"No authorisation" -> message gone (Bugs)

by Emil, Thursday, June 03, 2021, 17:32 (1030 days ago)

I often get a "No authorisation" message without any explanation of the reason. I think it happens when too much time passes from 'New topic' to 'OK - Submit'. Looks like a anti-spam measure. I posted this under 'Bugs', because it's really frustrating when you click the browser back button and all form fields are empty.

It happens on this forum.

Avatar

"No authorisation" -> message gone

by Micha ⌂, Thursday, June 03, 2021, 20:02 (1030 days ago) @ Emil

Hi,

Sometimes, I have the same problem and I believe, the csrf_token is wrong or missing.

I changed the code in my forum to:

case 'posting_submitted':
  if ($settings['forum_readonly'] == 1) {
   $subnav_link = array(
    'mode' => 'index',
    'name' => 'forum_index_link',
    'title' => 'forum_index_link_title'
   );
   $smarty->assign("subnav_link", $subnav_link);
   $smarty->assign('no_authorisation', 'no_auth_readonly');
   $smarty->assign('subtemplate', 'posting.inc.tpl');
  } 
  elseif ($settings['entries_by_users_only'] != 0 && empty($_SESSION[$settings['session_prefix'] . 'user_name']) || !isset($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']) {
   if (isset($_POST['text'])) {
    $smarty->assign('no_authorisation', 'no_auth_session_expired');
    $smarty->assign('text', htmlspecialchars($_POST['text']));
   } 
   else {
    $smarty->assign('no_authorisation', 'no_auth_post_reg_users');
   }
   $smarty->assign('subtemplate', 'posting.inc.tpl');
  }

Maybe, this yields a better error message.

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

RSS Feed of thread