Search results for query: xftoken

  1. Jean-Baptiste

    [TH] Question and Answer Forums [Paid]

    Hello @ThemeHouse, There is an little exploit in your addon. The action to upvote or downvote is a simple get request. So any user can upvote a reply by clicking the link (sent via a private message as an example). You might use POST requests and the xfToken verification ? Thanks for the help
  2. Jean-Baptiste

    XF 2.0 Post request with an external application : security error occured

    I am generating the xfToken using the following code : \XF::app()->templater()->fn('csrf_token', []); Then, I get it in my external application, and I provide it in the POST function. Any ideas why it's not working ?
  3. Jake B.

    [TH] Question and Answer Forums [Paid]

    We're actually in the process of changing the upvote action to be done through javascript, which will also solve this (in a similar way to if you view the direct link to Like a post). But for now I'll push out an update that just includes the CSRF token as a GET parameter :) Not yet, the last...
  4. Cryptaline

    XF 1.5 Changing language without xftoken

    Greetings, Is it possible to change language without xftoken? Eg: I have 2 languages - en + ru. And I have a custom switcher with link to the language which looks like...
  5. A

    submit html form security error

    Looking at it in source i just see: <input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}"> I would assume it should be translated to the value, i see another xfToken entry at a different point and it contains a value.
  6. S

    XF 1.4 Style change through a link/button

    ...is clicked in the Style Chooser. Problem is, where should the link go? The URL I pick up from the Style Chooser is a dynamic URL with a xfToken parameter that's dynamically generated, and without the xfToken it doesn't work for signed in users. The style chooser menu opens in a new page if I...
  7. Daniel Hood

    Trying to display Alerts and Convo pop-up off-forum - CORS

    If you're already instantiating XenForo, why not just load the alerts and stuff through the models instead of making an ajax request?
  8. Johan Ehrendahl

    Login using C#

    With or without the xfToken, it doesn't' work on the C# code (still gives 503 error). And trough the web-broswer, I mean via POST (which is the URL it creates to login), not clicking on the actual login button. An example of what I'm talking about...
  9. JulianD

    Using the search form from outside Xenforo Instance

    If you look closely to the hidden fields in the form, there's one called "xfToken". You need to specify the correct token in order to make it work.
  10. Aayush

    How can I call XF search from outside my forum?

    Most probably, you'll have to write your own API for searching. Should be pretty simple, call all the methods that are happening behind the scenes when you search for something. This would also help you bypass the xFToken validation.
  11. Jeff Berry

    Login using C#

    What do you mean by this? It certainly works by post through the web browser, as that is how you are able to login to XF. I don't think the xfToken is optional. That could be part of your problem, though I don't believe that would cause a 503 error.
  12. Aayush

    Login via CURL

    I'll give it a go without token once, but I can't really grab the token, it is appended via JS, once I grab the dom via CURL, there is no xfToken located in it.
  13. JackBauer

    Login using C#

    ...with the fields to the login URL: <form action="index.php?login/login"> <input type="text" name="login" /> <input type="password" name="password" /> <button>Submit</button> </form> The xfToken field is not required. If you want to redirect after authentication, include a field named redirect.
  14. R

    How can I call XF search from outside my forum?

    The most difficult part is to find the necessary information. Any ideas which functions should be called when searching via API? Is there a developer documentation for all xf functions?
  15. Adam K M

    Using the search form from outside Xenforo Instance

    Brilliant! I see it! The only question (or two) is... how do I fetch the correct token via php? I'm assuming that this token is regenerated every X days/hours, and manually re-adding it would be redundant. (And not to mention that there doesn't seem to be a lot of 'documentation' that I could...
  16. R

    Trying to display Alerts and Convo pop-up off-forum - CORS

    ...on forum.foo.bar. On foo.bar, I'd like to display the user's alerts, convos, etc. I instantiate XF on foo.bar, and get the user's proper xfToken, and try to do a cross-domain ajax query...
  17. Aayush

    Login via CURL

    Is it possible to login to Xenforo forum via curl in a PHP script. I am not sure how the login process works, but there is no xfToken present on the login page so people can login easily. Suppose I wanted to build a spam script(not really ;) ) How would I login and keep the session so that I...
  18. chrisj

    Button to change custom user field

    What would I have to do to make a button on the forum list view change the value of a custom user field (in this case a checkbox in preferences)? I've created an add-on before but never used the xenform and xftoken.
  19. Daniel Hood

    [Google Chrome] Notifications

    Unfortunately that isn't possible at the time, I'd have to change it to actually use your username/email + password combo or use your xfToken data. The reason it shows up as error without your work around is because it's actually an error page it's accessing. I agree with the annoyance issue on...
  20. Jeff Berry

    Login using C#

    ...* (with session info) that aren't Ajax requests (relies on browser-level * cross-domain policies). * * The token is retrieved from the "_xfToken" request param. * * @param string $action */ protected function _checkCsrf($action) { if (isset(self::$_executed['csrf'])) { return...
Top