security token missing.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • pyd
    Senior Member
    • Feb 2005
    • 122
    • 3.8.x

    [CMS] security token missing.

    I have searched the forum, and found some threads about this, but none of them applies to my problem. (as far as I can understand).

    I have created a widget (PHP Direct Execution) with this content:
    PHP Code:
    // UNTESTED
    ob_start();
    include(
    "test/addApplication.php");
    echo 
    "<br />\n";
    $output .= ob_get_contents();
    ob_end_clean(); 
    the file (addApplication.php) that the widget refers to is this:
    PHP Code:
    <?php 
    if(isset($_POST['add_Application_Submit']))
    {
    include 
    'dbConnection.php';

    $firstname mysql_real_escape_string($_POST['add_Application_Firstname']);
    $lastname mysql_real_escape_string($_POST['add_Application_Lastname']);
    $pnumber mysql_real_escape_string($_POST['add_Application_p-number']);
    $bnumber mysql_real_escape_string($_POST['add_Application_b-number']);
    $dnumber mysql_real_escape_string($_POST['add_Application_d-number']);
    $mobilephone mysql_real_escape_string($_POST['add_Application_Mobilephone']);
    $presentation mysql_real_escape_string($_POST['add_Application_Presentation']);
    $district mysql_real_escape_string($_POST['add_Application_district']);
    $application_date "2010-01-01";
    $userID get_magic_quotes_gpc($_POST['add_Application_UserID']);
    $status "0";

    #$query = "INSERT INTO ovse_applications (firstName, lastName, pnumber, bnumber, dnumber, mobile, presentation, district, application_date, vbUserID, applications_status) VALUES ('$firstname', '$lastname', '$pnumber', '$bnumber', '$dnumber', '$mobilephone', '$presentation', '$district', '$application_date', '$userID', '$status')";
    #mysql_query($query) or die('Error, insert query failed 1.<br/>'.mysql_error().'<br/>'.$query);

    mysql_close($conn);
    }
    else
    {
    ?>
    <html>
    <head></head>
    <body>
    ny
    <form id="form1" method="post" action="">
      <table border="0" cellpadding="0" cellspacing="0">
        <tr>
          <td> F&ouml;rnamn </td>
          <td><input type="text" name="add_Application_Firstname" id="add_Application_Firstname" /></td>
        </tr>
        <tr>
          <td> Efternamn </td>
          <td><input type="text" name="add_Application_Lastname" id="add_Application_Lastname" /></td>
        </tr>
        <tr>
          <td>Mobilnummer: </td>
          <td><input type="text" name="add_Application_Mobilephone" id="add_Application_Mobilephone" /></td>
        </tr>
        <tr>
          <td>Personnummer: </td>
          <td><input type="text" name="add_Application_p-number" id="add_Application_p-number" /></td>
        </tr>
        <tr>
          <td>Bricknummer: </td>
          <td><input type="text" name="add_Application_b-number" id="add_Application_b-number" /></td>
        </tr>
        <tr>
          <td>Diarienummer: </td>
          <td><input type="text" name="add_Application_d-number" id="add_Application_d-number" /></td>
        </tr>
        <tr>
          <td>L&auml;n: </td>
          <td><select name="add_Application_district" id="add_Application_district">
              <option value="Inget l&auml;n valt">Inget l&auml;n valt</option>
              <option value="Blekinge">Blekinge</option>
              <option value="Dalarna">Dalarna</option>
              <option value="Gotlands l&auml;n">Gotlands l&auml;n</option>
              <option value="G&auml;vleborg">G&auml;vleborg</option>
              <option value="Halland">Halland</option>
              <option value="J&auml;mtland">J&auml;mtland</option>
              <option value="J&ouml;nk&ouml;pings l&auml;n">J&ouml;nk&ouml;pings l&auml;n</option>
              <option value="Kalmar l&auml;n">Kalmar l&auml;n</option>
              <option value="Kronoberg">Kronoberg</option>
              <option value="Norrbotten">Norrbotten</option>
              <option value="Sk&aring;ne">Sk&aring;ne</option>
              <option value="Stockholms l&auml;n">Stockholms l&auml;n</option>
              <option value="S&ouml;dermanland">S&ouml;dermanland</option>
              <option value="Uppsala l&auml;n">Uppsala l&auml;n</option>
              <option value="V&auml;rmland">V&auml;rmland</option>
              <option value="V&auml;sterbotten">V&auml;sterbotten</option>
              <option value="V&auml;sternorrland">V&auml;sternorrland</option>
              <option value="V&auml;stmanland">V&auml;stmanland</option>
              <option value="V&auml;stra G&ouml;taland">V&auml;stra G&ouml;taland</option>
              <option value="&Ouml;rebro l&auml;n">&Ouml;rebro l&auml;n</option>
              <option value="&Ouml;sterg&ouml;tland">&Ouml;sterg&ouml;tland</option>
            </select>
                <!-- Data from vBulletin start -->
              <input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="<? print(vB::$vbulletin->userinfo['userid']); ?>" />
                 <input type="hidden" name="s" value="<?php echo $_COOKIE['bb_sessionhash'];?>" />
                <input type="hidden" name="securitytoken" value="<?php echo $bbuserinfo['securitytoken'];?>" />
                  <!--  Data from vBulletin end -->
          </td>
        </tr>
        <tr>
          <td>Kort personlig presentation:</td>
          <td><textarea name="add_Application_Presentation" rows="10" id="add_Application_Presentation"></textarea></td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td><input type="submit" name="add_Application_Submit" id="add_Application_Submit" value="Ans&ouml;k" /></td>
        </tr>
      </table>
    </form>
    </body>
    </html>
    <?php 
    }
    ?>
    But for some reason, I just can't get the security token to work.
    When I look at the source, it just comes up empty ("")...
    What am I doing wrong?
    Last edited by pyd; Thu 28 Jan '10, 9:00am.
  • pyd
    Senior Member
    • Feb 2005
    • 122
    • 3.8.x

    #2
    Sorry for bumping this thread, but... anyone?
    This don't feel like a support-ticket, but soon I don't have any other way.

    Comment

    • Lynne
      Former vBulletin Support
      • Oct 2004
      • 26255

      #3
      This is what you have:
      Code:
      [COLOR=#000000]            <!-- Data from vBulletin start --> 
                <input name="add_Application_UserID" type="hidden" id="add_Application_UserID" value="[COLOR=#0000bb]<? [/COLOR][COLOR=#007700]print([/COLOR][COLOR=#0000bb]vB[/COLOR][COLOR=#007700]::[/COLOR][COLOR=#0000bb]$vbulletin[/COLOR][COLOR=#007700]->[/COLOR][COLOR=#0000bb]userinfo[/COLOR][COLOR=#007700][[/COLOR][COLOR=#dd0000]'userid'[/COLOR][COLOR=#007700]]); [/COLOR][COLOR=#0000bb]?>[/COLOR]" /> 
                   <input type="hidden" name="s" value="[COLOR=#0000bb]<?php [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#0000bb]$_COOKIE[/COLOR][COLOR=#007700][[/COLOR][COLOR=#dd0000]'bb_sessionhash'[/COLOR][COLOR=#007700]];[/COLOR][COLOR=#0000bb]?>[/COLOR]" /> 
                  <input type="hidden" name="securitytoken" value="[COLOR=#0000bb]<?php [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#0000bb]$bbuserinfo[/COLOR][COLOR=#007700][[/COLOR][COLOR=#dd0000]'securitytoken'[/COLOR][COLOR=#007700]];[/COLOR][COLOR=#0000bb]?>[/COLOR]" /> 
                    <!--  Data from vBulletin end -->[/COLOR]

      Is the userid and cookie printing out? If the userid is, change your syntax for the securtiytoken to be the same for the userid. They are both using the same array - $vbulletin->userinfo is the same as $bbuserinfo (only one should be in php, the other in templates) - so the syntax should be the same.

      Please don't PM or VM me for support - I only help out in the threads.
      vBulletin Manual & vBulletin 4.0 Code Documentation (API)
      Want help modifying your vbulletin forum? Head on over to vbulletin.org
      If I post CSS and you don't know where it goes, throw it into the additional.css template.

      W3Schools &lt;- awesome site for html/css help

      Comment

      • pyd
        Senior Member
        • Feb 2005
        • 122
        • 3.8.x

        #4
        Thanks!
        That's what's wrong!

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...