The Joomla! Forum ™



Forum rules


Forum Rules
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 59 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Fri Jan 15, 2010 9:46 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jan 03, 2010 9:54 pm
Posts: 17
My site also suffers from the Invalid Token - I think it started after Vmart 1.1.4
On admin login and on default poll mod


Top
 Profile  
 
PostPosted: Sat Jan 16, 2010 3:49 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Oct 14, 2009 2:32 pm
Posts: 6
I had this issue but it was because I was using JomSocial. Sometimes it was caused by the server proxy and other times by JomSocial itself. To fix it I edited the Joomla user file where the Invalid Token error exists to instead redirect to a URL rather than showing the error. I made that URL the account page since even though it gave Invalid Token the user was logged in. You can also get this intermittently with JomSocial if you don't assign the JomSocial frontpage component as "public" somewhere on your menu.


Top
 Profile  
 
PostPosted: Mon Jan 18, 2010 3:54 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Fri Aug 21, 2009 3:22 am
Posts: 4
We found a solution: If a user loads the page with the login form or registration form, then let's it sit there for several minutes (or take too long to fill-in the form), the randomly generated token used for authentication expires. Tokens are set to expire after 180 seconds - a more reasonable time limit might be 1800 seconds (half-hour) especially for registration forms - particularly if you have installed a customised user reg process, e.g. Jom_social.

The time limit is established in the file:
/components/com_community/models/register.php
search for "INTERVAL 180 SECOND" and replace with 1800

$query .= " WHERE `created` >= DATE_SUB('".$curDateMysql."', INTERVAL 1800 SECOND)";


Top
 Profile  
 
PostPosted: Thu Feb 04, 2010 10:48 am 
Joomla! Intern
Joomla! Intern

Joined: Sat Dec 02, 2006 4:54 pm
Posts: 78
@vjrm

any chance you could give us a bit more guidence/modify your post regards this issue.

Just wondering if you could tell me which files you changed here?

You said "To fix it I edited the Joomla user file where the Invalid Token error exists to instead redirect to a URL rather than showing the error. I made that URL the account page since even though it gave Invalid Token"

I have searched my entire site for 'Invalid Token' and cannot find it anywhere!

@bitterblackale I cannot find the file you are talking about either...


Top
 Profile  
 
PostPosted: Thu Mar 11, 2010 4:37 pm 
Joomla! Intern
Joomla! Intern

Joined: Sat Dec 02, 2006 4:54 pm
Posts: 78
In the end what I did to resolve this as a temporary fix was to make a bit of javascript that pulled the token from the yoologin module and passed it to thge registration form that was also being displayed in a module.

Its still not 100% though and I have just got another 'Invalid Token'

I think this one happenned because I had left the page open for a while without loggin in.

However they KEY thing here is to have Joomla do something more user friendly than just show a blank white page with Invalid Token on it as this totally destrys the suer experience.

Why can't Joomla send the person back to the page they were on with an error message just like what happens when you enter the wrong password, with a message saying 'Invalid Token. Please try logging in again'


Top
 Profile  
 
PostPosted: Wed Mar 17, 2010 9:53 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Thu Aug 18, 2005 8:43 pm
Posts: 7986
Location: New York
You don't want to make it not check the tokens since they are there for security reasons. The token checks prevent one kind of attack that can implemented by submitting malicious code via a form.

I didn't realize you were not using the core login. Have you asked the developers for help?

_________________
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.


Top
 Profile  
 
PostPosted: Wed Mar 17, 2010 12:55 pm 
Joomla! Intern
Joomla! Intern

Joined: Sat Dec 02, 2006 4:54 pm
Posts: 78
Hi yeah, I have spoken to both developers for help but of course all of the developers blame each other/me for their stuff not working and so don't think its their problem

i.e. we are using Mighty Extensions to manage users, we are using Yootheme to show the login box and we are using an extension that puts a component in a module to show the registration form on the same page.

Unfortunalety this cannot really work any differently. What we need is for Joomla itself to have a registration Module but it doesn't.

So what happens is that the login form gets the right token. Then the registration form creates another one that is wrong. So I use javascript to replace the token the registration form creates with the one the login form creates and this generally works.

So I think it is still checking tokens. What I'd really, really, really like is that if the tokens are wrong that you do not simply get sent to that awful useless customer relations destroying 'Invalid Token' page. I want you sent back to the previous page with 'Invalid Token' as an error. Why can't this happen? Why doesn't this happen anyway?


Top
 Profile  
 
PostPosted: Sat Mar 20, 2010 2:18 pm 
Joomla! Intern
Joomla! Intern

Joined: Sat Dec 02, 2006 4:54 pm
Posts: 78
Cmon people, all over the web there is this invalid token issue. I know its irregular and I know there are alot of factors involved in the causes.

I appreciate that it is a good security feature but why can't Joomla simply redirect to the previous page with 'Invalid Token' as the error, like it does you have a session expired error? This would take this issue from absolutely totally critical to relatively minor.

Currently the 'Invalid Token' screen makes it look like the site is not working AT ALL and the chances of a user trying again by clicking the back button are to my mind very slim. If the Invalid Token error simply returned you to the previous page with a message 'Invalid Token: Please try logging in again' users would probably do it.

Why is it that it doesn't work this way and please can someone who knows abit more about the Joomla core let me know how I can make it work this way if there is no downside to doing so?


Top
 Profile  
 
PostPosted: Sun Mar 21, 2010 12:53 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Thu Aug 18, 2005 8:43 pm
Posts: 7986
Location: New York
Tthe thing is, in this case it's not Joomla! that's doing it, it is the extension you are using. Without seeing the code for that extension it's not possible to know how it is handling the problem.

_________________
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.


Top
 Profile  
 
PostPosted: Mon Mar 22, 2010 7:38 pm 
Joomla! Intern
Joomla! Intern

Joined: Sat Dec 02, 2006 4:54 pm
Posts: 78
Hi there,

Yeah I am hoping the maker of the extension will be able to do something to fix it.

However in the mean time it would make the world of difference if Joomla did not send people to the blank 'invalid token' screen ever. If it could instead redirect to the previous page with an error that would be SOOO much better.

D


Top
 Profile  
 
PostPosted: Tue Mar 23, 2010 12:55 pm 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Thu Aug 18, 2005 8:43 pm
Posts: 7986
Location: New York
Joomla! does not do that. I get invalid token messages all the time and don't get blank screens. j
The developer needs to fix the behavior on finding invalid token.

_________________
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.


Top
 Profile  
 
PostPosted: Sun Apr 04, 2010 12:21 pm 
Joomla! Intern
Joomla! Intern

Joined: Sat Dec 02, 2006 4:54 pm
Posts: 78
Well I'll have a look at the code then but from what I have seen invalid token always seems to be followed by exit() wherever you look in the joomla code...

If you could point me to an example of where it doesn't I can easily copy and paste what it does do into the relevant place in the login and register modules I am using...


Top
 Profile  
 
PostPosted: Tue Jul 27, 2010 5:36 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jan 07, 2007 1:48 pm
Posts: 25
I understand this is a common problem, but there is no fix for this? I'm not using any special mods or plug-ins and i get quite often this error.

_________________
http://newpressrelease.com | http://fpld.net


Top
 Profile  
 
PostPosted: Fri Feb 18, 2011 6:35 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Feb 11, 2009 11:41 am
Posts: 4
Hello

I get "Invalid Token" when trying to login to admin in Firefox 3.6.13, try again later and it works.

Another one frequently occuring is I have to login multiple times, I only get in on second
attempt although username/password was correct.

Using Joomla 1.5.22 with PHP 5.2.14.

Cheers Ken

_________________
---
http://bolanken.se


Top
 Profile  
 
PostPosted: Fri Feb 18, 2011 8:06 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Feb 11, 2009 11:41 am
Posts: 4
I tried to clear browser history and login to front end of site:

1. First login fails, no message output
2. Second login gives "Invalid Token"
3. Third login gets me into the web site
4. If I clear browser history it all starts from (1) again

This is using Joomla 1.5.22 and PHP 5.2.14 running on a shared server with LiteSpeed.
Firefox 3.6.13. Site is offline at the moment so only admins can login.

We also get thrown out of back end frequently, and have to login again (even though we clearly
have been active within the last 15 mins...).

Any ideas?

Cheers Ken

_________________
---
http://bolanken.se


Top
 Profile  
 
PostPosted: Fri Feb 18, 2011 8:21 am 
I've been banned!

Joined: Fri Feb 04, 2011 12:19 pm
Posts: 37
what is your server`s OS ? linux or windows?
if it is windows , i think its from your php setting
you can run it in your localhost and test it

_________________
http://www.[spam].ir
http://jsa.ir/productlist.asp?Content_ID=36


Top
 Profile  
 
PostPosted: Fri Feb 18, 2011 8:33 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Feb 11, 2009 11:41 am
Posts: 4
Thanks for reply.

Server is running Linux (Ubuntu).

Cheers Ken

_________________
---
http://bolanken.se


Top
 Profile  
 
PostPosted: Fri Mar 18, 2011 1:21 am 
Joomla! Intern
Joomla! Intern

Joined: Tue Feb 19, 2008 6:47 pm
Posts: 57
I agree with davidosullivan, it could be very useful to have a plugin or fix to avoid that nasty 'INVALID TOKEN' white page. There is not any way to fix this easily?? Going back to previous screen and showing a message with more information for the user could be great; something like: please empty your browser cache and/or delete cookies and try again. Also may be that making a simple javascript that deletes all site session cookies could be amazing...

In my experience, this issue happens 90% of times when using Firefox, cause using Chrome or Safari it doesn't seems to happen anymore...

What you think? :pop


Top
 Profile  
 
PostPosted: Sat Mar 19, 2011 4:53 pm 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Sun Dec 09, 2007 3:30 pm
Posts: 68
Have had several LOGOUT problems with invalid token error.

Fixed it (for joomla 1.6.1) by adding the following code to the proper place in my templates mod_login directory file default.php

The code block is below to make it easier to find, the only change/addition is the last line (which I bolded and italicized).

<input type="hidden" name="option" value="com_users" />
<input type="hidden" name="task" value="user.logout" />
<input type="hidden" name="return" value="<?php echo $return; ?>" />
<?php echo JHtml::_('form.token'); ?>

It my/our case is was the login procedure that was not getting the (1.6.1 added the token) token info.


Top
 Profile  
 
PostPosted: Fri May 13, 2011 5:46 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri May 13, 2011 5:32 pm
Posts: 20
spend ages trying to resolve this try this i posted in another forum:

viewtopic.php?p=2500641#p2500641

_________________
We will rule over all this land, and we will call it... 'This Land'.


Top
 Profile  
 
PostPosted: Fri May 13, 2011 9:41 pm 
Joomla! Intern
Joomla! Intern

Joined: Tue Feb 19, 2008 6:47 pm
Posts: 57
danielbprobert wrote:
spend ages trying to resolve this try this i posted in another forum:

viewtopic.php?p=2500641#p2500641


You can make your hack even better if you use $mainframe->redirect('index.php','Alert message','alert'); and substitute 'Alert message' with your favourite message requesting the user to empty the browser cache or deleting domain cookies...

regards,


Top
 Profile  
 
PostPosted: Sat May 14, 2011 5:29 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri May 13, 2011 5:32 pm
Posts: 20
true but i don't want my clients to even know there was an error doing it that way tells people there was problem...

although that does work just as well

_________________
We will rule over all this land, and we will call it... 'This Land'.


Top
 Profile  
 
PostPosted: Wed Aug 31, 2011 5:32 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Aug 31, 2011 5:19 pm
Posts: 6
Location: Dallas, TX
I got this from another thread here... it worked for a lot of people:

Open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site.

Find this code:

Code:
function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or jexit( 'Invalid Token' );


Replace it with this:

Code:
function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');


Obviously, change yourdominaname with your actual domain.

_________________
Please read forum rules regarding signatures: viewtopic.php?t=65


Top
 Profile  
 
PostPosted: Sat Sep 24, 2011 5:43 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun May 29, 2011 8:56 am
Posts: 8
adizlaja wrote:
I got this from another thread here... it worked for a lot of people:

Open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site.

Find this code:

Code:
function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or jexit( 'Invalid Token' );


Replace it with this:

Code:
function login()
   {
      // Check for request forgeries
                JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');


Obviously, change yourdominaname with your actual domain.



Can someone please indicate what the correct file to modify is in Joomla 1.7? I checked the controller.php in the directory listed above, and there is no such code to modify!

Thanks!


Top
 Profile  
 
PostPosted: Wed Oct 05, 2011 5:20 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jan 16, 2008 12:52 am
Posts: 9
For me this only ever happens if I enter the username and password and then hit the 'enter' key, if I click the 'login' button then it's fine.


Top
 Profile  
 
PostPosted: Wed Oct 05, 2011 10:19 am 
Joomla! Intern
Joomla! Intern

Joined: Sat Dec 02, 2006 4:54 pm
Posts: 78
This topic is more advanced in this thread (with Joomla 1.7 solution)

viewtopic.php?f=404&t=265868&start=150


Top
 Profile  
 
PostPosted: Sun Dec 11, 2011 4:37 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Sep 19, 2010 2:51 pm
Posts: 6
Had problems with login module and user component:
- invalid token
- sometime no change was reflecting when trying to login
- no redirect etc.
Finally figured out that the user component was acting funny because of the .htaccess configuration.
Solution was to remove the "action" parameter of the forms.


Top
 Profile  
 
PostPosted: Tue Feb 14, 2012 4:40 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Feb 14, 2012 4:34 pm
Posts: 2
For me disabling the Google Authentication plugin fixed this problem.


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 5:26 pm 
Joomla! Intern
Joomla! Intern

Joined: Fri Mar 25, 2011 7:06 pm
Posts: 52
it is a known problem with a known solution.


index.php/topic,251273.0.html

_________________
http://www.irandream.com


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 59 posts ]  Go to page Previous  1, 2



Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group