Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons

Reply
 
Thread Tools
Security Token Notification Details »»
Security Token Notification
Version: 1.0.1, by Andreas Andreas is offline
Developer Last Online: Jan 2023 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.6.9 Rating:
Released: 04-23-2008 Last Update: 05-26-2008 Installs: 75
Uses Plugins
 
No support by the author.

This simple mod logs security token erorrs to vBulletin PHP error log and optionally sends an E-Mail to the webmaster.

Example Log Entry
Code:
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 C:\Programme\XAMPP Lite\htdocs\vb310\includes\functions.php line 2420: eval()
#1 C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php line 417: fetch_error(security_token_missing,ltr,sendmessage.php)
#2 C:\Programme\XAMPP Lite\htdocs\vb310\global.php line 20: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\includes\init.php)
#3 C:\Programme\XAMPP Lite\htdocs\vb310\newthread.php line 49: require_once(C:\Programme\XAMPP Lite\htdocs\vb310\global.php)

POST Variables
===============
Array
(
    [do] => foo
    [f] => 3
    [forumid] => 3
    [securitytoken] => 
)

Request URI
===========
/vb368pl1/newthread.php?do=foo

Datum: 24.04.2008 11:36:08
Benutzername: Kirby
IP-Adresse: 127.0.0.1
If you do not know what this is about, you most likely won't need it

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #42  
Old 04-28-2008, 04:02 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

@hIBEES
You are using 3.7 RC4 and did not apply the patch for clientscript/vbulletin_global.js
See
http://www.vbulletin.com/forum/proje...?issueid=25287
Reply With Quote
  #43  
Old 04-28-2008, 04:17 AM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I didn't apply the patch and I never saw any error.
Reply With Quote
  #44  
Old 04-28-2008, 04:25 AM
Goomzee Goomzee is offline
 
Join Date: Apr 2008
Location: Philippines
Posts: 588
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

it;s install me succesfully but how it;s works
Reply With Quote
  #45  
Old 04-28-2008, 12:00 PM
Bounce's Avatar
Bounce Bounce is offline
 
Join Date: Mar 2004
Location: Edinburgh,Scotland
Posts: 919
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Andreas View Post
@hIBEES
You are using 3.7 RC4 and did not apply the patch for clientscript/vbulletin_global.js
See
http://www.vbulletin.com/forum/proje...?issueid=25287

Thanks I am sure I have done that but will check again
Quote:
Originally Posted by Goomzee View Post
it;s install me succesfully but how it;s works
See post 38 :up:

vbOptions > Error Handling & Logging,its off by default,its at the bottom of the logging page
Reply With Quote
  #46  
Old 04-28-2008, 12:19 PM
Bounce's Avatar
Bounce Bounce is offline
 
Join Date: Mar 2004
Location: Edinburgh,Scotland
Posts: 919
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks Andreas I did indeed have the & missing,thought I had done that too.


All is well with the mood hack,thanks for this excellent add-on :up:
Reply With Quote
  #47  
Old 04-28-2008, 06:02 PM
yaoren's Avatar
yaoren yaoren is offline
 
Join Date: May 2007
Location: Maryland, USA
Posts: 133
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OMG ty for this although still having issues. I did the global patch and am still getting notices regarding the security token with the help of your hack. So my question is now what? Thanks to your work I've been able to find out what's causing the error message and although it stopped popping up on my forums I'm still getting emails notifying me.

Should I be taking this now up with the creator of the mod? Or is there anything else I can do in the mean time since I've already left a message in the hack thread.
Reply With Quote
  #48  
Old 05-08-2008, 01:45 PM
dancue dancue is offline
 
Join Date: Feb 2008
Posts: 569
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you for the hack Andreas.

I'm having an issue with my hide hack (itsid). I hit quickreply and receive this error over the hidden content. (instead of revealing the content)

Knowing that, I installed this hack to see what the issue is. This is the e-mail I got.
Quote:
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 /home/hipho13/public_html/forum/includes/functions.php line 2528: eval()
#1 /home/hipho13/public_html/forum/includes/init.php line 417:
fetch_error(security_token_missing,ltr,sendmessage .php)
#2 /home/hipho13/public_html/forum/global.php line 20:
require_once(/home/hipho13/public_html/forum/includes/init.php)
#3 /home/hipho13/public_html/forum/showthread.php line 102:
require_once(/home/hipho13/public_html/forum/global.php)
#4 /home/hipho13/public_html/forum/vbseo.php line 1129:
require(/home/hipho13/public_html/forum/showthread.php)

POST Variables
==============
Array
(
[do] => whatever
[p] => 725
[all] => 725
[postid] => 725
[securitytoken] =>
)

Request URI
===========
/forum/showthread.php
Anyone want to point me in the right direction? I'm aware I have to implement CSRF Protection, I just don't know where.
Reply With Quote
  #49  
Old 05-08-2008, 01:54 PM
soulface's Avatar
soulface soulface is offline
 
Join Date: Sep 2005
Location: Dhaka, BD
Posts: 183
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Code:
Missing or Invalid Security Token detected.

Script Call  Backtrace
=====================
#0  /home/doshomik/public_html/includes/functions.php line 2528: eval()
#1  /home/doshomik/public_html/includes/init.php line 417:  fetch_error(security_token_missing,ltr,sendmessage.php)
#2  /home/doshomik/public_html/admincp/global.php line 34:  require_once(/home/doshomik/public_html/includes/init.php)
#3  /home/doshomik/public_html/admincp/newsproxy.php line 25:  require_once(/home/doshomik/public_html/admincp/global.php)

POST  Variables
==============
Array
(
    [ajax] => 1
     [securitytoken] => 
)

Request  URI
===========
/admincp/newsproxy.php
OK, can anyone describe in a normal language () on how can I identify which hack is causing the problem by seeing this msg ?

thx
Reply With Quote
  #50  
Old 05-09-2008, 07:48 PM
Speedster123 Speedster123 is offline
 
Join Date: Mar 2008
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi Andreas,
Danke f?r dieses n?tzliche Script, nur komme ich mit den Fehlermeldungen nicht klar. Was l?uft hier verkehrt??

Code:
Missing or Invalid Security Token detected.

Script Call Backtrace
=====================
#0 varwww/web54/html/includes/functions.php line 2528: eval()
#1 varwww/web54/html/includes/init.php line 417:
fetch_error(security_token_missing,ltr,sendmessage.php)
#2 varwww/web54/html/global.php line 20:
require_once(/var/www/web54/html/includes/init.php)
#3 varwww/web54/html/profile.php line 141:
require_once(/var/www/web54/html/global.php)
#4 varwww/web54/html/vbseo.php line 1121:
require(/var/www/web54/html/profile.php)

POST Variables
==============
Array
(
[s] =>
[do] => dst
[securitytoken] =>
)

Request URI
===========
/profile.php?do=dst
Reply With Quote
  #51  
Old 05-15-2008, 11:53 AM
lange's Avatar
lange lange is offline
 
Join Date: Apr 2003
Location: Montreal (Canada)
Posts: 282
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks. I will try it.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:23 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.12773 seconds
  • Memory Usage 2,309KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete