vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   SOLVED - Another security token thread - SOLVED (https://vborg.vbsupport.ru/showthread.php?t=233946)

Vaupell 01-23-2010 11:47 AM
SOLVED - Another security token thread - SOLVED
 
Was i thought i was clear about how to avoid it, but now
i ran into the problem myself, makeing a modification with a form sumbitting to db.

user fills in form, and data is saved in db,
but i get this wonderfull little error msg..

Code:
Your submission could not be processed because a security token was missing.
 
If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.
here is a part of the php causing the problem, strange is rest of php links for the same
file works perfectly only this submission to database..

PHP Code:
if ($_RQUEST['do'] == 'submitapplication')
{
$currentuser $vbulletin->userinfo[userid];
 
$realname $vbulletin->input->clean_GPC('g''realname'TYPE_STR);
$realname =& $db->escape_string($vbulletin->GPC['realname']);
 
$db->query_write("INSERT INTO ".TABLE_PREFIX."eapplication (id, userid, question, ansver, wconfirmed)
              VALUES ('', '".$currentuser."', '".$vbphrase['eapp_realname']."', '".$realname."', '1')"); 
thats one of the items stored, only made 1 to test mysql etc was working correctly,
but it was enough..

here is part of the form im using.

Code:
<form name="form1" method="post" action="?do=submitapplication">
<h1><b>  {vb:rawphrase ew_app_personalinfo}</b></h1><hr />
    {vb:rawphrase ew_app_realname}
    <input type="text" name="realname" size="38">
 
<br /><br /><table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="blockhead" width="100%" height="16" align="center">
<input type="submit" class="button" value="{vb:rawphrase ew_app_submit_app}" /><br /></td></tr>
</table>
  </form>
this method ived use many times before succesfully. but now i get this security token issue
i thought i was missing the global above, but its at the top of the file
require_once('./global.php');

searching these forums, just shows alot of responses "disable your hooks" etc :D

any ideas why the security token is showing up as missing ?

EDIT / PS :

Allready tryed creating new style to see if the style was borky..

--------------- Added [DATE]1264256070[/DATE] at [TIME]1264256070[/TIME] ---------------

Solved

its cause by the method="post" when using the form

so i simply removed the entire method
and my form start looks like this now

<form action="?do=submitapplication" name="newapp">
<input type="hidden" name="do" value="submitapplication" />

and it runs perfectly :D

BBR-APBT 01-23-2010 07:19 PM
That is wrong and insecure. On top of that most likely your users will get logged out on submit of the form. With out the hidden input for the session the session gets broke.
Any time you use method="$_POST" you need to add the hidden field for the security token.

Put the method back into your code and add the following just above the submit button.
Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
;)

Vaupell 01-23-2010 08:19 PM
tx mad dog..

i was googling around, and found
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

but it didnt do squat. :D but it was ofcousse missing the sessionhash.

Thank you.


All times are GMT. The time now is 07:08 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02388 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete