The Arcive of Official vBulletin Modifications Site.

razec · #1 01-04-2010, 04:23 PM

Regarding my last thread (https://vborg.vbsupport.ru/showthread.php?t=231999)...

When I attempt to post the form that I created, vBulletin gives an error:

Quote:

Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error.

The form was just a simple test form that posts a hidden field and a text field. The form's script looks like this:

Code:

<?

	// ####################### SET PHP ENVIRONMENT ###########################
	error_reporting(E_ALL & ~E_NOTICE);

	// #################### DEFINE IMPORTANT CONSTANTS #######################

	define('THIS_SCRIPT', 'testform');
	define('CSRF_PROTECTION', true);  
	// change this depending on your filename

	// ################### PRE-CACHE TEMPLATES AND DATA ######################
	// get special phrase groups
	$phrasegroups = array();

	// get special data templates from the datastore
	$specialtemplates = array();

	// pre-cache templates used by all actions
	$globaltemplates = array('TESTFORM',
	);

	// pre-cache templates used by specific actions
	$actiontemplates = array();

	// ######################### REQUIRE BACK-END ############################
	// if your page is outside of your normal vb forums directory, you should change directories by uncommenting the next line
	// chdir ('/path/to/your/forums');
	require_once('./global.php');

	// #######################################################################
	// ######################## START MAIN SCRIPT ############################
	// #######################################################################

	$navbits = construct_navbits(array('' => 'Test Form'));
	$navbar = render_navbar_template($navbits);

	// ###### YOUR CUSTOM CODE GOES HERE #####
	$pagetitle = 'Test Form Submission';
	
	$poutput = '';
	
	if( $vbulletin->userinfo['userid'] == '' )
	{
		$poutput = '<p>You must be logged in to use this form.</p>';
	}
	else
	{
		$poutput = '
			<p>Hello, user #' . $vbulletin->userinfo['userid'] . '. Please fill out the form below.</p>
			
			<form action="testform_submit.php" method="post">
				<input type="hidden" name="t" value="1"/>
				
				<table border="0">
					<tr>
						<td align="right" valign="center"><b>Name:</b></td>
						<td valign="center"><input type="text" name="uname" size="30"/></td>
					</tr>
				</table><br/><br/>
				
				<input type="submit" name="submit" value="OK"/>
			</form>';
	}

	// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######

	$templater = vB_Template::create('TESTFORM');
	$templater->register_page_templates();
	$templater->register('navbar', $navbar);
	$templater->register('pagetitle', $pagetitle);
	$templater->register('poutput', $poutput);
	print_output($templater->render());

?>

The target of the form:

Code:

<?

	/*
	 * Test Form - Submit Script
	 */
	 
	// ####################### SET PHP ENVIRONMENT ###########################
	error_reporting(E_ALL & ~E_NOTICE);

	// #################### DEFINE IMPORTANT CONSTANTS #######################

	define('THIS_SCRIPT', 'testformsubmit');
	define('CSRF_PROTECTION', true);  
	// change this depending on your filename

	// ################### PRE-CACHE TEMPLATES AND DATA ######################
	// get special phrase groups
	$phrasegroups = array();

	// get special data templates from the datastore
	$specialtemplates = array();

	// pre-cache templates used by all actions
	$globaltemplates = array('TESTFORMSUBMIT',
	);

	// pre-cache templates used by specific actions
	$actiontemplates = array();

	// ######################### REQUIRE BACK-END ############################
	// if your page is outside of your normal vb forums directory, you should change directories by uncommenting the next line
	// chdir ('/path/to/your/forums');
	require_once('./global.php');

	// #######################################################################
	// ######################## START MAIN SCRIPT ############################
	// #######################################################################

	$navbits = construct_navbits(array('' => 'Test Form Submit'));
	$navbar = render_navbar_template($navbits);

	// ###### YOUR CUSTOM CODE GOES HERE #####
	$pagetitle = 'Test Form Submission Script';
	
	$presult = '';
	if( $vbulletin->userinfo['userid'] == '' )
	{
		$presult = '<p>You must be logged in to process user forms.</p>';
	}
	else
	{
		if( $_POST['t'] != '1' )
		{
			$presult = '<p>This script cannot be run directly.</p>';
		}
		else if( $_POST['uname'] == '' )
		{
			$presult = '<p>You must enter your name.</p>';
		}
		else
		{
			$presult = '<p>Your name is ' . $_POST['uname'] . '.</p>';
		}
	}

	// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######

	$templater = vB_Template::create('TESTFORMSUBMIT');
	$templater->register_page_templates();
	$templater->register('navbar', $navbar);
	$templater->register('pagetitle', $pagetitle);
	$templater->register('presult', $presult);
	print_output($templater->render());

?>

I did some browsing around and found a similar problem that someone experienced with VB3, so I added a line to my form: <input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

This had no effect, however. The problem persists. Viewing source on the form, there is no value set for the securitytoken field.

So, my two questions here:

How can I fix this error that I'm getting?
Is there a better way to check to see if the user is logged in (and ultimately, to check to see if the user is a member of a specific group) rather than me doing it like I am in the above examples? It'd obviously be more ideal if I could have the form itself in a template, rather than sending it to a template as a variable.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.07786 seconds Memory Usage 2,465KB Queries Executed 12 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (7)bbcode_code (4)bbcode_html (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (7)post_thanks_box (7)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (7)post_thanks_postbit_info (7)postbit (7)postbit_onlinestatus (7)postbit_wrapper (1)showthread_list (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_threadedmode.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids_threaded showthread_threaded_construct_link showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!