A2B Web Sever Subscription Signup CSRF Error!

rboy22007 · **Joined:** Wed Nov 25, 2009 12:01 pm **Posts:** 90

Hi,

I have two separate a2b servers v2.07, one for billing another one for web GUI.
I have set up both servers and pointed a2billing.conf in etc folder to the remote database and set persmission.
Both servers are working fine but i am getting CSRF Error! on the web GUI server when i do Subscription Signup.
Normal signup working fine but getting error for Subscription Signup. much appreciate your help.

Getting the following error in httpd log:

PHP Warning: session_start(): open(/var/lib/php/session/sess_git7losl0m97c257hnd9ol9ph0, O_RDWR) failed: Permission denied (13) in /var/www/html/billing/common/lib/customer.defines.php on line 61, referer: http://web..----..com/billing/customer/signup_service.php
PHP Warning: Unknown: open(/var/lib/php/session/sess_git7losl0m97c257hnd9ol9ph0, O_RDWR) failed: Permission denied (13) in Unknown on line 0, referer: http://web.----.com/billing/customer/signup_service.php
PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0, referer: http://web..----..com/billing/customer/signup_service.php
PHP Warning: session_start(): open(/var/lib/php/session/sess_git7losl0m97c257hnd9ol9ph0, O_RDWR) failed: Permission denied (13) in /var/www/html/billing/common/lib/customer.defines.php on line 61
File does not exist: /var/www/html/billing/Public, referer: http://web..----..com/billing/customer/signup_service.php
PHP Warning: session_start(): open(/var/lib/php/session/sess_git7losl0m97c257hnd9ol9ph0, O_RDWR) failed: Permission denied (13) in /var/www/html/billing/common/lib/customer.defines.php on line 61, referer: http://web..----..com/billing/customer/signup_service.php
PHP Warning: Unknown: open(/var/lib/php/session/sess_git7losl0m97c257hnd9ol9ph0, O_RDWR) failed: Permission denied (13) in Unknown on line 0, referer: http://web..----..com/billing/customer/signup_service.php
PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0, referer: http://web..----..com/billing/customer/signup_service.php

bucasia · **Joined:** Mon Mar 02, 2009 8:56 pm **Posts:** 271

I would check the file permissions on - /var/lib/php/session/ - and make sure the user Apache is running as has write access.

jroper · **Joined:** Fri Jun 23, 2006 3:56 pm **Posts:** 4065

Hi

The current version of A2Billing is 2.0.9. try upgrading.

Joe

bucasia · **Joined:** Mon Mar 02, 2009 8:56 pm **Posts:** 271

Hi Joe

I think you got some of the places CSRF checking is broken, but I still get the CSRF Error with 2.0.9 when trying to add IAX details.

Matt

rboy22007 · **Joined:** Wed Nov 25, 2009 12:01 pm **Posts:** 90

Hi,

I have set permissions on /var/lib/php/session/ "chown -R apache :apache /var/lib/php/session"
also have the latest version 2.0.9. still get the CSRF Error. any idea?

Nikole · **Joined:** Thu Oct 11, 2012 1:00 pm **Posts:** 13

Same problems here. Just updated to 2.0.9 and this started.

Nikole · **Joined:** Thu Oct 11, 2012 1:00 pm **Posts:** 13

I am really fed up with this CSRF Error since upgrading to 2.0.9

Has anyone found a solution to this?
The ones suggested already don't do anything and I am can't do much apart from going back to 2.0.7 !

jroper · **Joined:** Fri Jun 23, 2006 3:56 pm **Posts:** 4065

Hi

We are looking at it now.

Joe

Nikole · **Joined:** Thu Oct 11, 2012 1:00 pm **Posts:** 13

jroper wrote:

Hi

We are looking at it now.

Joe

Thank you,
FYI I have not tested accessing the Signup section. I don't even know if this is happening there.
To me it happens when I about to look SIP/IAX peers.
In specific: /agent/Public/A2B_entity_friend.php?section=1
or
/admin/Public/A2B_entity_friend.php?atmenu=sip&section=1

The above is the URL displayed when the CSRF Error is on screen.

Please update us here if a new version comes out. I did not realize yesterday that there was a 2.0.9 version because your download link says "Latest 2.0.8". Only after downloading it I realized it was 2.0.9 but... the problems started...

bs-e-xton · **Joined:** Tue Apr 22, 2014 3:54 pm **Posts:** 4

I have the same issue with the CSRF ERROR! when accessing /admin/Public/A2B_entity_did_use.php.

Also... the /admin/Public/templates/default/images/btn_release_did_94x20.gif file is missing from your master branch. The file is referenced when accessing the following URL:

/admin/Public/A2B_entity_did_use.php?posted=&order=&sens=&current_page=&did=&inuse=&atmenu=document&stitle=Document&actionbtn=release_did&did=5

areski · **Posted:** Wed Apr 23, 2014 10:37 pm

We release v2.0.10 today which should solve more of those errors.
Feedback are welcome.

/Areski

bs-e-xton · **Joined:** Tue Apr 22, 2014 3:54 pm **Posts:** 4

Thanks!!! 2.10 fixed my CSRF Error issue with /admin/Public/A2B_entity_did_use.php.

bucasia · **Joined:** Mon Mar 02, 2009 8:56 pm **Posts:** 271

Hi Areski

Thanks for the update to 2.10. Sill seeing the CSRF error in at least 2 places though -

admin - customers - voip settings - iax
customer - paypal buy now - continue

Thanks - Matt

areski · **Posted:** Fri Apr 25, 2014 11:00 am

I fixed it on the develop branch
https://github.com/Star2Billing/a2billi ... 42d6aaabba

Please let me know if you see more of those errors, so that we can release a safer version.

bucasia · **Joined:** Mon Mar 02, 2009 8:56 pm **Posts:** 271

Hi Areski

Thanks for the update. I can confirm with the develop branch on my test system both these are working now -

admin - customers - voip settings - iax
customer - paypal buy now - continue

I haven't put it on my production system (as I wasn't sure if there was other stuff in the develop branch) and will wait for a numbered release.

It looks good though.

Thanks - Matt

provided by Star2Billing S.L.

A2B Web Sever Subscription Signup CSRF Error!

Who is online