1 (edited by Teste 2010-06-07 22:34)

Topic: Bypassing Security Tokens on Custom Forms

I've been adding my own apps to PunBB (assuming that's OK) and usually use:

if (!defined('FORUM_ROOT'))
    define('FORUM_ROOT', './../');
require FORUM_ROOT.'include/common.php';

to get the user data and stuff.

When common.php is included and I try to submit information using a form, I get this annoying little thing from the PunBB forum:

Unable to confirm security token. A likely cause for this is that some time passed between when you first entered the page and when you submitted a form or clicked a link. If that is the case and you would like to continue with your action, please click the Confirm button. Otherwise, you should click the Cancel button to return to where you were.

I need a way to bypass it. I tried looking at PunBB source code for examples on how to properly generate the csrf token but can't get it to work.

Help?

edit: excuse me if it's in the wrong forum.

2 (edited by Teste 2010-06-09 21:38)

Re: Bypassing Security Tokens on Custom Forms

2 day bump :*(

Re: Bypassing Security Tokens on Custom Forms

Use

define('FORUM_DISABLE_CSRF_CONFIRM', 1);

See wiki...

FluxBB - v1.4.8

4

Re: Bypassing Security Tokens on Custom Forms

lie2815 wrote:

Use

define('FORUM_DISABLE_CSRF_CONFIRM', 1);

See wiki...

<3 you to death.