Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
  #166  
Old 02 Nov 2009, 01:12
whaase whaase is offline
 
Join Date: May 2006
What do you do if only a few users have the issue and no one else?
Reply With Quote
  #167  
Old 10 Nov 2009, 12:46
gnagplank6 gnagplank6 is offline
 
Join Date: Jun 2009
Thumbs up Security Token Issue Fixed

Guys,

Lynne directed me to this thread and after over a week of no one responding to my cries for help my problem is solved.

THANK YOU LYNNE!!!!!

Users were getting a Security Token message when they tried to use the search function and this thread helped rectify the issue within a short amount of time. As an FYI we are running VB 3.8+ over at our place.
Reply With Quote
  #168  
Old 27 Dec 2009, 17:31
pablete pablete is offline
 
Join Date: Feb 2009
hello, i have a problem with security token in IBPROarcade whem i go submit the score, it show in this page of forum. i have vb 4

foro/index.php?act=Arcade&do=newscore

where template or i have to modify to fix that?

Thank's
Reply With Quote
  #169  
Old 27 Dec 2009, 19:28
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Real name: Lynne
Originally Posted by pablete View Post
hello, i have a problem with security token in IBPROarcade whem i go submit the score, it show in this page of forum. i have vb 4

foro/index.php?act=Arcade&do=newscore

where template or i have to modify to fix that?

Thank's
Questions/Problems regarding modifications need to be asked in the modification thread. That is where the support for modifications is - not out here in the main forums. Please note that if a modification is unsupported (or even if it says it is supported), you may be on your own if you chose to install it.
__________________
Former vBulletin.org Staff Member

Try a search before posting for help. Many users won't, and don't, help if the question has been answered several times before.
W3Schools -
Online vBulletin Manual
If I post some CSS and don't say where it goes, put it in the additional.css template.
I will NOT help via PM (you will be directed to post in the forums for help.)
Reply With Quote
  #170  
Old 15 Jan 2010, 22:59
psypher psypher is offline
 
Join Date: Dec 2009
I am creating an application form that posts info to my officer forums. It was very easy to make in SMF but I keep getting the security token error when doing it in VB4 gold.

<?php

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################

define('THIS_SCRIPT', 'epeen_application.php');
define('CSRF_PROTECTION', true);

..... blah blah


// ###### YOUR CUSTOM CODE GOES HERE #####
$pagetitle = 'ePeen Application';
$application_form = '<div id="appForm">
<div id="innerGutsApp">
<form id="ePeenApp" class="appnitro" method="post" action="submit_app.php">
<div class="form_description">
<h2>ePeen Application</h2>
<p>Flex Your ePeen Here!</p>
</div>
...
... blah blah

<li class="buttons">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="form_id" value="111237" />
<input id="saveForm" class="button_text" type="submit" name="submit" value="Submit" />
</li>
</ul>
</form>
</div>
</div>';


// ###### NOW YOUR TEMPLATE IS BEING RENDERED ######
$templater = vB_Template::create('ePeen_application');
$templater->register_page_templates();
$templater->register('navbar', $navbar);
$templater->register('pagetitle', $pagetitle);
$templater->register('application_form', $application_form);
print_output($templater->render());

?>


I have what is required but I still get the security token error. Any idea how I can make this work? I have tried taking the form out of my php file and put it directly into the template with no change. I need to get this site done and this is one of my last road blocks.
Reply With Quote
  #171  
Old 11 Feb 2010, 06:25
niteflyer32 niteflyer32 is offline
 
Join Date: Nov 2008
using vBulletin version 3.8.1.

We have some users using IE and Firefox who get this security token error when trying to upload images. Our footer has the code below in it.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="s" value="$session[sessionhash]" />

Thank you for any help
Reply With Quote
  #172  
Old 14 Feb 2010, 21:13
Dylanblitz Dylanblitz is offline
 
Join Date: Oct 2005
Originally Posted by niteflyer32 View Post
using vBulletin version 3.8.1.

We have some users using IE and Firefox who get this security token error when trying to upload images. Our footer has the code below in it.

<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="s" value="$session[sessionhash]" />

Thank you for any help
Just putting that in the footer wont help. It has to be within the <form>...</form> properties of what you are doing. If it is outside of the form properties it will be disregarded for that form and considered to be part of something else.
Reply With Quote
  #173  
Old 17 Feb 2010, 08:53
niteflyer32 niteflyer32 is offline
 
Join Date: Nov 2008
So for a member uploading pics to a post, where in the template code would I add the new code?

Where is the form for uploading pics?

Thanks
Reply With Quote
  #174  
Old 21 Jun 2010, 20:05
AfterWorldForum AfterWorldForum is offline
 
Join Date: Dec 2008
For those wondering how to do this in vB4, if you have not done so already, in every form youy have within your home-made mods, where before you would have placed:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Now use:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I just spent quite a bit of time trying to figure out what exactly was wrong, and figure this might save someone some time.

Cheers.

Peter
Reply With Quote
  #175  
Old 29 Aug 2010, 08:02
mathewka010 mathewka010 is offline
 
Join Date: Jan 2010
Originally Posted by AfterWorldForum View Post
For those wondering how to do this in vB4, if you have not done so already, in every form youy have within your home-made mods, where before you would have placed:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Now use:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I just spent quite a bit of time trying to figure out what exactly was wrong, and figure this might save someone some time.

Cheers.

Peter
Hi there,

Thanks for that, so are you saying delete

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

and replace it with

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Thanks Mat

Last edited by mathewka010; 29 Aug 2010 at 08:18.
Reply With Quote
  #176  
Old 29 Aug 2010, 17:38
keharris53 keharris53 is offline
 
Join Date: Jun 2007
Security Token Uploading PDF

Hi,
When attempting to upload a pdf file, I get the missing security token error message. When I tried a different file type (png), I didn't receive the error. I've checked the attachment related templates and the codes mentioned are there. Any ideas? Thank you!

Ken

Disregard this. The problem is that the pdf file too large. Right now my server has an upload limit in the php.ini of 24MB. The file I was going to upload is about 32MB...

Last edited by keharris53; 30 Aug 2010 at 10:55.
Reply With Quote
  #177  
Old 19 Jul 2011, 04:57
go2phil go2phil is offline
 
Join Date: Jun 2011
I realize this is an old issue, but how do you add CSRF support to pages that are not posted, but the page decides what to display based on a url parameter?

For example, this works 'thesecool.php?do=apples' (using 'do').

But, 'thesecool.php?s=apples' will do an auto-logout and force the user back to the login screen.

However, if I change it to 'thesecool.php?s=apples&do=apples' (trying to get the 'do' back) - that still doesn't work even though the 'do' parameter is there - and it does an auto-logout and forces the user back to the login screen.

So with a 'post' without a <form> to pass variables...but you're passing url parameters...how do you add the security token?

EDIT:
Apparently, using 's' as a parameter is a bad thing. I changed my 's' (just arbitrarily used it, could have been anything) to a 'do' and everything works. Not sure why 's' would be an issue. Very strange. I should mention that I've used 'b', 'd', 'y', 'm', etc. without problems on other pages; doesn't make sense to me.

Last edited by go2phil; 19 Jul 2011 at 10:51. Reason: found fix?
Reply With Quote
  #178  
Old 19 Aug 2011, 10:47
Marco64Th Marco64Th is offline
 
Join Date: Aug 2011
Originally Posted by go2phil View Post
EDIT:
Apparently, using 's' as a parameter is a bad thing. I changed my 's' (just arbitrarily used it, could have been anything) to a 'do' and everything works. Not sure why 's' would be an issue. Very strange. I should mention that I've used 'b', 'd', 'y', 'm', etc. without problems on other pages; doesn't make sense to me.
I hope you do realize that the answer to that question is on this very same page. 's' is the parameter name used by vBulletin for the session hash.

vB3:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

vB4:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

In general when dealing with vBulletin you should avoid custom parameters using a single character as vBulletin use many of them as shorthand notations. For example: t for thread, p for post, f for forum, etc..

Last edited by Marco64Th; 19 Aug 2011 at 12:07.
Reply With Quote
  #179  
Old 23 Apr 2012, 05:39
Silver_2000_)! Silver_2000_)! is offline
 
Join Date: Mar 2002
im getting the security token errors on 3.8.7
running The query shows most templates all of a sudden need editing BUT when I check them they all have the required code

Im lost

error im getting is


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

any ideas are welcome
Reply With Quote
  #180  
Old 08 Aug 2013, 16:21
sweptwingnut sweptwingnut is offline
 
Join Date: May 2008
Originally Posted by Wayne Luke View Post
Forms are not equal to templates but some templates have forms in them.

A form is anywhere your users can submit data. If you have modifications that submit data and cannot update their templates then you need to post for support in the modification thread.

It isn't hard to find out where this needs to go.

In your Admin CP under Styles & Template select Search In Templates...

Search for: value="$session[sessionhash]"


In every template this occurs in add this line directly after the line containing the above, if it doesn't exist already:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />

Save the template.

Thank You!

I was getting the Security Token error in the NavBar Search and Quicklinks/Mark Forums Read. I opened my Header Template, found the "Value="$session[sessionhash]" within the 'NavBar Popup Menus' section and added the security token code you quoted.

Search function fixed.

Quicklinks/Mark Forums read still generating a security token issue. Suggestions?
Reply With Quote
Reply

Similar Article
Article Author Type Replies Last Post
Show Thread Enhancements Stamps (CSRF protection added) misr.cc vBulletin 3.7 Add-ons 98 14 Oct 2012 14:54
Add-On Releases vBTube 1.2.9 (CSRF protection added) Playa82 vBulletin 3.7 Add-ons 434 22 Jan 2012 23:08
Mini Mods [ITECH] Inferno CSRF Auto Protection Inferno Tech vBulletin 3.6 Add-ons 15 02 Nov 2010 04:01



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 21:02.

Layout Options | Width: Wide Color: