Regarding my last thread (
https://vborg.vbsupport.ru/showthread.php?t=231999)...
When I attempt to post the form that I created, vBulletin gives an error:
Quote:
Your submission could not be processed because a security token was missing.
If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.
|
The form was just a simple test form that posts a hidden field and a text field. The form's script looks like this:
Code:
<?
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT', 'testform');
define('CSRF_PROTECTION', true);
// change this depending on your filename
// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array();
// get special data templates from the datastore
$specialtemplates = array();
// pre-cache templates used by all actions
$globaltemplates = array('TESTFORM',
);
// pre-cache templates used by specific actions
$actiontemplates = array();
// ######################### REQUIRE BACK-END ############################
// if your page is outside of your normal vb forums directory, you should change directories by uncommenting the next line
// chdir ('/path/to/your/forums');
require_once('./global.php');
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
$navbits = construct_navbits(array('' => 'Test Form'));
$navbar = render_navbar_template($navbits);
// ###### YOUR CUSTOM CODE GOES HERE #####
$pagetitle = 'Test Form Submission';
$poutput = '';
if( $vbulletin->userinfo['userid'] == '' )
{
$poutput = '<p>You must be logged in to use this form.</p>';
}
else
{
$poutput = '
<p>Hello, user #' . $vbulletin->userinfo['userid'] . '. Please fill out the form below.</p>
<form action="testform_submit.php" method="post">
<input type="hidden" name="t" value="1"/>
<table border="0">
<tr>
<td align="right" valign="center"><b>Name:</b></td>
<td valign="center"><input type="text" name="uname" size="30"/></td>
</tr>
</table><br/><br/>
<input type="submit" name="submit" value="OK"/>
</form>';
}
// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######
$templater = vB_Template::create('TESTFORM');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
$templater->register('poutput', $poutput);
print_output($templater->render());
?>
The target of the form:
Code:
<?
/*
* Test Form - Submit Script
*/
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT', 'testformsubmit');
define('CSRF_PROTECTION', true);
// change this depending on your filename
// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array();
// get special data templates from the datastore
$specialtemplates = array();
// pre-cache templates used by all actions
$globaltemplates = array('TESTFORMSUBMIT',
);
// pre-cache templates used by specific actions
$actiontemplates = array();
// ######################### REQUIRE BACK-END ############################
// if your page is outside of your normal vb forums directory, you should change directories by uncommenting the next line
// chdir ('/path/to/your/forums');
require_once('./global.php');
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
$navbits = construct_navbits(array('' => 'Test Form Submit'));
$navbar = render_navbar_template($navbits);
// ###### YOUR CUSTOM CODE GOES HERE #####
$pagetitle = 'Test Form Submission Script';
$presult = '';
if( $vbulletin->userinfo['userid'] == '' )
{
$presult = '<p>You must be logged in to process user forms.</p>';
}
else
{
if( $_POST['t'] != '1' )
{
$presult = '<p>This script cannot be run directly.</p>';
}
else if( $_POST['uname'] == '' )
{
$presult = '<p>You must enter your name.</p>';
}
else
{
$presult = '<p>Your name is ' . $_POST['uname'] . '.</p>';
}
}
// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######
$templater = vB_Template::create('TESTFORMSUBMIT');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
$templater->register('presult', $presult);
print_output($templater->render());
?>
I did some browsing around and found a similar problem that someone experienced with VB3, so I added a line to my form:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
This had no effect, however. The problem persists. Viewing source on the form, there is no value set for the securitytoken field.
So, my two questions here:
- How can I fix this error that I'm getting?
- Is there a better way to check to see if the user is logged in (and ultimately, to check to see if the user is a member of a specific group) rather than me doing it like I am in the above examples? It'd obviously be more ideal if I could have the form itself in a template, rather than sending it to a template as a variable.
More Information