Jump to content
nek666

Prestashop 1.7.3 (Invalid token: direct access to this link may lead to a potential security breach)

Recommended Posts

Our Prestashop site is showing this error  (Invalid token: direct access to this link may lead to a potential security breach)" everytime we want to access several sections, such as create a product, view products, etc.

 

This is the current version we are using Prestashop 1.7.3. This is a clean installation we installed a few days ago.

 

 

 

 

Share this post


Link to post
Share on other sites

I have the same issue with version 1.7.3.0 when I create or edit a product.

Some ideas?

Share this post


Link to post
Share on other sites

ok i fixed that :mellow:

 

the solution is changing the php version to 7.0.1 on Multiphp Manger @ cpanel

 

works so perfect and i can add products and modules 

 

 

Capture.JPG

Edited by rabi31001 (see edit history)

Share this post


Link to post
Share on other sites

Nach dem ich 1.7.3 Update gemacht habe, ich hab das Problem auch,

aber es ist nur ein Tag oder wenn man einen anderen PC oder einen anderen Tag  muss mann nochmal ein geben

Shop-Einstellungen-Kontakt-unter-Shops 

unter shop adress daten Öffnungzeitein angeben dann leuft nur ein tag.

Hat jemand eine Idee, dass die ein Mal richtig eingestellt, richtig speichert

5ad8ea4a4e2a1_tokenungltig.thumb.PNG.a122aea4e54702f058b7c7ba20f689b1.PNG

Edited by antikeck (see edit history)

Share this post


Link to post
Share on other sites

I have the same problem. I am running prestashop 1.7.3.2 and have already moved from php 5.5 to php 7.1.16, then back to php version 7.0. This problem occurs no matter what version of php was running at the time.

 

Can anyone help please?

Share this post


Link to post
Share on other sites

same issue 1.7.4.2

 

hat denn niemand eine Lösung parat ????

nobody, who can help here ????????

Share this post


Link to post
Share on other sites

We do have the same issues. Messages of this type appear on different occasions, on different routes. It's not the page you wish to open that gives the problem, its the way you approach it. Linking directly from Safari to Product-Pages for instance, but not when from administrator to products. From Orders to Customer yes, but not when directly from Dashboard. We do not wish tot change PHP since earlier problems with an important add-on. Problem should be solved after so many posts recently and in the past, within Prestashop it seems.

Share this post


Link to post
Share on other sites

Hey everyone..  

 

Any solutions?  we are suffering same issue - PHP7.0 and 1.7.3

 

Surely there is a solution.. 

 

Unsure if this is related but we have a test site (new install) where we copied all the files from the test-> live site including this parameters file then made changes to the database name etc.

 

So don't know if the cookie/secret is conflicting with the old test site.

 

in app/config/parameters.php there is a secret, I am thinking my browser is caching the same secret.

 

Does anyone know how to make the system regenerate cookies and secret?

 

thanks

 

Share this post


Link to post
Share on other sites

Hi, on my case i just stopped Varnish service on my server setting (Im using Cloudways).

Now is working well.

This error some way related with server/hosting settings.

 

Share this post


Link to post
Share on other sites
On 2018-03-18 at 9:24 PM, nek666 said:

Our Prestashop site is showing this error  (Invalid token: direct access to this link may lead to a potential security breach)" everytime we want to access several sections, such as create a product, view products, etc.

 

I solved this issue by turning off the control of cookie's IP in Advanced settings/Administration. If your IP is changing during a session, I guess this is the message that comes up to warn you of a potential security breach.

 

With kind regards,

 - Johan.

Share this post


Link to post
Share on other sites

Same issiue on Presta 1.7.4.2. Can't edit or add new products.

What I tried:

- changing from PHP 7.0 to 7.1

- disabling control of cookie's IP

- turning off "increased security mode" in Preferences / General

- disabling whole modules that are not made by Presta

And the problem still occurs. Any solution?

Share this post


Link to post
Share on other sites
Am 24.11.2018 um 12:44 AM schrieb Velno:

Gleiche Ausgabe auf Presta 1.7.4.2. Kann keine neuen Produkte bearbeiten oder hinzufügen.

Was ich probiert habe:

- Umstellung von PHP 7.0 auf 7.1

- Deaktivierung der Kontrolle der IP des Cookies

- Deaktivieren des "erhöhten Sicherheitsmodus" in Einstellungen / Allgemein

- Deaktivieren ganzer Module, die nicht von Presta hergestellt wurden

. Das Problem tritt jedoch weiterhin auf. Irgendeine Lösungsmöglichkeit?

Probiere Bei kontakt daten alles angeben auch öffnungszeiten bei manchen macht das die fehler

oder immer übersicht 2 mal anklicken nachder ersten anklicken etwas warten ca 10 - 12 sekunde dann nochmal anklicken

Share this post


Link to post
Share on other sites

Same problem. Update PHP to 7.1 nothink. to 7.2 and 7.3 same problem. Almost always this problem appear then I copy/paste product or text. It begins from then I created 1000 product. any help? 

Share this post


Link to post
Share on other sites

If anyone give us credentials of FTP and BO we will take a look at this issue in order to resolve it for you guys.

Edited by Crezzur (see edit history)

Share this post


Link to post
Share on other sites

I too am a PrestaShop Newbie, but a stubborn one! Fighting with these issues listed as well as numerous others, I realized that the issue was more my server configuration than Prestashop code. After updating PHP, Apache and mySQL, EVERY issue disappeared. The most difficult (or at least time consuming) was PHP and all the necessary extensions.

Since it appears that many folks discussing these issues are hosting their own server, I suggest that you assure that all your PHP extensions are up to date. Some of them, such as intl do not automatically update ICU which is currently at version 63.1 and had to be updated through some interesting code to rid my site of many of these problems. The bottom line is that there are many extensions that must be installed and current to avoid troubles. I’m running PS 1.7.4.4 on Ubuntu 16.04.1 LTS with PHP 7.2.12.1 and Apache 2.0

The following is a list of the extensions installed on my server (not all are necessary for PrestaShop)

alpha@webserver:$ sudo apt-cache search php | grep "^php7"

php7.2 - server-side, HTML-embedded scripting language (metapackage)

php7.2-cgi - server-side, HTML-embedded scripting language (CGI binary)

php7.2-cli - command-line interpreter for the PHP scripting language

php7.2-common - documentation, examples and common module for PHP

php7.2-curl - CURL module for PHP

php7.2-dev - Files for PHP7.2 module development

php7.2-gd - GD module for PHP

php7.2-gmp - GMP module for PHP

php7.2-json - JSON module for PHP

php7.2-ldap - LDAP module for PHP

php7.2-mysql - MySQL module for PHP

php7.2-odbc - ODBC module for PHP

php7.2-opcache - Zend OpCache module for PHP

php7.2-pgsql - PostgreSQL module for PHP

php7.2-pspell - pspell module for PHP

php7.2-readline - readline module for PHP

php7.2-recode - recode module for PHP

php7.2-snmp - SNMP module for PHP

php7.2-sqlite3 - SQLite3 module for PHP

php7.2-tidy - tidy module for PHP

php7.2-xml - DOM, SimpleXML, WDDX, XML, and XSL module for PHP

php7.2-xmlrpc - XMLRPC-EPI module for PHP

php7.1-mapi - transitional package for the rename of php7.1-mapi to php-mapi

php7.2-bcmath - Bcmath module for PHP

php7.2-bz2 - bzip2 module for PHP

php7.2-dba - DBA module for PHP

php7.2-enchant - Enchant module for PHP

php7.2-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)

php7.2-imap - IMAP module for PHP

php7.2-interbase - Interbase module for PHP

php7.2-intl - Internationalisation module for PHP

php7.2-mbstring - MBSTRING module for PHP

php7.2-phpdbg - server-side, HTML-embedded scripting language (PHPDBG binary)

php7.2-soap - SOAP module for PHP

php7.2-sybase - Sybase module for PHP

php7.2-xsl - XSL module for PHP (dummy)

php7.2-zip - Zip module for PHP

I hope this information will be helpful and solve all your challenges with PrestaShop.

Share this post


Link to post
Share on other sites

.I gave Crezzur access to  web anf files and after 30min my eshop works perfect. no more invalid token or error 500.th anks a lot  Crezzur .

  • Like 1

Share this post


Link to post
Share on other sites
On 12/27/2018 at 10:39 AM, inf said:

.I gave Crezzur access to  web anf files and after 30min my eshop works perfect. no more invalid token or error 500.th anks a lot  Crezzur .

But what did Crezzur to get rid of the error message?

 

Edited by Martin C (see edit history)

Share this post


Link to post
Share on other sites

I had an issue very similar to apvandam post above, though I didn't get a 500 error but instead it took 5 minutes to load certain pages via certain routes to that page. I noticed in my CPanel error log (not prestashop log) that when this issue occurred, it could not find a folder under the src/someSubDirectories/ (which I no longer remember unfortunately). When i searched EVERY file under my shop for the folder name string, it didn't show up, except in a few compiled cache files. To keep it short, these findings led me down a long road that made me realize the folder name was generated during compile based on the hash of a password (or something similar to that).

I then realized, that during testing phase, I had previously created a CUSTOMER (ps_customer table) account with the same email as the ADMIN user account email (ps_employee table). I simply deleted that CUSTOMER user account via the BO and all my issues magically disappeared! Not sure if deleting any one customer account would yield the same results. Also, I had this duplicated email up and running for 3 months before any BO issues actually started showing up. Clearing all caches (manually and via BO) server side and browser side did not have any affect.

Anyways, thought I would share my solution since the errors being described are manifesting in many ways and my solution may work for you.

Cheers.:-)

p.s. Does any one know where to change my settings, so that my First and Last name do not show up in a Post? I would just like to display my handle (username) and location. I have no idea where the forum software is grabbing my first and last name from, I have searched every setting I could find.

 

Edited by AndisB
Clarify Wording (see edit history)

Share this post


Link to post
Share on other sites

just change your PHP version to 7.0 and say your problem to your host ,they know what they should do to solve INVALID TOKEN problem. 

Share this post


Link to post
Share on other sites

I am interested to see what Crezzur  did with the settings..  Although I would never give a stranger access to my backend.

Come on people, surely there is a fix..  I agree, adding products with constant token issues is becoming a real pain.

 

  • Like 1

Share this post


Link to post
Share on other sites

Polish Zenbox hosting https://www.zenbox.pl/ in which we have the services fixed this problem, today we had it, they wrote to me: we have currently turned off the session IP checking in the advanced settings. Advanced -> administration. Here, please uncheck: Check the cookie's IP address and save the changes. In the update to 1.7.5.1 (test shop) I have the same error and this option has also helped.

Share this post


Link to post
Share on other sites

Thanks Adam but that doesn't work. Still have the issue.

I love how Prestashop no longer give a crap about their users. It's been a few years now.

I remember the good old days when one actually get a reply. Alas, those days are gone.

Share this post


Link to post
Share on other sites

No solution in this topic is working for me.

I'm getting desperate.

Share this post


Link to post
Share on other sites

Yes at present date 22/04/2019 i did not find the right solution ,

kindly ask if anyone can help

Share this post


Link to post
Share on other sites

J'ai rencontré ce souci avec la version 1.7.4 et je l'ai résolu de la façon suivante :

Sur votre hébergement, allez dans la version de PHP et passez-là en 7.2 (moi c'était déjà en 7.2)

Ensuite pour "
max_input_vars" moi j'étais à 3000, alors je suis repassée à 1000. autre site que j'ai de même version et qui fonctionne très bien!)
Pensez à modifier vos favoris d'accès à ce site.

En espérant Que cela puisse aider 🙂

Edited by Maguie (see edit history)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More