Closed ghost closed 3 years ago
There are two possible reasons for this message:
If the reason is in the "Base URL", then open the /cache/cache_config.php file on the server, set the correct value of the 'o_base_url' element and save, then go to Administration -> Options and set the correct value and save.
It seems I was wrong. There may be a third reason:
This problem can occur due to incorrect server configuration. For example, if apache is hosted behind nginx, and nginx does not pass the correct value to $_SERVER['HTTPS'].
See get_current_protocol() function https://github.com/MioVisman/FluxBB_by_Visman/blob/master/include/functions.php#L202
P.S. And it seems the second reason is not relevant, judging by the function csrf_hash() https://github.com/MioVisman/FluxBB_by_Visman/blob/master/include/functions.php#L1166 My brain is still sleeping.
The site is running on a fresh install of Ubuntu 20.04 with Plesk. It does use a mix of Apache with Nginx. The latest error I received when posting was:
Bad csrf_hash. You were referred to this page from an unauthorized source.
I tried posting again, and it went through. I am wondering if there is something about the default server config that only impacts FluxBB. I have phpBB, WordPress, and WoltLab Burning Board, all running on the same server and domain.
I am wondering if there is something about the default server config that only impacts FluxBB. There is a different approach in the engines themselves.
In the original FluxBB, to check the data received from the user, the referrer sent by the user's browser is checked. Referrer is easy to fake .
My FluxBB uses a csrf hash which is generated by a function: https://github.com/MioVisman/FluxBB_by_Visman/blob/master/include/functions.php#L1166 In this case, csrf hash depends on:
Changing the value of any of these items between the opening of the form and its attempt to save will cause an error:
Bad csrf_hash. You were referred to this page from an unauthorized source.
That would explain a few things. I was using Cloudflare, and my IP address would change.
Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.
I had freshly installed your copy of FluxBB R.82 and only changed the times zone and wrote some basic rules. The above was the error I received.