Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
  #1  
Old 01-16-2011, 01:23 AM
MarcL MarcL is offline
 
Join Date: Aug 2009
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Security token error when submitting on custom page

Go to: http://saleage.com/fileupload.php

Enter a integer in and click next...

Then I get:
Quote:
Your submission could not be processed because a security token was missing.
Look at the url after clicking next, a variable is in it if that would set the error?
Reply With Quote
  #2  
Old 01-16-2011, 03:22 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Take a look at the forms in the templates used in vbulletin and you will see a security token in most all of them. You need to have that token in your own forms also.
Reply With Quote
  #3  
Old 01-16-2011, 03:58 AM
MarcL MarcL is offline
 
Join Date: Aug 2009
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
Take a look at the forms in the templates used in vbulletin and you will see a security token in most all of them. You need to have that token in your own forms also.
So you mean a security token set in the acutal <form> code?

Also this is weird, I went to the page logged out and it worked, but when logged in I get the security token error.
Reply With Quote
  #4  
Old 01-16-2011, 05:25 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.
Reply With Quote
  #5  
Old 01-18-2011, 12:57 AM
MarcL MarcL is offline
 
Join Date: Aug 2009
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lynne View Post
Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.
Do I have to put the security token in the templates? I cant just run it from the php file? I ask because I am not sure .php would know what do with:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

Possible to set a variable in templates so I can get it from php?
Reply With Quote
  #6  
Old 01-18-2011, 07:41 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, since the page is asking for it, it obviously wants it. You must have something in the code that is expecting to use it.
Reply With Quote
  #7  
Old 01-25-2011, 08:21 AM
perfphysio's Avatar
perfphysio perfphysio is offline
 
Join Date: Sep 2006
Location: London, UK
Posts: 212
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi guys,

I am aware of the comment
Quote:
Yes, it is set in the form. You could just do a search in templates for securitytoken and you should find it also.
I am simply trying to permit some views of an external website I have (that pulls information from my forum) to place a search term/s in the top right search box and hit search. I am wanting this to open the forum in a new window with the search results.

see example on to right of www.physiolive.com

Can someone provide a little more details about this security token? Is it dynamic? Is there something I can pass with the search that is a default value so that this will always work? Or is this a page that I can exempt in the vbulletin code from requiring the search token. It seems weird as guests can search my forum so I am wondering why this token is required.

Any more detailed comment would be great

Many thanks
Reply With Quote
  #8  
Old 01-25-2011, 05:15 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can read up on this here - Implementing CSRF Protection in modifications
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:36 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04085 seconds
  • Memory Usage 2,226KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete