User & User Settings: List view and button updates.

core/user_settings/app_languages.php

@@ -2162,4 +2162,44 @@ $text['button-voicemail']['ru-ru'] = "Голосовая почта";
 $text['button-voicemail']['sv-se'] = "Röstbrevlåda";
 $text['button-voicemail']['uk-ua'] = "Голосова пошта";
 
-?>
+$text['description-user_setting-edit']['en-us'] = "Edit a setting for this user.";
+$text['description-user_setting-edit']['ar-eg'] = "";
+$text['description-user_setting-edit']['de-at'] = "Eine Einstellung für diesen Benutzer bearbeiten."; //copied from de-de
+$text['description-user_setting-edit']['de-ch'] = "Eine Einstellung für diesen Benutzer bearbeiten."; //copied from de-de
+$text['description-user_setting-edit']['de-de'] = "Eine Einstellung für diesen Benutzer bearbeiten.";
+$text['description-user_setting-edit']['es-cl'] = "Editar un escenario de este usuario.";
+$text['description-user_setting-edit']['es-mx'] = "Editar un escenario de este usuario."; //copied from es-cl
+$text['description-user_setting-edit']['fr-ca'] = "Modifier un réglage pour cet utilisateur."; //copied from fr-fr
+$text['description-user_setting-edit']['fr-fr'] = "Modifier un réglage pour cet utilisateur.";
+$text['description-user_setting-edit']['he-il'] = "";
+$text['description-user_setting-edit']['it-it'] = "Modifica un parametro per questo utente.";
+$text['description-user_setting-edit']['nl-nl'] = "";
+$text['description-user_setting-edit']['pl-pl'] = "";
+$text['description-user_setting-edit']['pt-br'] = "Editar uma configuração para este usuário."; //copied from pt-pt
+$text['description-user_setting-edit']['pt-pt'] = "Editar uma configuração para este usuário.";
+$text['description-user_setting-edit']['ro-ro'] = "";
+$text['description-user_setting-edit']['ru-ru'] = "Изменить настройки этого пользователя.";
+$text['description-user_setting-edit']['sv-se'] = "Ändra en inställning för denna användfare.";
+$text['description-user_setting-edit']['uk-ua'] = "";
+
+$text['description-user_setting-add']['en-us'] = "Add a setting for this user.";
+$text['description-user_setting-add']['ar-eg'] = "";
+$text['description-user_setting-add']['de-at'] = "Eine Einstellung für diesen Benutzer hinzufügen."; //copied from de-de
+$text['description-user_setting-add']['de-ch'] = "Eine Einstellung für diesen Benutzer hinzufügen."; //copied from de-de
+$text['description-user_setting-add']['de-de'] = "Eine Einstellung für diesen Benutzer hinzufügen.";
+$text['description-user_setting-add']['es-cl'] = "Añadir un entorno para este usuario.";
+$text['description-user_setting-add']['es-mx'] = "Añadir un entorno para este usuario."; //copied from es-cl
+$text['description-user_setting-add']['fr-ca'] = "Ajouter un cadre pour cet utilisateur."; //copied from fr-fr
+$text['description-user_setting-add']['fr-fr'] = "Ajouter un cadre pour cet utilisateur.";
+$text['description-user_setting-add']['he-il'] = "";
+$text['description-user_setting-add']['it-it'] = "Aggiungi un parametro per questo utente.";
+$text['description-user_setting-add']['nl-nl'] = "";
+$text['description-user_setting-add']['pl-pl'] = "";
+$text['description-user_setting-add']['pt-br'] = "Adicionar uma definição para esse usuário."; //copied from pt-pt
+$text['description-user_setting-add']['pt-pt'] = "Adicionar uma definição para esse usuário.";
+$text['description-user_setting-add']['ro-ro'] = "";
+$text['description-user_setting-add']['ru-ru'] = "Добавьте параметр для этого пользователя.";
+$text['description-user_setting-add']['sv-se'] = "Lägg till en inställning för denna användare.";
+$text['description-user_setting-add']['uk-ua'] = "";
+
+?>

core/user_settings/resources/classes/user_settings.php

@@ -0,0 +1,196 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <[email protected]>
+	Portions created by the Initial Developer are Copyright (C) 2019
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <[email protected]>
+*/
+
+//define the user settings class
+if (!class_exists('user_settings')) {
+	class user_settings {
+
+		/**
+		 * declare private variables
+		 */
+		private $app_name;
+		private $app_uuid;
+		private $permission_prefix;
+		private $list_page;
+		private $table;
+		private $uuid_prefix;
+		private $toggle_field;
+		private $toggle_values;
+
+		/**
+		 * declare public variables
+		 */
+		public $user_uuid;
+
+		/**
+		 * called when the object is created
+		 */
+		public function __construct() {
+
+			//assign private variables
+				$this->app_name = 'user_settings';
+				$this->app_uuid = '3a3337f7-78d1-23e3-0cfd-f14499b8ed97';
+				$this->permission_prefix = 'user_setting_';
+				$this->list_page = PROJECT_PATH."/core/user/user_edit.php?id=".urlencode($this->user_uuid);
+				$this->table = 'user_settings';
+				$this->uuid_prefix = 'user_setting_';
+				$this->toggle_field = 'user_setting_enabled';
+				$this->toggle_values = ['true','false'];
+
+		}
+
+		/**
+		 * called when there are no references to a particular object
+		 * unset the variables used in the class
+		 */
+		public function __destruct() {
+			foreach ($this as $key => $value) {
+				unset($this->$key);
+			}
+		}
+
+		/**
+		 * delete records
+		 */
+		public function delete($records) {
+			if (permission_exists($this->permission_prefix.'delete')) {
+
+				//add multi-lingual support
+					$language = new text;
+					$text = $language->get();
+
+				//validate the token
+					$token = new token;
+					if (!$token->validate('/core/user_settings/user_settings.php')) {
+						message::add($text['message-invalid_token'],'negative');
+						header('Location: '.$this->list_page);
+						exit;
+					}
+
+				//delete multiple records
+					if (is_array($records) && @sizeof($records) != 0) {
+
+						//build the delete array
+							foreach ($records as $x => $record) {
+								if ($record['checked'] == 'true' && is_uuid($record['uuid'])) {
+									$array[$this->table][$x][$this->uuid_prefix.'uuid'] = $record['uuid'];
+									$array[$this->table][$x]['domain_uuid'] = $_SESSION['domain_uuid'];
+								}
+							}
+
+						//delete the checked rows
+							if (is_array($array) && @sizeof($array) != 0) {
+
+								//execute delete
+									$database = new database;
+									$database->app_name = $this->app_name;
+									$database->app_uuid = $this->app_uuid;
+									$database->delete($array);
+									unset($array);
+
+								//set message
+									message::add($text['message-delete']);
+							}
+							unset($records);
+					}
+			}
+		}
+
+		/**
+		 * toggle records
+		 */
+		public function toggle($records) {
+			if (permission_exists($this->permission_prefix.'edit')) {
+
+				//add multi-lingual support
+					$language = new text;
+					$text = $language->get();
+
+				//validate the token
+					$token = new token;
+					if (!$token->validate('/core/user_settings/user_settings.php')) {
+						message::add($text['message-invalid_token'],'negative');
+						header('Location: '.$this->list_page);
+						exit;
+					}
+
+				//toggle the checked records
+					if (is_array($records) && @sizeof($records) != 0) {
+
+						//get current toggle state
+							foreach ($records as $x => $record) {
+								if ($record['checked'] == 'true' && is_uuid($record['uuid'])) {
+									$uuids[] = "'".$record['uuid']."'";
+								}
+							}
+							if (is_array($uuids) && @sizeof($uuids) != 0) {
+								$sql = "select ".$this->uuid_prefix."uuid as uuid, ".$this->toggle_field." as toggle from v_".$this->table." ";
+								$sql .= "where domain_uuid = :domain_uuid ";
+								$sql .= "and ".$this->uuid_prefix."uuid in (".implode(', ', $uuids).") ";
+								$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+								$database = new database;
+								$rows = $database->select($sql, $parameters, 'all');
+								if (is_array($rows) && @sizeof($rows) != 0) {
+									foreach ($rows as $row) {
+										$states[$row['uuid']] = $row['toggle'];
+									}
+								}
+								unset($sql, $parameters, $rows, $row);
+							}
+
+						//build update array
+							if (is_array($states) && @sizeof($states) != 0) {
+								$x = 0;
+								foreach ($states as $uuid => $state) {
+									$array[$this->table][$x][$this->uuid_prefix.'uuid'] = $uuid;
+									$array[$this->table][$x][$this->toggle_field] = $state == $this->toggle_values[0] ? $this->toggle_values[1] : $this->toggle_values[0];
+									$x++;
+								}
+							}
+
+						//save the changes
+							if (is_array($array) && @sizeof($array) != 0) {
+
+								//save the array
+									$database = new database;
+									$database->app_name = $this->app_name;
+									$database->app_uuid = $this->app_uuid;
+									$database->save($array);
+									unset($array);
+
+								//set message
+									message::add($text['message-toggle']);
+							}
+							unset($records, $states);
+					}
+
+			}
+		} //method
+
+	} //class
+}
+
+?>

core/user_settings/user_setting_edit.php

@@ -352,39 +352,39 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 	}
 
 //show the content
-	echo "<form name='frm' id='frm' method='post' action=''>\n";
-	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-	echo "<tr>\n";
-	echo "<td align='left' valign='top' width='30%' nowrap='nowrap'><b>";
+	echo "<form name='frm' id='frm' method='post'>\n";
+
+	echo "<div class='action_bar' id='action_bar'>\n";
+	echo "	<div class='heading'>";
 	if ($action == "update") {
-		echo $text['header-user_setting-edit'];
+		echo "<b>".$text['header-user_setting-edit']."</b>";
 	}
 	if ($action == "add") {
-		echo $text['header-user_setting-add'];
-	}
-	echo "</b></td>\n";
-	echo "<td width='70%' align='right' valign='top'>";
-	echo "	<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='/core/users/user_edit.php?id=".escape($user_uuid)."'\" value='".$text['button-back']."'>";
-	echo "	<input type='button' class='btn' value='".$text['button-save']."' onclick='submit_form();'>\n";
-	echo "</td>\n";
-	echo "</tr>\n";
-	echo "<tr>\n";
-	echo "<td align='left' colspan='2'>\n";
+		echo "<b>".$text['header-user_setting-add']."</b>";
+	}
+	echo	"</div>\n";
+	echo "	<div class='actions'>\n";
+	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px;','link'=>'/core/users/user_edit.php?id='.urlencode($user_uuid)]);
+	echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'onclick'=>'submit_form();']);
+	echo "	</div>\n";
+	echo "	<div style='clear: both;'></div>\n";
+	echo "</div>\n";
+
 	if ($action == "update") {
-		echo $text['description-user_setting-edit'];
+		echo $text['description-user_setting-edit']."\n";
 	}
 	if ($action == "add") {
-		echo $text['description-user_setting-add'];
+		echo $text['description-user_setting-add']."\n";
 	}
 	echo "<br /><br />\n";
-	echo "</td>\n";
-	echo "</tr>\n";
+
+	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 
 	echo "<tr>\n";
-	echo "<td class='vncellreq' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "<td width='30%' class='vncellreq' valign='top' align='left' nowrap='nowrap'>\n";
 	echo "	".$text['label-category']."\n";
 	echo "</td>\n";
-	echo "<td class='vtable' align='left'>\n";
+	echo "<td width='70%' class='vtable' align='left'>\n";
 	if (permission_exists('user_setting_category_edit')) {
 		echo "	<input type='text' class='formfld' name='user_setting_category' id='user_setting_category' maxlength='255' value=\"".escape($user_setting_category)."\">\n";
 	}
@@ -713,8 +713,6 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "		<input type='hidden' name='user_setting_uuid' value='".escape($user_setting_uuid)."'>\n";
 	}
 	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
-	echo "			<br />";
-	echo "			<input type='button' class='btn' value='".$text['button-save']."' onclick='submit_form();'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";
 	echo "</table>";

core/user_settings/user_settings.php

@@ -28,6 +28,7 @@
 	require_once "root.php";
 	require_once "resources/require.php";
 	require_once "resources/check_auth.php";
+	require_once "resources/paging.php";
 
 //check permissions
 	if (permission_exists('user_setting_view')) {
@@ -38,6 +39,38 @@
 		exit;
 	}
 
+//get the http post data
+	if ($_POST['action'] != '') {
+		$action = $_POST['action'];
+		$user_uuid = $_POST['user_uuid'];
+		$user_settings = $_POST['user_settings'];
+
+		//process the http post data by action
+			if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+				switch ($action) {
+					case 'toggle':
+						if (permission_exists('user_setting_edit')) {
+							$obj = new user_settings;
+							$obj->user_uuid = $user_uuid;
+							$obj->toggle($user_settings);
+						}
+						break;
+					case 'delete':
+						if (permission_exists('user_setting_delete')) {
+							$obj = new user_settings;
+							$obj->user_uuid = $user_uuid;
+							$obj->delete($user_settings);
+						}
+						break;
+				}
+			}
+
+		//redirect
+			header('Location: '.PROJECT_PATH.'/core/users/user_edit.php?id='.urlencode($user_uuid));
+			exit;
+	}
+
+/*
 //toggle setting enabled
 	if (
 		is_uuid($_REQUEST["user_id"]) &&
@@ -64,18 +97,12 @@
 			header("Location: /core/users/user_edit.php?id=".$_REQUEST["user_id"]);
 			exit;
 	}
-
-//include the paging
-	require_once "resources/paging.php";
+*/
 
 //get the variables
 	$order_by = $_GET["order_by"];
 	$order = $_GET["order"];
 
-//show the content
-	echo "<form name='frm_settings' id='frm_settings' method='get' action='/core/user_settings/user_setting_delete.php'>";
-	echo "<input type='hidden' name='user_uuid' value='".$user_uuid."'>";
-
 //common sql where
 	$sql_where = "where user_uuid = :user_uuid ";
 	$sql_where .= "and not ( ";
@@ -98,13 +125,13 @@
 	if (isset($_GET['page'])) {
 		$page = $_GET['page'];
 		if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
-		list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page);
+		list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
 		$offset = $rows_per_page * $page;
 	}
 //get the list
 	$sql = "select * from v_user_settings ";
 	$sql .= $sql_where;
-	if ($order_by != '') {
+	if ($order_by == '') {
 		$sql .= "order by user_setting_category, user_setting_subcategory, user_setting_order asc ";
 	}
 	else {
@@ -115,78 +142,97 @@
 	$user_settings = $database->select($sql, $parameters, 'all');
 	unset($sql, $sql_where, $parameters);
 
-	$c = 0;
-	$row_style["0"] = "row_style0";
-	$row_style["1"] = "row_style1";
+//create token
+	$object = new token;
+	$token = $object->create('/core/user_settings/user_settings.php');
 
 //show the content
-	echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+	echo "<div class='action_bar sub'>\n";
+	echo "	<div class='heading'><b>".$text['header-user_settings']."</b></div>\n";
+	echo "	<div class='actions'>\n";
+	if (permission_exists('user_setting_add')) {
+		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'link'=>PROJECT_PATH.'/core/user_settings/user_setting_edit.php?user_uuid='.urlencode($_GET['id'])]);
+	}
+	if (permission_exists('user_setting_edit') && $user_settings) {
+		echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$_SESSION['theme']['button_icon_toggle'],'onclick'=>"if (confirm('".$text['confirm-toggle']."')) { list_action_set('toggle'); list_form_submit('form_list'); } else { this.blur(); return false; }"]);
+	}
+	if (permission_exists('user_setting_delete') && $user_settings) {
+		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'onclick'=>"if (confirm('".$text['confirm-delete']."')) { list_action_set('delete'); list_form_submit('form_list'); } else { this.blur(); return false; }"]);
+	}
+	echo "	</div>\n";
+	echo "	<div style='clear: both;'></div>\n";
+	echo "</div>\n";
 
-	if (is_array($user_settings) && sizeof($user_settings) != 0) {
-		$previous_category = '';
-		foreach($user_settings as $row) {
-			if ($previous_category != $row['user_setting_category']) {
-				$c = 0;
-				echo "<tr>\n";
-				echo "	<td colspan='7' align='left'>\n";
-				if ($previous_category != '') {
-					echo "	<br /><br />\n";
-				}
-				echo "		<b>\n";
-				if (strtolower($row['user_setting_category']) == "cdr") {
-					echo "		CDR";
-				}
-				elseif (strtolower($row['user_setting_category']) == "ldap") {
-					echo "		LDAP";
-				}
-				else {
-					echo "		".ucfirst($row['user_setting_category']);
-				}
-				echo "		</b>\n";
-				echo "	</td>\n";
-				echo "</tr>\n";
-				echo "<tr>\n";
-				if ((permission_exists("domain_select")
-					&& permission_exists("user_setting_add")
-					&& count($_SESSION['domains']) > 1) ||
-					permission_exists('user_setting_delete')) {
-						echo "<th style='width: 30px; vertical-align: bottom; text-align: center; padding: 0px 3px 2px 8px;'><input type='checkbox' id='chk_all_".$row['user_setting_category']."' class='chk_all' onchange=\"(this.checked) ? check('all','".strtolower($row['user_setting_category'])."') : check('none','".strtolower($row['user_setting_category'])."');\"></th>";
+	echo $text['header_description-user_settings']."\n";
+	echo "<br /><br />\n";
+
+	echo "<form id='form_list' method='post' action='/core/user_settings/user_settings.php'>\n";
+	echo "<input type='hidden' name='action' id='action' value=''>\n";
+	echo "<input type='hidden' name='user_uuid' value='".$user_uuid."'>\n";
+
+	echo "<table class='list'>\n";
+	if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+		$x = 0;
+		foreach ($user_settings as $row) {
+			$user_setting_category = strtolower($row['user_setting_category']);
+
+			$label_user_setting_category = $row['user_setting_category'];
+			switch (strtolower($label_user_setting_category)) {
+				case "api" : $label_user_setting_category = "API"; break;
+				case "cdr" : $label_user_setting_category = "CDR"; break;
+				case "ldap" : $label_user_setting_category = "LDAP"; break;
+				case "ivr_menu" : $label_user_setting_category = "IVR Menu"; break;
+				default:
+					$label_user_setting_category = str_replace("_", " ", $label_user_setting_category);
+					$label_user_setting_category = str_replace("-", " ", $label_user_setting_category);
+					$label_user_setting_category = ucwords($label_user_setting_category);
+			}
+
+			if ($previous_user_setting_category != $row['user_setting_category']) {
+				if ($previous_user_setting_category != '') {
+					echo "</table>\n";
+
+					echo "<br>\n";
 				}
-				echo "<th>".$text['label-subcategory']."</th>";
-				echo "<th>".$text['label-type']."</th>";
-				echo "<th>".$text['label-value']."</th>";
-				echo "<th style='text-align: center;'>".$text['label-enabled']."</th>";
-				echo "<th>".$text['label-description']."</th>";
-				echo "<td class='list_control_icons'>";
-				if (permission_exists('user_setting_add')) {
-					echo "<a href='/core/user_settings/user_setting_edit.php?user_setting_category=".urlencode($row['user_setting_category'])."&user_uuid=".check_str($_GET['id'])."' alt='".$text['button-add']."'>".$v_link_label_add."</a>";
+				echo "<b>".escape($label_user_setting_category)."</b><br>\n";
+
+				echo "<table class='list'>\n";
+				echo "<tr class='list-header'>\n";
+				if (permission_exists('user_setting_add') || permission_exists('user_setting_edit') || permission_exists('user_setting_delete')) {
+					echo "	<th class='checkbox'>\n";
+					echo "		<input type='checkbox' id='checkbox_all_".$user_setting_category."' name='checkbox_all' onclick=\"list_all_toggle('".$user_setting_category."');\">\n";
+					echo "	</th>\n";
 				}
-				if (permission_exists('user_setting_delete')) {
-					echo "<a href='javascript:void(0);' onclick=\"if (confirm('".$text['confirm-delete']."')) { document.getElementById('frm_settings').submit(); }\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
+				echo "<th class='pct-35'>".$text['label-subcategory']."</th>";
+				echo "<th class='pct-10 hide-sm-dn'>".$text['label-type']."</th>";
+				echo "<th class='pct-30'>".$text['label-value']."</th>";
+				echo "<th class='center'>".$text['label-enabled']."</th>";
+				echo "<th class='pct-25 hide-sm-dn'>".$text['label-description']."</th>";
+				if (permission_exists('user_setting_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
+					echo "	<td class='action-button'>&nbsp;</td>\n";
 				}
-				echo "</td>\n";
 				echo "</tr>\n";
 			}
-			$tr_link = (permission_exists('user_setting_edit')) ? " href='/core/user_settings/user_setting_edit.php?user_uuid=".$row['user_uuid']."&id=".$row['user_setting_uuid']."'" : null;
-			echo "<tr ".$tr_link.">\n";
-			if (
-				(permission_exists("domain_select") && permission_exists("user_setting_add") && count($_SESSION['domains']) > 1) ||
-				permission_exists("user_setting_delete")
-				) {
-				echo "	<td valign='top' class='".$row_style[$c]." tr_link_void' style='text-align: center; padding: 3px 3px 0px 8px;'><input type='checkbox' name='id[]' id='checkbox_".$row['user_setting_uuid']."' value='".$row['user_setting_uuid']."' onclick=\"if (!this.checked) { document.getElementById('chk_all_".$row['user_setting_category']."').checked = false; }\"></td>\n";
-				$subcat_ids[strtolower($row['user_setting_category'])][] = 'checkbox_'.$row['user_setting_uuid'];
+			if (permission_exists('user_setting_edit')) {
+				$list_row_url = PROJECT_PATH."/core/user_settings/user_setting_edit.php?user_uuid=".$row['user_uuid']."&id=".$row['user_setting_uuid'];
+			}
+			echo "<tr class='list-row' href='".$list_row_url."'>\n";
+			if (permission_exists('user_setting_add') || permission_exists('user_setting_edit') || permission_exists('user_setting_delete')) {
+				echo "	<td class='checkbox'>\n";
+				echo "		<input type='checkbox' name='user_settings[$x][checked]' id='checkbox_".$x."' class='checkbox_".$user_setting_category."' value='true' onclick=\"if (!this.checked) { document.getElementById('checkbox_all_".$user_setting_category."').checked = false; }\">\n";
+				echo "		<input type='hidden' name='user_settings[$x][uuid]' value='".escape($row['user_setting_uuid'])."' />\n";
+				echo "	</td>\n";
 			}
-			echo "	<td valign='top' class='".$row_style[$c]."'>";
+			echo "	<td class='overflow no-wrap'>";
 			if (permission_exists('user_setting_edit')) {
-				echo 	"<a href='/core/user_settings/user_setting_edit.php?user_uuid=".$row['user_uuid']."&id=".$row['user_setting_uuid']."'>".$row['user_setting_subcategory']."</a>";
+				echo "	<a href='".$list_row_url."'>".escape($row['user_setting_subcategory'])."</a>";
 			}
 			else {
-				echo $row['user_setting_subcategory'];
+				echo escape($row['user_setting_subcategory']);
 			}
 			echo "	</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['user_setting_name']."&nbsp;</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."' style='width: 30%; max-width: 100px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>\n";
-
+			echo "	<td class='hide-sm-dn'>".$row['user_setting_name']."&nbsp;</td>\n";
+			echo "	<td class='overflow no-wrap'>\n";
 			$category = $row['user_setting_category'];
 			$subcategory = $row['user_setting_subcategory'];
 			$name = $row['user_setting_name'];
@@ -198,12 +244,12 @@
 				$sub_result = $database->select($sql, $parameters, 'all');
 				if (is_array($sub_result) && sizeof($sub_result) != 0) {
 					foreach ($sub_result as &$sub_row) {
-						echo $sub_row["menu_language"]." - ".$sub_row["menu_name"]."\n";
+						echo escape($sub_row["menu_language"])." - ".escape($sub_row["menu_name"])."\n";
 					}
 				}
 				unset($sql, $parameters, $sub_result, $sub_row);
 			}
-			elseif ($category == "domain" && $subcategory == "template" && $name == "name" ) {
+			else if ($category == "domain" && $subcategory == "template" && $name == "name" ) {
 				echo "		".ucwords($row['user_setting_value']);
 			}
 			else if ($category == "domain" && $subcategory == "time_format" && $name == "text" ) {
@@ -220,79 +266,53 @@
 				( $category == "theme" && $subcategory == "menu_position" && $name == "text" ) ||
 				( $category == "theme" && $subcategory == "logo_align" && $name == "text" )
 				) {
-				echo "		".$text['label-'.$row['user_setting_value']];
+				echo "		".$text['label-'.escape($row['user_setting_value'])];
 			}
 			else if ($subcategory == 'password' || substr_count($subcategory, '_password') > 0 || $category == "login" && $subcategory == "password_reset_key" && $name == "text") {
-				echo "		".str_repeat('*', strlen($row['user_setting_value']));
+				echo "		".str_repeat('*', strlen(escape($row['user_setting_value'])));
+			}
+			else if ($category == 'theme' && $subcategory == 'button_icons' && $name == 'text') {
+				echo "		".$text['option-button_icons_'.$row['domain_setting_value']]."\n";
+			}
+			else if ($category == "theme" && substr_count($subcategory, "_color") > 0 && ($name == "text" || $name == 'array')) {
+				echo "		".(img_spacer('15px', '15px', 'background: '.escape($row['user_setting_value']).'; margin-right: 4px; vertical-align: middle; border: 1px solid '.(color_adjust($row['user_setting_value'], -0.18)).'; padding: -1px;'));
+				echo "<span style=\"font-family: 'Courier New'; line-height: 6pt;\">".escape($row['user_setting_value'])."</span>\n";
+			}
+			else if ($category == 'recordings' && $subcategory == 'storage_type' && $name == 'text') {
+				echo "		".$text['label-'.$row['domain_setting_value']]."\n";
 			}
 			else {
-				if ($category == "theme" && substr_count($subcategory, "_color") > 0 && ($name == "text" || $name == 'array')) {
-					echo "		".(img_spacer('15px', '15px', 'background: '.$row['user_setting_value'].'; margin-right: 4px; vertical-align: middle; border: 1px solid '.(color_adjust($row['user_setting_value'], -0.18)).'; padding: -1px;'));
-					echo "<span style=\"font-family: 'Courier New'; line-height: 6pt;\">".htmlspecialchars($row['user_setting_value'])."</span>\n";
-				}
-				else {
-					echo "		".htmlspecialchars($row['user_setting_value'])."\n";
-				}
+				echo "		".escape($row['user_setting_value'])."\n";
 			}
 			echo "	</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]." tr_link_void' style='text-align: center;'>\n";
-			echo "		<a href='../user_settings/user_settings.php?user_id=".$row['user_uuid']."&id[]=".$row['user_setting_uuid']."&enabled=".(($row['user_setting_enabled'] == 'true') ? 'false' : 'true')."'>".$text['label-'.$row['user_setting_enabled']]."</a>\n";
-			echo "	</td>\n";
-			echo "	<td valign='top' class='row_stylebg'>".escape($row['user_setting_description'])."&nbsp;</td>\n";
-			echo "	<td class='list_control_icons'>";
 			if (permission_exists('user_setting_edit')) {
-				echo "<a href='/core/user_settings/user_setting_edit.php?user_uuid=".escape($row['user_uuid'])."&id=".escape($row['user_setting_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
+				echo "	<td class='no-link center'>\n";
+				echo button::create(['type'=>'submit','class'=>'link','label'=>$text['label-'.$row['user_setting_enabled']],'title'=>$text['button-toggle'],'onclick'=>"list_self_check('checkbox_".$x."'); list_action_set('toggle'); list_form_submit('form_list')"]);
 			}
-			if (permission_exists('user_setting_delete')) {
-				echo "<a href='/core/user_settings/user_setting_delete.php?user_uuid=".escape($row['user_uuid'])."&id[]=".escape($row['user_setting_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+			else {
+				echo "	<td class='center'>\n";
+				echo $text['label-'.$row['user_setting_enabled']];
 			}
 			echo "	</td>\n";
+			echo "	<td class='description overflow hide-sm-dn' title=\"".escape($row['user_setting_description'])."\">".escape($row['user_setting_description'])."&nbsp;</td>\n";
+			if (permission_exists('user_setting_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
+				echo "	<td class='action-button'>\n";
+				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
+				echo "	</td>\n";
+			}
 			echo "</tr>\n";
-			$previous_category = $row['user_setting_category'];
-			$c = $c ? 0 : 1;
-		}
-	}
-	unset($sql);
 
-	echo "<tr>\n";
-	echo "<td colspan='20' align='left'>\n";
-	echo "	<table width='100%' cellpadding='0' cellspacing='0'>\n";
-	echo "	<tr>\n";
-	echo "		<td width='33.3%' nowrap>&nbsp;</td>\n";
-	echo "		<td width='33.3%' align='center' nowrap>$paging_controls</td>\n";
-	echo "		<td class='list_control_icons'>";
-	if (permission_exists('user_setting_add')) {
-		echo 		"<a href='/core/user_settings/user_setting_edit.php?user_uuid=".check_str($_GET['id'])."' alt='".$text['button-add']."'>$v_link_label_add</a>";
-	}
-	if (permission_exists('user_setting_delete') && is_array($user_settings)) {
-		echo "<a href='javascript:void(0);' onclick=\"if (confirm('".$text['confirm-delete']."')) { document.getElementById('frm_settings').submit(); }\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
+			//set the previous category
+			$previous_user_setting_category = $row['user_setting_category'];
+			$x++;
+		}
 	}
-	echo "		</td>\n";
-	echo "	</tr>\n";
- 	echo "	</table>\n";
-	echo "</td>\n";
-	echo "</tr>\n";
-
-	echo "</table>";
-	echo "</form>";
-
-	echo "<br /><br />";
-
 	unset($user_settings);
 
-	// check or uncheck all category checkboxes
-	if (is_array($subcat_ids) && sizeof($subcat_ids) > 0) {
-		echo "<script>\n";
-		echo "	function check(what, category) {\n";
-		foreach ($subcat_ids as $user_setting_category => $checkbox_ids) {
-			echo "if (category == '".$user_setting_category."') {\n";
-			foreach ($checkbox_ids as $index => $checkbox_id) {
-				echo "document.getElementById('".$checkbox_id."').checked = (what == 'all') ? true : false;\n";
-			}
-			echo "}\n";
-		}
-		echo "	}\n";
-		echo "</script>\n";
-	}
+	echo "</table>\n";
+	echo "<br />\n";
+	echo "<div align='center'>".$paging_controls."</div>\n";
+	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+	echo "</form>\n";
 
-?>
+?>

core/users/app_languages.php

@@ -1566,45 +1566,47 @@ $text['header-user_import']['sv-se'] = "Importera";
 $text['header-user_import']['uk-ua'] = "";
 $text['header-user_import']['tr-tr'] = "İçe Aktar";
 
-$text['description-user_setting-edit']['en-us'] = "Edit a setting for this user.";
-$text['description-user_setting-edit']['ar-eg'] = "";
-$text['description-user_setting-edit']['de-at'] = "Eine Einstellung für diesen Benutzer bearbeiten."; //copied from de-de
-$text['description-user_setting-edit']['de-ch'] = "Eine Einstellung für diesen Benutzer bearbeiten."; //copied from de-de
-$text['description-user_setting-edit']['de-de'] = "Eine Einstellung für diesen Benutzer bearbeiten.";
-$text['description-user_setting-edit']['es-cl'] = "Editar un escenario de este usuario.";
-$text['description-user_setting-edit']['es-mx'] = "Editar un escenario de este usuario."; //copied from es-cl
-$text['description-user_setting-edit']['fr-ca'] = "Modifier un réglage pour cet utilisateur."; //copied from fr-fr
-$text['description-user_setting-edit']['fr-fr'] = "Modifier un réglage pour cet utilisateur.";
-$text['description-user_setting-edit']['he-il'] = "";
-$text['description-user_setting-edit']['it-it'] = "Modifica un parametro per questo utente.";
-$text['description-user_setting-edit']['nl-nl'] = "";
-$text['description-user_setting-edit']['pl-pl'] = "";
-$text['description-user_setting-edit']['pt-br'] = "Editar uma configuração para este usuário."; //copied from pt-pt
-$text['description-user_setting-edit']['pt-pt'] = "Editar uma configuração para este usuário.";
-$text['description-user_setting-edit']['ro-ro'] = "";
-$text['description-user_setting-edit']['ru-ru'] = "Изменить настройки этого пользователя.";
-$text['description-user_setting-edit']['sv-se'] = "Ändra en inställning för denna användfare.";
-$text['description-user_setting-edit']['uk-ua'] = "";
-
-$text['description-user_setting-add']['en-us'] = "Add a setting for this user.";
-$text['description-user_setting-add']['ar-eg'] = "";
-$text['description-user_setting-add']['de-at'] = "Eine Einstellung für diesen Benutzer hinzufügen."; //copied from de-de
-$text['description-user_setting-add']['de-ch'] = "Eine Einstellung für diesen Benutzer hinzufügen."; //copied from de-de
-$text['description-user_setting-add']['de-de'] = "Eine Einstellung für diesen Benutzer hinzufügen.";
-$text['description-user_setting-add']['es-cl'] = "Añadir un entorno para este usuario.";
-$text['description-user_setting-add']['es-mx'] = "Añadir un entorno para este usuario."; //copied from es-cl
-$text['description-user_setting-add']['fr-ca'] = "Ajouter un cadre pour cet utilisateur."; //copied from fr-fr
-$text['description-user_setting-add']['fr-fr'] = "Ajouter un cadre pour cet utilisateur.";
-$text['description-user_setting-add']['he-il'] = "";
-$text['description-user_setting-add']['it-it'] = "Aggiungi un parametro per questo utente.";
-$text['description-user_setting-add']['nl-nl'] = "";
-$text['description-user_setting-add']['pl-pl'] = "";
-$text['description-user_setting-add']['pt-br'] = "Adicionar uma definição para esse usuário."; //copied from pt-pt
-$text['description-user_setting-add']['pt-pt'] = "Adicionar uma definição para esse usuário.";
-$text['description-user_setting-add']['ro-ro'] = "";
-$text['description-user_setting-add']['ru-ru'] = "Добавьте параметр для этого пользователя.";
-$text['description-user_setting-add']['sv-se'] = "Lägg till en inställning för denna användare.";
-$text['description-user_setting-add']['uk-ua'] = "";
+$text['header-user_settings']['en-us'] = "User Settings";
+$text['header-user_settings']['ar-eg'] = "User Settings";
+$text['header-user_settings']['de-at'] = "User Settings";
+$text['header-user_settings']['de-ch'] = "User Settings";
+$text['header-user_settings']['de-de'] = "User Settings";
+$text['header-user_settings']['el-gr'] = "User Settings";
+$text['header-user_settings']['es-cl'] = "User Settings";
+$text['header-user_settings']['es-mx'] = "User Settings";
+$text['header-user_settings']['fr-ca'] = "User Settings";
+$text['header-user_settings']['fr-fr'] = "User Settings";
+$text['header-user_settings']['he-il'] = "User Settings";
+$text['header-user_settings']['it-it'] = "User Settings";
+$text['header-user_settings']['nl-nl'] = "User Settings";
+$text['header-user_settings']['pl-pl'] = "User Settings";
+$text['header-user_settings']['pt-br'] = "User Settings";
+$text['header-user_settings']['pt-pt'] = "User Settings";
+$text['header-user_settings']['ro-ro'] = "User Settings";
+$text['header-user_settings']['ru-ru'] = "User Settings";
+$text['header-user_settings']['sv-se'] = "User Settings";
+$text['header-user_settings']['uk-ua'] = "User Settings";
+$text['header-user_settings']['tr-tr'] = "User Settings";
+
+$text['header_description-user_settings']['en-us'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['ar-eg'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['de-at'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['de-ch'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['de-de'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['es-cl'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['es-mx'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['fr-ca'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['fr-fr'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['he-il'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['it-it'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['nl-nl'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['pl-pl'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['pt-br'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['pt-pt'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['ro-ro'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['ru-ru'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['sv-se'] = "Settings for this user that should override those defined in Domain or Default Settings.";
+$text['header_description-user_settings']['uk-ua'] = "Settings for this user that should override those defined in Domain or Default Settings.";
 
 $text['description-user_manager']['en-us'] = "Add, edit, delete, and search users. ";
 $text['description-user_manager']['ar-eg'] = "";

core/users/user_edit.php

@@ -642,22 +642,26 @@
 	echo "</script>\n";
 
 	echo "<form name='frm' id='frm' method='post'>\n";
-	echo "<input type='hidden' name='action' id='action' value=''>\n";
 
-	echo "<div style='float:right; white-space: nowrap;'>\n";
+	echo "<div class='action_bar' id='action_bar'>\n";
+	echo "	<div class='heading'><b>".$text['header-user_edit']."</b></div>\n";
+	echo "	<div class='actions'>\n";
 	if ($unsaved) {
 		echo "<span style='color: #b00;'>".$text['message-unsaved_changes']." <i class='fas fa-exclamation-triangle' style='margin-right: 15px;'></i></span>";
 	}
 	if (permission_exists('user_add') || permission_exists('user_edit')) {
-		echo "	<input type='button' class='btn' style='margin-right: 10px;' onclick=\"window.location='users.php'\" value='".$text['button-back']."'>";
+		echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px;','link'=>'users.php']);
 	}
 	if (permission_exists('ticket_add') || permission_exists('ticket_edit')) {
-		echo "	<input type='button' class='btn' style='margin-right: 3px;' onclick=\"window.location='/app/tickets/tickets.php?user_uuid=".urlencode($user_uuid)."'\" value='".$text['button-tickets']."'>";
+		echo button::create(['type'=>'button','label'=>$text['button-tickets'],'icon'=>'tags','style'=>'margin-right: 15px;','link'=>PROJECT_PATH.'/app/tickets/tickets.php?user_uuid='.urlencode($user_uuid)]);
 	}
-	echo "	<input type='submit' class='btn' value='".$text['button-save']."'>";
+	echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save']]);
+	echo "	</div>\n";
+	echo "	<div style='clear: both;'></div>\n";
 	echo "</div>\n";
-	echo "<b>".$text['header-user_edit']."</b><br />\n";
-	echo $text['description-user_edit']."<br /><br />\n";
+
+	echo $text['description-user_edit']."\n";
+	echo "<br /><br />\n";
 
 	echo "<table cellpadding='0' cellspacing='0' border='0' width='100%'>";
 
@@ -951,7 +955,8 @@
 			}
 			echo "</select>";
 			if ($action == 'edit') {
-				echo "<input type='submit' class='btn' value=\"".$text['button-add']."\" >\n";
+				echo button::create(['type'=>'submit','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add']]);
+// 				echo "<input type='submit' class='btn' value=\"".$text['button-add']."\" >\n";
 			}
 		}
 		unset($sql, $parameters, $groups, $field);
@@ -984,8 +989,8 @@
 		echo "	<tr>";
 		echo "		<td class='vncell' valign='top'>".$text['label-api_key']."</td>";
 		echo "		<td class='vtable'>\n";
-		echo "			<input type=\"text\" class='formfld' name=\"api_key\" id='api_key' value=\"".escape($api_key)."\" >";
-		echo "			<input type='button' class='btn' value='".$text['button-generate']."' onclick=\"getElementById('api_key').value='".uuid()."';\">";
+		echo "			<input type='text' class='formfld' style='width: 250px;' name='api_key' id='api_key' value=\"".escape($api_key)."\" >";
+		echo button::create(['type'=>'button','label'=>$text['button-generate'],'icon'=>'key','onclick'=>"document.getElementById('api_key').value = uuid();"]);
 		if (strlen($text['description-api_key']) > 0) {
 			echo "			<br />".$text['description-api_key']."<br />\n";
 		}
@@ -997,8 +1002,8 @@
 		echo "	<tr>";
 		echo "		<td class='vncell' valign='top'>".$text['label-message_key']."</td>";
 		echo "		<td class='vtable'>\n";
-		echo "			<input type='text' class='formfld' name='message_key' id='message_key' value=\"".escape($user_settings["message"]["key"]["text"])."\" >";
-		echo "			<input type='button' class='btn' value='".$text['button-generate']."' onclick=\"getElementById('message_key').value='".uuid()."';\">";
+		echo "			<input type='text' class='formfld' style='width: 250px;' name='message_key' id='message_key' value=\"".escape($user_settings["message"]["key"]["text"])."\" >";
+		echo button::create(['type'=>'button','label'=>$text['button-generate'],'icon'=>'key','onclick'=>"document.getElementById('message_key').value = uuid();"]);
 		if (strlen($text['description-message_key']) > 0) {
 			echo "			<br />".$text['description-message_key']."<br />\n";
 		}
@@ -1033,18 +1038,30 @@
 	if ($unsaved) {
 		echo "		<span style='color: #b00;'>".$text['message-unsaved_changes']." <i class='fas fa-exclamation-triangle' style='margin-right: 15px;'></i></span>";
 	}
-	echo "			<input type='submit' class='btn' value='".$text['button-save']."'>";
 	echo "		</td>";
 	echo "	</tr>";
 	echo "</table>";
-	echo "<br><br>";
 	echo "</form>";
 
 	if (permission_exists("user_edit") && permission_exists('user_setting_view') && $action == 'edit') {
+		echo "<br><br>";
 		require $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/core/user_settings/user_settings.php";
 	}
 
+//uuid generation script
+	echo "<script>\n";
+	echo "function uuid() {\n";
+	echo "	var d = new Date().getTime();\n";
+	echo "	var uuid = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {\n";
+	echo "		var r = (d + Math.random()*16)%16 | 0;\n";
+	echo "		d = Math.floor(d/16);\n";
+	echo "		return (c=='x' ? r : (r&0x3|0x8)).toString(16);\n";
+	echo "	});\n";
+	echo "	return uuid;\n";
+	echo "};\n";
+	echo "</script>\n";
+
 //include the footer
 	require_once "resources/footer.php";
 
-?>
+?>

core/users/user_imports.php

@@ -43,7 +43,7 @@
 	$text = $language->get();
 
 //built in str_getcsv requires PHP 5.3 or higher, this function can be used to reproduce the functionality but requires PHP 5.1.0 or higher
-	if(!function_exists('str_getcsv')) {
+	if (!function_exists('str_getcsv')) {
 		function str_getcsv($input, $delimiter = ",", $enclosure = '"', $escape = "\\") {
 			$fp = fopen("php://memory", 'r+');
 			fputs($fp, $input);
@@ -90,9 +90,14 @@
 			$x = 0;
 			include ("core/users/app_config.php");
 			$i = 0;
-			foreach($apps[0]['db'] as $table) {
+			foreach ($apps[0]['db'] as $table) {
 				//get the table name and parent name
-				$table_name = $table["table"]['name'];
+				if (is_array($table["table"]['name'])) {
+					$table_name = $table["table"]['name']['text'];
+				}
+				else {
+					$table_name = $table["table"]['name'];
+				}
 				$parent_name = $table["table"]['parent'];
 
 				//remove the v_ table prefix
@@ -132,45 +137,41 @@
 //match the column names to the field names
 	if (strlen($delimiter) > 0 && file_exists($_SESSION['file']) && $action != 'import') {
 
-		//form to match the fields to the column names
+		//create token
+			$object = new token;
+			$token = $object->create($_SERVER['PHP_SELF']);
+
+		//include header
 			$document['title'] = $text['title-user_import'];
 			require_once "resources/header.php";
 
-			echo "<form action='user_imports.php' method='POST' enctype='multipart/form-data' name='frmUpload' onSubmit=''>\n";
-			echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+		//form to match the fields to the column names
+			echo "<form name='frmUpload' method='POST' enctype='multipart/form-data'>\n";
 
-			echo "	<tr>\n";
-			echo "	<td valign='top' align='left' nowrap='nowrap'>\n";
-			echo "		<b>".$text['header-user_import']."</b><br />\n";
-			echo "	</td>\n";
-			echo "	<td valign='top' align='right'>\n";
-			echo "		<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='users.php'\" value='".$text['button-back']."'>\n";
-			echo "		<input name='submit' type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
-			echo "	</td>\n";
-			echo "	</tr>\n";
-			echo "	<tr>\n";
-			echo "	<td colspan='2' align='left'>\n";
-			echo "		".$text['description-import']."\n";
-			echo "	</td>\n";
-			echo "	</tr>\n";
-
-			//echo "<tr>\n";
-			//echo "<td align='left' width='30%' nowrap='nowrap'><b>".$text['header-import']."</b></td>\n";
-			//echo "<td width='70%' align='right'>\n";
-			//echo "	<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='users.php'\" value='".$text['button-back']."'>\n";
-			//echo "</td>\n";
-			//echo "</tr>\n";
+			echo "<div class='action_bar' id='action_bar'>\n";
+			echo "	<div class='heading'><b>".$text['header-user_import']."</b></div>\n";
+			echo "	<div class='actions'>\n";
+			echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px;','link'=>'users.php']);
+			echo button::create(['type'=>'submit','label'=>$text['button-import'],'icon'=>$_SESSION['theme']['button_icon_import']]);
+			echo "	</div>\n";
+			echo "	<div style='clear: both;'></div>\n";
+			echo "</div>\n";
+
+			echo $text['description-import']."\n";
+			echo "<br /><br />\n";
+
+			echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
 				$line_field = trim(trim($line_field), $enclosure);
 				echo "<tr>\n";
-				echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+				echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 				//echo "    ".$text['label-zzz']."\n";
 				echo $line_field;
 				echo "</td>\n";
-				echo "<td class='vtable' align='left'>\n";
+				echo "<td width='70%' class='vtable' align='left'>\n";
 				echo "    			<select class='formfld' style='' name='fields[$x]'>\n";
 				echo "    			<option value=''></option>\n";
 				foreach($schema as $row) {
@@ -200,12 +201,15 @@
 			echo "				<input name='from_row' type='hidden' value='$from_row'>\n";
 			echo "				<input name='data_delimiter' type='hidden' value='$delimiter'>\n";
 			echo "				<input name='data_enclosure' type='hidden' value='$enclosure'>\n";
-			echo "				<input type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
 			echo "			</td>\n";
 			echo "		</tr>\n";
 
 			echo "	</table>\n";
+
+			echo "	<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+
 			echo "</form>\n";
+
 			require_once "resources/footer.php";
 
 		//normalize the column names
@@ -233,6 +237,14 @@
 //upload the csv
 	if (file_exists($_SESSION['file']) && $action == 'import') {
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: users.php');
+				exit;
+			}
+
 		//form to match the fields to the column names
 			//$document['title'] = $text['title-user_import'];
 			//require_once "resources/header.php";
@@ -387,34 +399,36 @@
 			}
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //include the header
 	$document['title'] = $text['title-user_import'];
 	require_once "resources/header.php";
 
-//begin the content
-	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-	echo "	<tr>\n";
-	echo "	<td valign='top' align='left' width='30%' nowrap='nowrap'>\n";
-	echo "		<b>".$text['header-user_import']."</b><br />\n";
-	echo "		".$text['description-import']."\n";
-	echo "	</td>\n";
-	echo "	<td valign='top' width='70%' align='right'>\n";
-	echo "		<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='users.php'\" value='".$text['button-back']."'>\n";
-	//echo "		<input name='submit' type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
-	echo "	</td>\n";
-	echo "	</tr>\n";
-	echo "</table>";
+//show content
+	echo "<form name='frmUpload' method='post' enctype='multipart/form-data'>\n";
 
-	echo "<br />\n";
+	echo "<div class='action_bar' id='action_bar'>\n";
+	echo "	<div class='heading'><b>".$text['header-user_import']."</b></div>\n";
+	echo "	<div class='actions'>\n";
+	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px;','link'=>'users.php']);
+	echo button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>$_SESSION['theme']['button_icon_upload']]);
+	echo "	</div>\n";
+	echo "	<div style='clear: both;'></div>\n";
+	echo "</div>\n";
+
+	echo $text['description-import']."\n";
+	echo "<br /><br />\n";
 
-	echo "<form action='' method='POST' enctype='multipart/form-data' name='frmUpload' onSubmit=''>\n";
-	echo "	<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+	echo "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
 
 	echo "<tr>\n";
-	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 	echo "    ".$text['label-import_data']."\n";
 	echo "</td>\n";
-	echo "<td class='vtable' align='left'>\n";
+	echo "<td width='70%' class='vtable' align='left'>\n";
 	echo "    <textarea name='data' id='data' rows='7' class='formfld' style='width: 100%;' wrap='off'>$data</textarea>\n";
 	echo "<br />\n";
 	echo $text['description-import_data']."\n";
@@ -483,8 +497,7 @@
 	echo "		</td>\n";
 	echo "		<td valign='bottom' align='right' nowrap>\n";
 	echo "			<input name='type' type='hidden' value='csv'>\n";
-	echo "			<br />\n";
-	echo "			<input name='submit' type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>\n";
 	echo "	</table>\n";
@@ -494,4 +507,4 @@
 //include the footer
 	require_once "resources/footer.php";
 
-?>
+?>

resources/app_languages.php

@@ -1442,6 +1442,26 @@ $text['button-remove']['sv-se'] = "Ta Bort";
 $text['button-remove']['uk-ua'] = "Видалити";
 $text['button-remove']['tr-tr'] = "Sil";
 
+$text['button-continue']['en-us'] = "Continue";
+$text['button-continue']['ar-eg'] = "";
+$text['button-continue']['de-at'] = "Fortfahren"; //copied from de-de
+$text['button-continue']['de-ch'] = "Fortfahren"; //copied from de-de
+$text['button-continue']['de-de'] = "Fortfahren";
+$text['button-continue']['es-cl'] = "Continuar";
+$text['button-continue']['es-mx'] = "Continuar"; //copied from es-cl
+$text['button-continue']['fr-ca'] = "Continue"; //copied from fr-fr
+$text['button-continue']['fr-fr'] = "Continue";
+$text['button-continue']['he-il'] = "המשך";
+$text['button-continue']['it-it'] = "";
+$text['button-continue']['nl-nl'] = "Kontinue";
+$text['button-continue']['pl-pl'] = "Kontynuuj";
+$text['button-continue']['pt-br'] = "Continuar"; //copied from pt-pt
+$text['button-continue']['pt-pt'] = "Continuar";
+$text['button-continue']['ro-ro'] = "";
+$text['button-continue']['ru-ru'] = "Продолжить";
+$text['button-continue']['sv-se'] = "Fortsätt";
+$text['button-continue']['uk-ua'] = "Продовжити";
+
 $text['label-installed']['en-us'] = "Installed";
 $text['label-installed']['ar-eg'] = "Installed";
 $text['label-installed']['de-at'] = "Installed";