No announcement yet.

Cannot upload large files: security token was missing

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot upload large files: security token was missing


    When one of our users attempts to upload any large file (8-25mb) they recive the follow error:

    "Your submission could not be processed because a security token was missing"

    We have successfully upload 77 attachments (smaller) with out trouble until this.

    We upped the php.ini file up to:
    upload_max_filesize = 200M

    Still no luck.

    The upload max per file type within the forums is also maxed.

    Does anyone have a fix for this? I've seen 100's of problems like this on the web but they all seem to pertain to older versions of VB (the fixes they used are already implemented in the updates)

    Additional Information:
    Fresh install 3.8
    Default Template
    No mods

    A thankful troublemaker
    Last edited by jamparke; Tue 12 Jan '10, 6:57am.

  • #2
    I have this problem when someone tries to upload several large photos at once and they're on a slower internet connection. It may take two, three, four minutes for them to upload their photos, then they get the security token error.

    Available solutions are:
    a) encourage your members to use Photobucket or similar, and post links or {img} codes to your forum,
    b) advise your members to only upload one or two smaller photos or attachments at a time (as opposed to one large 25mb attachment),
    c) increase your max_timeout connection in php.ini.


    • #3
      Thank you for the reply.

      Unfortunately we are uploaded a position guide. We tried breaking it down into four 8mb pieces and the the same error occurs.

      However I did try to increase the max_timeout in the php file. I saw 5-6 different timeout lines and increased all of them drastically.Still no luck. I received the same error in the same amount of time as usually. (this was for the 8mb file)

      Any other ideas?

      Thank you so much for your time!


      • #4
        Bump out of desperation.


        • #5
          Your server either has mod_security or suhosin installed, and is cutting the datastream off early/short before the security token is missing. You need to contact your webhost about this.


          • #6
            Same problems on my own server with default ubuntu installation.
            Ubuntu and debian contains suhosin patch( not suhosin extension) which DECLARED safe and do ONLY LOGGING.
            I can't build php from sources.

            Can you get minimal but not working php upload script without vbulletin specific things ? I will post bug in ubuntu/debian bugtrackers, if it really exists.

            Same issue with php 5.2.12 on FreeBSD 6.3-STABLE on VPS with suhosin patch 5.2.12 . I think it builded from freebsd ports.


            • #7
              What is post_max_size set at in your php.ini? That should be set the same or greater than upload_max_filesize


              • #8
                post_max_size =8M , upload_max_filesize = 2M.


                • #9
                  If you have a dev/test machine with the same setup, change those both to like 100M. Then restart apache, and try to upload again. Also, if you are allowing large uploads, you should ensure the Timeout option in your apache conf is set upwards of 300 (300seconds - 5mins).


                  • #10
                    This bug appeared ONLY if uploaded file bigger than post_max_size. Suhosin patch stops parsing form fields after detect post size bigger than post_max_size and CLEAR $_POST variables. Normal PHP does NOT CLEAR $_POST and simple stop processing.

                    Can we avoid this ? Our users confused when see "strange token error" - this is unacceptable.


                    • #11
                      Make it clear in your forum's rules what the max file size upload is (upload_max_filesize) and total request size (post_max_size) is. Then set those values accordingly. It is not uncommon for modern servers to allow 50M + upload_file_size and x2 post_max_size.

                      I am not familiar with suhosin, but if you find you are always missing the $_POST['securitytoken'] when the upload is too large, you could change the phrases in vbulletin for security_token_invalid andsecurity_token_missing to include a message like "Your upload may be too large". I would just set both those values in php.ini way higher than you expect to need, and use vbulletin to control file uploads.


                      • #12
                        This things are so obvious.
                        If we post here, we wait that Vbulletin changes. Debian and Ubuntu is very popular linux distro. There must be workaround in core vbulletin code.
                        Or clear explanation why not.


                        • #13
                          You dont want to change your php.ini?


                          • #14
                            I have 105 meg attachments on my forum. i have a custom php.ini file

                            use this as a php.ini file and place it in the forum root.

                            upload_max_filesize = 110M
                            post_max_size = 110M
                            max_execution_time = 9960
                            memory_limit = 116M
                            VB 4.0 is the same as Windows Vista...


                            • #15
                              There are other setting in your php.ini that should be changed for your production machine. Things like what error/warnings are reported, and memory usage. The standard php.ini is designed for development, which the file itself indicates.


                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.