Contacts: Token integration.

contact_address_edit.php

@@ -82,6 +82,14 @@ else {
 				$contact_address_uuid = $_POST["contact_address_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -200,6 +208,10 @@ else {
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -431,6 +443,7 @@ else {
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_address_uuid' value='".escape($contact_address_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";

contact_attachment_edit.php

@@ -60,6 +60,14 @@
 		$attachment_primary = $_POST['attachment_primary'];
 		$attachment_description = $_POST['attachment_description'];
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		if (!is_array($attachment) || sizeof($attachment) == 0) {
 			$attachment_type = strtolower(pathinfo($_POST['attachment_filename'], PATHINFO_EXTENSION));
 		}
@@ -130,6 +138,10 @@
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -222,6 +234,7 @@
 
 	echo "	<tr>\n";
 	echo "		<td colspan='2' align='right'>\n";
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<br>\n";
 	echo "			<input type='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";

contact_edit.php

@@ -78,6 +78,14 @@
 				$contact_uuid = $_POST["contact_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			//if (strlen($contact_type) == 0) { $msg .= $text['message-required'].$text['label-contact_type']."<br>\n"; }
@@ -258,6 +266,10 @@
 	$contact_users = $database->select($sql, $parameters, 'all');
 	unset($sql, $parameters);
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -720,8 +732,9 @@
 		echo "	<tr>\n";
 		echo "		<td colspan='2' align='right'>\n";
 		if ($action == "update") {
-			echo "				<input type='hidden' name='contact_uuid' value='".escape($contact_uuid)."'>\n";
+			echo "			<input type='hidden' name='contact_uuid' value='".escape($contact_uuid)."'>\n";
 		}
+		echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 		echo "			<br>";
 		echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 		echo "		</td>\n";

contact_email_edit.php

@@ -72,6 +72,14 @@ if (is_uuid($_GET["contact_uuid"])) {
 				$contact_email_uuid = $_POST["contact_email_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -172,6 +180,10 @@ if (is_uuid($_GET["contact_uuid"])) {
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -296,6 +308,7 @@ if (is_uuid($_GET["contact_uuid"])) {
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_email_uuid' value='".escape($contact_email_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";

contact_note_edit.php

@@ -70,6 +70,14 @@
 				$contact_note_uuid = $_POST["contact_note_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -160,6 +168,10 @@
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -204,6 +216,7 @@
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_note_uuid' value='".escape($contact_note_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";

contact_phone_edit.php

@@ -86,6 +86,14 @@
 				$contact_phone_uuid = $_POST["contact_phone_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -202,6 +210,10 @@
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -361,6 +373,7 @@
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_phone_uuid' value='".escape($contact_phone_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";

contact_relation_edit.php

@@ -75,6 +75,14 @@ else {
 				$contact_relation_uuid = $_POST["contact_relation_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -172,6 +180,10 @@ else {
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	$document['title'] = $text['title-contact_relation'];
 	require_once "resources/header.php";
@@ -321,6 +333,7 @@ else {
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_relation_uuid' value='".escape($contact_relation_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";

contact_setting_edit.php

@@ -79,6 +79,14 @@
 				$contact_setting_uuid = $_POST["contact_setting_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			//if (strlen($domain_setting_category) == 0) { $msg .= $text['message-required'].$text['label-category']."<br>\n"; }
@@ -186,6 +194,10 @@
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -338,6 +350,7 @@
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_setting_uuid' value='".$contact_setting_uuid."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";

contact_time_edit.php

@@ -67,6 +67,14 @@ else {
 				$contact_time_uuid = $_POST["contact_time_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -158,6 +166,10 @@ else {
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -223,6 +235,7 @@ else {
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_time_uuid' value='".escape($contact_time_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";

contact_url_edit.php

@@ -73,6 +73,14 @@ else {
 				$contact_url_uuid = $_POST["contact_url_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: contacts.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) {
@@ -173,6 +181,10 @@ else {
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == "update") {
@@ -297,6 +309,7 @@ else {
 	if ($action == "update") {
 		echo "		<input type='hidden' name='contact_url_uuid' value='".escape($contact_url_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";