A valid token could not be found A valid token could not be found
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

A valid token could not be found

Started by Cavey, July 10, 2010, 02:50:11 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Cavey

Hello all,

Need some advice, i have upgraded to the newest version (version 1.5.6 from version 1.4.7). Whenever i try to set any settings, it will keep prompting the following error

File: /home/cavey/public_html/CPG-Tango/usermgr.php - Line: 1050 (File shown here changes with the last function)
or
Error
A valid form token could not be found.
File: /home/cavey/public_html/CPG-Tango/logout.php - Line: 31 

I checked the token lifetime and it is at the default 900. With this issue i cannot save or do anything

I would like to create an account as requested for testing purposes but the following above is preventing me from doing so. My website's CPG is at http://tango.kicks-ass.org/CPG-Tango

Any advice will be appreciated. Thank you in advice.



Joe Carver


Cavey

Opps yup should be update rather than upgrade.

phill104

It is a mistake to think you can solve any major problems just with potatoes.

Cavey

Hello Phill ,

Sorry for the confusion. it is not fixed. Was just replying that i did an update instead of an upgrade as stated in the first paragraph, still getting the error. Could it be a server setting? I have 2 upgraded 1.5.6 CPGs running on the same server (suffix is different for both) and both are getting the same issue.


Joe Carver

Quote from: Cavey on July 10, 2010, 04:09:44 PM
Opps yup should be update rather than upgrade.
??? I don't understand.
If you did not understand, I meant: http://tango.kicks-ass.org/CPG-Tango/update.php

Cavey

Hello Joe,

Sorry for the confusion, Yes i did run update.php to 1.5.6, everything appeared to be successful, but still getting the same error.

Anyway i tried deleting all files/db and did a fresh install and still got the error, just wondering, for the server end, is there a need to enable a php function in order for the token thing to work?

Thank you.

Joachim Müller

What PHP version do you have on your server?

Cavey

PHP Version 5.2.10
MySQL: 5.0.91
Apache: 2.2.0

Joachim Müller

Please post a non-admin test user account with privileges to have personal albums.

Cavey

Hello Joachim,

i would like to do so but the token error is stopping me from creating an account or from doing anything else. I have just set up another CPG Test gallery on that server for testing and troubleshooting purposes. If it is ok, can i PM you the details as it contains information the admin account.

Cavey

Hello All,

Just thought i will update this thread before changing it to solved. After much testing, i found out that it was my own Internet Service Provider (ISP) causing this issue, tested over at 2 friend's places using different ISPs and it is ok. Server and CPG fresh installation and update was fine and wasnt the cause of this issue

Not sure what information sent from server to ISP to my pc is being blocked but i have already asked them to investigate. If there is a firm answer will post it here to help others.

Joe Carver

#12
Check to see if your IP address is stable over time. If you are on win, then open a command window and type....  

ipconfig /all     and recheck it a couple/few minutes later.


Or, use a web service  that echos your ip back to you
( http://network-tools.com works well, I use it for other reasons )

Αndré

I don't know how the usual home networking looks in Singapore or in the US. But in Germany almost everyone has a DSL or cable connection with a router between the modem and the PC. So ipconfig /all returns your internal IP which doesn't matter in that scenario.

Quote from: Αndré on July 13, 2010, 11:36:51 AM
Please have a look how the token is generated:
$token = md5(USER_ID . $raw_ip . $superCage->server->getRaw('HTTP_USER_AGENT') . $CONFIG['site_token'] . $timestamp);
Each value has to be identical to generate a valid token. So your IP mustn't change and your HTTP_USER_AGENT has to be the same, too.

If you have serious trouble with the form token, you have to determine where the culprit lies (probably your IP address) and adjust the token generation.

Cavey

Hello Joe, Andre,

For myself i am using a ADSL router, so yes the ip will be a private ip and wont change much there. Just for further testing I used a ADSL modem for direct connection to my PC and got the same result. IP and Browser were still the same ones.

Putting myself back to the ADSL router, when i used my ISP's proxy, it seems to work well,

Just wondering is it a good idea to remove the raw_ip from the line $token = md5(USER_ID . $raw_ip . $superCage->server->getRaw('HTTP_USER_AGENT') . $CONFIG['site_token'] . $timestamp);, can token generation work without that?

Αndré

Quote from: Cavey on July 15, 2010, 09:19:02 AM
can token generation work without that?
Yes. The same function is used for creating a token and checking if a token is (still) valid.

Cavey

Thank you Andre, this did the trick with the token error.

However will try to look into why this happens to be the case for my IP/ISP