| Author |
Message |
nuncamais13
New Member
Joined: Sep 20, 2009
Posts: 4
Location: España
|
 Posted:
Sun Sep 20, 2009 2:55 pm |
 
|
hi
Select an avatar when I get this failure can you tell me how to solve
thanks
CSRF check failed. Please enable cookies.
If the problem persists, please contact the server/website administrator |
|
|
 
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Sun Sep 20, 2009 3:18 pm |
|
Are your cookies turned on in your browser? |
|
|
|
|
|
pugsley
New Member
Joined: Sep 17, 2009
Posts: 7
Location: Ohio, USA
|
| Posted:
Mon Sep 21, 2009 9:27 am |
|
I am having the same issue as well.
I am building a website for a WoW guild and most everything is working great.
The problem arises when a user goes to select a different avatar from the gallery with the Avatar Control Panel under Your Account/Change Info they get the same error message as above:
CSRF check failed. Please enable cookies.
If the problem persists, please contact the server/website administrator
Site specifics:
Apache version 2.2.11 (Unix)
PHP version 5.2.10
MySQL version 5.0.81-community
Architecture x86_64
Operating system Linux
Site URL -
I installed RN v2.4 and Nuke Sentinel verbatim with the installation instructions located on the wiki.
I have tried both IE and Mozilla Firefox with cookies enabled and privacy/security settings as low as possible and get the same error with both browsers.
Thanks in advance |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Mon Sep 21, 2009 10:35 am |
|
OK we will look into this and get back to you ASAP.
Thank you for letting us know. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9133
Location: Arizona
|
| Posted:
Tue Sep 22, 2009 6:53 am |
|
I couldn't get to looking at it yesterday. Hopefully I can this evening. We know what the issue is. |
|
|
|
|
|
pugsley
New Member
Joined: Sep 17, 2009
Posts: 7
Location: Ohio, USA
|
| Posted:
Tue Sep 22, 2009 7:15 am |
|
Not a problem, everything else works so great I don't think anyone has even noticed the lack of avatars 
Thanks for the update though, much appreciated. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9133
Location: Arizona
|
| Posted:
Wed Sep 23, 2009 10:17 pm |
|
Ok, try this:
=== OPEN FILE ===
modules/Your_Account/index.php
=== MOVE THIS LINE ===
case 'avatarsave':
=== IN BETWEEN HERE LIKE THIS (i.e., move it up) ===
case 'saveactivate':
case 'avatarsave':
case 'userinfo':
=== DONE ===
I still need to make sure there isn't anything else being maintained by the avatarsave, but from my initial review, I see no reason to protect against an avatar being changed to something else within the Gallery... not real CSRF issue IMO. Just an annoyance.
Give this a go and see if it works for you. |
|
|
|
|
|
unicornio
Involved
Joined: Aug 13, 2009
Posts: 432
|
| Posted:
Thu Sep 24, 2009 12:09 am |
|
Montego. I agree with you and I am gonna test it. I didnt know changing an avatar was an issue. I hope we get rid of this problem soon. I will check it out.
Edited:
Problem is solved Montego. The problem was that line which was causing avatar breaking. Thanks a lot Montego.  |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Thu Sep 24, 2009 1:22 am |
|
|
|
|
|
pugsley
New Member
Joined: Sep 17, 2009
Posts: 7
Location: Ohio, USA
|
| Posted:
Thu Sep 24, 2009 6:28 am |
|
Fixed for me also, thanks !
I second the  |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9133
Location: Arizona
|
| Posted:
Thu Sep 24, 2009 5:30 pm |
|
Excellent. I will commit that change to our code repository later tonight. |
|
|
|
|
|
jimfries
New Member
Joined: Sep 25, 2009
Posts: 4
|
| Posted:
Fri Sep 25, 2009 12:37 pm |
|
I'm having the same issue on my website. I just installed your latest RavenNuke, updated my theme and when I go to change the message on the front page of my website (www.eidolon-legion.com) I get that message. (the message, not the news module)
edit:
Its happening when I go to submit news to my website also.
| Quote: | CSRF check failed. Please enable cookies.
If the problem persists, please contact the server/website administrator |
|
|
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2456
Location: Pittsburgh, Pennsylvania
|
| Posted:
Fri Sep 25, 2009 12:54 pm |
|
If the link you provided is still running 2.4 with CSRF active then you have a problem. I do not see the tokens added to any of the forms have you disabled the csrf protection? |
|
|
|
|
|
jimfries
New Member
Joined: Sep 25, 2009
Posts: 4
|
| Posted:
Fri Sep 25, 2009 1:04 pm |
|
I did not even know about CSRF Protection. I just took over the site from a friend, and went ahead and updated it to 2.4 (I did not know the version he was using, so felt it was best to just update).
I completed the update not long ago this morning, changed the theme and then ran into that error.
How do I disable the CSRF Protection? (checking forums and google as you read this most likely) |
|
|
|
|
|
spasticdonkey
RavenNuke(tm) Development Team
Joined: Dec 02, 2006
Posts: 1360
Location: Texas, USA
|
| Posted:
Fri Sep 25, 2009 1:42 pm |
|
at the bottom of rnconfig.php
| Code: | | $disableCSRFChecking = true; // Set to "true" in order to disable Cross-Site Request Forgery (CSRF) attack protection - should ONLY use as a last resort if your environment does not allow for output buffering |
|
|
|
|
|
|
Palbin
Site Admin
Joined: Mar 30, 2006
Posts: 2456
Location: Pittsburgh, Pennsylvania
|
| Posted:
Fri Sep 25, 2009 1:44 pm |
|
Well it would appear that output buffering is not working on your site. Go into your forum admin and you should see a phpinfo tab. Go there and see if output buffering is enabled. Also what version of PHP are you running?
I would advise against it, but if you want to just diable CSRF protection then go into rnconfig.php in the root of the site. Near the bottom you need to set disable CSRF to TRUE. |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Fri Sep 25, 2009 2:04 pm |
|
Check out the rnconfig.php file. |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Fri Sep 25, 2009 2:06 pm |
|
I knew I should of refreshed before posting, got distracted!  |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9133
Location: Arizona
|
| Posted:
Sat Sep 26, 2009 1:06 pm |
|
Yes, output buffering is required. Although the following FAQ is for a different error message, the fix is the same:
|
|
|
|
|
|
DJ_Raven
New Member
Joined: Feb 26, 2006
Posts: 14
Location: Colorado, USA.
|
| Posted:
Tue Sep 29, 2009 6:35 pm |
|
Yes I read this forum and it did fix mine as well thank you Raven Scripts! |
|
|
|
|
|
nuncamais13
New Member
Joined: Sep 20, 2009
Posts: 4
Location: España
|
| Posted:
Wed Sep 30, 2009 5:03 pm |
|
perfect, problem solved if you stop now Select avatar.
thanks for the help |
|
|
|
|
|
sak
Worker
Joined: Jul 06, 2005
Posts: 167
|
| Posted:
Wed Nov 18, 2009 2:50 pm |
|
I applied this fix to my Your_Account/index.php
Now I get this when users try to change avatar:
There was an error when we tried to save your Avatar: Wrong avatar format! Avatars can only be gif, jpg, or png format.
All of the files displayed in the gallery are .jpg and .gif. Any idea what the problem is? |
|
|
|
|
|
nuken
RavenNuke(tm) Development Team
Joined: Mar 11, 2007
Posts: 1535
Location: North Carolina
|
| Posted:
Wed Nov 18, 2009 3:45 pm |
|
If you are using 2.4 and not 2.4 rc1, you should not need apply this fix. It should work fine as is. |
|
|
|
|
sak
Worker
Joined: Jul 06, 2005
Posts: 167
|
| Posted:
Wed Nov 18, 2009 4:12 pm |
|
I believe I am using RC1. I'll begin upgrading. Were there any changes in the db from RC1 to release? Or just the files? |
|
|
|
|
|
nuken
RavenNuke(tm) Development Team
Joined: Mar 11, 2007
Posts: 1535
Location: North Carolina
|
| Posted:
Wed Nov 18, 2009 4:46 pm |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
