Phrases: Token integration.

app/phrases/phrase_edit.php

@@ -75,6 +75,14 @@
 				$phrase_uuid = $_POST["phrase_uuid"];
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: phrases.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($phrase_name) == 0) { $msg .= $text['message-required']." ".$text['label-name']."<br>\n"; }
@@ -253,6 +261,10 @@
 	$recordings = $database->select($sql, $parameters, 'all');
 	unset($sql, $parameters);
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	if ($action == 'add') { $document['title'] = $text['title-add_phrase']; }
@@ -550,8 +562,9 @@
 	if ($action == "update") {
 		echo "	<input type='hidden' name='phrase_uuid' value='".escape($phrase_uuid)."'>\n";
 	}
-	echo "		<br />";
-	echo "		<input type='submit' name='submit' class='btn' alt=\"".$text['button-save']."\" value='".$text['button-save']."'>\n";
+	echo "	<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+	echo "	<br />";
+	echo "	<input type='submit' name='submit' class='btn' alt=\"".$text['button-save']."\" value='".$text['button-save']."'>\n";
 	echo "</td>\n";
 	echo "</tr>";