\r
if(queryvars.find("formaction")!=queryvars.end())\r
{\r
- if((*queryvars.find("formaction")).second=="remove" && queryvars.find("boardid")!=queryvars.end())\r
+ if((*queryvars.find("formaction")).second=="remove" && queryvars.find("boardid")!=queryvars.end() && ValidateFormPassword(queryvars))\r
{\r
int boardid=0;\r
StringFunctions::Convert((*queryvars.find("boardid")).second,boardid);\r
st.Bind(0,boardid);\r
st.Step();\r
\r
- st=m_db->Prepare("DELETE FROM tblMessage WHERE MessageUUID IN (SELECT MessageUUID FROM tblMessage INNER JOIN tblMessageBoard ON tblMessage.MessageID=tblMessageBoard.MessageID WHERE BoardID=?);");\r
+ st=m_db->Prepare("DELETE FROM tblMessage WHERE MessageUUID IN (SELECT MessageUUID FROM tblMessage INNER JOIN tblMessageBoard ON tblMessage.MessageID=tblMessageBoard.MessageID WHERE BoardID=? AND MessageUUID IS NOT NULL);");\r
st.Bind(0,boardid);\r
st.Step();\r
\r
st.Step();\r
\r
}\r
- if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && (*queryvars.find("boardname")).second!="")\r
+ if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && (*queryvars.find("boardname")).second!="" && ValidateFormPassword(queryvars))\r
{\r
Poco::DateTime date;\r
st=m_db->Prepare("INSERT INTO tblBoard(BoardName,DateAdded) VALUES(?,?);");\r
content+="<td>"+changetrustlisttruststr+"</td>\r\n";\r
content+="<td>";\r
content+="<form name=\"frmremove\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"remove\">";\r
content+="<input type=\"hidden\" name=\"boardid\" value=\""+boardidstr+"\">";\r
content+="<input type=\"submit\" value=\"Remove\">";\r
content+="<tr>";\r
content+="<td>";\r
content+="<form name=\"frmaddboard\" method=\"POST\">";\r
+ content+=CreateFormPassword();\r
content+="<input type=\"hidden\" name=\"formaction\" value=\"addboard\">";\r
content+="<input type=\"text\" name=\"boardname\">";\r
content+="</td>\r\n<td>";\r