Not authorized when submitting form
Development and Programming
Moderator’s note: Moved to Modules.
I’m having an issue when testing a form. When I fill it out completely it works fine, but when I test the required fields I get this error:
The following errors were encountered * You are not authorized to perform this action Return to Previous Page
To get this I fill out everything except for one required field (Address 1). I then submit the form and get the message I need to fill out Address 1. I use the link to take me back to the form, fill it out, then submit the form. I then get the error message that I’m not authorized to form this action.
Anyone have an idea about this? While the site is still in development you can view the form at: http://216.70.125.126/index.php/admission/request/
One more thing - I’m using FreeForm 2.2.2, I’ve turned off “Require IP Address and User Agent for Login?” and “Require IP Address and User Agent when receiving comments?” settings, and the blacklist/whitelist hasn’t been used.
Hm- well, I get the exact same error, which suggests it’s not due to firewalls, browser, etc.
If other forms on the site are working ok, then the best thing to do is contact Solspace. He should be able to get you squared away. I took a quick look at an older (1.6) version I’d downloaded and didn’t spot anything. But that doesn’t mean much. It could be something simple in the setup, but as it’s a third party plugin, I don’t keep up with it all that much.
This bug is due to freeform deleting the security hash too early.
If you want a quick fix go into mod.freeform.php and move this line
$DB->query("DELETE FROM exp_security_hashes WHERE (hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200");above
// -------------------------------------------
// Return the user
// -------------------------------------------
if ( $IN->GBL('return') )
{
$FNS->redirect( $IN->GBL('return') );
}like this
$DB->query("DELETE FROM exp_security_hashes WHERE (hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200");
// -------------------------------------------
// Return the user
// -------------------------------------------
if ( $IN->GBL('return') )
{
$FNS->redirect( $IN->GBL('return') );
}Note: bug is in Freeform 2.2, don’t know if it has been fixed in 2.3
Oliv - thanks for the reply. Mitchell Kimbrough from Solspace.com actually emailed me about this. He has corrected this issue and it now works in version 2.3. For it to work I did not have to turn off the “Require IP Address and User Agent for Login?” and “Require IP Address and User Agent when receiving comments?” settings.
Thanks Ya’ll.
Goog catch Oliv. This has been corrected in 2.3.
mk
Hi Guys,
Old post i know - but i’m still getting this in 2.7.1 for some reason,
Would your advice to still be to move the code like above?
Thanks, James