work with this theme:
where to add special lines to make it work? here is the script Code:
<!-- designed by hanafi@enthropia.com/napy8gen@yahoo.co.uk for forumtemplates.com --> |
Quote:
|
Hi Lynne, do you know how to make the Default var?
Thank you |
Quote:
|
Quote:
I mean how to make the AJAX call a script without click a button (or a link) when a user just loaded the page. For example: I have Installed AJAX Advanced Forum Statistic. I browse the index page, that Mod loads the Statistics using AJAX for the default. I hope you understand what I mean. |
All times are GMT. The time now is 03:43 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|