Invalid CSRF token ???

[azmierulcm]

Probable invalid request.

is this the problem that relate with CSRF token?

[_CONEJO]

Probable invalid request.

is this the problem that relate with CSRF token?

Yes

[blackspade]

@ _CONEJO

Here is an server information and CSRF token code, kindly help what to do further.

Server Information
Platform
Type Debian

MySQL Version   
5.0.91-log

Perl
5.8.8

PHP

 <form name="loginform" id="loginform" action="http://sitename.com/oc-admin/index.php" method="post"><input type='hidden' name='CSRFName' value='CSRF148136452_1464243440' />
        <input type='hidden' name='CSRFToken' value='346596c7f3390fb0131dfe6b33350f94a7cbe8f51eb7a5c88549f4b5a9e0b046d1c33d9da2e50673d352270a5840c7e171a6ade936bc0ac223409e4464fd9628' />

[_CONEJO]

Real Estate theme has to be updated (in case you  were using it). A <form> not being closed make this error to appear. We're still investigating why does this appear also with reCAPTCHA

[jchapman84]

Hi _CONEJO.

Actually, I do not have recaptcha installed/enabled etc.

Thanks for the reply

[_CONEJO]

Hi _CONEJO.

Actually, I do not have recaptcha installed/enabled etc.

Thanks for the reply

But do you have real estate?

[kcguy]

CONEJO,

I do not think it has anything to do with the themes or recaptcha's

I am using the USA theme. I have tried it both ways with and without the recaptcha's and the problems still exists.

[jchapman84]

Hi _CONEJO.

Actually, I do not have recaptcha installed/enabled etc.

Thanks for the reply

But do you have real estate?

No, I do not.

[kcguy]

UPDATE:
I did more testing with this. I again tried to ad a listing WITHOUT trying to upload an image and it posted as it should.

I then immedeatly went to try and upload another listing but this time I went to add an image and the token error came and no listing was posted.

I am using Version 3.1, posting ads with my phone ( not through mobile view but desktop view ) captcha is on......


It almost seems as if this is being caused by adding images.... I hope a solution comes fast....

[Marcel]

Hey everyone,

I was having this same problem after I upgraded to the 3.1 version. I would get the error when I tried to login to my account for my website. I then noticed that my website was opening with the "www." in the address bar, which it shouldn't be doing. I then opened my site without the "www." in front of the address and it was working fine. So when I opened the site like this: www.example.com it would get the "Invalid CSRF token" page and when I opened it like this: europeslist.com it would not get the "Invalid CSRF token" page. So what I did to repair this is I opened my .htaccess file which was written like this:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>

And I changed it back to the way I had it, which is like this:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    RewriteCond %{HTTP_HOST} ^www.europeslist.com [NC]
    RewriteRule ^(.*)$ http://europeslist.com/$1 [L,R=301]
</IfModule>

And now it is not getting the error anymore!! I am not sure if this will work for anyone else, but I suggest giving it a try.

[Marcel]

Well now that I was able to sign-in to my account I tried to post an ad and it is getting an error that says "The Recaptcha code is wrong" when I hit the "Publish" button. Any ideas on this yet?

Thanks

[Marcel]

Ok, well I just completely removed reCaptcha again from my site and it is working fine again. Hopefully everyone else can get this figured out. Thanks.

[_CONEJO]

Hi marcel,

Thanks for the suggestion I will look at that solution.


@kcguy & @jchapman84 , could I take a look at your themes? Is there somewhere I could look at them?

Thanks

[kcguy]

sure,

swapzombie.com if you need to get into my admin part ley me know and I wil send you the details...

[_CONEJO]

Hi kcguy,

I registered at your site and was able to post an edit several ads with and without images, I did not see any CSRF errors. I tried from a Linux machine using Chrome.

What I noticed is that once you publish an add, you're redirected to a page like this : http://swapzombie.com/index.php?page=custom&file=referral/makepremium.php&itemId=XYZ

In said page, while the information displayed was correct (the text) it didn't show any image (even the ads has images). Also, the link to the ad was ALWAYS a link to ad number 11, while the listings I inserted were numbers 17,18,19,20,...

I could add, edit and delete listings without any errors, with and without images. I tried every combination I thought of.

Maybe, if you're uploading images too big, PHP can not process them and will not include them. Maybe we should make a text visible telling that. Could you try with smaller images?



Thanks



Again, as a note, we discovered that certain browsers (It only happened in mobile devices) perform a "double submit" (ie, submitting the form twice). Usually when reCAPTCHA keys are saved in Osclass. If no recaptcha keys are there, then it did not happen. This only happens on certain servers (I couldn't reproduce the issue on my machine). And also from certain devices.

We're sorry for any inconvenience and we're trying to fix it as soon as possible