Invalid Token on Login Screen
-
- Joomla! Apprentice
- Posts: 17
- Joined: Sun Jan 03, 2010 9:54 pm
Re: Invalid Token on Login Screen
My site also suffers from the Invalid Token - I think it started after Vmart 1.1.4
On admin login and on default poll mod
On admin login and on default poll mod
-
- Joomla! Apprentice
- Posts: 6
- Joined: Wed Oct 14, 2009 2:32 pm
Re: Invalid Token on Login Screen
I had this issue but it was because I was using JomSocial. Sometimes it was caused by the server proxy and other times by JomSocial itself. To fix it I edited the Joomla user file where the Invalid Token error exists to instead redirect to a URL rather than showing the error. I made that URL the account page since even though it gave Invalid Token the user was logged in. You can also get this intermittently with JomSocial if you don't assign the JomSocial frontpage component as "public" somewhere on your menu.
-
- Joomla! Fledgling
- Posts: 4
- Joined: Fri Aug 21, 2009 3:22 am
Re: Invalid Token on Login Screen
We found a solution: If a user loads the page with the login form or registration form, then let's it sit there for several minutes (or take too long to fill-in the form), the randomly generated token used for authentication expires. Tokens are set to expire after 180 seconds - a more reasonable time limit might be 1800 seconds (half-hour) especially for registration forms - particularly if you have installed a customised user reg process, e.g. Jom_social.
The time limit is established in the file:
/components/com_community/models/register.php
search for "INTERVAL 180 SECOND" and replace with 1800
$query .= " WHERE `created` >= DATE_SUB('".$curDateMysql."', INTERVAL 1800 SECOND)";
The time limit is established in the file:
/components/com_community/models/register.php
search for "INTERVAL 180 SECOND" and replace with 1800
$query .= " WHERE `created` >= DATE_SUB('".$curDateMysql."', INTERVAL 1800 SECOND)";
-
- Joomla! Intern
- Posts: 78
- Joined: Sat Dec 02, 2006 4:54 pm
Re: Invalid Token on Login Screen
@vjrm
any chance you could give us a bit more guidence/modify your post regards this issue.
Just wondering if you could tell me which files you changed here?
You said "To fix it I edited the Joomla user file where the Invalid Token error exists to instead redirect to a URL rather than showing the error. I made that URL the account page since even though it gave Invalid Token"
I have searched my entire site for 'Invalid Token' and cannot find it anywhere!
@bitterblackale I cannot find the file you are talking about either...
any chance you could give us a bit more guidence/modify your post regards this issue.
Just wondering if you could tell me which files you changed here?
You said "To fix it I edited the Joomla user file where the Invalid Token error exists to instead redirect to a URL rather than showing the error. I made that URL the account page since even though it gave Invalid Token"
I have searched my entire site for 'Invalid Token' and cannot find it anywhere!
@bitterblackale I cannot find the file you are talking about either...
-
- Joomla! Intern
- Posts: 78
- Joined: Sat Dec 02, 2006 4:54 pm
Re: Invalid Token on Login Screen
In the end what I did to resolve this as a temporary fix was to make a bit of javascript that pulled the token from the yoologin module and passed it to thge registration form that was also being displayed in a module.
Its still not 100% though and I have just got another 'Invalid Token'
I think this one happenned because I had left the page open for a while without loggin in.
However they KEY thing here is to have Joomla do something more user friendly than just show a blank white page with Invalid Token on it as this totally destrys the suer experience.
Why can't Joomla send the person back to the page they were on with an error message just like what happens when you enter the wrong password, with a message saying 'Invalid Token. Please try logging in again'
Its still not 100% though and I have just got another 'Invalid Token'
I think this one happenned because I had left the page open for a while without loggin in.
However they KEY thing here is to have Joomla do something more user friendly than just show a blank white page with Invalid Token on it as this totally destrys the suer experience.
Why can't Joomla send the person back to the page they were on with an error message just like what happens when you enter the wrong password, with a message saying 'Invalid Token. Please try logging in again'
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: Invalid Token on Login Screen
You don't want to make it not check the tokens since they are there for security reasons. The token checks prevent one kind of attack that can implemented by submitting malicious code via a form.
I didn't realize you were not using the core login. Have you asked the developers for help?
I didn't realize you were not using the core login. Have you asked the developers for help?
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
-
- Joomla! Intern
- Posts: 78
- Joined: Sat Dec 02, 2006 4:54 pm
Re: Invalid Token on Login Screen
Hi yeah, I have spoken to both developers for help but of course all of the developers blame each other/me for their stuff not working and so don't think its their problem
i.e. we are using Mighty Extensions to manage users, we are using Yootheme to show the login box and we are using an extension that puts a component in a module to show the registration form on the same page.
Unfortunalety this cannot really work any differently. What we need is for Joomla itself to have a registration Module but it doesn't.
So what happens is that the login form gets the right token. Then the registration form creates another one that is wrong. So I use javascript to replace the token the registration form creates with the one the login form creates and this generally works.
So I think it is still checking tokens. What I'd really, really, really like is that if the tokens are wrong that you do not simply get sent to that awful useless customer relations destroying 'Invalid Token' page. I want you sent back to the previous page with 'Invalid Token' as an error. Why can't this happen? Why doesn't this happen anyway?
i.e. we are using Mighty Extensions to manage users, we are using Yootheme to show the login box and we are using an extension that puts a component in a module to show the registration form on the same page.
Unfortunalety this cannot really work any differently. What we need is for Joomla itself to have a registration Module but it doesn't.
So what happens is that the login form gets the right token. Then the registration form creates another one that is wrong. So I use javascript to replace the token the registration form creates with the one the login form creates and this generally works.
So I think it is still checking tokens. What I'd really, really, really like is that if the tokens are wrong that you do not simply get sent to that awful useless customer relations destroying 'Invalid Token' page. I want you sent back to the previous page with 'Invalid Token' as an error. Why can't this happen? Why doesn't this happen anyway?
-
- Joomla! Intern
- Posts: 78
- Joined: Sat Dec 02, 2006 4:54 pm
Re: Invalid Token on Login Screen
Cmon people, all over the web there is this invalid token issue. I know its irregular and I know there are alot of factors involved in the causes.
I appreciate that it is a good security feature but why can't Joomla simply redirect to the previous page with 'Invalid Token' as the error, like it does you have a session expired error? This would take this issue from absolutely totally critical to relatively minor.
Currently the 'Invalid Token' screen makes it look like the site is not working AT ALL and the chances of a user trying again by clicking the back button are to my mind very slim. If the Invalid Token error simply returned you to the previous page with a message 'Invalid Token: Please try logging in again' users would probably do it.
Why is it that it doesn't work this way and please can someone who knows abit more about the Joomla core let me know how I can make it work this way if there is no downside to doing so?
I appreciate that it is a good security feature but why can't Joomla simply redirect to the previous page with 'Invalid Token' as the error, like it does you have a session expired error? This would take this issue from absolutely totally critical to relatively minor.
Currently the 'Invalid Token' screen makes it look like the site is not working AT ALL and the chances of a user trying again by clicking the back button are to my mind very slim. If the Invalid Token error simply returned you to the previous page with a message 'Invalid Token: Please try logging in again' users would probably do it.
Why is it that it doesn't work this way and please can someone who knows abit more about the Joomla core let me know how I can make it work this way if there is no downside to doing so?
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: Invalid Token on Login Screen
Tthe thing is, in this case it's not Joomla! that's doing it, it is the extension you are using. Without seeing the code for that extension it's not possible to know how it is handling the problem.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
-
- Joomla! Intern
- Posts: 78
- Joined: Sat Dec 02, 2006 4:54 pm
Re: Invalid Token on Login Screen
Hi there,
Yeah I am hoping the maker of the extension will be able to do something to fix it.
However in the mean time it would make the world of difference if Joomla did not send people to the blank 'invalid token' screen ever. If it could instead redirect to the previous page with an error that would be SOOO much better.
D
Yeah I am hoping the maker of the extension will be able to do something to fix it.
However in the mean time it would make the world of difference if Joomla did not send people to the blank 'invalid token' screen ever. If it could instead redirect to the previous page with an error that would be SOOO much better.
D
- mcsmom
- Joomla! Exemplar
- Posts: 7897
- Joined: Thu Aug 18, 2005 8:43 pm
- Location: New York
- Contact:
Re: Invalid Token on Login Screen
Joomla! does not do that. I get invalid token messages all the time and don't get blank screens. j
The developer needs to fix the behavior on finding invalid token.
The developer needs to fix the behavior on finding invalid token.
So we must fix our vision not merely on the negative expulsion of war, but upon the positive affirmation of peace. MLK 1964.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
http://officialjoomlabook.com Get it at http://www.joomla.org/joomla-press-official-books.html Buy a book, support Joomla!.
-
- Joomla! Intern
- Posts: 78
- Joined: Sat Dec 02, 2006 4:54 pm
Re: Invalid Token on Login Screen
Well I'll have a look at the code then but from what I have seen invalid token always seems to be followed by exit() wherever you look in the joomla code...
If you could point me to an example of where it doesn't I can easily copy and paste what it does do into the relevant place in the login and register modules I am using...
If you could point me to an example of where it doesn't I can easily copy and paste what it does do into the relevant place in the login and register modules I am using...
-
- Joomla! Apprentice
- Posts: 25
- Joined: Sun Jan 07, 2007 1:48 pm
Re: Invalid Token on Login Screen
I understand this is a common problem, but there is no fix for this? I'm not using any special mods or plug-ins and i get quite often this error.
-
- Joomla! Fledgling
- Posts: 4
- Joined: Wed Feb 11, 2009 11:41 am
Re: Invalid Token on Login Screen
Hello
I get "Invalid Token" when trying to login to admin in Firefox 3.6.13, try again later and it works.
Another one frequently occuring is I have to login multiple times, I only get in on second
attempt although username/password was correct.
Using Joomla 1.5.22 with PHP 5.2.14.
Cheers Ken
I get "Invalid Token" when trying to login to admin in Firefox 3.6.13, try again later and it works.
Another one frequently occuring is I have to login multiple times, I only get in on second
attempt although username/password was correct.
Using Joomla 1.5.22 with PHP 5.2.14.
Cheers Ken
-
- Joomla! Fledgling
- Posts: 4
- Joined: Wed Feb 11, 2009 11:41 am
Re: Invalid Token on Login Screen
I tried to clear browser history and login to front end of site:
1. First login fails, no message output
2. Second login gives "Invalid Token"
3. Third login gets me into the web site
4. If I clear browser history it all starts from (1) again
This is using Joomla 1.5.22 and PHP 5.2.14 running on a shared server with LiteSpeed.
Firefox 3.6.13. Site is offline at the moment so only admins can login.
We also get thrown out of back end frequently, and have to login again (even though we clearly
have been active within the last 15 mins...).
Any ideas?
Cheers Ken
1. First login fails, no message output
2. Second login gives "Invalid Token"
3. Third login gets me into the web site
4. If I clear browser history it all starts from (1) again
This is using Joomla 1.5.22 and PHP 5.2.14 running on a shared server with LiteSpeed.
Firefox 3.6.13. Site is offline at the moment so only admins can login.
We also get thrown out of back end frequently, and have to login again (even though we clearly
have been active within the last 15 mins...).
Any ideas?
Cheers Ken
-
- I've been banned!
- Posts: 36
- Joined: Fri Feb 04, 2011 12:19 pm
Re: Invalid Token on Login Screen
what is your server`s OS ? linux or windows?
if it is windows , i think its from your php setting
you can run it in your localhost and test it
if it is windows , i think its from your php setting
you can run it in your localhost and test it
-
- Joomla! Fledgling
- Posts: 4
- Joined: Wed Feb 11, 2009 11:41 am
Re: Invalid Token on Login Screen
Thanks for reply.
Server is running Linux (Ubuntu).
Cheers Ken
Server is running Linux (Ubuntu).
Cheers Ken
-
- Joomla! Intern
- Posts: 57
- Joined: Tue Feb 19, 2008 6:47 pm
Re: Invalid Token on Login Screen
I agree with davidosullivan, it could be very useful to have a plugin or fix to avoid that nasty 'INVALID TOKEN' white page. There is not any way to fix this easily?? Going back to previous screen and showing a message with more information for the user could be great; something like: please empty your browser cache and/or delete cookies and try again. Also may be that making a simple javascript that deletes all site session cookies could be amazing...
In my experience, this issue happens 90% of times when using Firefox, cause using Chrome or Safari it doesn't seems to happen anymore...
What you think?
In my experience, this issue happens 90% of times when using Firefox, cause using Chrome or Safari it doesn't seems to happen anymore...
What you think?
- craiggf
- Joomla! Intern
- Posts: 68
- Joined: Sun Dec 09, 2007 3:30 pm
Re: Invalid Token on Login Screen
Have had several LOGOUT problems with invalid token error.
Fixed it (for joomla 1.6.1) by adding the following code to the proper place in my templates mod_login directory file default.php
The code block is below to make it easier to find, the only change/addition is the last line (which I bolded and italicized).
<input type="hidden" name="option" value="com_users" />
<input type="hidden" name="task" value="user.logout" />
<input type="hidden" name="return" value="<?php echo $return; ?>" />
<?php echo JHtml::_('form.token'); ?>
It my/our case is was the login procedure that was not getting the (1.6.1 added the token) token info.
Fixed it (for joomla 1.6.1) by adding the following code to the proper place in my templates mod_login directory file default.php
The code block is below to make it easier to find, the only change/addition is the last line (which I bolded and italicized).
<input type="hidden" name="option" value="com_users" />
<input type="hidden" name="task" value="user.logout" />
<input type="hidden" name="return" value="<?php echo $return; ?>" />
<?php echo JHtml::_('form.token'); ?>
It my/our case is was the login procedure that was not getting the (1.6.1 added the token) token info.
-
- Joomla! Apprentice
- Posts: 20
- Joined: Fri May 13, 2011 5:32 pm
Re: Invalid Token on Login Screen
spend ages trying to resolve this try this i posted in another forum:
http://forum.joomla.org/viewtopic.php?p ... 1#p2500641
http://forum.joomla.org/viewtopic.php?p ... 1#p2500641
We will rule over all this land, and we will call it... 'This Land'.
-
- Joomla! Intern
- Posts: 57
- Joined: Tue Feb 19, 2008 6:47 pm
Re: Invalid Token on Login Screen
You can make your hack even better if you use $mainframe->redirect('index.php','Alert message','alert'); and substitute 'Alert message' with your favourite message requesting the user to empty the browser cache or deleting domain cookies...danielbprobert wrote:spend ages trying to resolve this try this i posted in another forum:
http://forum.joomla.org/viewtopic.php?p ... 1#p2500641
regards,
-
- Joomla! Apprentice
- Posts: 20
- Joined: Fri May 13, 2011 5:32 pm
Re: Invalid Token on Login Screen
true but i don't want my clients to even know there was an error doing it that way tells people there was problem...
although that does work just as well
although that does work just as well
We will rule over all this land, and we will call it... 'This Land'.
- adizlaja
- Joomla! Apprentice
- Posts: 6
- Joined: Wed Aug 31, 2011 5:19 pm
- Location: Dallas, TX
- Contact:
Re: Invalid Token on Login Screen
I got this from another thread here... it worked for a lot of people:
Open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site.
Find this code:
Replace it with this:
Obviously, change yourdominaname with your actual domain.
Open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site.
Find this code:
Code: Select all
function login()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
Code: Select all
function login()
{
// Check for request forgeries
JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');
Please read forum rules regarding signatures: http://forum.joomla.org/viewtopic.php?t=65
-
- Joomla! Apprentice
- Posts: 8
- Joined: Sun May 29, 2011 8:56 am
Re: Invalid Token on Login Screen
adizlaja wrote:I got this from another thread here... it worked for a lot of people:
Open this file: components/com_user/controller.php - take a copy as a backup in case it causes any issues on your site.
Find this code:
Replace it with this:Code: Select all
function login() { // Check for request forgeries JRequest::checkToken() or jexit( 'Invalid Token' );
Obviously, change yourdominaname with your actual domain.Code: Select all
function login() { // Check for request forgeries JRequest::checkToken() or header('Location: http://www.yourdomainname.com/');
Can someone please indicate what the correct file to modify is in Joomla 1.7? I checked the controller.php in the directory listed above, and there is no such code to modify!
Thanks!
- rickenbacker
- Joomla! Apprentice
- Posts: 9
- Joined: Wed Jan 16, 2008 12:52 am
Re: Invalid Token on Login Screen
For me this only ever happens if I enter the username and password and then hit the 'enter' key, if I click the 'login' button then it's fine.
-
- Joomla! Intern
- Posts: 78
- Joined: Sat Dec 02, 2006 4:54 pm
Re: Invalid Token on Login Screen
This topic is more advanced in this thread (with Joomla 1.7 solution)
http://forum.joomla.org/viewtopic.php?f ... &start=150
http://forum.joomla.org/viewtopic.php?f ... &start=150
-
- Joomla! Apprentice
- Posts: 6
- Joined: Sun Sep 19, 2010 2:51 pm
Re: Invalid Token on Login Screen
Had problems with login module and user component:
- invalid token
- sometime no change was reflecting when trying to login
- no redirect etc.
Finally figured out that the user component was acting funny because of the .htaccess configuration.
Solution was to remove the "action" parameter of the forms.
- invalid token
- sometime no change was reflecting when trying to login
- no redirect etc.
Finally figured out that the user component was acting funny because of the .htaccess configuration.
Solution was to remove the "action" parameter of the forms.
-
- Joomla! Fledgling
- Posts: 2
- Joined: Tue Feb 14, 2012 4:34 pm
- Contact:
Re: Invalid Token on Login Screen
For me disabling the Google Authentication plugin fixed this problem.
-
- Joomla! Intern
- Posts: 52
- Joined: Fri Mar 25, 2011 7:06 pm
- Contact: