[whaase]

What do you do if only a few users have the issue and no one else?

[gnagplank6]

Guys,

Lynne directed me to this thread and after over a week of no one responding to my cries for help my problem is solved.

THANK YOU LYNNE!!!!!

Users were getting a Security Token message when they tried to use the search function and this thread helped rectify the issue within a short amount of time. As an FYI we are running VB 3.8+ over at our place.

[pablete]

hello, i have a problem with security token in IBPROarcade whem i go submit the score, it show in this page of forum. i have vb 4

foro/index.php?act=Arcade&do=newscore

where template or i have to modify to fix that?

Thank's

[Lynne]

Originally Posted by pablete

hello, i have a problem with security token in IBPROarcade whem i go submit the score, it show in this page of forum. i have vb 4

foro/index.php?act=Arcade&do=newscore

where template or i have to modify to fix that?

Thank's

Questions/Problems regarding modifications need to be asked in the modification thread. That is where the support for modifications is - not out here in the main forums. Please note that if a modification is unsupported (or even if it says it is supported), you may be on your own if you chose to install it.

[psypher]

I am creating an application form that posts info to my officer forums. It was very easy to make in SMF but I keep getting the security token error when doing it in VB4 gold.

<?php

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################

define('THIS_SCRIPT', 'epeen_application.php');
define('CSRF_PROTECTION', true);

..... blah blah


// ###### YOUR CUSTOM CODE GOES HERE #####
$pagetitle = 'ePeen Application';
$application_form = '<div id="appForm">
<div id="innerGutsApp">
<form id="ePeenApp" class="appnitro" method="post" action="submit_app.php">
<div class="form_description">
<h2>ePeen Application</h2>
<p>Flex Your ePeen Here!</p>
</div>
...
... blah blah

<li class="buttons">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="form_id" value="111237" />
<input id="saveForm" class="button_text" type="submit" name="submit" value="Submit" />
</li>
</ul>
</form>
</div>
</div>';


// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######
$templater = vB_Template::create('ePeen_application');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
$templater->register('application_form', $application_form);
print_output($templater->render());

?>


I have what is required but I still get the security token error. Any idea how I can make this work? I have tried taking the form out of my php file and put it directly into the template with no change. I need to get this site done and this is one of my last road blocks.

[niteflyer32]

using vBulletin version 3.8.1.

We have some users using IE and Firefox who get this security token error when trying to upload images. Our footer has the code below in it.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="s" value="$session[sessionhash]" />

Thank you for any help

[Dylanblitz]

Originally Posted by niteflyer32

using vBulletin version 3.8.1.

We have some users using IE and Firefox who get this security token error when trying to upload images. Our footer has the code below in it.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="s" value="$session[sessionhash]" />

Thank you for any help

Just putting that in the footer wont help. It has to be within the <form>...</form> properties of what you are doing. If it is outside of the form properties it will be disregarded for that form and considered to be part of something else.

[niteflyer32]

So for a member uploading pics to a post, where in the template code would I add the new code?

Where is the form for uploading pics?

Thanks

[AfterWorldForum]

For those wondering how to do this in vB4, if you have not done so already, in every form youy have within your home-made mods, where before you would have placed:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

Now use:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

I just spent quite a bit of time trying to figure out what exactly was wrong, and figure this might save someone some time.

Cheers.

Peter

[mathewka010]

Originally Posted by AfterWorldForum

For those wondering how to do this in vB4, if you have not done so already, in every form youy have within your home-made mods, where before you would have placed:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

Now use:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

I just spent quite a bit of time trying to figure out what exactly was wrong, and figure this might save someone some time.

Cheers.

Peter

Hi there,

Thanks for that, so are you saying delete

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

and replace it with

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

Thanks Mat

[keharris53]

Hi,
When attempting to upload a pdf file, I get the missing security token error message. When I tried a different file type (png), I didn't receive the error. I've checked the attachment related templates and the codes mentioned are there. Any ideas? Thank you!

Ken

Disregard this. The problem is that the pdf file too large. Right now my server has an upload limit in the php.ini of 24MB. The file I was going to upload is about 32MB...

[go2phil]

I realize this is an old issue, but how do you add CSRF support to pages that are not posted, but the page decides what to display based on a url parameter?

For example, this works 'thesecool.php?do=apples' (using 'do').

But, 'thesecool.php?s=apples' will do an auto-logout and force the user back to the login screen.

However, if I change it to 'thesecool.php?s=apples&do=apples' (trying to get the 'do' back) - that still doesn't work even though the 'do' parameter is there - and it does an auto-logout and forces the user back to the login screen.

So with a 'post' without a <form> to pass variables...but you're passing url parameters...how do you add the security token?

EDIT:
Apparently, using 's' as a parameter is a bad thing. I changed my 's' (just arbitrarily used it, could have been anything) to a 'do' and everything works. Not sure why 's' would be an issue. Very strange. I should mention that I've used 'b', 'd', 'y', 'm', etc. without problems on other pages; doesn't make sense to me.

[Marco64Th]

Originally Posted by go2phil

EDIT:
Apparently, using 's' as a parameter is a bad thing. I changed my 's' (just arbitrarily used it, could have been anything) to a 'do' and everything works. Not sure why 's' would be an issue. Very strange. I should mention that I've used 'b', 'd', 'y', 'm', etc. without problems on other pages; doesn't make sense to me.

I hope you do realize that the answer to that question is on this very same page. 's' is the parameter name used by vBulletin for the session hash.

vB3:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

vB4:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

In general when dealing with vBulletin you should avoid custom parameters using a single character as vBulletin use many of them as shorthand notations. For example: t for thread, p for post, f for forum, etc..

[Silver_2000_)!]

im getting the security token errors on 3.8.7
running The query shows most templates all of a sudden need editing BUT when I check them they all have the required code

Im lost

error im getting is

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

any ideas are welcome

[sweptwingnut]

Originally Posted by Wayne Luke

Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.

Thank You!

I was getting the Security Token error in the NavBar Search and Quicklinks/Mark Forums Read. I opened my Header Template, found the "Value="$session[sessionhash]" within the 'NavBar Popup Menus' section and added the security token code you quoted.

Search function fixed.

Quicklinks/Mark Forums read still generating a security token issue. Suggestions?