We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
WHMCS Invalid or missing token
WHMCS Invalid or missing token
I have checked all the threads I can find regarding this issue but I can't seem to get this working, even after following the advice from the other threads.
When I click the "Login to control panel" button in WHMCS, it takes me to the Vesta login page and says "Invalid or missing token"... but when I type the admin login credentials manually it logs in fine, I have checked the login credentials in the server setup page within WHMCS a zillion times, I have even deleted and re-added the server in case I missed something but i always get "Invalid or missing token", I don't understand why I can log in manually, but when WHMCS tries, it doesn't work.
Just to add, I've had this working before when I had WHMCS installed on a sub domain (sub.domain.co.uk) and everything worked fine, I removed everything and re-installed on the main domain (domain.co.uk) and now it's not working, but everything else is the same.
Any help would be really appreciated, i'm pulling out my hair!
Thanks.
When I click the "Login to control panel" button in WHMCS, it takes me to the Vesta login page and says "Invalid or missing token"... but when I type the admin login credentials manually it logs in fine, I have checked the login credentials in the server setup page within WHMCS a zillion times, I have even deleted and re-added the server in case I missed something but i always get "Invalid or missing token", I don't understand why I can log in manually, but when WHMCS tries, it doesn't work.
Just to add, I've had this working before when I had WHMCS installed on a sub domain (sub.domain.co.uk) and everything worked fine, I removed everything and re-installed on the main domain (domain.co.uk) and now it's not working, but everything else is the same.
Any help would be really appreciated, i'm pulling out my hair!
Thanks.
Re: WHMCS Invalid or missing token
Can anyone help? I have checked the log files and nothing displays!
The Vesta login page just displays Invalid Login Token or something about Language...
If I try to log in manually I don't get any errors, only when WHMCS attempts login.
The Vesta login page just displays Invalid Login Token or something about Language...
If I try to log in manually I don't get any errors, only when WHMCS attempts login.
Re: WHMCS Invalid or missing token
I have the same problem, but use Rootpanel and VestaCp.
I looked at login request from Rootpanel to VestaCp, parametr token is missing.
Where can we get token?
I looked at login request from Rootpanel to VestaCp, parametr token is missing.
Where can we get token?
Re: WHMCS Invalid or missing token
Do you only get the error when you try to login from WHMCS?RedRocket wrote:Can anyone help? I have checked the log files and nothing displays!
The Vesta login page just displays Invalid Login Token or something about Language...
If I try to log in manually I don't get any errors, only when WHMCS attempts login.
Do all the other features work as expected?
Re: WHMCS Invalid or missing token
Tokens are generated on page load and stored in $_SESSION['token']linelect wrote:I have the same problem, but use Rootpanel and VestaCp.
I looked at login request from Rootpanel to VestaCp, parametr token is missing.
Where can we get token?
Re: WHMCS Invalid or missing token
How can I realize login from Rootpanel to vestacp without enter credentials? (Earlier I could do it)joem wrote:Tokens are generated on page load and stored in $_SESSION['token']linelect wrote:I have the same problem, but use Rootpanel and VestaCp.
I looked at login request from Rootpanel to VestaCp, parametr token is missing.
Where can we get token?
Re: WHMCS Invalid or missing token
Hi its a issue with WHMCS and Vestacp tokenization vestacp generate md5 hash which is an 32 characters length and whmcs is generating its token as 40 characters length so its a token's length mismatch issue vestacp team needs to look into it as in their login/index.php file they are using ...
// Generate CSRF token
$_SESSION['token'] = md5(uniqid(mt_rand(), true));
which generates 32 characters md5 hash if you see their login page use inspect element you will see someting like this blow...
<form method="post" action="/login/">
<input type="hidden" name="token" value="b6662c4e915cf31efbd0a561213d00ce">
<table class="login-box">
<tbody><tr>
<td syle="padding: 12px 0 0 2px;">
Username </td>
</tr>
<tr>
<td>
<input tabindex="1" type="text" size="20px" style="width:240px;" name="user" class="vst-input">
</td>
</tr>
<tr>
<td style="padding: 12px 0 0 2px;">
Password <span style="padding:0 0 0 14px;">
<a tabindex="5" class="vst-advanced" href="/reset/">
forgot password </a>
</span>
</td>
</tr>
<tr>
<td>
<input tabindex="2" type="password" size="20px" style="width:240px;" name="password" class="vst-input">
</td>
</tr>
<tr>
<td height="28px">
</td>
</tr>
<tr>
<td style="padding: 0 0 12px 0;">
<input tabindex="3" type="submit" value="Log in" class="button">
</td>
</tr>
</tbody></table>
</form>
But if you see the WHMCS section for login to control panel button you will see the below code...
<form action="https://panel.domain.com:8083/login/" method="post" target="_blank">
<input type="hidden" name="token" value="56eb21f6176768193b659f5bce999fa901449777">
<input type="hidden" name="user" value="xxxxx">
<input type="hidden" name="password" value="xxxxxx">
<input type="submit" value="Login to Control Panel">
<input type="button" value="Login to Webmail" onclick="window.open('https://webmail.domain.com')">
</form>
its my observations in this regard but i am not sure if this is the cause of this issue better some vestacp team members will reply for the same.
// Generate CSRF token
$_SESSION['token'] = md5(uniqid(mt_rand(), true));
which generates 32 characters md5 hash if you see their login page use inspect element you will see someting like this blow...
<form method="post" action="/login/">
<input type="hidden" name="token" value="b6662c4e915cf31efbd0a561213d00ce">
<table class="login-box">
<tbody><tr>
<td syle="padding: 12px 0 0 2px;">
Username </td>
</tr>
<tr>
<td>
<input tabindex="1" type="text" size="20px" style="width:240px;" name="user" class="vst-input">
</td>
</tr>
<tr>
<td style="padding: 12px 0 0 2px;">
Password <span style="padding:0 0 0 14px;">
<a tabindex="5" class="vst-advanced" href="/reset/">
forgot password </a>
</span>
</td>
</tr>
<tr>
<td>
<input tabindex="2" type="password" size="20px" style="width:240px;" name="password" class="vst-input">
</td>
</tr>
<tr>
<td height="28px">
</td>
</tr>
<tr>
<td style="padding: 0 0 12px 0;">
<input tabindex="3" type="submit" value="Log in" class="button">
</td>
</tr>
</tbody></table>
</form>
But if you see the WHMCS section for login to control panel button you will see the below code...
<form action="https://panel.domain.com:8083/login/" method="post" target="_blank">
<input type="hidden" name="token" value="56eb21f6176768193b659f5bce999fa901449777">
<input type="hidden" name="user" value="xxxxx">
<input type="hidden" name="password" value="xxxxxx">
<input type="submit" value="Login to Control Panel">
<input type="button" value="Login to Webmail" onclick="window.open('https://webmail.domain.com')">
</form>
its my observations in this regard but i am not sure if this is the cause of this issue better some vestacp team members will reply for the same.
-
- Posts: 8
- Joined: Thu Jan 24, 2019 5:14 pm
- Contact:
- Os: CentOS 7x
- Web: apache + nginx
Re: WHMCS Invalid or missing token
Is there any update on this, as it's been like 4 years now and still there's no solutions.
-
- Posts: 8
- Joined: Thu Jan 24, 2019 5:14 pm
- Contact:
- Os: CentOS 7x
- Web: apache + nginx
Re: WHMCS Invalid or missing token
I have gone through some steps and have seen that VestaCP has something called SALT authentication in its Login page file, which basically defines the encryption methods that should be decrypted, it has SHA-512, MD5 & DES, we need to have SHA1 in order to make the WHMCS & VestaCP integrated login work, can anyone help me on that?mohsinamer wrote: ↑Tue May 26, 2020 3:13 amIs there any update on this, as it's been like 4 years now and still there's no solutions.
-
- Posts: 2
- Joined: Tue Jul 04, 2017 12:16 am