Invalid Token Hack

At some point you will get the "Invalid Token" white screen of death on your Joomla 1.7 site.

Cause : A form token has expired

Solution : Unfortunately the only solution is to modify the core files to better handle this problem. In most cases, at least the ones that I have found, there is a simple solution albeit a core hack that none of us like to do.

There are two sources of the text "Invalid Token" one is a pure literal hard coded as "Invalid Token" and the other one uses the translatable  'JInvalid_Token'.

The most common occurrence is with the login form therefore I will deal with that one here.

In the file found at /components/com_users/controllers/user.php on line 28 you will find the login function.

Comment out the first line which should be JRequest::checkToken('post') or jexit(JText::_('JInvalid_Token'));

The culprit is the last part where a failed checkToken() request simply dies (exits) with an "Invalid Token" message.

With that line commented out move to the line below $app = JFactory::getApplication(); if the line isn't empty open up a new line and insert the following :

JRequest::checkToken('post') or $app->redirect(JURI,JText::_('JInvalid_Token'));

This will cause the the failed token check to redirect to your home page with an "Invalid Token" message presented in the Joomla message area, if you don't want the message then leave out the ",JText::_('JInvalid_Token')" (including the comma after JURI).

For the logout function comment out the JRequest::checkToken('post') or jexit(JText::_('JInvalid_Token')); line.

Add this line below $app = JFactory::getApplication();

JRequest::checkToken('default') or $app->redirect(JURI,JText::_('JInvalid_Token'));

Hopefully the Joomla Team will see that this is a much better way to handle things and it will be part of 1.8

If you have an editor that allows you to search for text strings in your whole Joomla installation you can search for "Invalid Token" and for 'JInvalid_Token' (in both case leave out the quote marks) and you will be able to look at each case and decide how to best handle them in a User Friendly way.

Hope this helps.

All the best - John.