From fe772fc068842776ec0feed61ed7a0db0d04a174 Mon Sep 17 00:00:00 2001 From: Nate Date: Tue, 17 Sep 2019 22:15:16 -0600 Subject: [PATCH] Conference Controls: Token integration. --- .../conference_control_detail_edit.php | 19 ++++++++++++++++--- .../conference_control_edit.php | 17 +++++++++++++++-- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/app/conference_controls/conference_control_detail_edit.php b/app/conference_controls/conference_control_detail_edit.php index 55f12fd9a4..a521c9d27e 100644 --- a/app/conference_controls/conference_control_detail_edit.php +++ b/app/conference_controls/conference_control_detail_edit.php @@ -47,6 +47,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { $conference_control_detail_uuid = $_POST["conference_control_detail_uuid"]; } + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: conference_controls.php'); + exit; + } + //check for all required data $msg = ''; //if (strlen($control_digits) == 0) { $msg .= $text['message-required']." ".$text['label-control_digits']."
\n"; } @@ -118,6 +126,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { unset($sql, $parameters, $row); } +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + //show the header require_once "resources/header.php"; @@ -191,11 +203,12 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "\n"; echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; if ($action == "update") { - echo " \n"; + echo " \n"; } - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " "; echo ""; diff --git a/app/conference_controls/conference_control_edit.php b/app/conference_controls/conference_control_edit.php index 2f874bb81e..069075d689 100644 --- a/app/conference_controls/conference_control_edit.php +++ b/app/conference_controls/conference_control_edit.php @@ -42,6 +42,14 @@ $conference_control_uuid = $_POST["conference_control_uuid"]; } + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: conference_controls.php'); + exit; + } + //check for all required data $msg = ''; if (strlen($control_name) == 0) { $msg .= $text['message-required']." ".$text['label-control_name']."
\n"; } @@ -109,6 +117,10 @@ unset($sql, $parameters, $row); } +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + //show the header require_once "resources/header.php"; @@ -172,9 +184,10 @@ echo " \n"; echo " \n"; if ($action == "update") { - echo " \n"; + echo " \n"; } - echo " \n"; + echo " \n"; + echo " \n"; echo " \n"; echo " "; echo "";