Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-29-2015, 03:57 PM
omardealo's Avatar
omardealo omardealo is offline
 
Join Date: Nov 2008
Location: egypt
Posts: 235
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default [SOLVED] security token problem with a form in my plugin

Hello ,

i used this code in my plugin in hook : misc_start
this is a form to do insert on database

PHP Code:

// this VAR $order on while loop and i print it on a template 
$order '<td class="alt2">
<form action="misc.php?do=points_usergift&giftid='
.$resultgift[giftid].'&pointgift='.$resultgift[giftpoints].'" method="post">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="do" value="points_usergift" />
<input type="submit" class="button" value="submit" />
</form></td>'
;


if (
$_REQUEST['do'] == 'points_usergift')

if(
$vbulletin->userinfo['user_points'] > $_POST["pointgift"]) 

eval(
standard_error(fetch_error('points_nopermission'))); 
}else{ 
$db->query_write("INSERT INTO " TABLE_PREFIX " points_usergift  
(giftid,userid,dateline)  
VALUES   
('"
.$_POST['giftid']."','".$vbulletin->userinfo['userid']."','".TIMENOW."') 
"
); 
eval(
print_standard_redirect('points_addredirect',1,1));



i think something is missing about session , and i think if i put a form in a template will be working good but i want but it on a plugin
This error appears

Your submission could not be processed because a security token was invalid.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.
Reply With Quote
  #2  
Old 03-29-2015, 04:35 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think you need to change the string so that the variables are evaluated, like this:
PHP Code:
$order '<td class="alt2">
<form action="misc.php?do=points_usergift&giftid='
.$resultgift[giftid].'&pointgift='.$resultgift[giftpoints].'" method="post">
<input type="hidden" name="s" value="'
.$session[sessionhash].'" />
<input type="hidden" name="securitytoken" value="'
.$bbuserinfo[securitytoken].'" />
<input type="hidden" name="do" value="points_usergift" />
<input type="submit" class="button" value="submit" />
</form></td>'

(the changes are around $session[sessionhash] and $bbuserinfo[securitytoken]).

Also, is that the entire plugin code? If so, you should really check $_REQUEST['do'], otherwise you will interfere with other functions in misc.php (but maybe you only posted part of the plugin).
Reply With Quote
2 благодарности(ей) от:
omardealo, TheLastSuperman
  #3  
Old 03-29-2015, 05:08 PM
omardealo's Avatar
omardealo omardealo is offline
 
Join Date: Nov 2008
Location: egypt
Posts: 235
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kh99 View Post
I think you need to change the string so that the variables are evaluated, like this:
PHP Code:
$order '<td class="alt2">
<form action="misc.php?do=points_usergift&giftid='
.$resultgift[giftid].'&pointgift='.$resultgift[giftpoints].'" method="post">
<input type="hidden" name="s" value="'
.$session[sessionhash].'" />
<input type="hidden" name="securitytoken" value="'
.$bbuserinfo[securitytoken].'" />
<input type="hidden" name="do" value="points_usergift" />
<input type="submit" class="button" value="submit" />
</form></td>'

(the changes are around $session[sessionhash] and $bbuserinfo[securitytoken]).

Also, is that the entire plugin code? If so, you should really check $_REQUEST['do'], otherwise you will interfere with other functions in misc.php (but maybe you only posted part of the plugin).
thanks brother , Do you think is very logical, but unfortunately it did not work.
Do you have other suggestions?
And Do not worry about $_REQUEST['do'] code, I'm quite sure that there's no problem with any another php code . Only problem in form code .:up:

this the outpot :
PHP Code:
<input type="hidden" name="securitytoken" value=""
if it read the value will be working good

-----------------

okay now i think it working good ,
PHP Code:
<input type="hidden" name="securitytoken" value="'.$vbulletin->userinfo[securitytoken].'" /> 
output :
PHP Code:
<input type="hidden" name="securitytoken" value="1427652798-6a37957adfc30da0463f00be052e3848a2225666"
thanks brother , You provide good help here
Reply With Quote
2 благодарности(ей) от:
kh99, TheLastSuperman
  #4  
Old 03-29-2015, 06:33 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh, right, I should have remembered that $session and $bbuserinfo only work in templates.
Reply With Quote
  #5  
Old 04-04-2015, 01:47 PM
omardealo's Avatar
omardealo omardealo is offline
 
Join Date: Nov 2008
Location: egypt
Posts: 235
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kh99 View Post
Oh, right, I should have remembered that $session and $bbuserinfo only work in templates.
Yeah Me too, thank you my dear brother :up:
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:05 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04462 seconds
  • Memory Usage 2,231KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (4)post_thanks_box_bit
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete