Solved: 3 Months, 2 Days ago Authorization code mismatch? PLEASE READ (FIX INCLUDED)
#1
Solved: 3 Months, 2 Days ago
MyBB 1.8.16 introduces some crucial changes aimed towards better security regarding users authentication. Templates containing login forms must be updated in order to comply with these changes; otherwise, you will stumble upon the following error:

Quote:Authorization code mismatch. Are you accessing this function correctly? Please go back and try again.

If you have upgraded to 1.8.16 or above, please read the following instructions carefully.

Templates requiring changes:
  • error_nopermission
  • header_welcomeblock_guest
  • member_login
  • portal_welcome_guesttext

You will need to apply the changes for these templates to each theme on your board.

Navigate to Admin CP -> Templates & Style -> Templates

Then for each template set go through the following process ensuring you do it for each of the templates in bold above:

For each template:
Either:
  • Select Options -> Revert to Original (but you will lose custom styling in this template); or
  • Open & edit the template and follow the rest of the steps
    1. Locate the <form> tag
      Look through the template's code and find where the opening form tag is, for example:
      <form method="post" action="{$mybb->settings['bburl']}/member.php">
      

    2. Add the missing <input> element
      Add the following code after the <form> tag if it is not already there:
      <input name="my_post_key" type="hidden" value="{$mybb->post_code}" />
      

    3. Choose Save and Return to Listing
      Repeat the process for the other templates.

It's that simple. Your users will now be able to login again. my_post_key input is in fact now mandatory to be sent alongside other form parameters in order to protect your users and reduce potential malicious attacks.

The upgrade script will attempt to fix some templates that have not been customised from the "MyBB Master Style" and will handle the change automatically. This guide is aimed at all who have custom themes with these templates altered.



Still facing the issue?
If you have gone through the steps above, or the inputs are already in the correct place follow these additional steps.

If you are using a reverse proxy service, for example Cloudflare
Ensure that the IP of your visitors is being correctly set by either:
  • configure overwriting the REMOTE_ADDR variable in your webserver config using X-Forwarded-For or CF-Connecting-IP; or
  • enable the following setting: Admin CP -> Configuration -> Settings -> Server and Optimization Options -> Scrutinize User's IP address?

If you are running multiple boards on the same domain
Ensure you have different cookie prefixes for both boards to avoid any conflicts between them.

If you are using a cache solution between your board and visitor
Ensure that the cache for non-static assets is bypassed when the MyBB sid cookie is set, or only enable caching for static assets like .js, .png etc
[Image: fSGNVQj.png]


Forum Jump:


Users browsing this thread: 1 Guest(s)