The Form Token Is Invalid. Error

[L3Y]

Hi,

 

I have the error "The form token is invalid" everywhere (admin and client area).  Nobody is able to work and no customer are able to login.  Need to fix this asap

 

Symptoms :

 

• We did not made changes on the server : still the same php still the same apache.
• There is absolutely no errors in the logs (server side, and blesta)
• If i change Configure::set("Blesta.verify_csrf_token", true);  to Configure::set("Blesta.verify_csrf_token", false); then i am just unable to login.  It doesn't work more. When the csrf tokens are disabled, and i try to login, it doesn't let me login, but it doesn't show any error either. And there is no errors in the logs, server side.
• I also tried to disable modsecurity and enable log reporting with Configure::errorReporting but it still don't change anything, and i still don't see any errors, and i am still unable to login.

Recent changes made in Blesta :

• The problem started 1 day after i upgraded Blesta from 3.4.0 to 3.4.3 - don't think it's related since yesterday, it was working fine for all day.
• Yesterday, we enabled phpids after the Blesta upgrade : please advise on how to disable this through the mysql command line if you want me to test without phpids.  I don't know if this issue may be related or not with phpids.

 

Someone know a solution?

 

Thank you,

Carl

[Michael]

To disable PHPIDs you can go to the plugins table and remove the row. It's not recommended to use PHPIDs unless you know how to configure it probably.

[L3Y]

Hi,

 

Instead, i disabled the plugin in the plugin table :

 

mysql> select * from plugins;
+----+------------------+------------+---------------------+---------+---------+
| id | dir              | company_id | name                | version | enabled |
+----+------------------+------------+---------------------+---------+---------+
|     | phpids           |          1 | PHPIDS              | 1.1.0   |       0 |
+----+------------------+----------

 

.but it still doesn't work.

 

Something else i can try / look?

[Michael]

Hi,

 

Instead, i disabled the plugin in the plugin table :

 

mysql> select * from plugins;

+----+------------------+------------+---------------------+---------+---------+

| id | dir              | company_id | name                | version | enabled |

+----+------------------+------------+---------------------+---------+---------+

|     | phpids           |          1 | PHPIDS              | 1.1.0   |       0 |

+----+------------------+----------

 

.but it still doesn't work.

 

Something else i can try / look?

 

dno I delete the rows myself lol.

 

Try turning Blesta's errors on: /config/blesta.php

 

Configure::errorReporting(-1);

[L3Y]

Hi,

 

I just tried with

 

Configure::errorReporting(-1);

 

...still no luck : there is no errors on the login page, and there is no errors in the logs upon login.

 

I am trying with csrf disabled. 

 

If i re-enable the csrf check then i am getting a token error.  Without csrf i have nothing (no error, no login).

 

Thank you,

Carl

[Michael]

 

Hi,

 

I just tried with

 

Configure::errorReporting(-1);

 

...still no luck : there is no errors on the login page, and there is no errors in the logs upon login.

 

I am trying with csrf disabled. 

 

If i re-enable the csrf check then i am getting a token error.  Without csrf i have nothing (no error, no login).

 

Thank you,

Carl

 

 

Sounds like a file or folder is missing try re-uploading a fresh 3.4.3 full zip and see if that fixes it I recommend FTP or SSH.

[L3Y]

Hi,

 

i tried this already 2 times.  still the same.

 

I noticed if i disable the csrf it seems like the password is validated, cause if i use the wrong password, then i am getting a username / password error.

 

But if i try with the correct password then i just don't get any error.

 

weird

[L3Y]

...and i am able to reset the password without any error.

 

after i am still unable to login.

[L3Y]

Hi,

 

If someone else get the same error, please have a check on :

 

session.cookie_domain

 

in the php.ini file.

 

Problem fixed : hope this post will be useful  for someone, someday

 

I was all confused, because i am coming from another well know billing solution i won't even pronounce      As a result : i may think it's Blesta's fault, but it's an evidence for me now : Blesta just cannot have a bug.