Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
  #1  
Old 01-10-2010, 12:37 PM
pyd pyd is offline
 
Join Date: Feb 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Problem with security token.

I have a small webpage that I include in a widget.
I basicly just is a form.
But when I submit the form, I get a error:
(For some reason, the error message is in swedish, but it's something like this)
Quote:
Ditt bidrag kunde inte hanteras eftersom ett s?kerhetsbevis var ogiltigt.
Your contribution could not be handled because a security token/proof(?) was not valid.
I have searched in the forum for this, and found some anwsers that stated that I should include this line in the form:<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

This I have done, but it won't work anyway.

Any ideas?

PHP Code:
<?php 
if(isset($_POST['add_Application_Submit']))
{
include 
'dbConnection.php';

$firstname get_magic_quotes_gpc($_POST['add_Application_Firstname']);
$lastname get_magic_quotes_gpc($_POST['add_Application_Lastname']);
$mobilephone get_magic_quotes_gpc($_POST['add_Application_Mobilephone']);
$pnumber get_magic_quotes_gpc($_POST['add_Application_p-number']);
$bnumber get_magic_quotes_gpc($_POST['add_Application_b-number']);
$dnumber get_magic_quotes_gpc($_POST['add_Application_d-number']);
$distict get_magic_quotes_gpc($_POST['add_Application_district']);
$userID get_magic_quotes_gpc($_POST['add_Application_UserID']);
$presentation get_magic_quotes_gpc($_POST['add_Application_Presentation']);
$status "0";




$query "INSERT INTO ovse_applications (firstName, lastName, mobile, p-number, b-number, d-number, district, userID, presentation, application_status) VALUES ($firstname$lastname$mobilephone$pnumber$bnumber$dnumber$district$userID$presentation$status)";
mysql_query($query) or die('Error, insert query failed');

$query "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

mysql_close($conn);
echo 
"New MySQL user added";
}
else
{
?>

<form id="form1" method="post" action="">
  <table border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td> F&ouml;rnamn </td>
      <td><input type="text" name="add_Application_Firstname" id="add_Application_Firstname" /></td>
    </tr>
    <tr>
      <td> Efternamn </td>
      <td><input type="text" name="add_Application_Lastname" id="add_Application_Lastname" /></td>
    </tr>
    <tr>
      <td>Mobilnummer: </td>
      <td><input type="text" name="add_Application_Mobilephone" id="add_Application_Mobilephone" /></td>
    </tr>
    <tr>
      <td>Personnummer: </td>
      <td><input type="text" name="add_Application_p-number" id="add_Application_p-number" /></td>
    </tr>
    <tr>
      <td>Bricknummer: </td>
      <td><input type="text" name="add_Application_b-number" id="add_Application_b-number" /></td>
    </tr>
    <tr>
      <td>Diarienummer: </td>
      <td><input type="text" name="add_Application_d-number" id="add_Application_d-number" /></td>
    </tr>
    <tr>
      <td>L&auml;n: </td>
      <td><select name="add_Application_district" id="add_Application_district">
          <option value="Inget l&auml;n valt">Inget l&auml;n valt</option>
          <option value="Blekinge">Blekinge</option>
          <option value="Dalarna">Dalarna</option>
          <option value="Gotlands l&auml;n">Gotlands l&auml;n</option>
          <option value="G&auml;vleborg">G&auml;vleborg</option>
          <option value="Halland">Halland</option>
          <option value="J&auml;mtland">J&auml;mtland</option>
          <option value="J&ouml;nk&ouml;pings l&auml;n">J&ouml;nk&ouml;pings l&auml;n</option>
          <option value="Kalmar l&auml;n">Kalmar l&auml;n</option>
          <option value="Kronoberg">Kronoberg</option>
          <option value="Norrbotten">Norrbotten</option>
          <option value="Sk&aring;ne">Sk&aring;ne</option>
          <option value="Stockholms l&auml;n">Stockholms l&auml;n</option>
          <option value="S&ouml;dermanland">S&ouml;dermanland</option>
          <option value="Uppsala l&auml;n">Uppsala l&auml;n</option>
          <option value="V&auml;rmland">V&auml;rmland</option>
          <option value="V&auml;sterbotten">V&auml;sterbotten</option>
          <option value="V&auml;sternorrland">V&auml;sternorrland</option>
          <option value="V&auml;stmanland">V&auml;stmanland</option>
          <option value="V&auml;stra G&ouml;taland">V&auml;stra G&ouml;taland</option>
          <option value="&Ouml;rebro l&auml;n">&Ouml;rebro l&auml;n</option>
          <option value="&Ouml;sterg&ouml;tland">&Ouml;sterg&ouml;tland</option>
        </select>
          <input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="<? print(vB::$vbulletin->userinfo['userid']); ?>" />
          <input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
      </td>
    </tr>
    <tr>
      <td>Kort personlig presentation:</td>
      <td><textarea name="add_Application_Presentation" rows="10" id="add_Application_Presentation"></textarea></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="add_Application_Submit" id="add_Application_Submit" value="Ans&ouml;k" /></td>
    </tr>
  </table>
</form>
<?php 
}
?>
Reply With Quote
  #2  
Old 01-10-2010, 02:57 PM
BBR-APBT's Avatar
BBR-APBT BBR-APBT is offline
 
Join Date: Feb 2009
Location: Maryland
Posts: 946
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Reply With Quote
  #3  
Old 01-10-2010, 03:19 PM
pyd pyd is offline
 
Join Date: Feb 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Same error

Quote:
Originally Posted by BBR-APBT View Post
Try
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Edit: Should I do something with this in the reciving part of the code?
Or should it just be enough with just passing it along with the form?

Also, the widget loads a "external" webpage:
PHP Code:
// UNTESTED
ob_start();
include(
"test/addApplication.php");
echo 
"<br />\n";
$output .= ob_get_contents();
ob_end_clean(); 
Reply With Quote
  #4  
Old 01-10-2010, 03:54 PM
BBR-APBT's Avatar
BBR-APBT BBR-APBT is offline
 
Join Date: Feb 2009
Location: Maryland
Posts: 946
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

on a plus note the code is not with in the PHP braces so its basicly html. You might need to do

Code:
<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />
Reply With Quote
  #5  
Old 01-10-2010, 04:31 PM
pyd pyd is offline
 
Join Date: Feb 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, this time I got the error message in english anyway
Quote:
Your submission could not be processed because a security token was missing.

Just to clearify everything.
I have created a widget (PHP Direct Execution) with this content:
PHP Code:
// UNTESTED
ob_start();
include(
"test/addApplication.php");
echo 
"<br />\n";
$output .= ob_get_contents();
ob_end_clean(); 
the file (addApplication.php) that the widget refers to is this:
PHP Code:
<?php 
if(isset($_POST['add_Application_Submit']))
{
include 
'dbConnection.php';

$firstname get_magic_quotes_gpc($_POST['add_Application_Firstname']);
$lastname get_magic_quotes_gpc($_POST['add_Application_Lastname']);
$mobilephone get_magic_quotes_gpc($_POST['add_Application_Mobilephone']);
$pnumber get_magic_quotes_gpc($_POST['add_Application_p-number']);
$bnumber get_magic_quotes_gpc($_POST['add_Application_b-number']);
$dnumber get_magic_quotes_gpc($_POST['add_Application_d-number']);
$distict get_magic_quotes_gpc($_POST['add_Application_district']);
$userID get_magic_quotes_gpc($_POST['add_Application_UserID']);
$presentation get_magic_quotes_gpc($_POST['add_Application_Presentation']);
$status "0";




$query "INSERT INTO ovse_applications (firstName, lastName, mobile, p-number, b-number, d-number, district, userID, presentation, application_status) VALUES ($firstname$lastname$mobilephone$pnumber$bnumber$dnumber$district$userID$presentation$status)";
mysql_query($query) or die('Error, insert query failed');

$query "FLUSH PRIVILEGES";
mysql_query($query) or die('Error, insert query failed');

mysql_close($conn);
echo 
"New MySQL user added";
}
else
{
?>

<form id="form1" method="post" action="">
  <table border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td> F&ouml;rnamn </td>
      <td><input type="text" name="add_Application_Firstname" id="add_Application_Firstname" /></td>
    </tr>
    <tr>
      <td> Efternamn </td>
      <td><input type="text" name="add_Application_Lastname" id="add_Application_Lastname" /></td>
    </tr>
    <tr>
      <td>Mobilnummer: </td>
      <td><input type="text" name="add_Application_Mobilephone" id="add_Application_Mobilephone" /></td>
    </tr>
    <tr>
      <td>Personnummer: </td>
      <td><input type="text" name="add_Application_p-number" id="add_Application_p-number" /></td>
    </tr>
    <tr>
      <td>Bricknummer: </td>
      <td><input type="text" name="add_Application_b-number" id="add_Application_b-number" /></td>
    </tr>
    <tr>
      <td>Diarienummer: </td>
      <td><input type="text" name="add_Application_d-number" id="add_Application_d-number" /></td>
    </tr>
    <tr>
      <td>L&auml;n: </td>
      <td><select name="add_Application_district" id="add_Application_district">
          <option value="Inget l&auml;n valt">Inget l&auml;n valt</option>
          <option value="Blekinge">Blekinge</option>
          <option value="Dalarna">Dalarna</option>
          <option value="Gotlands l&auml;n">Gotlands l&auml;n</option>
          <option value="G&auml;vleborg">G&auml;vleborg</option>
          <option value="Halland">Halland</option>
          <option value="J&auml;mtland">J&auml;mtland</option>
          <option value="J&ouml;nk&ouml;pings l&auml;n">J&ouml;nk&ouml;pings l&auml;n</option>
          <option value="Kalmar l&auml;n">Kalmar l&auml;n</option>
          <option value="Kronoberg">Kronoberg</option>
          <option value="Norrbotten">Norrbotten</option>
          <option value="Sk&aring;ne">Sk&aring;ne</option>
          <option value="Stockholms l&auml;n">Stockholms l&auml;n</option>
          <option value="S&ouml;dermanland">S&ouml;dermanland</option>
          <option value="Uppsala l&auml;n">Uppsala l&auml;n</option>
          <option value="V&auml;rmland">V&auml;rmland</option>
          <option value="V&auml;sterbotten">V&auml;sterbotten</option>
          <option value="V&auml;sternorrland">V&auml;sternorrland</option>
          <option value="V&auml;stmanland">V&auml;stmanland</option>
          <option value="V&auml;stra G&ouml;taland">V&auml;stra G&ouml;taland</option>
          <option value="&Ouml;rebro l&auml;n">&Ouml;rebro l&auml;n</option>
          <option value="&Ouml;sterg&ouml;tland">&Ouml;sterg&ouml;tland</option>
        </select>
          <input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="<? print(vB::$vbulletin->userinfo['userid']); ?>" />
          <input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />
      </td>
    </tr>
    <tr>
      <td>Kort personlig presentation:</td>
      <td><textarea name="add_Application_Presentation" rows="10" id="add_Application_Presentation"></textarea></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="add_Application_Submit" id="add_Application_Submit" value="Ans&ouml;k" /></td>
    </tr>
  </table>
</form>
<?php 
}
?>

Quote:
Originally Posted by BBR-APBT View Post
on a plus note the code is not with in the PHP braces so its basicly html. You might need to do

Code:
<input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken']; ?>" />

Edit: If I do a simple <?php echo $bbuserinfo['securitytoken']; ?>, it dosen't show anything, but that's maybe normal?
Reply With Quote
  #6  
Old 01-15-2010, 08:27 AM
pyd pyd is offline
 
Join Date: Feb 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any ideas about this?
Reply With Quote
  #7  
Old 01-24-2010, 06:31 PM
pyd pyd is offline
 
Join Date: Feb 2005
Posts: 52
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry for bumping this thread again, but I can't get it to work and I need it to be done soon

I found another thread with the same problem (sort of...) in witch someone told him to add:
PHP Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" /> 
to the form.

So did I, but with no success.

Anyone?

Edit: When I looked in the source, it seems as neither the securitytoken nor the sessionhash is implemented correctly on my page:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="" />

Clearly, I use the "{vb:raw session.sessionhash}" wrong, but why isn't the token generated?

Edit 2:
I solved the sessionhash with:
PHP Code:
<input type="hidden" name="s" value="<?php echo $_COOKIE['bb_sessionhash'];?>" />
But I still have problem with the securitytoken.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:56 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04164 seconds
  • Memory Usage 2,291KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_code
  • (6)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete