vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=177013

whaase 02 Nov 2009 00:12

What do you do if only a few users have the issue and no one else?

Security Token Issue Fixed
by gnagplank6
10 Nov 2009 11:46

Guys,

Lynne directed me to this thread and after over a week of no one responding to my cries for help my problem is solved.

THANK YOU LYNNE!!!!!:):D

Users were getting a Security Token message when they tried to use the search function and this thread helped rectify the issue within a short amount of time. As an FYI we are running VB 3.8+ over at our place.

pablete 27 Dec 2009 16:31

hello, i have a problem with security token in IBPROarcade whem i go submit the score, it show in this page of forum. i have vb 4

foro/index.php?act=Arcade&do=newscore

where template or i have to modify to fix that?

Thank's

Lynne 27 Dec 2009 18:28

Quote:

Originally Posted by pablete (Post 1939492)
hello, i have a problem with security token in IBPROarcade whem i go submit the score, it show in this page of forum. i have vb 4

foro/index.php?act=Arcade&do=newscore

where template or i have to modify to fix that?

Thank's

Questions/Problems regarding modifications need to be asked in the modification thread. That is where the support for modifications is - not out here in the main forums. Please note that if a modification is unsupported (or even if it says it is supported), you may be on your own if you chose to install it.

psypher 15 Jan 2010 21:59

I am creating an application form that posts info to my officer forums. It was very easy to make in SMF but I keep getting the security token error when doing it in VB4 gold.

<?php

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################

define('THIS_SCRIPT', 'epeen_application.php');
define('CSRF_PROTECTION', true);

..... blah blah


// ###### YOUR CUSTOM CODE GOES HERE #####
$pagetitle = 'ePeen Application';
$application_form = '<div id="appForm">
<div id="innerGutsApp">
<form id="ePeenApp" class="appnitro" method="post" action="submit_app.php">
<div class="form_description">
<h2>ePeen Application</h2>
<p>Flex Your ePeen Here!</p>
</div>
...
... blah blah

<li class="buttons">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="form_id" value="111237" />
<input id="saveForm" class="button_text" type="submit" name="submit" value="Submit" />
</li>
</ul>
</form>
</div>
</div>';


// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######
$templater = vB_Template::create('ePeen_application');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
$templater->register('application_form', $application_form);
print_output($templater->render());

?>


I have what is required but I still get the security token error. Any idea how I can make this work? I have tried taking the form out of my php file and put it directly into the template with no change. I need to get this site done and this is one of my last road blocks.

niteflyer32 11 Feb 2010 05:25

using vBulletin version 3.8.1.

We have some users using IE and Firefox who get this security token error when trying to upload images. Our footer has the code below in it.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="s" value="$session[sessionhash]" />

Thank you for any help

Dylanblitz 14 Feb 2010 20:13

Quote:

Originally Posted by niteflyer32 (Post 1979732)
using vBulletin version 3.8.1.

We have some users using IE and Firefox who get this security token error when trying to upload images. Our footer has the code below in it.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="s" value="$session[sessionhash]" />

Thank you for any help

Just putting that in the footer wont help. It has to be within the <form>...</form> properties of what you are doing. If it is outside of the form properties it will be disregarded for that form and considered to be part of something else.

niteflyer32 17 Feb 2010 07:53

So for a member uploading pics to a post, where in the template code would I add the new code?

Where is the form for uploading pics?

Thanks

AfterWorldForum 21 Jun 2010 19:05

For those wondering how to do this in vB4, if you have not done so already, in every form youy have within your home-made mods, where before you would have placed:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Now use:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I just spent quite a bit of time trying to figure out what exactly was wrong, and figure this might save someone some time.

Cheers.

Peter

mathewka010 29 Aug 2010 07:02

Quote:

Originally Posted by AfterWorldForum (Post 2057049)
For those wondering how to do this in vB4, if you have not done so already, in every form youy have within your home-made mods, where before you would have placed:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Now use:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I just spent quite a bit of time trying to figure out what exactly was wrong, and figure this might save someone some time.

Cheers.

Peter

Hi there,

Thanks for that, so are you saying delete

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

and replace it with

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Thanks Mat

Security Token Uploading PDF
by keharris53
29 Aug 2010 16:38

Hi,
When attempting to upload a pdf file, I get the missing security token error message. When I tried a different file type (png), I didn't receive the error. I've checked the attachment related templates and the codes mentioned are there. Any ideas? Thank you!

Ken

Disregard this. The problem is that the pdf file too large. Right now my server has an upload limit in the php.ini of 24MB. The file I was going to upload is about 32MB...

go2phil 19 Jul 2011 03:57

I realize this is an old issue, but how do you add CSRF support to pages that are not posted, but the page decides what to display based on a url parameter?

For example, this works 'thesecool.php?do=apples' (using 'do').

But, 'thesecool.php?s=apples' will do an auto-logout and force the user back to the login screen.

However, if I change it to 'thesecool.php?s=apples&do=apples' (trying to get the 'do' back) - that still doesn't work even though the 'do' parameter is there - and it does an auto-logout and forces the user back to the login screen.

So with a 'post' without a <form> to pass variables...but you're passing url parameters...how do you add the security token?

EDIT:
Apparently, using 's' as a parameter is a bad thing. I changed my 's' (just arbitrarily used it, could have been anything) to a 'do' and everything works. Not sure why 's' would be an issue. Very strange. I should mention that I've used 'b', 'd', 'y', 'm', etc. without problems on other pages; doesn't make sense to me.

Marco64Th 19 Aug 2011 09:47

Quote:

Originally Posted by go2phil (Post 2222285)
EDIT:
Apparently, using 's' as a parameter is a bad thing. I changed my 's' (just arbitrarily used it, could have been anything) to a 'do' and everything works. Not sure why 's' would be an issue. Very strange. I should mention that I've used 'b', 'd', 'y', 'm', etc. without problems on other pages; doesn't make sense to me.

I hope you do realize that the answer to that question is on this very same page. 's' is the parameter name used by vBulletin for the session hash.

vB3:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

vB4:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

In general when dealing with vBulletin you should avoid custom parameters using a single character as vBulletin use many of them as shorthand notations. For example: t for thread, p for post, f for forum, etc..

Silver_2000_)! 23 Apr 2012 04:39

im getting the security token errors on 3.8.7
running The query shows most templates all of a sudden need editing BUT when I check them they all have the required code

Im lost

error im getting is


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

any ideas are welcome

sweptwingnut 08 Aug 2013 15:21

Quote:

Originally Posted by Wayne Luke (Post 1498706)
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.


Thank You!

I was getting the Security Token error in the NavBar Search and Quicklinks/Mark Forums Read. I opened my Header Template, found the "Value="$session[sessionhash]" within the 'NavBar Popup Menus' section and added the security token code you quoted.

Search function fixed.

Quicklinks/Mark Forums read still generating a security token issue. Suggestions?


All times are GMT. The time now is 02:37.

Powered by vBulletin® Version 3.8.14
Copyright © 2021, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.