Osclass forums
Support forums => Installation / Update help => Topic started by: lfwatanabe on February 18, 2013, 10:31:38 pm
-
I´ve installed sucessfully, but when i try to access administration panel, I get this. Sorry bad english.
-
Hi lfwatanabe,
Does that happens every time you try to log into the admin?
I couldn't reproduce the issue
Osclass 3.1 has new "anti-csrf" protection, and that message should appear only if :
* I miss some place to put the token
* You took to long (1 hour) since you loaded the login form and finally click send.
-
Yes, every time, since i install, re-install, any time, same error. :(
-
Hi,
Is it on a live site or at your localhost?
Could you check the source code of the page?
It should be something like this
<form name="loginform" id="loginform" action="http://www.example.com/osclass/oc-admin/index.php" method="post">
<input type='hidden' name='CSRFName' value='_1527898371' />
<input type='hidden' name='CSRFToken' value='3f7c84231624038a6be0e35176bdc04fdd5018ef16f074a4ac1a97bbf3b8ed2594a27cc7786c663e9cb69b2461633b6092b6c2b9c621f6a147280a82a61f576c' />
-
I was on live site, but now i´m trying in localhost but get some trouble connecting database right now :(
I´ll check, in a few minutes.
thx.
-
I´m still getting error #2002 in phpMyadmin, i´ve tried everything i could found in forums, but still in trouble. I can´t check yet.
-
I´m still getting error #2002 in phpMyadmin, i´ve tried everything i could found in forums, but still in trouble. I can´t check yet.
There are two things that could go wrong here:
1. You don't have permissions to access the directory /var/lib/mysql/whatever.sock because mysql is the owner of the folder
or
2. /path/whatever.sock doesn't exist.
You can try this though [Linux specific, but what other operating systems are there?]
Go to /etc/my.cnf and change/add the lines:
[mysqld]
datadir=/var/lib/mysql
socket=/tmp/mysql.sock
[client]
socket=/tmp/mysql.sock
This way the client and server use the same socket and it's in a public directory. This solves my MySql problems 98% of the time.
-
I can´t solve wamp problems, so i decide to use it in my mac, intall mamp and osclass go perfectly. Thanks for all, but i´m trying to solve that phpmyadmim problem yet.
:)
-
Hi,
Is it on a live site or at your localhost?
Could you check the source code of the page?
It should be something like this
<form name="loginform" id="loginform" action="http://www.example.com/osclass/oc-admin/index.php" method="post">
<input type='hidden' name='CSRFName' value='_1527898371' />
<input type='hidden' name='CSRFToken' value='3f7c84231624038a6be0e35176bdc04fdd5018ef16f074a4ac1a97bbf3b8ed2594a27cc7786c663e9cb69b2461633b6092b6c2b9c621f6a147280a82a61f576c' />
Where I can find the file in?
The token ring problem usual come from the mail server when we install the ocs or other script on to sub domain usually get this error and I change the email sender using the subdomain too, ie : yourname@blabla.blublu.com
-
Do you have any problem creating sessions ?
-
Sorry to hijack this thread but I'm getting the same error as well. Not on the backend but when logging in as a user in the front.
If I log in. I'll get the invalid CSRF token error. I'll go back to the main site. And I'm logged in. I also tried it with another account as well on the front end and same thing happens.
I'm gonna gives the heads up now. I'm a total novice. I'm trying my hand out and web design and such so please be gentle. haha
ADDITIONAL: I've tried 4 browsers. Firefox, Chrome and Safari on Mac and IE on Windows 8 in virtualbox. Only Safari is giving the problem.
-
I am not wanting to hijack this either but I am getting this also. ONLY I am getting this when I go to post a new ad via mobile device with a image ( Not with the mobile app. IE Desktop view)....
As soon as I hit submit to post it I get the ever so great " Invalid CSRF token "
Any Ideas on this?
-
Ok so I retried it again removing the image and it failed again.
I did it again refreshing the captcha box and it worked. I wonder if it has something to do with that.......
I will disable that and see how it that goes/
Welp that did not work......
I went back over to my laptop and everything posted normal..... Arrrg
WTH is this CSRF token???> How can we fix it??????> What do we need to do?????> :( >:( ;D :D ;)
-
Hi jchapman84
Do you have reCAPTCHA installed/activated/keys entered?
kcguy, we're working on fix this issue as soon as possible.
As far as we know:
It has something to do with reCAPTCHA,
it has something to do with mobile devices (I wasn't able to reproduce it on desktop).
It's more frequent on safari browser, but android's browser and chrome also reported to fail.
Problem is that each form has a one-use-only CSRF token (as anti-hack measure), in this case, the form is being submitting TWICE (so if you hit publish or login , you will get an error because the second submission failed, but the first one was ok, so if you reload, the item would be published or you would be logged).
We're not sure, how if you only click once in the button, the form is being sent twice. Since the same page would fai on mobile devices but not on desktop, it looks like a browser problem, but still, we're working on it with all our resources.
Thanks for the patience.
-
Conejo,
Thanks for the update and please keep us up to date with this here on this tread.
We are looking forward to getting the solution.... 8)
-
Probable invalid request.
is this the problem that relate with CSRF token?
-
Probable invalid request.
is this the problem that relate with CSRF token?
Yes
-
@ _CONEJO
Here is an server information and CSRF token code, kindly help what to do further.
Server Information
Platform
Type Debian
MySQL Version
5.0.91-log
Perl
5.8.8
PHP
<form name="loginform" id="loginform" action="http://sitename.com/oc-admin/index.php" method="post"><input type='hidden' name='CSRFName' value='CSRF148136452_1464243440' />
<input type='hidden' name='CSRFToken' value='346596c7f3390fb0131dfe6b33350f94a7cbe8f51eb7a5c88549f4b5a9e0b046d1c33d9da2e50673d352270a5840c7e171a6ade936bc0ac223409e4464fd9628' />
-
Real Estate theme has to be updated (in case you were using it). A <form> not being closed make this error to appear. We're still investigating why does this appear also with reCAPTCHA
-
Hi _CONEJO.
Actually, I do not have recaptcha installed/enabled etc.
Thanks for the reply
-
Hi _CONEJO.
Actually, I do not have recaptcha installed/enabled etc.
Thanks for the reply
But do you have real estate?
-
CONEJO,
I do not think it has anything to do with the themes or recaptcha's
I am using the USA theme. I have tried it both ways with and without the recaptcha's and the problems still exists.
-
Hi _CONEJO.
Actually, I do not have recaptcha installed/enabled etc.
Thanks for the reply
But do you have real estate?
No, I do not.
-
UPDATE:
I did more testing with this. I again tried to ad a listing WITHOUT trying to upload an image and it posted as it should.
I then immedeatly went to try and upload another listing but this time I went to add an image and the token error came and no listing was posted.
I am using Version 3.1, posting ads with my phone ( not through mobile view but desktop view ) captcha is on......
It almost seems as if this is being caused by adding images.... I hope a solution comes fast....
-
Hey everyone,
I was having this same problem after I upgraded to the 3.1 version. I would get the error when I tried to login to my account for my website. I then noticed that my website was opening with the "www." in the address bar, which it shouldn't be doing. I then opened my site without the "www." in front of the address and it was working fine. So when I opened the site like this: www.example.com it would get the "Invalid CSRF token" page and when I opened it like this: europeslist.com it would not get the "Invalid CSRF token" page. So what I did to repair this is I opened my .htaccess file which was written like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
And I changed it back to the way I had it, which is like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP_HOST} ^www.europeslist.com [NC]
RewriteRule ^(.*)$ http://europeslist.com/$1 [L,R=301]
</IfModule>
And now it is not getting the error anymore!! I am not sure if this will work for anyone else, but I suggest giving it a try.
-
Well now that I was able to sign-in to my account I tried to post an ad and it is getting an error that says "The Recaptcha code is wrong" when I hit the "Publish" button. Any ideas on this yet?
Thanks
-
Ok, well I just completely removed reCaptcha again from my site and it is working fine again. Hopefully everyone else can get this figured out. Thanks.
-
Hi marcel,
Thanks for the suggestion I will look at that solution.
@kcguy & @jchapman84 , could I take a look at your themes? Is there somewhere I could look at them?
Thanks
-
sure,
swapzombie.com if you need to get into my admin part ley me know and I wil send you the details...
-
Hi kcguy,
I registered at your site and was able to post an edit several ads with and without images, I did not see any CSRF errors. I tried from a Linux machine using Chrome.
What I noticed is that once you publish an add, you're redirected to a page like this : http://swapzombie.com/index.php?page=custom&file=referral/makepremium.php&itemId=XYZ
In said page, while the information displayed was correct (the text) it didn't show any image (even the ads has images). Also, the link to the ad was ALWAYS a link to ad number 11, while the listings I inserted were numbers 17,18,19,20,...
I could add, edit and delete listings without any errors, with and without images. I tried every combination I thought of.
Maybe, if you're uploading images too big, PHP can not process them and will not include them. Maybe we should make a text visible telling that. Could you try with smaller images?
Thanks
Again, as a note, we discovered that certain browsers (It only happened in mobile devices) perform a "double submit" (ie, submitting the form twice). Usually when reCAPTCHA keys are saved in Osclass. If no recaptcha keys are there, then it did not happen. This only happens on certain servers (I couldn't reproduce the issue on my machine). And also from certain devices.
We're sorry for any inconvenience and we're trying to fix it as soon as possible
-
I am also experiencing this error message. After installing and trying to login to the admin interface, I get the CSRF token error. Can't login to make any changes at all... :(
-
This finally got me in to my admin dashboard:
Add this in the config.php file (I just pasted it in line #2):
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
Thanks Conejo. I found this in one of your posts from 2011 and it worked for me.
-
This finally got me in to my admin dashboard:
Add this in the config.php file (I just pasted it in line #2):
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
Thanks Conejo. I found this in one of your posts from 2011 and it worked for me.
Thanks to you,
Now we'll add some extra check to know if you could use sessions or not. It's strange that it let you install it without session path being writable...
Thanks again
-
@Anti-NWO
I did what you mentioned for config.php file. And its working, now i am able to login admin account and register new account too.
-
I sure hope this CSRF Token ordeal will not be the death of osclass..... I mean is it possible to just do away with the token all together?????
Was this not spotted during beta????
-
I sure hope this CSRF Token ordeal will not be the death of osclass..... I mean is it possible to just do away with the token all together?????
Was this not spotted during beta????
Hi kcguy
I think the amount of user's with this problem is very few, anyway, we're working on it.
No, it wasn't spotted on our tests. There're several reasons to get this same error :
* A bad theme (not closing a </form> tag, as it happened with real estate theme)
* Double form submit (we're not sure how this happens, or why, it has to do something with reCAPTCHA)
* Session folder not being writable
Last one is very strange, I mean, if Osclass was working fine BEFORE, you don't need to modify the session folder. I could only think, that now, we're writting a bit more data on the session, so maybe the server's folder is full (if you're on a shared server it's more probable).
Anyway, I'm sorry for all the trouble. The amount of different servers and configuration I have access is very limited, all I could tell is that in my own machine as well as on the test server it worked, none of the people who used the RC (release candidate) version spotted this (or they didn't tell us). Note: people who used the RC version DID report bugs and improvements, helping me a lot.
-
_Conejo,
You are the man and I know you guys WILL get it all worked out in time.
I mean Like you said it is very wierd that this is happening to a select few of us.
Or perhaps the select few of us are the only ones who have upgraded.
I also think it is wierd how wide spread this problem is with the token. Hitting all different aspects of the functions. It almost tells me the token does not seem to be compatible with the system. ( I dont know ) What i mean by that is that reading this, the token problem is all over the place so it is hard to narrow it down to really one area of whats causing it. I know that will make it harder to offer the right solution for everyone.
Was this token implemented with this new update or has it always been there. If it was not there then why was it put there. Are we trying to reinvent the wheel here with each update or are we simply trying to make the current version more stable. It seems that the core of osclass is pretty solid and all users were requesting was pretty much new plug ins, not a new wheel per say
My frustration is with the mobile phone part. I mean no one takes pictures then puts them onto their computers and then posts them on a site. Everything is done via mobile phone these days. as far as the captcha goes I am not sure if thats it, as I get the token problem with and without the captcha...
As far as my server goes I would think being as they offer your osclass software that is is compatible with their systems. That was one of the main things I looked for when shopping for the hosting company.
I am not trying to tell you guys how to operate or bash osclass as you guys have done an outstanding job with the system, I am just venting a bit..... I love the system and I am just wanting it to preform as it should and I am sure you guys feel the same way.
-
I sure hope this CSRF Token ordeal will not be the death of osclass..... I mean is it possible to just do away with the token all together?????
Was this not spotted during beta????
Hi kcguy
I think the amount of user's with this problem is very few, anyway, we're working on it.
No, it wasn't spotted on our tests. There're several reasons to get this same error :
* A bad theme (not closing a </form> tag, as it happened with real estate theme)
* Double form submit (we're not sure how this happens, or why, it has to do something with reCAPTCHA)
* Session folder not being writable
Last one is very strange, I mean, if Osclass was working fine BEFORE, you don't need to modify the session folder. I could only think, that now, we're writting a bit more data on the session, so maybe the server's folder is full (if you're on a shared server it's more probable).
Anyway, I'm sorry for all the trouble. The amount of different servers and configuration I have access is very limited, all I could tell is that in my own machine as well as on the test server it worked, none of the people who used the RC (release candidate) version spotted this (or they didn't tell us). Note: people who used the RC version DID report bugs and improvements, helping me a lot.
I also have the same problem! right from the fresh install of osc v3.1! any invalid username/pass raises that error!
-
Please,
Add this on line # of config.php
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
And tell us if that worked
-
Please,
Add this on line # of config.php
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
And tell us if that worked
Who is this directed to Conejo and what line # does it need placed at>:
-
Ok tested it 3 time on the mobile phone samsung galaxy s3.
1st test worked with no problems
2nd test token issue again but this time for some reason it allowed the post to go through anyway.
3rd test token issue again but this time for some reason it allowed the post to go through
I am adding images with the catpcha on\
Hope it helps and I dont think the code was a real solution...
-
I was getting it when posting an ad, but the ad would actually appear on the site, just tried logging onto my site as a user, and it came up then. Tried adding the above to line 2 of config, still the same.
Im using my ipad, latest osclass version, just reinstalled fresh, and im using capthca.
-
*** IMPORTANT NOTE ***
Make a backup first!
If you were having problems with CSRF token when posting a listing, please, replace your files with the one in the zip located here http://www.conejo.me/files/Osclass-hotfixes-9529a85e3e.zip (http://www.conejo.me/files/Osclass-hotfixes-9529a85e3e.zip)
Make a backup first!
You only need to replace the files and fix permissions of files and folders (root and oc-content should be writable), no update process, no database changes, no re-installation.
Remember to make a backup of your files first. I think I finally found the problem and the solution for the CSRF token problem. I want to test it out (I already tested it on android emulator, my Samsung Galaxy S2, JR's iphone ¿4?, I haven't more devices at hand). It would be great if you want to test it and share your problems.
If you get the token problem ALWAYS, specially trying to access your admin panel
Please, paste this code on the second line of your config.php
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
If you still have problems, tell me. I want to fix them, please provide as much information as you could.
Once we know this is the fix, we'll release a new version (3.1.1) of Osclass, via the automatic update, you will be able to update as usual.
If you have problems with update process or images not being able to upload, this is not the topic for you, but contact me and tell me as much as you can about it, I will try to fix them as soon as possible.
-
Backing up files now and will post results when I test it out. Fingers crossed!!!!
-
*** IMPORTANT NOTE ***
Make a backup first!
If you were having problems with CSRF token when posting a listing, please, replace your files with the one in the zip located here http://www.conejo.me/files/Osclass-hotfixes-9529a85e3e.zip (http://www.conejo.me/files/Osclass-hotfixes-9529a85e3e.zip)
Make a backup first!
You only need to replace the files and fix permissions of files and folders (root and oc-content should be writable), no update process, no database changes, no re-installation.
Remember to make a backup of your files first. I think I finally found the problem and the solution for the CSRF token problem. I want to test it out (I already tested it on android emulator, my Samsung Galaxy S2, JR's iphone ¿4?, I haven't more devices at hand). It would be great if you want to test it and share your problems.
If you get the token problem ALWAYS, specially trying to access your admin panel
Please, paste this code on the second line of your config.php
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
If you still have problems, tell me. I want to fix them, please provide as much information as you could.
Once we know this is the fix, we'll release a new version (3.1.1) of Osclass, via the automatic update, you will be able to update as usual.
If you have problems with update process or images not being able to upload, this is not the topic for you, but contact me and tell me as much as you can about it, I will try to fix them as soon as possible.
Not working on samsung galaxy 3 ( sprint service )
tested 2 times and both times failed with the token.
I have captcha on.
I retried refreshing the catpcha on the 2nd test still failed...
:'( :'( :'( :'( :'( :'( :'(
I you would like I can give you access to my account and hosting....
-
Hi @kcguy,
There is an issue with mobile devices, sometimes submitting forms from mobile devices might cause double submit, we are working on this issue.
-
Hi @kcguy,
There is an issue with mobile devices, sometimes submitting forms from mobile devices might cause double submit, we are working on this issue.
Any update on this. People need to be able to post with a mobile device....
-
I have same problem
http://www.suritrade.net/oc-admin
I host with netfirms.com
Site is live but i can not access the admin backend.
-
Wierd stuff here....
I did 5 test today and all 5 worked Even if I got the token error
All 5 had images though ( only 2 had posted the image )
After looking and getting ready to remove my test ads I did notice that the some of the ads did not get filled completly when uploading as you can see below. These were done back to back to back to back to back....
They all should have been the same
-
after overwriting osc fix for this error there is nothing fixed. users after adding an ad they get a broken page (index doesn't load). if i try to add an ad with image, it doesn't work either.
-
after overwriting osc fix for this error there is nothing fixed. users after adding an ad they get a broken page (index doesn't load). if i try to add an ad with image, it doesn't work either.
i forgot to tell you that i work with chrome/mozilla on desktop for testing.
-
Hi @kcguy,
We add a double submit prevention with javascript, has been added to modern theme.
You can see the changes here:
https://github.com/osclass/Osclass/commit/2992eaaacc02ebe4644af0ac5de162d3e20b9345
https://github.com/osclass/Osclass/commit/9529a85e3ea7d207a4a34b27301c14071f562cc2
-
after overwriting osc fix for this error there is nothing fixed. users after adding an ad they get a broken page (index doesn't load). if i try to add an ad with image, it doesn't work either.
i forgot to tell you that i work with chrome/mozilla on desktop for testing.
admins can try themselfs on my domain where i installed the script: www.vand-tractor.ro
-
Hi @kcguy,
We add a double submit prevention with javascript, has been added to modern theme.
You can see the changes here:
https://github.com/osclass/Osclass/commit/2992eaaacc02ebe4644af0ac5de162d3e20b9345
https://github.com/osclass/Osclass/commit/9529a85e3ea7d207a4a34b27301c14071f562cc2
THANKS garciademarina
THIS APPEARS TO HAVE WORKED FOR MY MOBILE ISSUES!!! :D :D :D :D :D :D :D :D :D
-
same here problem...CRSF error at login...
-
same here problem...CRSF error at login...
Have you tried making the changes as mentioned above to see if that works for you?
-
Hi Osclass,
I'm having the same problem since I upgraded to Osclass 3.1. I was using my one of my accounts I had created earlier and tried to post an ad, but I get the following error:
The Recaptcha code is wrong
I'm using Modern theme and the Recaptcha code is not enabled for that particular form as I set once you signed up to become a member you don't need to do Recaptcha
Only new users or replying to ad will Recaptcha show.
My site is www.postingzoo.ca
I been reading through the thread and haven't really seen a solution yet. I'm only with PairNetwork.
Thanks
-
Hi JOHNP,
You have javascript errors in your theme.
We improve the way to include scripts and styles in this new version but previous versions of some plugins aren't compatible.
You can try to update this plugins if there are compatibles with osclass 3.1 or you can change this 2 files:
You can edit your theme file functions.php
ROOT/oc-content/themes/modern/functions.php
At the end the file add this lines...
osc_remove_hook('header', 'osc_load_scripts');
osc_remove_hook('header', 'osc_load_styles');
osc_add_hook('header', 'osc_load_scripts', 4);
osc_add_hook('header', 'osc_load_styles', 4);
and for your oc-admin edit:
ROOT/oc-admin/themes/modern/functions.php
At the end the file add this lines...
osc_remove_hook('admin_header', 'admin_theme_js');
osc_remove_hook('admin_header', 'admin_theme_css');
osc_add_hook('admin_header', 'admin_theme_js', 4);
osc_add_hook('admin_header', 'admin_theme_css', 4);
Regards
-
Hi Carlos,
I've taken your suggestion and added the code provided to the two files, but I am still getting the error:
"The Recaptcha code is wrong"
I'm going to see if I can update the ReCaptcha and see if that works. Will let you know
Thanks,
JOHNP
-
Hi Carlos,
I also want to add that the output also says "Invalid CSRF token."
Thanks,
-
Hi,
If nothing goes wrong, today osclass 3.1.1 will be released and fix the problems you have.
Regards
-
Hi,
After sleepless night with osclass upgraded to 3.1 I still have two problems:
- Error 500 after posting a new ad. Captcha is already disabled, the ads are being published, but when there's a redirection to /index.php the browser displays error 500 (Chrome) or blank page (Firefox). Refreshing the site on Chrome makes things back to normal, refreshing on Firefox gives Invalid CSRF message.
- The emails are not being sent. I'm using Gmail settings and tried all possible configurations. Still nothing.
Of course I applied all suggested changes. Here's the log:
[Thu Mar 21 02:21:49 2013] [error] [client 120.28.144.67] PHP Fatal error: Call to undefined method POP3::Authorise() in /opt/bitnami/apps/osclass/htdocs/oc-includes/osclass/utils.php on line 301, referer: http://website.com/category/subcategory/item_848
[Thu Mar 21 02:22:18 2013] [error] [client 66.249.74.72] PHP Notice: Undefined index: pk_i_id in /opt/bitnami/apps/osclass/htdocs/oc-includes/osclass/model/Category.php on line 490
-
Hi Carlos,
Just wanted to let you know that the new Osclass version 3.1.1 seems to have fixed my Recaptcha issue.
Thanks,
John
-
Hi
Is there anyway to add this validation to the USA theme?
thanks
Hi @kcguy,
We add a double submit prevention with javascript, has been added to modern theme.
You can see the changes here:
https://github.com/osclass/Osclass/commit/2992eaaacc02ebe4644af0ac5de162d3e20b9345
https://github.com/osclass/Osclass/commit/9529a85e3ea7d207a4a34b27301c14071f562cc2
-
for the record - I have a clean 3.1.1 dev install without recaptcha loaded, (only paypal plus and promo codes loaded) and I still get the error on iPad -- did the Modern them double submit "fix" get added in this release?
-
hi osclass team.
thanks for wonderful easy to use classified application, i really like it.
I successfully installing osclass 3.1.1on my hosting site, However ever for stranger reason i am getting Invalid CSRF tocken when posting or going to admin or registering new account ONLY on IE and firefox. Good Chrome works as expected.
I am wondering what config file i need to change or setup to fix the issue. myself is www.minaleshtera.com
Thanks
-
Sometimes, my site is getting this Invalid CSRF token error when a user logs in. In other times, it does not. I really can't figure our where is the problem.
-
Could you provide a little more information?
Version of Osclass:
Browser & version:
A more detailed description of the error (when, where it happens, what were you trying to accomplish,..):
Thanks
-
Version Osclass 3.1.1
on Google Chrome up-to-date browser
It happened yesterday, when a user is trying to log-in. After a few tries, the error is gone.
Btw, it happened before. Then I added session_save_path ( ABS_PATH . 'oc-content/uploads/' ); in config file. Then the error was gone. Then it came back yesterday after added the plugin related ads. I tried today, no more error but one of the user reported that he encountered such error.
Could you provide a little more information?
Version of Osclass:
Browser & version:
A more detailed description of the error (when, where it happens, what were you trying to accomplish,..):
Thanks
-
Same here, I'm doing manual update after automatic update loading too long and without end. After manual update, i can't reach the admin panel(white blank page) and when members login, it's get invalid csrf token.
I have add session_save_path ( ABS_PATH . 'oc-content/uploads/' ); in config file but it's still showing same error. I need suggestion and solution as my osclass have modified and installed alot of addons.
-
When i wrote my domain name in google it not showing www.and when not showing www than i cannot login in it shows invalid csfr token ,again when i wrote www.mydomain.com it worked,when is domain without www its no working,I figured it out.Is it happening to you also that you enter your domain in google shows no www and than shows invalid cfr token or what
-
i also getting invalid CSRF Token error when image regenerate. i''m using osc 3.1.1
-
Sometimes, my site is getting this Invalid CSRF token error when a user logs in. In other times, it does not. I really can't figure our where is the problem.
Same for me. Exactly what you describe.
-
I'm using 3.1.1 and one easy way to make this happen with Firefox 20x browser is to (try to) login using a non existent user and password.
;)
-
I just found out that when my address has www before the domain, invalid CSRF token occurs. I added a code to my .htaccess to force a www on my domain.
-
I just found out that when my address has www before the domain, invalid CSRF token occurs. I added a code to my .htaccess to force a www on my domain.
NICE catch !!!!
I'm also on a subdomain for tests. Maybe the prefixes have something to do.
-
i am getting same error please help
1st i get Warning: Cannot modify header information - headers already sent by (output started at /home/offersva/public_html/oc-includes/osclass/utils.php:1588) in /home/offersva/public_html/oc-includes/osclass/utils.php on line 1590
then when i repload i see Invalid CSRF token. :(
-
My 2 cents.
Exactly what is wrong and what are the developers doing about this CSRF issue. I no longer have any 3.1/3.11 live sites being I have given up trying to overcome the problems. Ether I can not upload images or get the CSRF . I've even got that when trying to login as admin on a clean fresh installation. Never did get to see the admin side of that site.
This is truly sad for such a great script.
Tom
-
Today i was deleting from the admin some listings and got twice the CSRF error.
-
Hi,
@tomshaft, can you tell me more information about your hosting provider? maybe we can try osclass and see what happends
@Aficionado, It's possible that your session has expired? , crsf token is generated only once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires.
-
Hi,
@Aficionado, It's possible that your session has expired? , crsf token is generated only once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires.
I don't think so, because i hit back and continued my work in the admin.
This is a real error that happen randomly. For example sometimes logging out of the admin makes that error.
Not a major problem ...
-
I'm also having the "Invalid CSRF Token" issue. I'm a complete newbie. On my first install of OS Class 3.1 I am unable to access the admin page at all. I'm using Chrome, but it also happens in IE. Chrome is up to date for sure. I have noticed some work-arounds by making changes to php files, but I'm not experienced at coding anything, so I'm not sure if I'm doing this correctly. Have others had success by making these changes? Are there other suggestions that I missed or do I just wait for a new release to fix the issues.
-
Hello. First of all, I would say that it is a super program. Very flexible. :-)
But I have the same problem as many others here with CSRF token error in the Admin. I do not know if it's been fixed in 3.1.1 and I just can not find the fix? I installed 3.1.1 and it should be fixed in 3.1.1 as far as I've read me to. I have no plugins or anything - clean installation. installing 7-10 times now but token error remains. Generally it is as if it lags in admin. If I change something in Adminit is first at my next action that I can see that there has been an action. It is just as if its not updating on action before I e.g. press a new menu button in the admin?
Does anyone experiencing the same thing - or have a solution to it?
Hunt
-
Hello,
I have tried it with OSCLASS installation on my own home server with EASYPHP(apache, mysql, php) which is similar to WAMP.
I get the "Invalid CSRF token." after installing it on a shared web hosting site, when I try to access the admin control panel for the first time.
I dig into the php code to find that the error comes from the function osc_csrf_check() in the oc-admin/login.php script, the switch function call to case('login_post').
What is it that my home server can do that the webhost debian server cannot?
-
So, I've installed this script almost a week ago and I still can't even access the admin page. I still get the "Invalid CSRF token". Can anyone at least attempt to help me trouble shoot this? It looks like this problem is fairly uncommon otherwise it would probably get more attention. Is there any chance that it's because I've installed this to a sub-domain? I'm using i-page for hosting, and using filezilla for ftp. I'm begging someone to help me :-\ I'm more than willing to give you my admin log in etc... whatever it takes. I had someone install this script for me previously and it worked, but they weren't making the changes I was asking so, I decided to try to learn to do it myself (hindsight is saying that might be a mistake). I'm a newbie to this, but certainly not a newbie to troubleshooting and working through processes that are similar... PLEASE HELP!!!!!
-
There is no corresponding - I have the same problem - Simply how it is. Those who do not have the problem does not search for it and those who can help have much else to do I guess. So that's life. Maybe it fixes itself with 3.2??? Good luck. I give up.
If you should find out how to remove the token *** please post it here.
-
Would it get more attention to try to start another thread or would just anger people???
-
What if I donate... would that help- I'm reaching for anything here. Or can someone just tell me approximately when the next update is coming out??? (patience apparently isn't one of my good qualities)
-
I contacted Ipage (host) and they "set session.save_path in php.ini and fixed the issue."
-
i ve the same issue but only at USER LOGIN
admin panel works fine
i have godaddy hosting
edit: the issue only appears to be present when there is www. infront of website name. weird
-
Tengo el mismo problema, no puedo entrar al backend o admin panel, ya intenté todo lo que dice el foro, tengo el sitio en standby o modo mantenimiento, qué pasa en realidad?
I have the same problem, I can not enter the backend or admin panel, and tried everything it says the forum, I have the site in maintenance mode or standby, what happens in reality?
-------------------------------------------------------------------------------------
it's ok, the hosting support has been corrected the issue!!!!! thank
-
I and anyone that uses the Osclass v3.1.1 installation that I have (on a Unix server) has trouble logging in to their account after it has initially been set up and an Ad posted. They always receive the Invalid CSRF token reply on a blank page.
As admin, I can delete any of these accounts and the user can recreate the account and then login. Subsequent logins fail as usual.
I am the admin and can login to the Osclass Admnin page without trouble.
My ISP has the php ini file set such that session.save_path is set to /tmp , so the solutions that I have read about server side issues appear not to be the cause.
Any thoughts on how to get rid of this site-disabling problem gratefully received.
Cheers,
David
Hi Folks,
I have solved my problem as follows:
When I installed Osclass, it was through a "test link" to my eventual "production link". In the config.php file, to be found in the root directory of your installation, there is a line (around line 25) that was (where the xxxxxxx is my site name):
define('WEB_PATH', 'http://xxxxxx.preview.ns53.webhostsg.com/classifieds/');
When this was still set, the user would get the "Invalid CSRF token." blank page when trying to login any time after the initial registration and login, subsequently having logged out.
The line has been changed to:
define('WEB_PATH', 'http://www.sitename.com/classifieds/');
After changing the web path the issue with the "Invalid CSRF token" has gone.
This explanation may be the cause of the problem with some of you guys, hope if it is, it fixes your issue too!
Cheers,
David
-
i saw that the new version force to non www site and fix the Invalid CSRF token....how did u solve this problem?maybe there is some users who don;t want to update ...for example i use 3.0.2 and i don;t want to update to 3.1.2 -personal reasons.....(a lot of changes-styles etc)
can someone to share with us?thx
-
I am also getting the same error. CSRF tocken.. What's going on here, is this going to fix??
I got the code from the main branch from github. it works fine in local env. but not on live server.
Please try to fix this problem. I am new to OSclass and facing this critical problem.
is it going to be fixed?????
is there any alternative? like removing captcha or something?
Thanks,
Jimmi
-
Hi there,
i also have a trouble with smf_bridge...everyting is working fine but when i`m trying to update the forum name on User Settings i got the CSRF token instead of name typed. Any ideea to fix that?
-
Osclass 3.1.2 is out and fix some problems with crsf tokens, update if still have issues.
Regards
-
Osclass 3.1.2 is out and fix some problems with crsf tokens, update if still have issues.
Regards
Hey garcia, i`m ussing 3.1.2 with modern theme. i did step by step smf_bridge plugin install but i have some problems:
1. the username is adding succesfull (after i`m login in osclass) on the smf db but when i`m trying to switch on forum i`m not logged on it; also if i`m trying to manualy log on it i got "bad password message"
2. if i`m trying to change the forum name from osclass user menu i get a name like CSRF244095702_485338264
any ideea what i`m doing wrong?
thanks in advance...
-
Solution, but first some comments:
I'm sorry to have to say this, but it's typical for a fresh install of OSClass to not work correctly. Every version I've tried, fails to allow you into the admin panel after installing. Also, the search function appears to be completely broken. I'm not complaining, just commenting. After all this is software that very generous people are providing to everyone for free! I appreciate and admire that. I certainly could not develop it with my current skills, or lack thereof. :)
Solution for accessing admin panel:
Replace the code at the top of your config file with the following:
<?php
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
/**
* The base MySQL settings of Osclass
*/
define('MULTISITE', 0);
Now: Enter your admin user and pass. You'll probably get a CSFR token error now. Just enter your user and pass again, and you SHOULD get in....
If your version of 3.1.2 is like mine, your search will still be broken, resulting in "page not found" errors every time you perform a search, even when the search word exists...
My Personal solution:
Use version 3.0.2. It's the most functioning version I've found. But, you'll also have to modify your config.php file to access your admin panel in that version as well.
You'll need to ad the following to line #2 of that config file:
session_save_path ( ABS_PATH . 'oc-content/uploads/' );
You can see my version of 3.0.2 running here: http://pmclassifieds.com
And if you want to see the search function of 3.1.2 in action, you can access it here: http://pmclassifieds.com/test
Run the search on both and you'll see what I mean. I don't know what else is wrong with 3.1.2 because I'm already done testing it.
The one problem I have identified with version 3.0.2, is uploading pics of larger sizes... I've had to limit my upload image size to 1.5 MB. Most images larger than that fail, resulting in a 500 internal server error message.
I hope the info helps.
Good luck all!
Tom
-
I have tried all solutions in this thread, but without luck.
I also have the version 3.1.2, just upgraded.
I cannot register a user without FB. Please try. www.kunlabora.com, I am interested to hear what the problem is. Thx
-
Hi guys,
Today, I got same error, nothing was done, just error started to come in oc-admin, then front-office, so I done this:
- added class="nocsfr" to every form in front office
- commentent whole body of function osc_csrf_check in oc-includes/osclass/helpers/hSecurity.php
Now, this check is totaly disabled :)
-
Hi frosticek,
In what forms exactly? You are aware that by disabling CSRF you put your website/application at risk?
Regards
-
@dev101
In all forms in osclass, oc-admin & front-office as well.
I was just working in oc-admin, then got logged out. When I was trying to login back to site, still same error: Invalid CSRF token.
When I added class="nocsrf", I got error from CSRF check function: Probably invalid request. Very strange and annoying. So I have disabled it completely.
-
Well, I would say that you have a perfect debugging opportunity. class="nocsrf" is used on GET forms to prevent appearing in URLs. It should not be used on POST forms. This is as far as I can help you with CSRF tokens. Try to disable all plugins and trace steps back.
Regards
-
@dev101
That is true, but I would say there is just some little problem with stored token, would be good to have opportunity to reset tokens. As this is very rare situation, I will probably do not dig further...
-
same problem...
i try to give all forms nocsrf and
commented whole body of hsecurity
categories and pages not working
-> uncomment hsecurity
pages are working
categories not working
after login blank page
now i need help :o
-
@andrenalin
I recommend to do this just for search forms (not login, item post, ...) because of similar problems...
-
ok... now put all csrf classes to standard.
same problem, can´t login or register.
i get this error just on frontend
i can login in backend without problems...
this is my token
<input type="hidden" name="CSRFName" value="CSRF1901093716_411717070">
<input type="hidden" name="CSRFToken" value="633d7f72ebf4298bcb8a525ad80f58ea9a3eb29439e3fe79ebdf90330464ddc64a8dd653912e540d411fe0a875f7e8d3199184bfc493969b1190fafbac964659">
how can i exactly turn this check off?
only add the class="nocsrf" is not working
thx
-
@andrenalin
I had similar problem, it looks like csrf tokens kept mashed .... try to clear you cookies, cache etc and then again.
Not sure how to completely disable, but for me this is not good protection way. I.e. such protection should never be on search form.
-
now i disabled it in search forms,
csrf was three times on main page, search, search mobile and login form,
but it is only on post and i think it is not possible how often it is on one page.
where does the hsecutity.php get the values to check from?
my safari didn´t show me some session vars, i have only some cookie vars
attached a screenshot of my cookie vars.
is it possible to have session vars? i never watch at this.
i also add the session save path and it seems to work, it save a session in the folder,
i clear my cache and also deactivate it, clear the cookies but nothing happend >:(
just in the moment the whole work was for the trash :-[
****
while i was writing this text i play around a little,
just as i deactivatet the google connect plugin i could login to the front end :o
****
now i activate it back and it seems to work,
i play a little with session save path in config.php and try to find out more about sessions...
i changed the path but nothing works, i put it back to
session_save_path ( ABS_PATH . 'oc-content/uploads/' );no problems...
-
no idea what exactly happened... this was just my play around...
ok, i try twice...
when i activate the google login button i get csrf token
now i deactivate it
<!-- <li><?php // gc_login_button(); ?></li>-->
there is no problem...
i send you pm to my site
-
@andrenalin
There is no form used in whole plugin, so in this way it cannot bring any. But plugin works with session and cookies so it may keep some stored values. But as this is build in osclass function that is problematic to remove/avoid, I do not see any reason to deep inside plugin.
-
when i put my site from SUBFOLDER to SUBDOMAIN for test and dev
i try another time and give feedback...
thanks for checking
-
@andrenalin
Plugin was update and now should not cause problems with CSRF tokens.
Please test and post your results here: http://forums.osclass.org/plugins-20/plugin-26119/ (http://forums.osclass.org/plugins-20/plugin-26119/)
-
receiving INVALID CSRF token while trying to log in site, while submit contact form, and comment...
Also auto logging out problem for admin, it is quickly logging out out after 1 second of logging.
How to solve it?
I use Bender theme
-
I have contacted with HOST company after I am reading warning of conejoninja under https://github.com/osclass/Osclass/issues/2190
MY HOST is corrected issue;
I asked how to correct this myself if it repreated.
Here answer ;
In your file manager -> Public_html/forum
There in the folder
Should be 2 files with the word "session" included
Or you could just search for them
I have changed the permissions on them
This issue shouldn't reoccur
------
If someone face same problem, please contact first with your host company, or try to check file manager -> Public_html/forum as explained above.
-
What /forum folder are you talking about ?
And what session files are you also talking about ? Those are usually controlled by your hosting provider.
-
Hi
" forum" was very oudated installed PHPBB forum folder where I installed inside it.
I do not know what session, this is their answer.
I have removed this folder ( oudated script ), too. I no longer face " Invalid CSRF token " error.