Invalid token when I try to edit a user. Any idea?

**swiper** · 11-16-2007, 10:05 AM

I just noticed that when I try to edit a users info I get the Invalid token (hack attempt) error. I think this just started after I enabled the revenue sharing module, because I've edited users before. Anyone have any idea on what causes this and how to fix it?

I dug around in admin_users.php and tested a few things and - at least in my case - the problem is that $_GET['token'] has no value.

The line in admin_users around line 189 says:

if ($_GET['token'] == $_SESSION['token_admin_users_edit']) { ... }

The $_SESSION value is set, but the $_GET['token'] has no value, and when you view the source of the form when you try to edit a user there is no form value called token.

**AshDigg** · 11-16-2007, 10:14 AM

Have you tried to disable the revenue sharing module just to test to see if it is the problem?

**swiper** · 11-16-2007, 10:32 AM

Actually I just figured it out. Turns out that the template I ended up switching to was just missing the hidden form variable for the token. I just added it and now it seems to work fine. thanks for the reply!

**seer** · 11-19-2007, 03:54 AM

Originally Posted by swiper

Actually I just figured it out. Turns out that the template I ended up switching to was just missing the hidden form variable for the token. I just added it and now it seems to work fine. thanks for the reply!

Hey Swiper, could you be more precise with this? Seems like the exact issue I have. I cannot do any user admin at the moment because of the same issue (with the emerald template). If I switch back to yget its fine.

What do I insert and where... much appreciated!!

**bbrian017** · 11-23-2007, 12:11 PM

I think this is now fixed in 9.8.2

**seer** · 11-26-2007, 04:18 AM

Originally Posted by bbrian017

I think this is now fixed in 9.8.2

But I am using 9.8.2

**loudsole** · 01-30-2008, 11:01 PM

It worked for me. The template I was using didn't have

Code:

<input type=hidden name=token value="{$token_admin_users_edit}">

It's located in /template/yourtemplate/admin_templates/edit_user_center.tpl

Just add it after

Code:

<input type=hidden name=user value="{$userdata[nr].user_login}">

Hopefully this helps a few people.

**argh2xxx** · 02-07-2008, 11:13 PM

I have invalid token error, will this solution work for pligg pro newhorizon template? I notice pligg pro newhorizon template don't have edit_user_center.tpl but have edit_center.tpl instead, plus the <input type=hidden name=user looks a lot different.