diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index e40b1a8d..7208284e 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -523,7 +523,7 @@ function no_field($key)
 function failed_uploading_file($filename, $key)
 {
 	return getlocal2("errors.failed.uploading.file",
-					 array($filename, getlocal($key)));
+		array($filename, getlocal($key)));
 }
 
 function wrong_field($key)
@@ -766,43 +766,47 @@ function jspath()
 }
 
 /* authorization token check for CSRF attack */
-function csrfchecktoken(){
-  setcsrftoken();
+function csrfchecktoken()
+{
+	setcsrftoken();
 
-  // check the turing code for post requests and del requests
-  if ($_SERVER['REQUEST_METHOD'] == 'POST'){
-    //if token match
-    if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){
+	// check the turing code for post requests and del requests
+	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+		//if token match
+		if (!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])) {
 
-      die("CSRF failure");
-    }
-  } else if(isset($_GET['act'])){
-    if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){
-      
-      die("CSRF failure");
-    }
-  }
+			die("CSRF failure");
+		}
+	} else if (isset($_GET['act'])) {
+		if (($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']) {
+
+			die("CSRF failure");
+		}
+	}
 }
 
 /* print csrf token as a hidden field*/
-function print_csrf_token_input(){
-  setcsrftoken();
+function print_csrf_token_input()
+{
+	setcsrftoken();
 
-  echo "<input name='csrf_token' type='hidden' value='".$_SESSION['csrf_token']."' />";
+	echo "<input name='csrf_token' type='hidden' value='" . $_SESSION['csrf_token'] . "' />";
 }
 
 /* print csrf token in url format */
-function print_csrf_token_in_url(){
-  setcsrftoken();
-  
-  echo "&amp;csrf_token=".$_SESSION['csrf_token'];
+function print_csrf_token_in_url()
+{
+	setcsrftoken();
+
+	echo "&amp;csrf_token=" . $_SESSION['csrf_token'];
 }
 
 /* set csrf token */
-function setcsrftoken(){
-  if(!isset($_SESSION['csrf_token'])){
-      $_SESSION['csrf_token']=sha1(rand(10000000,99999999));
-  }
+function setcsrftoken()
+{
+	if (!isset($_SESSION['csrf_token'])) {
+		$_SESSION['csrf_token'] = sha1(rand(10000000, 99999999));
+	}
 }
 
 ?>
diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php
index 2479adac..26f062b5 100644
--- a/src/messenger/webim/operator/avatar.php
+++ b/src/messenger/webim/operator/avatar.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/operator_settings.php');
 
-csrfchecktoken();
-
 $operator = check_login();
+csrfchecktoken();
 
 $opId = verifyparam("op", "/^\d{1,9}$/");
 $page = array('opid' => $opId, 'avatar' => '');
diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php
index f21fc0a5..d66670f3 100644
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@@ -26,10 +26,9 @@ require_once('../libs/settings.php');
 require_once('../libs/groups.php');
 require_once('../libs/pagination.php');
 
-csrfchecktoken();
-
 $operator = check_login();
 force_password($operator);
+csrfchecktoken();
 
 loadsettings();
 
diff --git a/src/messenger/webim/operator/cannededit.php b/src/messenger/webim/operator/cannededit.php
index fed68d2f..baff9b86 100644
--- a/src/messenger/webim/operator/cannededit.php
+++ b/src/messenger/webim/operator/cannededit.php
@@ -24,9 +24,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/pagination.php');
 
-csrfchecktoken();
-
 $operator = check_login();
+csrfchecktoken();
 loadsettings();
 
 $stringid = verifyparam("key", "/^\d{0,9}$/", "");
diff --git a/src/messenger/webim/operator/features.php b/src/messenger/webim/operator/features.php
index b5e834bd..dc693845 100644
--- a/src/messenger/webim/operator/features.php
+++ b/src/messenger/webim/operator/features.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
-csrfchecktoken();
-
 $operator = check_login();
+csrfchecktoken();
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php
index 946c4021..9ef25b8a 100644
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/operator_settings.php');
 
-csrfchecktoken();
-
 $operator = check_login();
+csrfchecktoken();
 
 $page = array('opid' => '');
 $errors = array();
diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php
index c2e8b06e..d8c08288 100644
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@@ -22,11 +22,9 @@
 require_once('../libs/common.php');
 require_once('../libs/operator.php');
 
-csrfchecktoken();
-
 $operator = check_login();
 force_password($operator);
-
+csrfchecktoken();
 
 if (isset($_GET['act'])) {
 
diff --git a/src/messenger/webim/operator/performance.php b/src/messenger/webim/operator/performance.php
index 58b5d25a..61c4108f 100644
--- a/src/messenger/webim/operator/performance.php
+++ b/src/messenger/webim/operator/performance.php
@@ -23,9 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
-csrfchecktoken();
-
 $operator = check_login();
+csrfchecktoken();
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php
index 79bd67f7..a8074abb 100644
--- a/src/messenger/webim/operator/permissions.php
+++ b/src/messenger/webim/operator/permissions.php
@@ -23,8 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/operator_settings.php');
 
-csrfchecktoken();
 $operator = check_login();
+csrfchecktoken();
 
 function update_operator_permissions($operatorid, $newvalue)
 {
diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php
index 913ef0fe..4f4275bf 100644
--- a/src/messenger/webim/operator/settings.php
+++ b/src/messenger/webim/operator/settings.php
@@ -24,10 +24,9 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 require_once('../libs/styles.php');
 
-csrfchecktoken();
-
 $operator = check_login();
 force_password($operator);
+csrfchecktoken();
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php
index 669da9a7..76856f2d 100644
--- a/src/messenger/webim/operator/translate.php
+++ b/src/messenger/webim/operator/translate.php
@@ -23,8 +23,6 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 require_once('../libs/pagination.php');
 
-csrfchecktoken();
-
 function compare_localization_by_l1($a, $b)
 {
 	if ($a == $b) {
@@ -122,7 +120,7 @@ function get_auxiliary($s)
 
 $operator = check_login();
 force_password($operator);
-
+csrfchecktoken();
 
 $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
 $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);
diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php
index 207da650..e8bb8bdc 100644
--- a/src/messenger/webim/view/agent.php
+++ b/src/messenger/webim/view/agent.php
@@ -50,10 +50,7 @@ require_once('inc_errors.php');
 
 <?php if( $page['opid'] || $page['canmodify'] ) { ?>
 <form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
-
-<!-- add auth token -->
 <?php print_csrf_token_input() ?>
-
 <input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
 	<div>
 <?php if(!$page['needChangePassword']) { print_tabbar(); } ?>
diff --git a/src/messenger/webim/view/avatar.php b/src/messenger/webim/view/avatar.php
index b949f2f6..3219f8ce 100644
--- a/src/messenger/webim/view/avatar.php
+++ b/src/messenger/webim/view/avatar.php
@@ -36,10 +36,7 @@ require_once('inc_errors.php');
 ?>
 
 <form name="avatarForm" method="post" action="<?php echo $webimroot ?>/operator/avatar.php" enctype="multipart/form-data">
-
-<!-- add csrf token -->
 <?php print_csrf_token_input() ?>
-
 <input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
 	<div>
 <?php print_tabbar(); ?>
diff --git a/src/messenger/webim/view/cannededit.php b/src/messenger/webim/view/cannededit.php
index 9f15f211..ef1e54a7 100644
--- a/src/messenger/webim/view/cannededit.php
+++ b/src/messenger/webim/view/cannededit.php
@@ -44,10 +44,7 @@ require_once('inc_errors.php');
 ?>
 
 <form name="cannedForm" method="post" action="<?php echo $webimroot ?>/operator/cannededit.php">
-
-<!-- add auth token -->
 <?php print_csrf_token_input() ?>
-
 <input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
 <?php if(!$page['key']) { ?>
 <input type="hidden" name="lang" value="<?php echo $page['locale'] ?>"/>
diff --git a/src/messenger/webim/view/features.php b/src/messenger/webim/view/features.php
index 5f6c2667..c5d5c345 100644
--- a/src/messenger/webim/view/features.php
+++ b/src/messenger/webim/view/features.php
@@ -85,10 +85,7 @@ require_once('inc_errors.php');
 <?php } ?>
 
 <form name="features" method="post" action="<?php echo $webimroot ?>/operator/features.php">
-
-<!-- add auth token -->
 <?php print_csrf_token_input() ?>
-
 <input type="hidden" name="sent" value="true"/>
 	<div>
 <?php print_tabbar(); ?>
diff --git a/src/messenger/webim/view/performance.php b/src/messenger/webim/view/performance.php
index 1a0cde2f..881796d8 100644
--- a/src/messenger/webim/view/performance.php
+++ b/src/messenger/webim/view/performance.php
@@ -39,10 +39,7 @@ require_once('inc_errors.php');
 <?php } ?>
 
 <form name="performance" method="post" action="<?php echo $webimroot ?>/operator/performance.php">
-
-<!-- add auth token -->
 <?php print_csrf_token_input() ?>
-
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
diff --git a/src/messenger/webim/view/permissions.php b/src/messenger/webim/view/permissions.php
index 7bf433e8..4920e3a2 100644
--- a/src/messenger/webim/view/permissions.php
+++ b/src/messenger/webim/view/permissions.php
@@ -39,10 +39,7 @@ require_once('inc_errors.php');
 <?php } ?>
 
 <form name="permissionsForm" method="post" action="<?php echo $webimroot ?>/operator/permissions.php">
-
-<!-- add csrf token -->
 <?php print_csrf_token_input() ?>
-
 <input type="hidden" name="op" value="<?php echo $page['opid'] ?>"/>
 	<div>
 <?php print_tabbar(); ?>
diff --git a/src/messenger/webim/view/settings.php b/src/messenger/webim/view/settings.php
index 82df63f7..cf91944c 100644
--- a/src/messenger/webim/view/settings.php
+++ b/src/messenger/webim/view/settings.php
@@ -39,10 +39,7 @@ require_once('inc_errors.php');
 <?php } ?>
 
 <form name="settings" method="post" action="<?php echo $webimroot ?>/operator/settings.php">
-
-<!-- add auth token -->
 <?php print_csrf_token_input() ?>
-
 	<div>
 <?php print_tabbar(); ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
diff --git a/src/messenger/webim/view/translate.php b/src/messenger/webim/view/translate.php
index 0b72c222..9d62f4e0 100644
--- a/src/messenger/webim/view/translate.php
+++ b/src/messenger/webim/view/translate.php
@@ -44,10 +44,7 @@ require_once('inc_errors.php');
 ?>
 
 <form name="translateForm" method="post" action="<?php echo $webimroot ?>/operator/translate.php">
-
-<!-- add auth token -->
 <?php print_csrf_token_input() ?>
-
 <input type="hidden" name="key" value="<?php echo $page['key'] ?>"/>
 <input type="hidden" name="target" value="<?php echo $page['target'] ?>"/>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">