Coding Link in Backend HTML Separator

5 posts by 2 authors in: Forums > CMS Builder
Last Post: November 1, 2022   (RSS)

By pgplast - October 27, 2022

I am redoing an old, CMSB builder-based web app with v 3.56.

In the old (and still functioning app), I created an html separator on afield editor like this:

<tr>

<td colspan='2'>

<?php if(@$RECORD){ ?>

<?php

$has_test=false;

$the_tests = mysql_select('tests');

foreach($the_tests as $the_test){

if($the_test['course_number']==$RECORD['num']){

$has_test=true;

break;

}

}

?>

<?php if(!$has_test) { ?>

<p><astyle="color:#000;" href="http://test.nypqcme.org/cmsCSoft/admin.php?menu=tests&action=add&course_number=<?php echo $RECORD['num']?>&course_name=<?php echo $RECORD['title']?>">Create Test for Program</a></p>

<?php } ?>

<?php } ?>

</td>

</tr>

This code checked for the existence of a test for a particular course, and if one was not found, presented a link to the “tests” table for the creation of one.

This link would open a page with a new record in the “tests” table for the admin user to fill in.

I now find that this code no longer works in my new implementation. The link takes the user to the backend login page (even though he is already logged in) ,

And once the user logs in again, the expected error occurs:

Security Error: No _CSRFToken exists in session. Try reloading or going back to previous page.

One never gets to the new record in the “tests” section.

Have you any ideas how I can make this work?

Thanks.

By Dave - October 31, 2022

Hi pgplast, 

Can you try removing everything before the ? in the link?  

Any links that start with ? referrer to the current script so it's an easy way to make sure the http/https, hostname, and URL match up.  

Let me know if you still have an error after that and if so we can try some other options.

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com

By Dave - October 31, 2022

If that doesn't work, you can also try disabling "Check Referer" under: Admin > Security.

Dave Edis - Senior Developer
interactivetools.com

By pgplast - November 1, 2022

That did it Dave!

Removing everything before the ? in the url seems to have solved the issue.

Thanks so much!