The following warnings occurred: | ||||||||||||||||||||||||
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
|
Private Site - Printable Version +- UserSpice (https://userspice.com/forums) +-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23) +--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26) +--- Thread: Private Site (/showthread.php?tid=431) Pages:
1
2
|
Private Site - waynez - 01-19-2017 Hi, I'm trying to create a private site, I'd like users to hit the login page first before going anywhere. I've setup index.php to redirect to the page I want (homepage.php) located in the users folder. I have also modified the login.php file (moved to users) based on the login.php in users, mainly changing the css and removing the navigation.php so it only displays the login prompts. I can't seem to get past the "tokens don't match" error message, even when checking the source code of the original page and displaying the token, which appears to be the same it won't work. Anybody point me in the right direction for some examples of how to make this work. Happy to provide any additional information, not sure what you need. I'm running on 4.2 BETA, on a Raspberry Pi. Thanks in advance for any help Private Site - mudmin - 01-20-2017 That usually means you have some sort of redirect or are doing something fancy in the middle of your form. Are you using any ajax or javascript? Every time the page is loaded, you generate a token in the form... Code: <input type="hidden" name="csrf" value="<?=Token::generate();?>" > Then on submission, you get Code: $token = Input::get('csrf'); Code: if(!Token::check($token)){ Code: die('Token doesn\'t match!'); Code: } Because a new token is generated every time the page is loaded, if the one the system has is not the one the user has, then something is reloading the form mid stream. For testing purposes, you can comment out the die statement but it is a good idea to figure out why your page is reloading.... One other thing, you could possibly be calling Code: <?=Token::generate();?> Private Site - waynez - 01-21-2017 Thanks for the reply. I don't appear to have an Ajax or Javascript in the login.php page, just some CSS to change the format/layout Have confirmed that commenting out `$token = Input::get('csrf'); if(!Token::check($token)){ die('Token doesn\'t match!'); }` That the page loads correctly. Just so I'm clear, I've added my new login.php and homepage.php into usersc/ from index.php I've changed the first piece of code index.php <pre> Code: require_once 'users/init.php'; The top of homepage.php has this code homepage.php <pre> Code: require_once '../users/init.php'; It all appears to redirect correctly, just that login.php ends up with a token error. link to login.php - Code: http://pastebin.com/r19BvB3k Again thanks for you help with this. Wayne Private Site - mudmin - 02-13-2017 Sorry. I was away for a while. Did you get this figured out? Private Site - gray444 - 02-14-2017 I seem to get getting two tokens called on the page that you mentioned above. Only on IE, is there anyway to prevent that? Private Site - dan - 02-14-2017 Have you verified this on multiple computers? Are you doing this on a live server or on some kind of Local Host? My first reaction is that something on that machine is acting as a man-in-the-middle. It could be some script or Plugin. It could also be some kind of anti malware or virus scanner. The only thing I can think of is that somehow the pages being Reloaded Do you have a live site that I could check on? Private Site - jmac - 05-09-2017 I am having the same issue as reported above, I have a form that posts to a new page and when I click on the submit button the token value that is stored in the session variable updates to something new, but the post variable remains as what I would expect the session one to be. It appears that once the button is clicked the page is being loaded twice or the generate token is being called twice. I have confirmed that the generate token is not on the page twice and that there is no jquery/javascript refreshing the page. Did you ever work this out? Happy to provide more info if required. I am using version UserSpice: 4.2.6 Ubuntu Server: Ubuntu 14.04.5 LTS Trusty Apache 2.4.7 PHP Version 5.5.9-1 Any would love any advice on this. Private Site - mudmin - 05-09-2017 Hmm. $_POST to a new page might be where the problem is coming from. I didn't write the token system itself. It's kind of an industry standard thing. I sent this question on to a developer friend of mine. I'll keep you posted. Private Site - jmac - 05-11-2017 Hi Mudmin, I've been going crazy about this issue for a few days and have narrowed it down to this line of code. Code: <img src="#" class="img-responsive center" alt="TBA"> If it is on the page I get the above error, if I remove it the token system works are expected. If I remove the Code: # Private Site - firestorm - 05-11-2017 the hash forces page refresh on http attributes so my guess is that because its in an img src attribute its forcing page refresh looking for an image source, either add a source url to an image or create a transparent png and link to it, or just remove altogether, |