The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Post from non VB code - How to implement with Security Tokens?
Greetings,
We had a number of pages on our site that would allow people to post pre-formatted data to specific forums and threads. This was done so that uses using our model collection system could easily post a list of those models they have for sale to a forum. These systems worked great until 3.7 was introduced, now all of our custom code does not work thanks to security tokens. So my question is this, what do I have to do to modify our NON VB code [these are stand-alone php files, these are NOT mods] in order to get the security token to work? In other words, what php code is needed so that I can have the proper security token value filled in when I create the HTML form to post back to vb? Is there a way to set CSRF protection to "false" just for these specific php files? that would probably be the easiest.. Thanks! Todd --------------- Added [DATE]1210778820[/DATE] at [TIME]1210778820[/TIME] --------------- Well i'm trying to find a solution and i'm close... i've got my custom code creating the token via this format which I found in the vbcode: $user['securitytoken'] = sha1($user['userid'] . sha1($user['salt']) . sha1(COOKIE_SALT)); I've got the tokens matching now, just a matter of getting the html form stuff correct. -t |
#2
|
|||
|
|||
<a href="https://vborg.vbsupport.ru/showthread.php?t=177013" target="_blank">Here is the article </a>about the new security token being put in if you need it.
|
#3
|
|||
|
|||
Sorry to drag this one back up, but this is wht I need to do, though mine is from non php, perl-generated pages.
So, if I'm correct, each user has a unique userid which is made up of : sha1($user['userid'] . sha1($user['salt']) . sha1(COOKIE_SALT)) Where do I find these values? are they stored in the mysql database or cookies or somewhere else? thanks |
#4
|
|||
|
|||
Use the search feature: https://vborg.vbsupport.ru/showthrea...ht=COOKIE_SALT
userid and salt are stored in the user table of the database. |
#5
|
|||
|
|||
Quote:
I should have made it clearer - I know how to get the userid and salt etc, but concatt hem all together doesn't make the security token. What I guess I need to know is what the sha1(x) thing is doing to those individual elements to make the componenent parts. edit -- wikipedia to the rescue -- just need to see if some lovely person has written a perl modult cheers all --------------- Added [DATE]1213268247[/DATE] at [TIME]1213268247[/TIME] --------------- Perl modules found for any one else wanting them http://search.cpan.org/search?query=sha1&mode=all --------------- Added [DATE]1213272299[/DATE] at [TIME]1213272299[/TIME] --------------- I'm going to have to give up on this. Let me double check. First I presume sha1 is hex judging by token I have OKay So I sha1 the user's salt (which is a three character string, of various types, yes?) -lets say it comes out as AAAAA then I sha1 the cookiesalt, which is the same as my vb license as show at the top of functions.php - lets say the result is BBBBB. The userid, which is a variable length number - my admin one is '1', so i'll use that as an example the resultant string is 1AAAAAABBBBBB, which i then sha1 is this corrent, or am i reading the whole thing wrong thanks for any help cheers |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|