diff --git a/src/application/views/appointments/book_success.php b/src/application/views/appointments/book_success.php index 90d9efbf..fb83be13 100644 --- a/src/application/views/appointments/book_success.php +++ b/src/application/views/appointments/book_success.php @@ -92,6 +92,7 @@ // ------------------------------------------------------------ ?> <script type="text/javascript"> var GlobalVariables = { + 'csrfToken' : <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'appointmentData' : <?php echo json_encode($appointment_data); ?>, 'providerData' : <?php echo json_encode($provider_data); ?>, 'serviceData' : <?php echo json_encode($service_data); ?>, diff --git a/src/application/views/backend/calendar.php b/src/application/views/backend/calendar.php index 716985c0..19ad1017 100644 --- a/src/application/views/backend/calendar.php +++ b/src/application/views/backend/calendar.php @@ -12,6 +12,7 @@ <script type="text/javascript"> var GlobalVariables = { + 'csrfToken' : <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'availableProviders' : <?php echo json_encode($available_providers); ?>, 'availableServices' : <?php echo json_encode($available_services); ?>, 'baseUrl' : <?php echo '"' . $base_url . '"'; ?>, diff --git a/src/application/views/backend/customers.php b/src/application/views/backend/customers.php index b11e23e1..866893c1 100644 --- a/src/application/views/backend/customers.php +++ b/src/application/views/backend/customers.php @@ -6,6 +6,7 @@ <script type="text/javascript"> var GlobalVariables = { + 'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'availableProviders': <?php echo json_encode($available_providers); ?>, 'availableServices': <?php echo json_encode($available_services); ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>, diff --git a/src/application/views/backend/services.php b/src/application/views/backend/services.php index 463cc1c2..8fb59463 100644 --- a/src/application/views/backend/services.php +++ b/src/application/views/backend/services.php @@ -3,6 +3,7 @@ <script type="text/javascript"> var GlobalVariables = { + 'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>, 'services': <?php echo json_encode($services); ?>, 'categories': <?php echo json_encode($categories); ?>, diff --git a/src/application/views/backend/settings.php b/src/application/views/backend/settings.php index 5fc210e8..df23df89 100644 --- a/src/application/views/backend/settings.php +++ b/src/application/views/backend/settings.php @@ -9,6 +9,7 @@ <script type="text/javascript"> var GlobalVariables = { + 'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>, 'userSlug': <?php echo '"' . $role_slug . '"'; ?>, 'settings': { diff --git a/src/application/views/backend/users.php b/src/application/views/backend/users.php index f0b75c6f..0e5350bb 100644 --- a/src/application/views/backend/users.php +++ b/src/application/views/backend/users.php @@ -18,6 +18,7 @@ <script type="text/javascript"> var GlobalVariables = { + 'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>, 'admins': <?php echo json_encode($admins); ?>, 'providers': <?php echo json_encode($providers); ?>, diff --git a/src/application/views/general/installation.php b/src/application/views/general/installation.php index 2f872568..b7784dee 100644 --- a/src/application/views/general/installation.php +++ b/src/application/views/general/installation.php @@ -34,6 +34,7 @@ <script type="text/javascript"> var GlobalVariables = { + 'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?> }; @@ -60,6 +61,7 @@ var postUrl = GlobalVariables.baseUrl + '/index.php/appointments/ajax_install'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'admin': JSON.stringify(getAdminData()), 'company': JSON.stringify(getCompanyData()) }; diff --git a/src/application/views/user/forgot_password.php b/src/application/views/user/forgot_password.php index 511a448e..3049da62 100644 --- a/src/application/views/user/forgot_password.php +++ b/src/application/views/user/forgot_password.php @@ -60,6 +60,7 @@ <script type="text/javascript"> $(document).ready(function() { var GlobalVariables = { + 'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>, 'AJAX_SUCCESS': 'SUCCESS', 'AJAX_FAILURE': 'FAILURE' @@ -78,6 +79,7 @@ var postUrl = GlobalVariables.baseUrl + '/index.php/user/ajax_forgot_password'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'username': $('#username').val(), 'email': $('#email').val() }; diff --git a/src/application/views/user/login.php b/src/application/views/user/login.php index f3467507..1ad4be3e 100644 --- a/src/application/views/user/login.php +++ b/src/application/views/user/login.php @@ -64,6 +64,7 @@ <script type="text/javascript"> var GlobalVariables = { + 'csrfToken': <?php echo json_encode($this->security->get_csrf_hash()); ?>, 'baseUrl': <?php echo '"' . $base_url . '"'; ?>, 'destUrl': <?php echo '"' . $dest_url . '"'; ?>, 'AJAX_SUCCESS': 'SUCCESS', @@ -87,6 +88,7 @@ var postUrl = GlobalVariables.baseUrl + '/index.php/user/ajax_check_login'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'username': $('#username').val(), 'password': $('#password').val() };