|
|
@@ -78,6 +78,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|
|
$database_uuid = $_POST["database_uuid"];
|
|
|
}
|
|
|
|
|
|
+ //validate the token
|
|
|
+ $token = new token;
|
|
|
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
|
|
|
+ message::add($text['message-invalid_token'],'negative');
|
|
|
+ header('Location: databases.php');
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+
|
|
|
//check for all required data
|
|
|
//if (strlen($database_driver) == 0) { $msg .= $text['message-required'].$text['label-driver']."<br>\n"; }
|
|
|
//if (strlen($database_type) == 0) { $msg .= $text['message-required'].$text['label-type']."<br>\n"; }
|
|
|
@@ -178,6 +186,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|
|
unset($sql, $parameters, $row);
|
|
|
}
|
|
|
|
|
|
+//create token
|
|
|
+ $object = new token;
|
|
|
+ $token = $object->create($_SERVER['PHP_SELF']);
|
|
|
+
|
|
|
//show the header
|
|
|
require_once "resources/header.php";
|
|
|
if ($action == "update") {
|
|
|
@@ -369,6 +381,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
|
|
|
if ($action == "update") {
|
|
|
echo " <input type='hidden' name='database_uuid' value='".escape($database_uuid)."'>\n";
|
|
|
}
|
|
|
+ echo " <input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
|
|
|
echo " <br>";
|
|
|
echo " <input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
|
|
|
echo " </td>\n";
|
Nate