vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   Problem with security token. (https://vborg.vbsupport.ru/showthread.php?t=232697)

pyd 01-10-2010 12:37 PM
Problem with security token.
 
I have a small webpage that I include in a widget.
I basicly just is a form.
But when I submit the form, I get a error:
(For some reason, the error message is in swedish, but it's something like this)
Quote:
Ditt bidrag kunde inte hanteras eftersom ett s?kerhetsbevis var ogiltigt.
Your contribution could not be handled because a security token/proof(?) was not valid.
I have searched in the forum for this, and found some anwsers that stated that I should include this line in the form:<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

This I have done, but it won't work anyway.

Any ideas?

PHP Code:
<?php 
if(isset($_POST['add_Application_Submit']))
{
include 'dbConnection.php';

$firstname get_magic_quotes_gpc($_POST['add_Application_Firstname']);
$lastname get_magic_quotes_gpc($_POST['add_Application_Lastname']);
$mobilephone get_magic_quotes_gpc($_POST['add_Application_Mobilephone']);
$pnumber get_magic_quotes_gpc($_POST['add_Application_p-number']);
$bnumber get_magic_quotes_gpc($_POST['add_Application_b-number']);
$dnumber get_magic_quotes_gpc($_POST['add_Application_d-number']);
$distict get_magic_quotes_gpc($_POST['add_Application_district']);
$userID get_magic_quotes_gpc($_POST['add_Application_UserID']);
$presentation get_magic_quotes_gpc($_POST['add_Application_Presentation']);
$status "0";




$query "INSERT INTO ovse_applications (firstName, lastName, mobile, p-number, b-number, d-number, district, userID, presentation, application_status) VALUES ($firstname$lastname$mobilephone$pnumber$bnumber$dnumber$district$userID$presentation$status)";
mysql_query($query) or die('Error, insert query failed');

$query "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

mysql_close($conn);
echo "New MySQL user added";
}
else
{
?>

<form id="form1" method="post" action="">
  <table border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td> F&ouml;rnamn </td>
      <td><input type="text" name="add_Application_Firstname" id="add_Application_Firstname" /></td>
    </tr>
    <tr>
      <td> Efternamn </td>
      <td><input type="text" name="add_Application_Lastname" id="add_Application_Lastname" /></td>
    </tr>
    <tr>
      <td>Mobilnummer: </td>
      <td><input type="text" name="add_Application_Mobilephone" id="add_Application_Mobilephone" /></td>
    </tr>
    <tr>
      <td>Personnummer: </td>
      <td><input type="text" name="add_Application_p-number" id="add_Application_p-number" /></td>
    </tr>
    <tr>
      <td>Bricknummer: </td>
      <td><input type="text" name="add_Application_b-number" id="add_Application_b-number" /></td>
    </tr>
    <tr>
      <td>Diarienummer: </td>
      <td><input type="text" name="add_Application_d-number" id="add_Application_d-number" /></td>
    </tr>
    <tr>
      <td>L&auml;n: </td>
      <td><select name="add_Application_district" id="add_Application_district">
          <option value="Inget l&auml;n valt">Inget l&auml;n valt</option>
          <option value="Blekinge">Blekinge</option>
          <option value="Dalarna">Dalarna</option>
          <option value="Gotlands l&auml;n">Gotlands l&auml;n</option>
          <option value="G&auml;vleborg">G&auml;vleborg</option>
          <option value="Halland">Halland</option>
          <option value="J&auml;mtland">J&auml;mtland</option>
          <option value="J&ouml;nk&ouml;pings l&auml;n">J&ouml;nk&ouml;pings l&auml;n</option>
          <option value="Kalmar l&auml;n">Kalmar l&auml;n</option>
          <option value="Kronoberg">Kronoberg</option>
          <option value="Norrbotten">Norrbotten</option>
          <option value="Sk&aring;ne">Sk&aring;ne</option>
          <option value="Stockholms l&auml;n">Stockholms l&auml;n</option>
          <option value="S&ouml;dermanland">S&ouml;dermanland</option>
          <option value="Uppsala l&auml;n">Uppsala l&auml;n</option>
          <option value="V&auml;rmland">V&auml;rmland</option>
          <option value="V&auml;sterbotten">V&auml;sterbotten</option>
          <option value="V&auml;sternorrland">V&auml;sternorrland</option>
          <option value="V&auml;stmanland">V&auml;stmanland</option>
          <option value="V&auml;stra G&ouml;taland">V&auml;stra G&ouml;taland</option>
          <option value="&Ouml;rebro l&auml;n">&Ouml;rebro l&auml;n</option>
          <option value="&Ouml;sterg&ouml;tland">&Ouml;sterg&ouml;tland</option>
        </select>
          <input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="<? print(vB::$vbulletin->userinfo['userid']); ?>" />
          <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
      </td>
    </tr>
    <tr>
      <td>Kort personlig presentation:</td>
      <td><textarea name="add_Application_Presentation" rows="10" id="add_Application_Presentation"></textarea></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="add_Application_Submit" id="add_Application_Submit" value="Ans&ouml;k" /></td>
    </tr>
  </table>
</form>
<?php 
}
?>

BBR-APBT 01-10-2010 02:57 PM
Try
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

pyd 01-10-2010 03:19 PM
Same error :(

Quote:
Originally Posted by BBR-APBT (Post 1952000)
Try
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Edit: Should I do something with this in the reciving part of the code?
Or should it just be enough with just passing it along with the form?

Also, the widget loads a "external" webpage:
PHP Code:
// UNTESTED
ob_start();
include("test/addApplication.php");
echo "<br />\n";
$output .= ob_get_contents();
ob_end_clean(); 

BBR-APBT 01-10-2010 03:54 PM
on a plus note the code is not with in the PHP braces so its basicly html. You might need to do

Code:
<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />

pyd 01-10-2010 04:31 PM
Well, this time I got the error message in english anyway :)
Quote:
Your submission could not be processed because a security token was missing.

Just to clearify everything.
I have created a widget (PHP Direct Execution) with this content:
PHP Code:
// UNTESTED
ob_start();
include("test/addApplication.php");
echo "<br />\n";
$output .= ob_get_contents();
ob_end_clean(); 
the file (addApplication.php) that the widget refers to is this:
PHP Code:
<?php 
if(isset($_POST['add_Application_Submit']))
{
include 'dbConnection.php';

$firstname get_magic_quotes_gpc($_POST['add_Application_Firstname']);
$lastname get_magic_quotes_gpc($_POST['add_Application_Lastname']);
$mobilephone get_magic_quotes_gpc($_POST['add_Application_Mobilephone']);
$pnumber get_magic_quotes_gpc($_POST['add_Application_p-number']);
$bnumber get_magic_quotes_gpc($_POST['add_Application_b-number']);
$dnumber get_magic_quotes_gpc($_POST['add_Application_d-number']);
$distict get_magic_quotes_gpc($_POST['add_Application_district']);
$userID get_magic_quotes_gpc($_POST['add_Application_UserID']);
$presentation get_magic_quotes_gpc($_POST['add_Application_Presentation']);
$status "0";




$query "INSERT INTO ovse_applications (firstName, lastName, mobile, p-number, b-number, d-number, district, userID, presentation, application_status) VALUES ($firstname$lastname$mobilephone$pnumber$bnumber$dnumber$district$userID$presentation$status)";
mysql_query($query) or die('Error, insert query failed');

$query "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

mysql_close($conn);
echo "New MySQL user added";
}
else
{
?>

<form id="form1" method="post" action="">
  <table border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td> F&ouml;rnamn </td>
      <td><input type="text" name="add_Application_Firstname" id="add_Application_Firstname" /></td>
    </tr>
    <tr>
      <td> Efternamn </td>
      <td><input type="text" name="add_Application_Lastname" id="add_Application_Lastname" /></td>
    </tr>
    <tr>
      <td>Mobilnummer: </td>
      <td><input type="text" name="add_Application_Mobilephone" id="add_Application_Mobilephone" /></td>
    </tr>
    <tr>
      <td>Personnummer: </td>
      <td><input type="text" name="add_Application_p-number" id="add_Application_p-number" /></td>
    </tr>
    <tr>
      <td>Bricknummer: </td>
      <td><input type="text" name="add_Application_b-number" id="add_Application_b-number" /></td>
    </tr>
    <tr>
      <td>Diarienummer: </td>
      <td><input type="text" name="add_Application_d-number" id="add_Application_d-number" /></td>
    </tr>
    <tr>
      <td>L&auml;n: </td>
      <td><select name="add_Application_district" id="add_Application_district">
          <option value="Inget l&auml;n valt">Inget l&auml;n valt</option>
          <option value="Blekinge">Blekinge</option>
          <option value="Dalarna">Dalarna</option>
          <option value="Gotlands l&auml;n">Gotlands l&auml;n</option>
          <option value="G&auml;vleborg">G&auml;vleborg</option>
          <option value="Halland">Halland</option>
          <option value="J&auml;mtland">J&auml;mtland</option>
          <option value="J&ouml;nk&ouml;pings l&auml;n">J&ouml;nk&ouml;pings l&auml;n</option>
          <option value="Kalmar l&auml;n">Kalmar l&auml;n</option>
          <option value="Kronoberg">Kronoberg</option>
          <option value="Norrbotten">Norrbotten</option>
          <option value="Sk&aring;ne">Sk&aring;ne</option>
          <option value="Stockholms l&auml;n">Stockholms l&auml;n</option>
          <option value="S&ouml;dermanland">S&ouml;dermanland</option>
          <option value="Uppsala l&auml;n">Uppsala l&auml;n</option>
          <option value="V&auml;rmland">V&auml;rmland</option>
          <option value="V&auml;sterbotten">V&auml;sterbotten</option>
          <option value="V&auml;sternorrland">V&auml;sternorrland</option>
          <option value="V&auml;stmanland">V&auml;stmanland</option>
          <option value="V&auml;stra G&ouml;taland">V&auml;stra G&ouml;taland</option>
          <option value="&Ouml;rebro l&auml;n">&Ouml;rebro l&auml;n</option>
          <option value="&Ouml;sterg&ouml;tland">&Ouml;sterg&ouml;tland</option>
        </select>
          <input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="<? print(vB::$vbulletin->userinfo['userid']); ?>" />
          <input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />
      </td>
    </tr>
    <tr>
      <td>Kort personlig presentation:</td>
      <td><textarea name="add_Application_Presentation" rows="10" id="add_Application_Presentation"></textarea></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="add_Application_Submit" id="add_Application_Submit" value="Ans&ouml;k" /></td>
    </tr>
  </table>
</form>
<?php 
}
?>

Quote:
Originally Posted by BBR-APBT (Post 1952052)
on a plus note the code is not with in the PHP braces so its basicly html. You might need to do

Code:
<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />

Edit: If I do a simple <?php echo $bbuserinfo['securitytoken']; ?>, it dosen't show anything, but that's maybe normal?

pyd 01-15-2010 08:27 AM
Any ideas about this?

pyd 01-24-2010 06:31 PM
Sorry for bumping this thread again, but I can't get it to work and I need it to be done soon :)

I found another thread with the same problem (sort of...) in witch someone told him to add:
PHP Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" /> 
to the form.

So did I, but with no success.

Anyone?

Edit: When I looked in the source, it seems as neither the securitytoken nor the sessionhash is implemented correctly on my page:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="" />

Clearly, I use the "{vb:raw session.sessionhash}" wrong, but why isn't the token generated?

Edit 2:
I solved the sessionhash with:
PHP Code:
<input type="hidden" name="s" value="<?php echo $_COOKIE['bb_sessionhash'];?>" />
But I still have problem with the securitytoken.


All times are GMT. The time now is 09:35 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01204 seconds
  • Memory Usage 1,819KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (6)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete