From 1b8e34964cf57a409c4d08eb59c1e84966a611dc Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Tue, 17 Sep 2019 22:12:28 -0600
Subject: [PATCH] Conference Center: Token integration.

---
 app/conference_centers/conference_center_edit.php | 13 +++++++++++++
 app/conference_centers/conference_room_edit.php   | 13 +++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/app/conference_centers/conference_center_edit.php b/app/conference_centers/conference_center_edit.php
index 7016caaa0f..6e2d33e2d9 100644
--- a/app/conference_centers/conference_center_edit.php
+++ b/app/conference_centers/conference_center_edit.php
@@ -64,6 +64,14 @@
 			$conference_center_enabled = $_POST["conference_center_enabled"];
 			$conference_center_description = $_POST["conference_center_description"];
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: conference_centers.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			//if (strlen($dialplan_uuid) == 0) { $msg .= "Please provide: Dialplan UUID<br>\n"; }
@@ -232,6 +240,10 @@
 	$streams = $database->select($sql, $parameters, 'all');
 	unset($sql, $parameters);
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 
@@ -428,6 +440,7 @@
 		echo "			<input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
 		echo "			<input type='hidden' name='conference_center_uuid' value='".escape($conference_center_uuid)."'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<input type='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";
diff --git a/app/conference_centers/conference_room_edit.php b/app/conference_centers/conference_room_edit.php
index f5006605ac..6b6279efc1 100644
--- a/app/conference_centers/conference_room_edit.php
+++ b/app/conference_centers/conference_room_edit.php
@@ -189,6 +189,14 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		$conference_room_uuid = $_POST["conference_room_uuid"];
 	}
 
+	//validate the token
+		$token = new token;
+		if (!$token->validate($_SERVER['PHP_SELF'])) {
+			message::add($text['message-invalid_token'],'negative');
+			header('Location: conference_rooms.php');
+			exit;
+		}
+
 	//check for a unique pin number and length
 		if (strlen($moderator_pin) > 0 || strlen($participant_pin) > 0) {
 			//make sure the moderator pin number is unique
@@ -541,6 +549,10 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 	if (strlen($sounds) == 0) { $sounds = 'false'; }
 	if (strlen($enabled) == 0) { $enabled = 'true'; }
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 
@@ -859,6 +871,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "	<input type='hidden' name='meeting_uuid' value='".escape($meeting_uuid)."'>\n";
 		echo "	<input type='hidden' name='conference_room_uuid' value='".escape($conference_room_uuid)."'>\n";
 	}
+	echo "		<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "		<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "	</td>\n";
 	echo "</tr>";