One of our top clients came to us today with the classic “invalid token when logging in to Joomla’s frontend” problem, we thought that it’ll be a straightforward fix, but like all these “token” problems, it wasn’t!
Our client was using an extension called ExtendedReg, which extends the built-in registration extension by allowing the administrator to add more fields (and have more functionality), and whenever someone tried to login using the ExtendedReg module, he was greeted with the following error message: “666 – The token was invalid!”
We knew from the format of the message that it wasn’t a built-in Joomla error message (Joomla never uses exclamation marks in its error messages), so it must be a third party extension. The logical thing to do was try to find where the error message was in the ExtendedReg extension, and so we searched for the word token in the directory containing the ExtendedReg component (in the frontend), and we were able to find the following code in line 158 of the users.php file located under components/com_extendedreg/controllers/ file:
if ((int)$conf->use_checktoken) {
if (!JRequest::checkToken()) {
JError::raiseError(666, JText::_('COM_EXTENDEDREG_INVALID_TOKEN'));
jexit();
}
}
As you can see, for the error message to show up, the condition $conf->use_checktoken must return 1, which means that the act of checking the token is based on a setting in the ExtendedReg configuration, and so we logged in to Joomla’s backend, and we went to Components -> ExtendedReg -> Settings, and sure enough, there was a field called Use checkToken tool (under the Security tab) which was set to Yes. We set this field to No and the error message disappeared, however, we still had problems: whenever we tried to login, we were greeted with the following error:
The server encountered an internal error or misconfiguration and was unable to complete your request.
The title of the page displaying the error was “200 OK”. What’s very weird was that the content of the page was actually displayed after the error message (usually Internal Server Errors are fatal – in other words the script stops from being executed when there is such an error). In any case, we started debugging the whole application by disabling the active plugins, one by one. This hasn’t helped.
We then looked at the .htaccess file located in the root directory of the website (we took a quick glimpse at this file when we first saw the problem, but we saw nothing out of the ordinary), and we read its lines one by one, until we reached the following code:
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
And then we remembered that this website is not hosted on the root directory – in fact it was hosted under a directory called Joomla, so we un-commented the line above (by removing the # next to # RewriteBase /) and the login just worked. We couldn’t be any happier!
If you’re having the same problem when you try to login to Joomla, or you’re having any problem on your Joomla website, then why not contact us? Our rates are cheap, our work is top-notch, our attitude very is friendly, and we always welcome new clients!