![]() |
Using securitytoken to protect ajax requests
I wanted to use the security token to protect an ajax request.
So I submitted the token with the ajax post request from a vbulletin page to my custom page. HTML Code:
<script type="text/javascript"><!-- And I defined CSRF_PROTECTION as true (don't know if that is even necessary). I then make a comparison like this: PHP Code:
I assume a new token is generated when the global.php is called? How can I use a securitytoken check on an ajax request? |
I don't understand security tokens, but I noticed that there's a function in includes/functions.php called verify_security_token(), and it seems to be called with $vbulletin->userinfo['securitytoken_raw'] as one of the parameters, so maybe you could use that function and/or use 'securitytoken_raw'.
|
Do you have any idea how can i can i made ajax request ?
|
If you use the function kh99 referenced it should be easy to do.
verify_security_token($_POST['securitytoken'], $userinfo['securitytoken_raw']) should return true if it is a match, false if not. |
All my AJAX requests in plugins never require me to manually check for CSRF. It's always done automatically.
|
All times are GMT. The time now is 11:30 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|