Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 01-23-2010, 11:47 AM
Vaupell's Avatar
Vaupell Vaupell is offline
 
Join Date: Apr 2008
Location: Esbjerg, Denmark
Posts: 1,036
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default SOLVED - Another security token thread - SOLVED

Was i thought i was clear about how to avoid it, but now
i ran into the problem myself, makeing a modification with a form sumbitting to db.

user fills in form, and data is saved in db,
but i get this wonderfull little error msg..

Code:
Your submission could not be processed because a security token was missing.
 
If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.
here is a part of the php causing the problem, strange is rest of php links for the same
file works perfectly only this submission to database..

PHP Code:
if ($_RQUEST['do'] == 'submitapplication')
{
$currentuser $vbulletin->userinfo[userid];
 
$realname $vbulletin->input->clean_GPC('g''realname'TYPE_STR);
$realname =& $db->escape_string($vbulletin->GPC['realname']);
 
$db->query_write("INSERT INTO ".TABLE_PREFIX."eapplication (id, userid, question, ansver, wconfirmed)
              VALUES ('', '"
.$currentuser."', '".$vbphrase['eapp_realname']."', '".$realname."', '1')"); 
thats one of the items stored, only made 1 to test mysql etc was working correctly,
but it was enough..

here is part of the form im using.

Code:
<form name="form1" method="post" action="?do=submitapplication">
<h1><b>  {vb:rawphrase ew_app_personalinfo}</b></h1><hr />
    {vb:rawphrase ew_app_realname}
    <input type="text" name="realname" size="38">
 
<br /><br /><table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="blockhead" width="100%" height="16" align="center">
<input type="submit" class="button" value="{vb:rawphrase ew_app_submit_app}" /><br /></td></tr>
</table>
  </form>
this method ived use many times before succesfully. but now i get this security token issue
i thought i was missing the global above, but its at the top of the file
require_once('./global.php');

searching these forums, just shows alot of responses "disable your hooks" etc

any ideas why the security token is showing up as missing ?

EDIT / PS :

Allready tryed creating new style to see if the style was borky..

--------------- Added [DATE]1264256070[/DATE] at [TIME]1264256070[/TIME] ---------------

Solved

its cause by the method="post" when using the form

so i simply removed the entire method
and my form start looks like this now

<form action="?do=submitapplication" name="newapp">
<input type="hidden" name="do" value="submitapplication" />

and it runs perfectly
Reply With Quote
  #2  
Old 01-23-2010, 07:19 PM
BBR-APBT's Avatar
BBR-APBT BBR-APBT is offline
 
Join Date: Feb 2009
Location: Maryland
Posts: 946
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That is wrong and insecure. On top of that most likely your users will get logged out on submit of the form. With out the hidden input for the session the session gets broke.
Any time you use method="$_POST" you need to add the hidden field for the security token.

Put the method back into your code and add the following just above the submit button.
Code:
<input type="hidden" name="s" value="{vb:raw session.sessionhash}" />
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />
Reply With Quote
  #3  
Old 01-23-2010, 08:19 PM
Vaupell's Avatar
Vaupell Vaupell is offline
 
Join Date: Apr 2008
Location: Esbjerg, Denmark
Posts: 1,036
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

tx mad dog..

i was googling around, and found
<input type="hidden" name="securitytoken" value="{vb:raw bbuserinfo.securitytoken}" />

but it didnt do squat. but it was ofcousse missing the sessionhash.

Thank you.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04116 seconds
  • Memory Usage 2,195KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_code
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete