\r
if(queryvars.find("formaction")!=queryvars.end())\r
{\r
- if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && queryvars.find("boarddescription")!=queryvars.end())\r
+ if((*queryvars.find("formaction")).second=="addboard" && queryvars.find("boardname")!=queryvars.end() && queryvars.find("boarddescription")!=queryvars.end() && ValidateFormPassword(queryvars))\r
{\r
std::string boardname="";\r
std::string boarddescription="";\r
addst.Bind(3,"Added manually");\r
addst.Step();\r
}\r
- if((*queryvars.find("formaction")).second=="remove0messages")\r
+ if((*queryvars.find("formaction")).second=="remove0messages" && ValidateFormPassword(queryvars))\r
{\r
m_db->Execute("DELETE FROM tblBoard WHERE BoardID IN (SELECT BoardID FROM vwBoardStats WHERE MessageCount=0 AND BoardID NOT IN (SELECT BoardID FROM tblAdministrationBoard));");\r
}\r
- if((*queryvars.find("formaction")).second=="update")\r
+ if((*queryvars.find("formaction")).second=="update" && ValidateFormPassword(queryvars))\r
{\r
int boardid;\r
std::vector<std::string> boardids;\r
\r
content+="<tr>";\r
content+="<td colspan=\"3\"><center>";\r
- content+="<form name=\"frmboardsearch\" action=\"boards.htm\" method=\"POST\"><input type=\"text\" name=\"boardsearch\" value=\""+SanitizeOutput(boardsearch)+"\"><input type=\"submit\" value=\"Search\"></form>";\r
+ content+="<form name=\"frmboardsearch\" action=\"boards.htm\" method=\"POST\"><input type=\"text\" name=\"boardsearch\" value=\""+SanitizeOutput(boardsearch)+"\">"+CreateFormPassword()+"<input type=\"submit\" value=\"Search\"></form>";\r
content+="</center></td>";\r
content+="</tr>";\r
\r
content+="<tr>";\r
content+="<td colspan=\"3\"><center>";\r
- content+="<form name=\"frmremoveboard\" action=\"boards.htm\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"remove0messages\">Remove boards with 0 messages<input type=\"submit\" value=\"Remove\"></form>";\r
+ content+="<form name=\"frmremoveboard\" action=\"boards.htm\" method=\"POST\">"+CreateFormPassword()+"<input type=\"hidden\" name=\"formaction\" value=\"remove0messages\">Remove boards with 0 messages<input type=\"submit\" value=\"Remove\"></form>";\r
content+="</center></td>";\r
content+="</tr>";\r
\r
content+="<tr>";\r
- content+="<td><form name=\"frmaddboard\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"addboard\"><input type=\"text\" name=\"boardname\"></td><td><input type=\"text\" name=\"boarddescription\" size=\"40\" maxlength=\"50\"></td><td><input type=\"submit\" value=\"Add Board\"></form></td>";\r
+ content+="<td><form name=\"frmaddboard\" method=\"POST\">"+CreateFormPassword()+"<input type=\"hidden\" name=\"formaction\" value=\"addboard\"><input type=\"text\" name=\"boardname\"></td><td><input type=\"text\" name=\"boarddescription\" size=\"40\" maxlength=\"50\"></td><td><input type=\"submit\" value=\"Add Board\"></form></td>";\r
content+="</tr>";\r
\r
- content+="<tr><td colspan=\"4\"><hr><form name=\"frmboards\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"update\"></td></tr>";\r
+ content+="<tr><td colspan=\"4\"><hr><form name=\"frmboards\" method=\"POST\"><input type=\"hidden\" name=\"formaction\" value=\"update\">"+CreateFormPassword()+"</td></tr>";\r
content+="<tr>";\r
content+="<th>Name</th><th>Description</th><th>Save Received Messages *</th><th>Added Method</th>";\r
content+="</tr>"; \r