Merge branch 'saas-dev' into saas-dev-publishing

Conflicts: airtime_mvc/application/Bootstrap.php airtime_mvc/application/controllers/plugins/Acl_plugin.php
2015-10-19 16:18:19 -04:00 · 2015-10-19 16:18:19 -04:00 · 12f6536e74
parent bcbd8a8050 1a5250205c
commit 12f6536e74
32 changed files with 4672 additions and 326 deletions
--- a/airtime_mvc/application/Bootstrap.php
+++ b/airtime_mvc/application/Bootstrap.php
@ -24,6 +24,7 @@ require_once "OsPath.php";
 require_once "Database.php";
 require_once "ProvisioningHelper.php";
 require_once "SecurityHelper.php";
 require_once "SessionHelper.php";
 require_once "GoogleAnalytics.php";
 require_once "Timezone.php";
 require_once "CeleryManager.php";
@ -44,6 +45,7 @@ require_once "OAuth2Controller.php";
 require_once __DIR__.'/forms/helpers/ValidationTypes.php';
 require_once __DIR__.'/forms/helpers/CustomDecorators.php';
 require_once __DIR__.'/controllers/plugins/PageLayoutInitPlugin.php';
 require_once __DIR__.'/controllers/plugins/RabbitMqPlugin.php';
 require_once __DIR__.'/controllers/plugins/Maintenance.php';
 require_once __DIR__.'/controllers/plugins/ConversionTracking.php';
@ -61,21 +63,17 @@ if (array_key_exists("REQUEST_URI", $_SERVER) && (stripos($_SERVER["REQUEST_URI"
    die();
 }
 Zend_Session::setOptions(array('strict' => true));
 Config::setAirtimeVersion();
 require_once (CONFIG_PATH . 'navigation.php');
 Zend_Validate::setDefaultNamespaces("Zend");
 Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
 $front = Zend_Controller_Front::getInstance();
 $front->registerPlugin(new RabbitMqPlugin());
 $front->registerPlugin(new Zend_Controller_Plugin_ConversionTracking());
 $front->throwExceptions(false);
 //localization configuration
 Application_Model_Locale::configureLocalization();
 /* The bootstrap class should only be used to initialize actions that return a view.
   Actions that return JSON will not use the bootstrap class! */
 class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
@ -87,64 +85,6 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
        $view->doctype('XHTML1_STRICT');
    }
    protected function _initGlobals()
    {
        $view = $this->getResource('view');
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $view->headScript()->appendScript("var baseUrl = '$baseUrl';");
        $this->_initTranslationGlobals($view);
        $user = Application_Model_User::GetCurrentUser();
        if (!is_null($user)) {
            $userType = $user->getType();
        } else {
            $userType = "";
        }
        $view->headScript()->appendScript("var userType = '$userType';");
        // Dropzone also accept file extensions and doesn't correctly extract certain mimetypes (eg. FLAC - try it),
        // so we append the file extensions to the list of mimetypes and that makes it work.
        $mimeTypes = FileDataHelper::getAudioMimeTypeArray();
        $fileExtensions = array_values($mimeTypes);
        foreach($fileExtensions as &$extension) {
            $extension = '.' . $extension;
        }
        $view->headScript()->appendScript("var acceptedMimeTypes = " . json_encode(array_merge(array_keys($mimeTypes), $fileExtensions)) . ";");
    }
    /**
     * Create a global namespace to hold a session token for CSRF prevention
     */
    protected function _initCsrfNamespace()
    {
        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
        // Check if the token exists
        if (!$csrf_namespace->authtoken) {
            // If we don't have a token, regenerate it and set a 1 week timeout
            // Should we log the user out here if the token is expired?
            $csrf_namespace->authtoken = sha1(uniqid(rand(), 1));
            $csrf_namespace->setExpirationSeconds(168 * 60 * 60);
        }
        //Here we are closing the session for writing because otherwise no requests
        //in this session will be handled in parallel. This gives a major boost to the perceived performance
        //of the application (page load times are more consistent, no lock contention).
        session_write_close();
    }
    /**
     * Ideally, globals should be written to a single js file once
     * from a php init function. This will save us from having to
     * reinitialize them every request
     */
    private function _initTranslationGlobals()
    {
        $view = $this->getResource('view');
        $view->headScript()->appendScript("var PRODUCT_NAME = '" . PRODUCT_NAME . "';");
        $view->headScript()->appendScript("var USER_MANUAL_URL = '" . USER_MANUAL_URL . "';");
        $view->headScript()->appendScript("var COMPANY_NAME = '" . COMPANY_NAME . "';");
    }
    protected function _initTasks() {
        /* We need to wrap this here so that we aren't checking when we're running the unit test suite
@ -157,117 +97,6 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
        }
    }
    protected function _initHeadLink()
    {
        $CC_CONFIG = Config::getConfig();
        $view = $this->getResource('view');
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $view->headLink(array('rel' => 'icon', 'href' => $baseUrl . 'favicon.ico?' . $CC_CONFIG['airtime_version'], 'type' => 'image/x-icon'), 'PREPEND')
            ->appendStylesheet($baseUrl . 'css/bootstrap.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/redmond/jquery-ui-1.8.8.custom.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/pro_dropdown_3.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/qtip/jquery.qtip.min.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/styles.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/masterpanel.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/tipsy/jquery.tipsy.css?' . $CC_CONFIG['airtime_version']);
    }
    protected function _initHeadScript()
    {
        $CC_CONFIG = Config::getConfig();
        $view = $this->getResource('view');
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $view->headScript()->appendFile($baseUrl . 'js/libs/jquery-1.8.3.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/libs/jquery-ui-1.8.24.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/bootstrap/bootstrap.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/libs/underscore-min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/libs/angular.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            // ->appendFile($baseUrl . 'js/libs/jquery.stickyPanel.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/qtip/jquery.qtip.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/jplayer/jquery.jplayer.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/sprintf/sprintf-0.7-beta1.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/cookie/jquery.cookie.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/i18n/jquery.i18n.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'locale/general-translation-table?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'locale/datatables-translation-table?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendScript("$.i18n.setDictionary(general_dict)")
            ->appendScript("var baseUrl='$baseUrl'");
        //These timezones are needed to adjust javascript Date objects on the client to make sense to the user's set timezone
        //or the server's set timezone.
        $serverTimeZone = new DateTimeZone(Application_Model_Preference::GetDefaultTimezone());
        $now = new DateTime("now", $serverTimeZone);
        $offset = $now->format("Z") * -1;
        $view->headScript()->appendScript("var serverTimezoneOffset = {$offset}; //in seconds");
        if (class_exists("Zend_Auth", false) && Zend_Auth::getInstance()->hasIdentity()) {
            $userTimeZone = new DateTimeZone(Application_Model_Preference::GetUserTimezone());
            $now = new DateTime("now", $userTimeZone);
            $offset = $now->format("Z") * -1;
            $view->headScript()->appendScript("var userTimezoneOffset = {$offset}; //in seconds");
        }
        //scripts for now playing bar
        $view->headScript()->appendFile($baseUrl . 'js/airtime/airtime_bootstrap.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/dashboard/helperfunctions.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/dashboard/dashboard.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/dashboard/versiontooltip.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/tipsy/jquery.tipsy.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/common/common.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/common/audioplaytest.js?' . $CC_CONFIG['airtime_version'], 'text/javascript');
        $user = Application_Model_User::getCurrentUser();
        if (!is_null($user)) {
            $userType = $user->getType();
        } else {
            $userType = "";
        }
        $view->headScript()->appendScript("var userType = '$userType';");
        if (array_key_exists('REQUEST_URI', $_SERVER) //Doesn't exist for unit tests
            && strpos($_SERVER['REQUEST_URI'], 'Dashboard/stream-player') === false
            && strpos($_SERVER['REQUEST_URI'], 'audiopreview') === false
            && $_SERVER['REQUEST_URI'] != "/") {
            $plan_level = strval(Application_Model_Preference::GetPlanLevel());
            // Since the Hobbyist plan doesn't come with Live Chat support, don't enable it
            if (Application_Model_Preference::GetLiveChatEnabled() && $plan_level !== 'hobbyist') {
                $client_id = strval(Application_Model_Preference::GetClientId());
                $station_url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
                $view->headScript()->appendScript("var livechat_client_id = '$client_id';\n" .
                    "var livechat_plan_type = '$plan_level';\n" .
                    "var livechat_station_url = 'http://$station_url';");
                $view->headScript()->appendFile($baseUrl . 'js/airtime/common/livechat.js?' . $CC_CONFIG['airtime_version'], 'text/javascript');
            }
        }
        /*
        if (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1) {
            $view->headScript()->appendFile($baseUrl.'js/libs/google-analytics.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
        }*/
    }
    protected function _initViewHelpers()
    {
        $view = $this->getResource('view');
        $view->addHelperPath(APPLICATION_PATH . 'views/helpers', 'Airtime_View_Helper');
        $view->assign('suspended', (Application_Model_Preference::getProvisioningStatus() == PROVISIONING_STATUS_SUSPENDED));
    }
    protected function _initTitle()
    {
        $view = $this->getResource('view');
        $view->headTitle(Application_Model_Preference::GetHeadTitle());
    }
    protected function _initZFDebug()
    {
@ -312,6 +141,7 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
    {
        $front = Zend_Controller_Front::getInstance();
        $front->registerPlugin(new Zend_Controller_Plugin_Maintenance());
        $front->registerPlugin(new PageLayoutInitPlugin($this));
    }
 }
--- a/airtime_mvc/application/common/SecurityHelper.php
+++ b/airtime_mvc/application/common/SecurityHelper.php
@ -12,4 +12,12 @@ class SecurityHelper {
        }
        return $arr;
    }
    public static function verifyCSRFToken($observedToken) {
        $current_namespace = new Zend_Session_Namespace('csrf_namespace');
        $observed_csrf_token = $observedToken;
        $expected_csrf_token = $current_namespace->authtoken;
        return ($observed_csrf_token == $expected_csrf_token);
    }
 }
--- a/airtime_mvc/application/common/SessionHelper.php
+++ b/airtime_mvc/application/common/SessionHelper.php
@ -0,0 +1,13 @@
 <?php
 class SessionHelper
 {
    public static function reopenSessionForWriting() {
        //PHP will send double Set-Cookie headers if we reopen the
        //session for writing, and this breaks IE8 and some other browsers.
        //This hacky workaround prevents double headers. Background here:
        // https://bugs.php.net/bug.php?id=38104
        ini_set('session.cache_limiter', null);
        session_start(); // Reopen the session for writing (without resending the Set-Cookie header)
    }
 }
--- a/airtime_mvc/application/common/TaskManager.php
+++ b/airtime_mvc/application/common/TaskManager.php
@ -113,6 +113,9 @@ final class TaskManager {
     *              otherwise false
     */
    private function _isUserSessionRequest() {
        if (!Zend_Session::isStarted()) {
            return false;
        }
        $auth = Zend_Auth::getInstance();
        $data = $auth->getStorage()->read();
        return !empty($data);
--- a/airtime_mvc/application/configs/constants.php
+++ b/airtime_mvc/application/configs/constants.php
@ -4,6 +4,7 @@ define('PRODUCT_NAME'       , 'Airtime');
 define('PRODUCT_SITE_URL'   , 'http://airtime.sourcefabric.org');
 define('SAAS_PRODUCT_BRANDING_NAME', 'Airtime Pro');
 define('SAAS_LOGIN_REFERRER', 'https://www.airtime.pro/');
 define('COMPANY_NAME'       , 'Sourcefabric');
 define('COMPANY_SUFFIX'     , 'z.ú.');
@ -18,7 +19,7 @@ define('TERMS_AND_CONDITIONS_URL'   , 'http://www.sourcefabric.org/en/about/poli
 define('PRIVACY_POLICY_URL'         , 'http://www.sourcefabric.org/en/about/policy/');
 define('USER_MANUAL_URL'            , 'http://sourcefabric.booktype.pro/airtime-pro-for-broadcasters');
 define('ABOUT_AIRTIME_URL'          , 'https://www.airtime.pro/support/');
-define('AIRTIME_TRANSIFEX_URL'      , 'https://www.transifex.com/projects/p/airtime/');
+define('AIRTIME_TRANSIFEX_URL'      , 'https://www.transifex.com/sourcefabric/airtime/');
 define('WHMCS_PASSWORD_RESET_URL'   , 'https://account.sourcefabric.com/pwreset.php');
 define('SUPPORT_TICKET_URL'         , 'https://sourcefabricberlin.zendesk.com/hc/en-us/requests/new');
 define('UI_REVAMP_EMBED_URL'        , 'https://www.youtube.com/embed/nqpNnCKGluY');
--- a/airtime_mvc/application/configs/navigation.php
+++ b/airtime_mvc/application/configs/navigation.php
@ -81,18 +81,11 @@ $pages = array(
    array(
        'label' =>  "<i class='icon-signal icon-white'></i>"._("Analytics"),
        'module'     => 'default',
-        'controller' => 'listenerstat',
+        'controller' => 'playouthistory',
        'action'     => 'index',
-        'resource'   => 'listenerstat',
+        'resource'   => 'playouthistory',
        'title' => 'Analytics',
        'pages' => array(
            array(
                'label'      => _('Listener Stats'),
                'module'     => 'default',
                'controller' => 'listenerstat',
                'action'     => 'index',
                'resource'   => 'listenerstat'
            ),
            array(
                'label'      => _('Playout History'),
                'module'     => 'default',
@ -106,7 +99,14 @@ $pages = array(
                'controller' => 'playouthistorytemplate',
                'action'     => 'index',
                'resource'   => 'playouthistorytemplate'
-            )
+            ),
            array(
                'label'      => _('Listener Stats'),
                'module'     => 'default',
                'controller' => 'listenerstat',
                'action'     => 'index',
                'resource'   => 'listenerstat'
            ),
        )
    ),
    array(
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@ -11,6 +11,8 @@ class ApiController extends Zend_Controller_Action
    public function init()
    {
        //Ignore API key and session authentication for these APIs:
        $ignoreAuth = array("live-info", 
            "live-info-v2", 
            "week-info", 
@ -25,6 +27,11 @@ class ApiController extends Zend_Controller_Action
            "show-logo"
        );
        if (Zend_Session::isStarted()) {
            Logging::error("Session already started for an API request. Check your code because
                            this will negatively impact performance.");
        }
        $params = $this->getRequest()->getParams();
        if (!in_array($params['action'], $ignoreAuth)) {
            $this->checkAuth();
@ -73,13 +80,23 @@ class ApiController extends Zend_Controller_Action
        $CC_CONFIG = Config::getConfig();
        $api_key = $this->_getParam('api_key');
-        if (!in_array($api_key, $CC_CONFIG["apiKey"]) &&
+        if (in_array($api_key, $CC_CONFIG["apiKey"])) {
-            is_null(Zend_Auth::getInstance()->getStorage()->read())) {
+            return true;
            header('HTTP/1.0 401 Unauthorized');
            print _('You are not allowed to access this resource.');
            exit;
        }
-        return true;
+
        //Start the session so the authentication is
        //enforced by the ACL plugin.
        Zend_Session::start();
        $authAdapter = Zend_Auth::getInstance();
        Application_Model_Auth::pinSessionToClient($authAdapter);
        if ((Zend_Auth::getInstance()->hasIdentity())) {
            return true;
        }
        header('HTTP/1.0 401 Unauthorized');
        print _('You are not allowed to access this resource.');
        exit();
    }
    public function versionAction()
--- a/airtime_mvc/application/controllers/BillingController.php
+++ b/airtime_mvc/application/controllers/BillingController.php
@ -29,6 +29,9 @@ class BillingController extends Zend_Controller_Action {
        $this->view->headLink()->appendStylesheet($baseUrl.'css/billing.css?'.$CC_CONFIG['airtime_version']);
        Billing::ensureClientIdIsValid();
        //Zend's CSRF token element requires the session to be open for writing
        SessionHelper::reopenSessionForWriting();
        $request = $this->getRequest();
        $form = new Application_Form_BillingUpgradeDowngrade();
@ -225,6 +228,9 @@ class BillingController extends Zend_Controller_Action {
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $this->view->headLink()->appendStylesheet($baseUrl.'css/billing.css?'.$CC_CONFIG['airtime_version']);
        //Zend's CSRF token element requires the session to be open for writing
        SessionHelper::reopenSessionForWriting();
        $request = $this->getRequest();
        $form = new Application_Form_BillingClient();
        Billing::ensureClientIdIsValid();
--- a/airtime_mvc/application/controllers/IndexController.php
+++ b/airtime_mvc/application/controllers/IndexController.php
@ -12,6 +12,13 @@ class IndexController extends Zend_Controller_Action
    {
        $CC_CONFIG = Config::getConfig();
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $this->view->headTitle(Application_Model_Preference::GetHeadTitle());
        $this->view->headScript()->appendFile($baseUrl . 'js/libs/jquery-1.8.3.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/i18n/jquery.i18n.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'locale/general-translation-table?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendScript("$.i18n.setDictionary(general_dict)")
            ->appendScript("var baseUrl='$baseUrl'");
        $this->view->headLink()->setStylesheet($baseUrl.'css/radio-page/radio-page.css?'.$CC_CONFIG['airtime_version']);
        $this->view->headLink()->appendStylesheet($baseUrl.'css/embed/weekly-schedule-widget.css?'.$CC_CONFIG['airtime_version']);
--- a/airtime_mvc/application/controllers/LoginController.php
+++ b/airtime_mvc/application/controllers/LoginController.php
@ -8,8 +8,14 @@ class LoginController extends Zend_Controller_Action
    public function init()
    {
-        //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
+        $CC_CONFIG = Config::getConfig();
-        session_start();
+        $baseUrl = Application_Common_OsPath::getBaseDir();
        $this->view->headLink(array('rel' => 'icon', 'href' => $baseUrl . 'favicon.ico?' . $CC_CONFIG['airtime_version'], 'type' => 'image/x-icon'), 'PREPEND')
            ->appendStylesheet($baseUrl . 'css/bootstrap.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/redmond/jquery-ui-1.8.8.custom.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/styles.css?' . $CC_CONFIG['airtime_version']);
    }
    public function indexAction()
@ -25,10 +31,18 @@ class LoginController extends Zend_Controller_Action
        Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale));
        $auth = Zend_Auth::getInstance();
-        if ($auth->hasIdentity()) {
+        if (Zend_Session::isStarted()) {
-            $this->_redirect('showbuilder');
+
            //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
            SessionHelper::reopenSessionForWriting();
            $auth = Zend_Auth::getInstance();
            $auth->getStorage();
            if ($auth->hasIdentity()) {
                $this->_redirect('showbuilder');
            }
        }
        //uses separate layout without a navigation.
@ -43,6 +57,10 @@ class LoginController extends Zend_Controller_Action
        $message = _("Please enter your username and password.");
        if ($request->isPost()) {
            //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
            //session_start();
            // if the post contains recaptcha field, which means form had recaptcha field.
            // Hence add the element for validation.
            if (array_key_exists('recaptcha_response_field', $request->getPost())) {
@ -117,6 +135,9 @@ class LoginController extends Zend_Controller_Action
    public function logoutAction()
    {
        //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
        SessionHelper::reopenSessionForWriting();
        $auth = Zend_Auth::getInstance();
        $auth->clearIdentity();
        // Unset all session variables relating to CSRF prevention on logout
--- a/airtime_mvc/application/controllers/PlaylistController.php
+++ b/airtime_mvc/application/controllers/PlaylistController.php
@ -34,7 +34,7 @@ class PlaylistController extends Zend_Controller_Action
                    ->initContext();
        //This controller writes to the session all over the place, so we're going to reopen it for writing here.
-        session_start(); //Reopen the session for writing
+        SessionHelper::reopenSessionForWriting();
    }
    private function getPlaylist($p_type)
--- a/airtime_mvc/application/controllers/PreferenceController.php
+++ b/airtime_mvc/application/controllers/PreferenceController.php
@ -34,7 +34,7 @@ class PreferenceController extends Zend_Controller_Action
        $form = new Application_Form_Preferences();
        $values = array();
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
        if ($request->isPost()) {
            $values = $request->getPost();
@ -94,7 +94,7 @@ class PreferenceController extends Zend_Controller_Action
        $this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/support-setting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
        $this->view->statusMsg = "";
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
        $form = new Application_Form_SupportSettings();
        if ($request->isPost()) {
@ -130,12 +130,18 @@ class PreferenceController extends Zend_Controller_Action
    public function removeLogoAction()
    {
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
        $this->view->layout()->disableLayout();
        // Remove reliance on .phtml files to render requests
        $this->_helper->viewRenderer->setNoRender(true);
        if (!SecurityHelper::verifyCSRFToken($this->_getParam('csrf_token'))) {
            Logging::error(__FILE__ . ': Invalid CSRF token');
            $this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
            return;
        }
        Application_Model_Preference::SetStationLogo("");
    }
@ -151,7 +157,7 @@ class PreferenceController extends Zend_Controller_Action
        $this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/streamsetting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
        $name_map = array(
 				'ogg' => 'Ogg Vorbis',
@ -441,7 +447,7 @@ class PreferenceController extends Zend_Controller_Action
    public function setSourceConnectionUrlAction()
    {
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
        $request = $this->getRequest();
        $type = $request->getParam("type", null);
@ -461,7 +467,7 @@ class PreferenceController extends Zend_Controller_Action
    public function getAdminPasswordStatusAction()
    {
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
        $out = array();
        $num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());
@ -480,6 +486,12 @@ class PreferenceController extends Zend_Controller_Action
        $this->view->layout()->disableLayout();
        $this->_helper->viewRenderer->setNoRender(true);
        if (!SecurityHelper::verifyCSRFToken($this->_getParam('csrf_token'))) {
            Logging::error(__FILE__ . ': Invalid CSRF token');
            $this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
            return;
        }
        // Only admin users should get here through ACL permissioning
        // Only allow POST requests
        $method = $_SERVER['REQUEST_METHOD'];
--- a/airtime_mvc/application/controllers/ShowbuilderController.php
+++ b/airtime_mvc/application/controllers/ShowbuilderController.php
@ -104,10 +104,11 @@ class ShowbuilderController extends Zend_Controller_Action
        $CC_CONFIG = Config::getConfig();
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $setupComplete = Application_Model_Preference::getLangTimezoneSetupComplete();
-        $previousPage = $request->getHeader('Referer');
+        $previousPage = strtolower($request->getHeader('Referer'));
        $userService = new Application_Service_UserService();
        $currentUser = $userService->getCurrentUser();
-        $previousPageWasLoginScreen = strpos(strtolower($previousPage), 'login') !== false;
+        $previousPageWasLoginScreen = (strpos($previousPage, 'login') !== false) ||
                                    (strpos($previousPage, SAAS_LOGIN_REFERRER) !== false);
        // If current user is Super Admin, and they came from the login page,
        // and they have not seen the setup popup before
--- a/airtime_mvc/application/controllers/UserController.php
+++ b/airtime_mvc/application/controllers/UserController.php
@ -18,7 +18,7 @@ class UserController extends Zend_Controller_Action
    {
        // Start the session to re-open write permission to the session so we can
        // create the namespace for our csrf token verification
-        session_start();
+        SessionHelper::reopenSessionForWriting();
        $CC_CONFIG = Config::getConfig();
        $request = $this->getRequest();
@ -126,7 +126,8 @@ class UserController extends Zend_Controller_Action
    {
        Zend_Layout::getMvcInstance()->assign('parent_page', 'Settings');
-        session_start(); //Reopen session for writing.
+        SessionHelper::reopenSessionForWriting();
        $request = $this->getRequest();
        $form = new Application_Form_EditUser();
        if ($request->isPost()) {
--- a/airtime_mvc/application/controllers/UsersettingsController.php
+++ b/airtime_mvc/application/controllers/UsersettingsController.php
@ -70,14 +70,14 @@ class UsersettingsController extends Zend_Controller_Action
    public function remindmeAction()
    {
        // unset session
-        session_start();  //open session for writing again
+        SessionHelper::reopenSessionForWriting();
        Zend_Session::namespaceUnset('referrer');
        Application_Model_Preference::SetRemindMeDate();
    }
    public function remindmeNeverAction()
    {
-        session_start();  //open session for writing again
+        SessionHelper::reopenSessionForWriting();
        Zend_Session::namespaceUnset('referrer');
        //pass in true to indicate 'Remind me never' was clicked
        Application_Model_Preference::SetRemindMeDate(true);
@ -86,7 +86,7 @@ class UsersettingsController extends Zend_Controller_Action
    public function donotshowregistrationpopupAction()
    {
        // unset session
-        session_start();  //open session for writing again
+        SessionHelper::reopenSessionForWriting();
        Zend_Session::namespaceUnset('referrer');
    }
--- a/airtime_mvc/application/controllers/plugins/Acl_plugin.php
+++ b/airtime_mvc/application/controllers/plugins/Acl_plugin.php
@ -109,9 +109,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $controller = strtolower($request->getControllerName());
        Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
        if (in_array($controller, array(
                "index",
                "login",
                "api",
                "auth",
                "error",
@ -124,7 +125,10 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
            )))
        {
            $this->setRoleName("G");
-        } elseif (!Zend_Auth::getInstance()->hasIdentity()) {
+        }
        elseif (Zend_Session::isStarted() && !Zend_Auth::getInstance()->hasIdentity()) {
            //The controller uses sessions but we don't have an identity yet.
            // If we don't have an identity and we're making a RESTful request,
            // we need to do API key verification
@ -166,6 +170,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
                }
            }
        } else { //We have a session/identity.
            // If we have an identity and we're making a RESTful request,
            // we need to check the CSRF token
            if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
@ -230,10 +235,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
    }
    private function verifyCSRFToken($token) {
-        $current_namespace = new Zend_Session_Namespace('csrf_namespace');
+        return SecurityHelper::verifyCSRFToken($token);
        $observed_csrf_token = $token;
        $expected_csrf_token = $current_namespace->authtoken;
        return ($observed_csrf_token == $expected_csrf_token);
    }
    private function verifyAPIKey() {
--- a/airtime_mvc/application/controllers/plugins/ConversionTracking.php
+++ b/airtime_mvc/application/controllers/plugins/ConversionTracking.php
@ -4,6 +4,10 @@ class Zend_Controller_Plugin_ConversionTracking extends Zend_Controller_Plugin_A
 {
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        if (!Zend_Session::isStarted()) {
            return;
        }
        //If user is a super admin and old plan level is set to trial....
        if (Application_Common_GoogleAnalytics::didPaidConversionOccur($request))
        {
--- a/airtime_mvc/application/controllers/plugins/PageLayoutInitPlugin.php
+++ b/airtime_mvc/application/controllers/plugins/PageLayoutInitPlugin.php
@ -0,0 +1,241 @@
 <?php
 /** Our standard page layout initialization has to be done via a plugin
 * because some of it requires session variables, and some of the routes
 * run without a session (like API calls). This is an optimization because
 * starting the session adds a fair amount of overhead.
 */
 class PageLayoutInitPlugin extends Zend_Controller_Plugin_Abstract
 {
    protected $_bootstrap = null;
    public function __construct($boostrap) {
        $this->_bootstrap = $boostrap;
    }
    /**
     * Start the session depending on which controller your request is going to.
     * We start the session explicitly here so that we can avoid starting sessions
     * needlessly for (stateless) requests to the API.
     * @param Zend_Controller_Request_Abstract $request
     * @throws Zend_Session_Exception
     */
    public function routeShutdown(Zend_Controller_Request_Abstract $request)
    {
        $controller = strtolower($request->getControllerName());
        $action = strtolower($request->getActionName());
        //List of controllers where we don't need a session, and we don't need
        //all the standard HTML / JS boilerplate.
        if (!in_array($controller, array(
            "index", //Radio Page
            "api",
            "auth",
            "error",
            "locale",
            "upgrade",
            'whmcs-login',
            "provisioning",
            "embed"
        ))
        ) {
            //Start the session
            Zend_Session::start();
            Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());
            //localization configuration
            Application_Model_Locale::configureLocalization();
            $this->_initGlobals();
            $this->_initCsrfNamespace();
            $this->_initHeadLink();
            $this->_initHeadScript();
            $this->_initTitle();
            $this->_initTranslationGlobals();
            $this->_initViewHelpers();
        }
    }
    protected function _initGlobals()
    {
        if (!Zend_Session::isStarted()) {
            return;
        }
        $view = $this->_bootstrap->getResource('view');
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $view->headScript()->appendScript("var baseUrl = '$baseUrl';");
        $this->_initTranslationGlobals($view);
        $user = Application_Model_User::GetCurrentUser();
        if (!is_null($user)) {
            $userType = $user->getType();
        } else {
            $userType = "";
        }
        $view->headScript()->appendScript("var userType = '$userType';");
        // Dropzone also accept file extensions and doesn't correctly extract certain mimetypes (eg. FLAC - try it),
        // so we append the file extensions to the list of mimetypes and that makes it work.
        $mimeTypes = FileDataHelper::getAudioMimeTypeArray();
        $fileExtensions = array_values($mimeTypes);
        foreach($fileExtensions as &$extension) {
            $extension = '.' . $extension;
        }
        $view->headScript()->appendScript("var acceptedMimeTypes = " . json_encode(array_merge(array_keys($mimeTypes), $fileExtensions)) . ";");
    }
    /**
     * Create a global namespace to hold a session token for CSRF prevention
     */
    protected function _initCsrfNamespace()
    {
        /*
        if (!Zend_Session::isStarted()) {
            return;
        }*/
        $csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
        // Check if the token exists
        if (!$csrf_namespace->authtoken) {
            // If we don't have a token, regenerate it and set a 1 week timeout
            // Should we log the user out here if the token is expired?
            $csrf_namespace->authtoken = sha1(uniqid(rand(), 1));
            $csrf_namespace->setExpirationSeconds(168 * 60 * 60);
        }
        //Here we are closing the session for writing because otherwise no requests
        //in this session will be handled in parallel. This gives a major boost to the perceived performance
        //of the application (page load times are more consistent, no lock contention).
        session_write_close();
        //Zend_Session::writeClose(true);
    }
    /**
     * Ideally, globals should be written to a single js file once
     * from a php init function. This will save us from having to
     * reinitialize them every request
     */
    private function _initTranslationGlobals()
    {
        $view = $this->_bootstrap->getResource('view');
        $view->headScript()->appendScript("var PRODUCT_NAME = '" . PRODUCT_NAME . "';");
        $view->headScript()->appendScript("var USER_MANUAL_URL = '" . USER_MANUAL_URL . "';");
        $view->headScript()->appendScript("var COMPANY_NAME = '" . COMPANY_NAME . "';");
    }
    protected function _initHeadLink()
    {
        $CC_CONFIG = Config::getConfig();
        $view = $this->_bootstrap->getResource('view');
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $view->headLink(array('rel' => 'icon', 'href' => $baseUrl . 'favicon.ico?' . $CC_CONFIG['airtime_version'], 'type' => 'image/x-icon'), 'PREPEND')
            ->appendStylesheet($baseUrl . 'css/bootstrap.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/redmond/jquery-ui-1.8.8.custom.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/pro_dropdown_3.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/qtip/jquery.qtip.min.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/styles.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/masterpanel.css?' . $CC_CONFIG['airtime_version'])
            ->appendStylesheet($baseUrl . 'css/tipsy/jquery.tipsy.css?' . $CC_CONFIG['airtime_version']);
    }
    protected function _initHeadScript()
    {
        if (!Zend_Session::isStarted()) {
            return;
        }
        $CC_CONFIG = Config::getConfig();
        $view = $this->_bootstrap->getResource('view');
        $baseUrl = Application_Common_OsPath::getBaseDir();
        $view->headScript()->appendFile($baseUrl . 'js/libs/jquery-1.8.3.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/libs/jquery-ui-1.8.24.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/bootstrap/bootstrap.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/libs/underscore-min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            // ->appendFile($baseUrl . 'js/libs/jquery.stickyPanel.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/qtip/jquery.qtip.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/jplayer/jquery.jplayer.min.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/sprintf/sprintf-0.7-beta1.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/cookie/jquery.cookie.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/i18n/jquery.i18n.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'locale/general-translation-table?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'locale/datatables-translation-table?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendScript("$.i18n.setDictionary(general_dict)")
            ->appendScript("var baseUrl='$baseUrl'");
        //These timezones are needed to adjust javascript Date objects on the client to make sense to the user's set timezone
        //or the server's set timezone.
        $serverTimeZone = new DateTimeZone(Application_Model_Preference::GetDefaultTimezone());
        $now = new DateTime("now", $serverTimeZone);
        $offset = $now->format("Z") * -1;
        $view->headScript()->appendScript("var serverTimezoneOffset = {$offset}; //in seconds");
        if (class_exists("Zend_Auth", false) && Zend_Auth::getInstance()->hasIdentity()) {
            $userTimeZone = new DateTimeZone(Application_Model_Preference::GetUserTimezone());
            $now = new DateTime("now", $userTimeZone);
            $offset = $now->format("Z") * -1;
            $view->headScript()->appendScript("var userTimezoneOffset = {$offset}; //in seconds");
        }
        //scripts for now playing bar
        $view->headScript()->appendFile($baseUrl . 'js/airtime/airtime_bootstrap.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/dashboard/helperfunctions.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/dashboard/dashboard.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/dashboard/versiontooltip.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/tipsy/jquery.tipsy.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/common/common.js?' . $CC_CONFIG['airtime_version'], 'text/javascript')
            ->appendFile($baseUrl . 'js/airtime/common/audioplaytest.js?' . $CC_CONFIG['airtime_version'], 'text/javascript');
        $user = Application_Model_User::getCurrentUser();
        if (!is_null($user)) {
            $userType = $user->getType();
        } else {
            $userType = "";
        }
        $view->headScript()->appendScript("var userType = '$userType';");
        if (array_key_exists('REQUEST_URI', $_SERVER) //Doesn't exist for unit tests
            && strpos($_SERVER['REQUEST_URI'], 'Dashboard/stream-player') === false
            && strpos($_SERVER['REQUEST_URI'], 'audiopreview') === false
            && $_SERVER['REQUEST_URI'] != "/") {
            $plan_level = strval(Application_Model_Preference::GetPlanLevel());
            // Since the Hobbyist plan doesn't come with Live Chat support, don't enable it
            if (Application_Model_Preference::GetLiveChatEnabled() && $plan_level !== 'hobbyist') {
                $client_id = strval(Application_Model_Preference::GetClientId());
                $station_url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
                $view->headScript()->appendScript("var livechat_client_id = '$client_id';\n" .
                    "var livechat_plan_type = '$plan_level';\n" .
                    "var livechat_station_url = 'http://$station_url';");
                $view->headScript()->appendFile($baseUrl . 'js/airtime/common/livechat.js?' . $CC_CONFIG['airtime_version'], 'text/javascript');
            }
        }
        /*
        if (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1) {
            $view->headScript()->appendFile($baseUrl.'js/libs/google-analytics.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
        }*/
    }
    protected function _initViewHelpers()
    {
        $view = $this->_bootstrap->getResource('view');
        $view->addHelperPath(APPLICATION_PATH . 'views/helpers', 'Airtime_View_Helper');
        $view->assign('suspended', (Application_Model_Preference::getProvisioningStatus() == PROVISIONING_STATUS_SUSPENDED));
    }
    protected function _initTitle()
    {
        $view = $this->_bootstrap->getResource('view');
        $view->headTitle(Application_Model_Preference::GetHeadTitle());
    }
 }
--- a/airtime_mvc/application/forms/BillingClient.php
+++ b/airtime_mvc/application/forms/BillingClient.php
@ -188,6 +188,10 @@ class Application_Form_BillingClient extends Zend_Form
        $passwordVerify->addValidator($notEmptyValidator);
        $this->addElement($passwordVerify);
        $this->addElement('hash', 'csrf', array(
            'salt' => 'unique'
        ));
        $submit = new Zend_Form_Element_Submit("submit");
        $submit->setIgnore(true)
                ->setLabel(_pro("Save"));
--- a/airtime_mvc/application/forms/BillingUpgradeDowngrade.php
+++ b/airtime_mvc/application/forms/BillingUpgradeDowngrade.php
@ -8,6 +8,10 @@ class Application_Form_BillingUpgradeDowngrade extends Zend_Form
        $csrf_element->setValue($csrf_namespace->authtoken)->setRequired('true')->removeDecorator('HtmlTag')->removeDecorator('Label');
        $this->addElement($csrf_element);
        $this->addElement('hash', 'csrf', array(
            'salt' => 'unique'
        ));
        $productPrices = array();
        $productTypes = array();       
        list($productPrices, $productTypes) = Billing::getProductPricesAndTypes();
--- a/airtime_mvc/application/forms/EditUser.php
+++ b/airtime_mvc/application/forms/EditUser.php
@ -118,12 +118,12 @@ class Application_Form_EditUser extends Zend_Form
        $locale = new Zend_Form_Element_Select("cu_locale");
        $locale->setLabel(_("Language:"));
        $locale->setMultiOptions(Application_Model_Locale::getLocales());
-        $locale->setValue(Application_Model_Preference::GetUserLocale($currentUserId));
+        $locale->setValue(Application_Model_Preference::GetUserLocale());
        $locale->setDecorators(array('ViewHelper'));
        $this->addElement($locale);
-        $stationTz = Application_Model_Preference::GetTimezone($currentUserId);
+        $stationTz = Application_Model_Preference::GetDefaultTimezone();
-        $userTz = Application_Model_Preference::GetUserTimezone($currentUserId);
+        $userTz = Application_Model_Preference::GetUserTimezone();
        $timezone = new Zend_Form_Element_Select("cu_timezone");
        $timezone->setLabel(_("Interface Timezone:"));
--- a/airtime_mvc/application/models/Preference.php
+++ b/airtime_mvc/application/models/Preference.php
@ -10,7 +10,7 @@ class Application_Model_Preference
    {
        //pass in true so the check is made with the autoloader
        //we need this check because saas calls this function from outside Zend
-        if (!class_exists("Zend_Auth", true) || !Zend_Auth::getInstance()->hasIdentity()) {
+        if (!class_exists("Zend_Session", true) || !Zend_Session::isStarted() || !class_exists("Zend_Auth", true) || !Zend_Auth::getInstance()->hasIdentity()) {
            $userId = null;
        } else {
            $auth = Zend_Auth::getInstance();
@ -150,10 +150,14 @@ class Application_Model_Preference
        try {
-            $userId = self::getUserId();
+            $userId = null;
-            
+            if ($isUserValue) {
-            if ($isUserValue && is_null($userId))
+                //This is nested in here because so we can still use getValue() when the session hasn't started yet.
-                throw new Exception("User id can't be null for a user preference.");
+                $userId = self::getUserId();
                if (is_null($userId)) {
                    throw new Exception("User id can't be null for a user preference.");
                }
            }
            // If the value is already cached, return it
            $res = $cache->fetch($key, $isUserValue, $userId);
@ -202,7 +206,7 @@ class Application_Model_Preference
        } 
        catch (Exception $e) {
            header('HTTP/1.0 503 Service Unavailable');
-            Logging::info("Could not connect to database: ".$e->getMessage());
+            Logging::info("Could not connect to database: ".$e);
            exit;
        }
    }
--- a/airtime_mvc/application/models/Show.php
+++ b/airtime_mvc/application/models/Show.php
@ -850,6 +850,9 @@ SQL;
        $con = Propel::getConnection(CcPrefPeer::DATABASE_NAME);
        try {
            $con->beginTransaction();
            //It is extremely important that we increase the transaction isolation level, so that if two
            //requests cause the show schedule to be generated at the same time, one will be rolled back.
            $con->exec("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE");
            //UTC DateTime object
            $showsPopUntil = Application_Model_Preference::GetShowsPopulatedUntil();
@ -862,7 +865,9 @@ SQL;
            $con->commit();
        } catch (Exception $e) {
            $con->rollBack();
-            throw $e;
+            //throw $e;
            Logging::warn("Did not create show instances due to transaction error. This is usually safe
                           and caused by two concurrent transactions. " . $e->getMessage());
        }
    }
--- a/airtime_mvc/application/services/SchedulerService.php
+++ b/airtime_mvc/application/services/SchedulerService.php
@ -234,63 +234,65 @@ class Application_Service_SchedulerService
        //with content from $linkedShowSchedule.
        try {
            $con->beginTransaction();
            foreach ($instanceIdsToFill as $id) 
            {
                //Start by clearing the show instance that needs to be filling. This ensure
                //we're not going to get in trouble in case there's an programming error somewhere else.
                self::clearShowInstanceContents($id);
-                // Now fill the show instance with the same content that $linkedShowSchedule has.
+            if (!empty($linkedShowSchedule)) {
-                $instanceStart_sql = "SELECT starts FROM cc_show_instances " .
+                foreach ($instanceIdsToFill as $id) {
-                         "WHERE id = {$id} " . "ORDER BY starts";
+                    //Start by clearing the show instance that needs to be filling. This ensure
                    //we're not going to get in trouble in case there's an programming error somewhere else.
                    self::clearShowInstanceContents($id);
-                //What's tricky here is that when we copy the content, we have to adjust
+                    // Now fill the show instance with the same content that $linkedShowSchedule has.
-                //the start and end times of each track so they're inside the new show instance's time slot.
+                    $instanceStart_sql = "SELECT starts FROM cc_show_instances " .
-                $nextStartDT = new DateTime(
+                        "WHERE id = {$id} " . "ORDER BY starts";
                    //What's tricky here is that when we copy the content, we have to adjust
                    //the start and end times of each track so they're inside the new show instance's time slot.
                    $nextStartDT = new DateTime(
                        Application_Common_Database::prepareAndExecute(
-                                $instanceStart_sql, array(), 
+                            $instanceStart_sql, array(),
-                                Application_Common_Database::COLUMN), 
+                            Application_Common_Database::COLUMN),
                        new DateTimeZone("UTC"));
-                $defaultCrossfadeDuration = Application_Model_Preference::GetDefaultCrossfadeDuration();
+                    $defaultCrossfadeDuration = Application_Model_Preference::GetDefaultCrossfadeDuration();
-                unset($values);
+                    unset($values);
-                $values = array();
+                    $values = array();
-                foreach ($linkedShowSchedule as $item) {
+                    foreach ($linkedShowSchedule as $item) {
-                    $endTimeDT = self::findEndTime($nextStartDT, 
+                        $endTimeDT = self::findEndTime($nextStartDT,
                            $item["clip_length"]);
-                    if (is_null($item["file_id"])) {
+                        if (is_null($item["file_id"])) {
-                        $item["file_id"] = "null";
+                            $item["file_id"] = "null";
-                    }
+                        }
-                    if (is_null($item["stream_id"])) {
+                        if (is_null($item["stream_id"])) {
-                        $item["stream_id"] = "null";
+                            $item["stream_id"] = "null";
-                    }
+                        }
-                    $values[] = "(" . "'{$nextStartDT->format(DEFAULT_TIMESTAMP_FORMAT)}', " .
+                        $values[] = "(" . "'{$nextStartDT->format(DEFAULT_TIMESTAMP_FORMAT)}', " .
-                             "'{$endTimeDT->format(DEFAULT_TIMESTAMP_FORMAT)}', " .
+                            "'{$endTimeDT->format(DEFAULT_TIMESTAMP_FORMAT)}', " .
-                             "'{$item["clip_length"]}', " .
+                            "'{$item["clip_length"]}', " .
-                             "'{$item["fade_in"]}', " . "'{$item["fade_out"]}', " .
+                            "'{$item["fade_in"]}', " . "'{$item["fade_out"]}', " .
-                             "'{$item["cue_in"]}', " . "'{$item["cue_out"]}', " .
+                            "'{$item["cue_in"]}', " . "'{$item["cue_out"]}', " .
-                             "{$item["file_id"]}, " . "{$item["stream_id"]}, " .
+                            "{$item["file_id"]}, " . "{$item["stream_id"]}, " .
-                             "{$id}, " . "{$item["position"]})";
+                            "{$id}, " . "{$item["position"]})";
-                    $nextStartDT = self::findTimeDifference($endTimeDT, 
+                        $nextStartDT = self::findTimeDifference($endTimeDT,
                            $defaultCrossfadeDuration);
-                } //foreach show item
+                    } //foreach show item
-                if (!empty($values)) {
+                    if (!empty($values)) {
-                    $insert_sql = "INSERT INTO cc_schedule (starts, ends, ".
+                        $insert_sql = "INSERT INTO cc_schedule (starts, ends, " .
-                        "clip_length, fade_in, fade_out, cue_in, cue_out, ".
+                            "clip_length, fade_in, fade_out, cue_in, cue_out, " .
-                        "file_id, stream_id, instance_id, position)  VALUES ".
+                            "file_id, stream_id, instance_id, position)  VALUES " .
-                        implode($values, ",");
+                            implode($values, ",");
-                    Application_Common_Database::prepareAndExecute(
+                        Application_Common_Database::prepareAndExecute(
-                        $insert_sql, array(), Application_Common_Database::EXECUTE);
+                            $insert_sql, array(), Application_Common_Database::EXECUTE);
-                }
+                    }
-               //update cc_schedule status column
+                    //update cc_schedule status column
-               $instance = CcShowInstancesQuery::create()->findPk($id);
+                    $instance = CcShowInstancesQuery::create()->findPk($id);
-               $instance->updateScheduleStatus($con);
+                    $instance->updateScheduleStatus($con);
-           } //foreach linked instance
+                } //foreach linked instance
            }
            //update time_filled and last_scheduled in cc_show_instances
            $now = gmdate(DEFAULT_TIMESTAMP_FORMAT);
--- a/airtime_mvc/application/views/scripts/form/setup-lang-timezone.phtml
+++ b/airtime_mvc/application/views/scripts/form/setup-lang-timezone.phtml
@ -9,7 +9,7 @@
                <?php echo $this->element->getElement('setup_timezone')->render(); ?>
            </dl>
        </fieldset>
-        <p style="margin-bottom: 0px; text-align: center;">You can change these later in your preferences and user settings.</p>
+        <p style="margin-bottom: 0px; text-align: center;"><?php echo _("You can change these later in your preferences and user settings.");?></p>
    </form>
 </div>
--- a/airtime_mvc/locale/ast/LC_MESSAGES/airtime.mo
+++ b/airtime_mvc/locale/ast/LC_MESSAGES/airtime.mo
--- a/airtime_mvc/locale/ast/LC_MESSAGES/airtime.po
+++ b/airtime_mvc/locale/ast/LC_MESSAGES/airtime.po
--- a/airtime_mvc/locale/hu_HU/LC_MESSAGES/airtime.mo
+++ b/airtime_mvc/locale/hu_HU/LC_MESSAGES/airtime.mo
--- a/airtime_mvc/locale/hu_HU/LC_MESSAGES/airtime.po
+++ b/airtime_mvc/locale/hu_HU/LC_MESSAGES/airtime.po
@ -12,8 +12,8 @@ msgstr ""
 "Project-Id-Version: Airtime\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2015-09-04 11:17-0400\n"
-"PO-Revision-Date: 2015-09-05 08:33+0000\n"
+"PO-Revision-Date: 2015-10-07 18:13+0000\n"
-"Last-Translator: Daniel James <daniel@64studio.com>\n"
+"Last-Translator: Zsolt Magyar <picizse@gmail.com>\n"
 "Language-Team: Hungarian (Hungary) (http://www.transifex.com/sourcefabric/airtime/language/hu_HU/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@ -455,7 +455,7 @@ msgstr "Nincs jogosúltsága a forrás megváltoztatásához."
 #: airtime_mvc/application/controllers/LoginController.php:43
 msgid "Please enter your username and password."
-msgstr ""
+msgstr "Kérjük, adja meg felhasználónevét és jelszavát."
 #: airtime_mvc/application/controllers/LoginController.php:93
 msgid "Wrong username or password provided. Please try again."
@ -637,7 +637,7 @@ msgstr "Ütemezett"
 #: airtime_mvc/application/layouts/scripts/layout.phtml:78
 #: airtime_mvc/application/views/scripts/showbuilder/builderDialog.phtml:7
 msgid "Tracks"
-msgstr ""
+msgstr "Zeneszámok"
 #: airtime_mvc/application/controllers/LocaleController.php:75
 #: airtime_mvc/application/layouts/scripts/layout.phtml:60
@ -1256,19 +1256,19 @@ msgstr "Dec"
 #: airtime_mvc/application/controllers/LocaleController.php:245
 msgid "Today"
-msgstr ""
+msgstr "Ma"
 #: airtime_mvc/application/controllers/LocaleController.php:246
 msgid "Day"
-msgstr ""
+msgstr "Nap"
 #: airtime_mvc/application/controllers/LocaleController.php:247
 msgid "Week"
-msgstr ""
+msgstr "Hét"
 #: airtime_mvc/application/controllers/LocaleController.php:248
 msgid "Month"
-msgstr ""
+msgstr "Hónap"
 #: airtime_mvc/application/controllers/LocaleController.php:249
 #: airtime_mvc/application/forms/GeneralPreferences.php:158
@ -1841,7 +1841,7 @@ msgstr "%sNyomtatási előnézet%sKérjük, használja böngészője nyomtatási
 #: airtime_mvc/application/controllers/LocaleController.php:407
 msgid "New Show"
-msgstr ""
+msgstr "Új Műsor"
 #: airtime_mvc/application/controllers/LocaleController.php:408
 msgid "New Log Entry"
@ -1942,15 +1942,15 @@ msgstr "Élő adásfolyam"
 #: airtime_mvc/application/layouts/scripts/layout.phtml:63
 msgid "Smart Block"
-msgstr ""
+msgstr "Okos Tábla"
 #: airtime_mvc/application/layouts/scripts/layout.phtml:66
 msgid "Webstream"
-msgstr ""
+msgstr "Adásfolyam"
 #: airtime_mvc/application/layouts/scripts/layout.phtml:71
 msgid "Upload"
-msgstr ""
+msgstr "Feltöltés"
 #: airtime_mvc/application/layouts/scripts/layout.phtml:76
 #: airtime_mvc/application/views/scripts/showbuilder/index.phtml:5
@ -1961,7 +1961,7 @@ msgstr ""
 #: airtime_mvc/application/layouts/scripts/layout.phtml:84
 #: airtime_mvc/application/views/scripts/showbuilder/builderDialog.phtml:25
 msgid "Webstreams"
-msgstr ""
+msgstr "Adásfolyamok"
 #: airtime_mvc/application/layouts/scripts/layout.phtml:135
 #: airtime_mvc/application/layouts/scripts/layout.phtml:161
@ -2105,7 +2105,7 @@ msgstr ""
 #: airtime_mvc/application/views/scripts/embeddablewidgets/player.phtml:6
 #: airtime_mvc/application/configs/navigation.php:34
 msgid "Player"
-msgstr ""
+msgstr "Lejátszó"
 #: airtime_mvc/application/views/scripts/playouthistory/index.phtml:2
 #: airtime_mvc/application/configs/navigation.php:97
@ -2310,7 +2310,7 @@ msgstr ""
 #: airtime_mvc/application/views/scripts/login/password-restore-after.phtml:11
 #: airtime_mvc/application/views/scripts/form/password-restore.phtml:48
 msgid "Back"
-msgstr ""
+msgstr "Vissza"
 #: airtime_mvc/application/views/scripts/login/password-restore.phtml:3
 msgid "Password Reset"
@ -2376,7 +2376,7 @@ msgstr "Találat"
 #: airtime_mvc/application/views/scripts/form/edit-user.phtml:1
 #: airtime_mvc/application/configs/navigation.php:61
 msgid "My Profile"
-msgstr ""
+msgstr "Profilom"
 #: airtime_mvc/application/views/scripts/form/edit-user.phtml:7
 #, php-format
@ -2506,7 +2506,7 @@ msgstr "Előzmények Szűrése"
 #: airtime_mvc/application/views/scripts/form/login.phtml:41
 msgid "Forgot your password?"
-msgstr ""
+msgstr "Elfelejtett jelszó?"
 #: airtime_mvc/application/views/scripts/form/support-setting.phtml:46
 msgid ""
@ -2564,7 +2564,7 @@ msgstr "Ön nem figyel minden média mappát."
 #: airtime_mvc/application/views/scripts/form/preferences_livestream.phtml:1
 msgid "Live Broadcasting"
-msgstr ""
+msgstr "Élő Közvetítés"
 #: airtime_mvc/application/views/scripts/form/preferences_livestream.phtml:11
 #: airtime_mvc/application/views/scripts/partialviews/header.phtml:30
@ -2779,7 +2779,7 @@ msgstr ""
 #: airtime_mvc/application/views/scripts/listenerstat/index.phtml:2
 msgid "Listeners"
-msgstr ""
+msgstr "Hallgatók"
 #: airtime_mvc/application/views/scripts/listenerstat/index.phtml:10
 msgid "Stream Data Collection Status"
@ -2915,7 +2915,7 @@ msgstr "Segítség"
 #: airtime_mvc/application/views/scripts/error/error-500.phtml:11
 msgid "Oops!"
-msgstr ""
+msgstr "Hoppá!"
 #: airtime_mvc/application/views/scripts/error/error-500.phtml:12
 msgid "Something went wrong!"
@ -3155,7 +3155,7 @@ msgstr "Az újraközvetítésre legalább 1 órát kell várni"
 #: airtime_mvc/application/forms/PasswordRestore.php:14
 msgid "Email"
-msgstr ""
+msgstr "E-mail"
 #: airtime_mvc/application/forms/PasswordRestore.php:36
 msgid "Reset password"
@ -3390,7 +3390,7 @@ msgstr "Most Játszott"
 #: airtime_mvc/application/forms/Player.php:25
 msgid "Select Stream:"
-msgstr ""
+msgstr "Adásfolyam Kiválasztása:"
 #: airtime_mvc/application/forms/Player.php:28
 msgid "Auto detect the most appropriate stream to use."
@ -3398,7 +3398,7 @@ msgstr ""
 #: airtime_mvc/application/forms/Player.php:29
 msgid "Select a stream:"
-msgstr ""
+msgstr "Egy adásfolyam kiválasztása:"
 #: airtime_mvc/application/forms/Player.php:41
 msgid " - Mobile friendly"
@ -3448,19 +3448,19 @@ msgstr "elemek"
 #: airtime_mvc/application/forms/SmartBlockCriteria.php:130
 msgid "Randomly"
-msgstr ""
+msgstr "Véletlenszerűen"
 #: airtime_mvc/application/forms/SmartBlockCriteria.php:131
 msgid "Newest"
-msgstr ""
+msgstr "Újabb"
 #: airtime_mvc/application/forms/SmartBlockCriteria.php:132
 msgid "Oldest"
-msgstr ""
+msgstr "Régebbi"
 #: airtime_mvc/application/forms/SmartBlockCriteria.php:179
 msgid "Type:"
-msgstr ""
+msgstr "Típus:"
 #: airtime_mvc/application/forms/SmartBlockCriteria.php:182
 msgid "Static"
@ -3797,7 +3797,7 @@ msgstr "Szövegszín:"
 #: airtime_mvc/application/forms/AddShowStyle.php:49
 msgid "Current Logo:"
-msgstr ""
+msgstr "Jelenlegi Logó:"
 #: airtime_mvc/application/forms/AddShowStyle.php:72
 msgid "Show Logo:"
@ -3937,7 +3937,7 @@ msgstr "Első Lépések"
 #: airtime_mvc/application/configs/navigation.php:157
 msgid "FAQ"
-msgstr ""
+msgstr "GYIK"
 #: airtime_mvc/application/configs/navigation.php:162
 msgid "User Manual"
--- a/airtime_mvc/public/css/styles.css
+++ b/airtime_mvc/public/css/styles.css
@ -288,15 +288,13 @@ select {
    color:#ff5d1a;
 }
 .now-playing-block {
-    /*width:35%;*/
+    flex: 1 0;
    flex: 1 auto;
    background: url(images/masterpanel_spacer.png) no-repeat 0 0;
    margin-left: 152px;
    padding-left: 14px;
 }
 .show-block {
-    /*width:30%;*/
+    flex: 1 0;
    flex: 1 auto;
 }
 .text-row {
    height:30px;
@ -3990,3 +3988,6 @@ li .ui-state-hover {
 #whatsnew li {
    margin-top: 20px;
 }
 /* jQuery dialog */
 .no-close .ui-dialog-titlebar-close {display: none }
--- a/airtime_mvc/public/js/airtime/nowplaying/lang-timezone-setup.js
+++ b/airtime_mvc/public/js/airtime/nowplaying/lang-timezone-setup.js
@ -7,8 +7,11 @@ $(document).ready(function() {
            width: 500,
            resizable: false,
            modal: true,
            closeOnEscape: false,
            position:['center','center'],
            dialogClass: 'no-close',
            buttons: [
                /* Testing removing the Not Now button for higher engagement
                {
                    id: "setup-later",
                    text: $.i18n._("Not Now"),
@ -16,7 +19,7 @@ $(document).ready(function() {
                    click: function() {
                        $(this).dialog("close");
                    }
-                },
+                },*/
                {
                    id: "help_airtime",
                    text: $.i18n._("OK"),
--- a/airtime_mvc/public/js/airtime/preferences/preferences.js
+++ b/airtime_mvc/public/js/airtime/preferences/preferences.js
@ -114,16 +114,18 @@ function setMsAuthenticationFieldsReadonly(ele) {
 }
 function removeLogo() {
-    $.post(baseUrl+'preference/remove-logo', function(json){});
+    $.post(baseUrl+'preference/remove-logo', {'csrf_token' : $('#csrf').val()}, function(json){
-    // Reload without resubmitting the form
+        // Reload without resubmitting the form
-    location.href = location.href.replace(location.hash,"");
+        location.href = location.href.replace(location.hash,"");
    });
 }
 function deleteAllFiles() {
    var resp = confirm($.i18n._("Are you sure you want to delete all the tracks in your library?"))
    if (resp) {
-        $.post(baseUrl+'preference/delete-all-files', function(json){});
+        $.post(baseUrl+'preference/delete-all-files', {'csrf_token' : $('#csrf').val()}, function(json){
-        location.reload();
+            location.reload();
        });
    }
 }