Tutorial written by me (Azazel) for openwebsecurity.com, and vbteam.info.
I have written this tutorial for all people who have the anti-CSRF problem. Wich gives the error:
Okay, here is a summary why you have this error. vBulletin 3.6.9 had a security flaw, they felt fucked, had to delay 3.7 release. Fixed 3.6.9 implented a new feature (also in 3.7 after RC) wich is the anti-CSRF one, and releassed a new build, hello vBulletin 3.6.10. But this means, all your templates and hacks wich are made before 3.6.10 or for 3.7 in RC State. Needs an update, otherwise when your visitors are going to the User CP or other features of your board, they get this not so stylish error. It's not stylish because it doesn't have the vBulletin logo on it, beside that. As a matter of fact, it's has no styling, it's just plain white background with default lettertype. Jelsoft, should do something about that, because you pay a few hundred bucks for it.
Okay here we go, the fastest way official announced way by vBulletin to update your templates is just reverting them. But reverting them means fucking over all modifications of your template. Means if you have custom made templates. That most of the styling gets fucked. And that is something we don't want right?
Well here we go, you just go to search in templates > search for text, select the style you want to update.
At search for text you fill in:
At replace with Text:
Test Replacement Only: We say HELL NO .
Just wait, get everything replaced. And voila, load your template, no more errors.
After this as a additional precaution you can search again for.
At replace with Text:
The new anti-CSRF is triggered by a specific constant on top of your script, the vb team selected this way to not break a few hundreds mods.
So on top of your script and before the call of the global.php ( under the define of the THIS_SCRIPT is a good place) add this line.
I have written this tutorial for all people who have the anti-CSRF problem. Wich gives the error:
Code:
Your submission could not be processed because a security token was missing or mismatched"Okay here we go, the fastest way official announced way by vBulletin to update your templates is just reverting them. But reverting them means fucking over all modifications of your template. Means if you have custom made templates. That most of the styling gets fucked. And that is something we don't want right?
Well here we go, you just go to search in templates > search for text, select the style you want to update.
At search for text you fill in:
Code:
<input type="hidden" name="s" value="$session[sessionhash]" />
Code:
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />Just wait, get everything replaced. And voila, load your template, no more errors.
After this as a additional precaution you can search again for.
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" /><input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
Code:
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />So on top of your script and before the call of the global.php ( under the define of the THIS_SCRIPT is a good place) add this line.
Code:
define('CSRF_PROTECTION', true);