Jump to content

"Invalid token" when editing a brand


Recommended Posts

 

Hi everyone,

I'm having a serious issue on my PrestaShop 1.7.6.9 installation when trying to edit a brand (manufacturer) from the back office.

Whenever I click "Edit" on a brand, I’m redirected to the warning page:

"Token not valid"

And even if I click "Yes, I understand the risk", the page just reloads without allowing any modification. No changes can be made. In some cases, I also receive an "Invalid token" error.

image.thumb.png.7192a5a35d682eae6796d23cb6061d72.png

 

PrestaShop version: 1.7.6.9 and PHP version: 7.3

Back office URL: /adminXXX/index.php/sell/catalog/brands/...

What I've already tried:

Changed browser (Chrome, Firefox, Edge, Safari)

Cleared browser cache and cookies

Cleared PrestaShop cache from the back office

This is the url when i try to modify a brand:

https://www.fusioneat.it/admin123/index.php/security/compromised?uri=https%3A%2F%2Fwww.fusioneat.it%2Fadmin123%2Findex.php%2Fsell%2Fcatalog%2Fbrands%2F241%2Fedit&_token=E7RKITYIRwL3AwzDUwTbHRxQVRPRvVqVtn3K37Vp_2A

PrestaShop 1.7.6.9 (PHP 7.3)

 

Thaks in advance

Link to comment
Share on other sites

This behavior is not native to PrestaShop.
It strongly suggests:

  • There is either a security module or override installed,
  • Or your PrestaShop install may have a custom security feature (possibly added by your host, a previous developer, or a module).

1. Check for Security Modules

Go to Modules > Module Manager in your back office.
Look for modules like:

  • "Security"
  • "Admin Security"
  • "Access Control"
  • "Back Office Guard"
  • Anything with "Firewall", "Protector", "Secure", "Admin Tools", "Security Patch", "Compromised", etc.
  • Disable these modules one by one, then clear cache and try to edit the brand again after each.

2. Look for Custom Admin Overrides

  • Check these locations in your shop’s files for anything related to "security" or "compromised":
  • /override/controllers/admin/
  • /controllers/admin/
  • /admin123/ (your custom admin folder)
  • /modules/

3. Search for any files that contain "compromised" in their name or content.

Check .htaccess or Custom Redirects

Open your .htaccess file (in your shop root and in /admin123/).
Look for any custom rules involving /security/compromised or blocking certain URLs.

4. Check Host Security Tools

Some web hosts (especially Italian and Spanish hosts) add their own admin/back office protection (like [SiteGround’s SG Site Scanner, Aruba Security Suite, etc.]). If you see any such tool in your hosting panel, temporarily disable it and re-test.

5. Look for Hacked Files

Although this could be a genuine security module, sometimes this redirect is a result of a hack or infected override to block admin activity.

  • Check if any recent files were modified in /admin123/ or /override/ or /modules/.
  • Look for new or unfamiliar files (especially with random names or that appeared recently).
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...