vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Security token issue (https://vborg.vbsupport.ru/showthread.php?t=195758)

Big Barry 11-08-2008 02:48 PM
Security token issue
 
Hey,

Everytime someone goes to make a post via the quick reply, I am getting this email from my security token error detector:

Quote:
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /forums/includes/functions.php line 2611: eval()
#1 /forums/global.php line 384: fetch_error(security_token_missing,sendmessage.php )
#2 /forums/newreply.php line 82: require_once(/forums/global.php)
#3 /forums/vbseo.php line 1470: require(/forums/newreply.php)

POST Variables
==============
Array
(
[message] =>
[securitytoken] =>
[ajax] => 0
)

Request URI
===========
/forums/newreply.php?do=postreply&t=1230
How do I fix this?

Thanks in advance.

Lynne 11-08-2008 02:50 PM
Create a new style with no parent - Styles & Templates > Style Manager > Add New Style > no parent - then browse the site using that totally default vbulletin style - do you still get this error?

Big Barry 11-08-2008 03:30 PM
Hi,

This is only in my custom template. it's also happening if I click go advanced and try and post from there.

Is there something missing from my posting templates?

Thanks

Lynne 11-08-2008 03:35 PM
Yeah, you are missing the security token in your templates. You can read this about how to fix it - Implementing CSRF Protection in modifications

pein87 11-08-2008 03:36 PM
Hi I had the very same problem witha custom template what the coder forgot to do is add the security tokens in the xml style product so when you uploaded the styles product it was already missing the security token. If you open up your templates you`ll be able to she that in the code there are security tokens for users to use certain fuctions. I would suggest reporting it to the style maker and if its paid they should have t fix it because that means its just not your style thats messed up. I hope this helps you out some enjoy

~Pein87

Big Barry 11-08-2008 03:44 PM
Quote:
Originally Posted by Lynne (Post 1661860)
Yeah, you are missing the security token in your templates. You can read this about how to fix it - Implementing CSRF Protection in modifications
Cheers :) Any idea what templates I need to check as I have just checked the new reply template and that seems to have them in:
Code:
$stylevar[htmldoctype]
<html xmlns="http://www.w3.org/1999/xhtml" dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
<head>
$headinclude
<title>$vboptions[bbtitle] - $vbphrase[reply_to_topic]</title>
</head>
<body$onload>
$header
$navbar

$postpreview

<form action="newreply.php?do=postreply&amp;t=$threadid" name="vbform" method="post"<if condition="!is_browser('webtv')"> onsubmit="return vB_Editor['$editorid'].prepare_submit(0, $vboptions[postminchars])"</if>>

<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
        <td class="tcat">
                <span class="smallfont" style="float:$stylevar[right]"><strong>$vbphrase[thread]</strong>: $threadinfo[prefix_plain_html] <a href="showthread.php?$session[sessionurl]t=$threadinfo[threadid]">$threadinfo[title]</a></span>
                $vbphrase[reply_to_thread]
        </td>
</tr>
<tr>
        <td class="panelsurround" align="center">
        <div class="panel">
                <div style="width:$stylevar[formwidth]" align="$stylevar[left]">

                $usernamecode

                $human_verify

                <!-- subject field -->
                <table cellpadding="0" cellspacing="0" border="0" class="fieldset">
                <tr>
                        <td class="smallfont" colspan="3">$vbphrase[title]:</td>
                </tr>
                <tr>
                        <td><input type="text" class="bginput" name="title" value="$title" size="50" maxlength="$vboptions[titlemaxchars]" tabindex="1" title="$vbphrase[optional]" /></td>
                        <td>&nbsp;&nbsp;</td>
                        <td><img id="display_posticon" src="$selectedicon[src]" alt="$selectedicon[alt]" /></td>
                </tr>
                </table>
                <!-- / subject field -->

                <!-- message area -->
                <div class="smallfont">$vbphrase[message]:</div>
                $messagearea
                <!-- / message area -->

                <if condition="$unquoted_post_count > 0">
                        <div id="unquoted_posts" class="smallfont" style="display: none">
                        <if condition="$unquoted_post_count == 1">
                                $vbphrase[selected_1_post_not_part_thread]
                        <else />
                                <phrase 1="$unquoted_post_count">$vbphrase[selected_x_posts_not_part_thread]</phrase>
                        </if>
                        </div>
                        <script type="text/javascript" src="clientscript/vbulletin_ajax_quote.js?v=$vboptions[simpleversion]"></script>
                        <script type="text/javascript">
                        <!--
                                if (AJAX_Compatible)
                                {
                                        fetch_object('unquoted_posts').style.display = '';
                                }
                                init_unquoted_posts('$editorid', $threadinfo[threadid]);
                        // -->
                        </script>
                </if>
                $posticons

                </div>
        </div>

        <div style="margin-top:$stylevar[cellpadding]px">
                <input type="hidden" name="s" value="$session[sessionhash]" />
                <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
                <input type="hidden" name="do" value="postreply" />
                <input type="hidden" name="t" value="$threadid" />
                <input type="hidden" name="p" value="$postid" />
                <input type="hidden" name="specifiedpost" value="$specifiedpost" />
                <input type="hidden" name="posthash" value="$posthash" />
                <input type="hidden" name="poststarttime" value="$poststarttime" />
                <input type="hidden" name="loggedinuser" value="$bbuserinfo[userid]" />
                <input type="hidden" name="multiquoteempty" id="multiquote_empty_input" value="$multiquote_empty" />
                <input type="submit" class="button" name="sbutton" id="{$editorid}_save" value="$vbphrase[submit_reply]" accesskey="s" tabindex="1" />
                <input type="submit" class="button" name="preview" value="$vbphrase[preview_post]" accesskey="r" tabindex="1" />
        </div>
        </td>
</tr>
</table>

<if condition="$show['additional_options']">
<br />

<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<thead>
        <tr>
                <td class="tcat">
                        <a style="float:$stylevar[right]" href="#top" onclick="return toggle_collapse('newpost_options')"><img id="collapseimg_newpost_options" src="$stylevar[imgdir_button]/collapse_tcat$vbcollapse[collapseimg_newpost_options].gif" alt="" border="0" /></a>
                        $vbphrase[additional_options]
                </td>
        </tr>
</thead>
<tbody id="collapseobj_newpost_options" style="$vbcollapse[collapseobj_newpost_options]">
        <tr valign="top">
                <td class="panelsurround" align="center">
                <div class="panel">
                        <div style="width:$stylevar[formwidth]" align="$stylevar[left]">

                                <if condition="$show['misc_options']">
                                <fieldset class="fieldset">
                                        <legend>$vbphrase[miscellaneous_options]</legend>
                                        <div style="padding:$stylevar[formspacer]px">
                                                <if condition="$bbuserinfo['signature'] != ''"><div><label for="cb_signature"><input type="checkbox" name="signature" value="1" id="cb_signature" tabindex="1" $checked[signature] />$vbphrase[show_your_signature]</label></div></if>
                                                <if condition="$show['parseurl']"><div><label for="cb_parseurl"><input type="checkbox" name="parseurl" value="1" id="cb_parseurl" tabindex="1" $checked[parseurl] />$vbphrase[automatically_parse_links_in_text]</label></div></if>
                                                $disablesmiliesoption
                                        </div>
                                </fieldset>
                                </if>

                                $attachmentoption

                                <if condition="$show['member']">
                                <fieldset class="fieldset">
                                        <legend>$vbphrase[thread_subscription]</legend>
                                        <table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
                                        <tr>
                                                <td>$vbphrase[notification_type]:<br /><select name="emailupdate" tabindex="1">
                                                        <option value="9999" $emailchecked[9999]>$vbphrase[do_not_subscribe]</option>
                                                        <option value="0" $emailchecked[0]>$vbphrase[no_email_notification]</option>
                                                        <option value="1" $emailchecked[1]>$vbphrase[instant_email_notification]</option>
                                                        <option value="2" $emailchecked[2]>$vbphrase[daily_email_notification]</option>
                                                        <option value="3" $emailchecked[3]>$vbphrase[weekly_email_notification]</option>
                                                </select></td>
                                                <if condition="$show['subscribefolders']"><td>$vbphrase[folder]:<br /><select name="folderid" tabindex="1">$folderbits</select></td></if>
                                        </tr>
                                        </table>
                                </fieldset>
                                </if>

                                <if condition="$show['threadrating']">
                                <fieldset class="fieldset">
                                        <legend>$vbphrase[rate_thread]</legend>
                                        <div style="padding:$stylevar[formspacer]px">
                                                <div>$vbphrase[can_add_a_score_for_thread]</div>
                                                <div>
                                                        <select name="rating" tabindex="1">
                                                                <option value="0"$rate[0]>$vbphrase[choose_a_rating]</option>
                                                                <optgroup label="&nbsp;">
                                                                        <option value="5"$rate[5]>5 : $vbphrase[excellent]</option>
                                                                        <option value="4"$rate[4]>4 : $vbphrase[good]</option>
                                                                        <option value="3"$rate[3]>3 : $vbphrase[average]</option>
                                                                        <option value="2"$rate[2]>2 : $vbphrase[bad]</option>
                                                                        <option value="1"$rate[1]>1 : $vbphrase[terrible]</option>
                                                                </optgroup>
                                                        </select>
                                                </div>
                                        </div>
                                </fieldset>
                                </if>

                                $threadmanagement

                                </div>
                        </div>

                        <div style="margin-top:$stylevar[cellpadding]px">
                                <input type="submit" class="button" name="sbutton" value="$vbphrase[submit_reply]" accesskey="s" tabindex="1" />
                                <input type="submit" class="button" name="preview" value="$vbphrase[preview_post]" accesskey="r" tabindex="1" />
                        </div>
                </td>
        </tr>
</tbody>
</table>
</if>

</form>

<br />


<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
        <td class="tcat">
                <a style="float:$stylevar[right]" href="#top" onclick="return toggle_collapse('threadreview')"><img id="collapseimg_threadreview" src="$stylevar[imgdir_button]/collapse_tcat$vbcollapse[collapseimg_threadreview].gif" alt="" border="" /></a>
                $vbphrase[topic_review_newest_first]
        </td>
</tr>
</table>

$spacer_close
$spacer_open

<div id="collapseobj_threadreview" style="$vbcollapse[collapseobj_threadreview]">

        <table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center" style="border-top-width:0px">

        $threadreviewbits

        <if condition="$show['reviewmore']">
        <tr>
                <td class="tfoot" align="center" colspan="2"><span class="smallfont">
                        <phrase 1="$vboptions[maxposts]" 2="showthread.php?$session[sessionurl]t=$threadid">$vbphrase[thread_has_more_than_x_review]</phrase>
                </span></td>
        </tr>
        </if>

        </table>

</div>

$spacer_close
$spacer_open

<br />

$forumrules

$footer

</body>
</html>
Thanks

Lynne 11-08-2008 04:04 PM
I don't know which templates. I guess what I would do is turn this on - vboptions > General Settings > Add Template Name in HTML Comments > set to Yes. Now go to the page having problems and view it in your style. Copy the page source to a text document. Then view the page using the default (working) style. Copy the page source to a text document. Compare and see what is missing. Find the template name in the page source and look there.

vytran 10-19-2010 06:11 AM
you find
showthread_quickreply
showthread_quickreply_full
and add
HTML Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

BirdOPrey5 10-20-2010 12:52 AM
Quote:
Originally Posted by vytran (Post 2111569)
you find
showthread_quickreply
showthread_quickreply_full
and add
HTML Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
I'm not really sure what you're answering in a 2 year old thread but this code is for VB4 and won't work in VB3, which is the topic of this forum.

kellyandmark04 10-21-2010 04:33 AM
I am using vb 3.8.4 and having the same issue. Can anyone help???


All times are GMT. The time now is 08:42 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02350 seconds
  • Memory Usage 1,813KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_html_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete