Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

ReCAPTCHA v2 API Settings - Token was not posted.


Just installed PHP-Fusion-9.0 on Debian-8.10 i686
Whilst infusing reCAPTCHA v2 I am seeing following messages.

Firstly, on top of the window on broad red strip
"Settings saved successfully", then after split second another
message overlaps the first one:
"Token was not posted
There was an error while processing your request"

Next, at the bottom of the window on black strip:
"WARNING: An error occurred while parsing the page.
Please see PHP-Fusion's Error Log for more details.L: 4 N: 0"

I do not see anything helpful in apache2 log files.
Exactly the same behaviour I observed on Debian-9.4 amd64.

I will be grateful for any help and/or suggestions.

Best regards - Tom.
Hi, please see this for older Infusions and Forms in general, https://www.php-fusion.co.uk/infusions/forum/viewthread.php?thread_id=38455
To the Error Logs that is in the footer, you can access it either via the [Error Logs] text which will prompt a Modal Pop Up. In each error, there is an Error Title. Further clicking on the Error Title will reveal the error stacks, on how the error happens in the first place. Now these errors are prettty much self explanatory for any seasoned coder and they can track down the bug and fix it, or they can fix and submit to our repository, or they can lodge an issue with the PHP-Fusion developer git repository, or here.

But as much as troubleshooting goes, before we address this, there are some "experience" that I have accumulated over the past years on the PHP-Fusion 9.

On installation:

1. All Problems Starts with MYSQLi driver being selected as the default SQL language on your server. This is because MYSQLi has been reacting very badly with MariaDB. The fix is obvious. Use PDO driver instead during installation or for what it matters, just avoid MYSQLi.

2. If Error do happen in between - that is Probably because of the Token security. Now this Token Security Error is "not" a big issue as long as your installation went fine, and you can finally finish the whole installation process. We can just ignore the Token issue altogether if this is such a case.

3. If you cannot install, that is the bigger problem. Then we need to check your server version, and whether your server can totally store any sessions. There are folks who runs "load balancing" where the Sessions are path to another server. To fix that, the sessions must be able to be stored and run in the installation machine itself.

4. If Infusions fail to upgrade, it is purely upgrade driver fault. Please report the issue, and we will get if fixed soonest possible and give you the latest upgrade drivers here.

Merged on 06/01/2018:

For some explanation regarding the Token, I offer my apology to the about lengthy explanation this will take, but I will make it as short as simple as possible for you and everyone else.

The Token is a `CSRF` (Cross Site Request Forgery) attempt from the PHP-Fusion Core to prevent the SQL driver from responding at all. This protects automatically the system database from remote hacking, such as malicious script injection.

Now, Token not Posted Error message gives the user an Error indicating there has been an "illegal refresh" going on. In comparison, say Facebook, you will see "Oops" response or being redirected to one when this happens. Now, sooner or later we will be removing the message altogether because it is nothing but raises nonsense concerns. I think we will be addressing and wipe out that notice in Andromeda forward.

What this means is when you have a form in PHP-Fusion 9, it is "illegal" to hit F5. Your form will not work and whatever you do will fail. If you want to refresh, you need to do a hard refresh. To do this, click at the URL Bar, highlighting the full URL address, hit Enter. This will reload the page. And all your filled up fields will be gone, but the Token will be valid for use. Each Token issued to you is only valid for 1 round of view. That is the feature itself, and the nature of it. If it is extended to then CSRF will happen. It's like installing an Anti Virus software and disabling it.

Now, each form can generate up to a number of tokens depending on the form settings. In Andromeda forward, the number of tokens can be extended in the Admin Panel > System > Security Settings. What is a number of tokens you ask? That means that this form that is currently visible to you can accept up to an amount of different uniquely hashed token when you post. In other words, when you view this form, you can open like X number of tabs in your browser, for X number of tokens - all displaying the same form. When you post in either of these, the values will be accepted.

However, if you F5 in each of these form. Like I explained earlier, they will fail. You will get Token Error Notice. Again, this is a development feature, and I will start removing the notices or change to a global notice, all together. "Oops, something went wrong. Please try again." would make much better sense of it.
It doesn't makes sense having to notice the user of the word "Token". It just raises eye brows all the time. Nevertheless, this is a development issue, and I will be discussing this with the developers further.

I appreciate very much both solid, helpful and self explanatory responses.

Let me point out that installation in question
is _AFRESH_ installation of PHP-Fusion 9 on Debian-8.10 i686.

I just tried to infuse reCAPTCHA dated back to 2015,
as the only one I was able to grab from Internet.

I do not persist on using above reCAPTCHA at the moment
therefore I am leaving this for the time being.

Live site is at (although not publicly advertised yet):


I do maintain my own web site (see above) employing PHP-Fusion-7.0.2
and lately also my radio club website powered by Joomla!3


Deployed also another PHP-Fusion 9 installation
for friend of mine, this time on Debian-9.3 amd64.
Both, OS and CMS, I administer and maintain remotely.

Let me read your replies few more times and rethink whole subject.
I am slowly making my way on getting familiar with new CMS,
keeping in mind that each day sees a new set of challenges.

I already have some observations regarding PHP-Fusion 9
but let me write them down and then I will get back to this later.

To Falk:
- your concise suggestion put me on right track - thank you!

To Chan:
- once more, I appreciate VERY much your comprehensive answer.
Re: 1
- I used PDO,
Re: 2
- whole installation itself went smoothly without any glitches,
Re: 3
- not applicable,
Re: 4
- I wasn't upgrading, just trying to infuse dated infusion.

Have a nice day.
Best regards - Tom
101 Guide on Upgrading Old Infusions to New Infusions

PHP Form Script:
This step will make that form generate a hidden token.


$form_name = 'myform';
$method = 'post';
$action_url= BASEDIR.'url.php';

<form name='$form_name' method='$method' action='$action_url' >


openform($form_name, $method, $action_url, array('enctype'=>FALSE) );

Set encytpe to TRUE if it needs to process $_FILES upload.

Now to use that CSRF protection, embed this into your $_POST event.

if (\defender::safe()) { // <--- This safeguards your SQL.
dbquery("UPDATE ".....");
dbquery("INSERT" ....");

Greetings chan.

Will put your suggestion into action ASAP.

Best regards.
Tom - SP2L
Thread Information
6 posts
906 times
Last Post
Last updated on 2 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Falk, Chan, tws