Closed tanziran closed 2 months ago
Hello! Most likely, the IP address of the form sender changed between opening and sending it.
https://github.com/MioVisman/FluxBB_by_Visman/issues?q=csrf_hash
Here's the problem: I used Cloudflare's DNS traffic proxy, and I didn't see the IP change when I turned the proxy off, but there was a second problem.Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.
Here's the problem: I used Cloudflare's DNS traffic proxy, and when I turned the proxy off, the first error would be resolved, which was the IP change error.
The csrf_hash() function is responsible for generating csrf_hash and subsequently checking it: https://github.com/MioVisman/FluxBB_by_Visman/blob/master/include/functions.php#L1178-L1193
The result of its work depends on:
$pun_user
- current user in the engine.$script
- the name of the file from which the call is made. If not specified, the name is calculated from the data received from the server: basename($_SERVER['SCRIPT_NAME'])
.get_remote_address()
function. get_current_protocol()
function.Add before the line
return $arr[$key];
line with logging code to the error file
error_log('script=' . $script . '; ip='. $ip . '; userId=' . $user['id'] . '; protocol=' . get_current_protocol() );
After that, test sending forms and look at the server error log to see how the log lines differ.
Okay, it suddenly doesn't have this problem anymore, I didn't move any settings. Thank you for your patience, though.
Often: Wrong csrf_hash. You were directed to this page from an unauthorized source. It need to refresh and resubmit before you can submit. This bug is likely to occur on anything that is committed. My deployment server is a web host. The environment is php 7.3.31 and MySQL Improved (InnoDB) 5.7.44. I'm also prompted to clear all .php files in /cache.