Invalid CSRF token ???

[lfwatanabe]

I´ve installed sucessfully, but when i try to access administration panel, I get this. Sorry bad english.

[_CONEJO]

Hi lfwatanabe,

Does that  happens every time you try to log into the admin?
I couldn't reproduce the issue

Osclass 3.1 has new "anti-csrf" protection, and that message should appear only if :
* I miss some place to put the token
* You took to long (1 hour) since you loaded the login form and finally click send.

[lfwatanabe]

Yes, every time, since i install, re-install, any time, same error. 

[_CONEJO]

Hi,

Is it on a live site or at your localhost?
Could you check the source code of the page?

It should be something like this

Code: [Select]

<form name="loginform" id="loginform" action="http://www.example.com/osclass/oc-admin/index.php" method="post">
<input type='hidden' name='CSRFName' value='_1527898371' />
<input type='hidden' name='CSRFToken' value='3f7c84231624038a6be0e35176bdc04fdd5018ef16f074a4ac1a97bbf3b8ed2594a27cc7786c663e9cb69b2461633b6092b6c2b9c621f6a147280a82a61f576c' />


[lfwatanabe]

I was on live site, but now i´m trying in localhost but get some trouble connecting database right now
I´ll check, in a few minutes.

thx.

[lfwatanabe]

I´m still getting error #2002 in phpMyadmin, i´ve tried everything i could found in forums, but still in trouble. I can´t check yet.

[_CONEJO]

I´m still getting error #2002 in phpMyadmin, i´ve tried everything i could found in forums, but still in trouble. I can´t check yet.

There are two things that could go wrong here:

1. You don't have permissions to access the directory /var/lib/mysql/whatever.sock because mysql is the owner of the folder
or
2. /path/whatever.sock doesn't exist.

You can try this though [Linux specific, but what other operating systems are there?]
Go to /etc/my.cnf and change/add the lines:

[mysqld]
datadir=/var/lib/mysql
socket=/tmp/mysql.sock
[client]
socket=/tmp/mysql.sock

This way the client and server use the same socket and it's in a public directory. This solves my MySql problems 98% of the time.

[lfwatanabe]

I can´t solve wamp problems, so i decide to use it in my mac, intall mamp and osclass go perfectly. Thanks for all, but i´m trying to solve that phpmyadmim problem yet.

[kusnob]

Hi,

Is it on a live site or at your localhost?
Could you check the source code of the page?

It should be something like this

Code: [Select]

<form name="loginform" id="loginform" action="http://www.example.com/osclass/oc-admin/index.php" method="post">
<input type='hidden' name='CSRFName' value='_1527898371' />
<input type='hidden' name='CSRFToken' value='3f7c84231624038a6be0e35176bdc04fdd5018ef16f074a4ac1a97bbf3b8ed2594a27cc7786c663e9cb69b2461633b6092b6c2b9c621f6a147280a82a61f576c' />


Where I can find the file in?

The token ring problem usual come from the mail server when we install the ocs or other script on to sub domain usually get this error and I change the email sender using the subdomain too, ie : yourname@blabla.blublu.com

[_CONEJO]

Do you have any problem creating sessions ?

[jchapman84]

Sorry to hijack this thread but I'm getting the same error as well. Not on the backend but when logging in as a user in the front.

If I log in. I'll get the invalid CSRF token error. I'll go back to the main site. And I'm logged in. I also tried it with another account as well on the front end and same thing happens.

I'm gonna gives the heads up now. I'm a total novice. I'm trying my hand out and web design and such so please be gentle. haha


ADDITIONAL: I've tried 4 browsers. Firefox, Chrome and Safari on Mac and IE on Windows 8 in virtualbox. Only Safari is giving the problem.

[kcguy]

I am not wanting to hijack this either but I am getting this also. ONLY I am getting this when I go to post a new ad via mobile device with a image ( Not with the mobile app. IE Desktop view)....

As soon as I hit submit to post it I get the ever so great " Invalid CSRF token "

Any Ideas on this?

[kcguy]

Ok so I retried it again removing the image and it failed again.
 I did it again refreshing the captcha box and it worked. I wonder if it has something to do with that.......

I will disable that and see how it that goes/

Welp that did not work......

I went back over to my laptop and everything posted normal..... Arrrg

WTH is this CSRF token???> How can we fix it???> What do we need to do??>

[_CONEJO]

Hi jchapman84

Do you have reCAPTCHA installed/activated/keys entered?


kcguy, we're working on fix this issue as soon as possible.



As far as we know:

It has something to do with reCAPTCHA,
it has something to do with mobile devices (I wasn't able to reproduce it on desktop).
It's more frequent on safari browser, but android's browser and chrome also reported to fail.

Problem is that each form has a one-use-only CSRF token (as anti-hack measure), in this case, the form is being submitting TWICE (so if you hit publish or login , you will get an error because the second submission failed, but the first one was ok, so if you reload, the item would be published or you would be logged).

We're not sure, how if you only click once in the button, the form is being sent twice. Since the same page would fai on mobile devices but not on desktop, it looks like a browser problem, but still, we're working on it with all our resources.

Thanks for the patience.

[kcguy]

Conejo,

Thanks for the update and please keep us up to date with this here on this tread.

We are looking forward to getting the solution....