Added new modules to help prevent Cross Site Request Forgery

Made changes to prevent arbitrary code exection on AdmPortal.
Issue-ID: OJSI-40

Change-Id: I5ec60e2585413f3948c2540bd502dd1393794267
Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com>

Former-commit-id: 3d54c9ad35ef5e7a4b13948e718a4ad2830cbb04
diff --git a/admportal/package.json b/admportal/package.json
index f30d059..6274d72 100644
--- a/admportal/package.json
+++ b/admportal/package.json
@@ -12,12 +12,16 @@
     "bootstrap-submenu": "^2.0.3",
     "bootstrap-table": "^1.9.1",
     "cookie-parser": "~1.3.3",
+    "crypto": "^1.0.1",
+    "csurf": "^1.10.0",
     "csv": "^0.4.1",
     "csvtojson": "^0.5.3",
     "dateformat": "^1.0.11",
     "debug": "~2.0.0",
+    "dns-sync": "~0.1.3",
     "ejs": "~0.8.5",
     "express": "~4.9.0",
+    "express-sanitizer": "^1.0.5",
     "express-session": "^1.10.1",
     "fs.extra": "^1.3.2",
     "lodash": "^3.8.0",
@@ -30,7 +34,6 @@
     "properties-reader": "0.0.9",
     "sax": "^0.6.1",
     "serve-favicon": "~2.1.3",
-    "xml2js": "^0.4.5",
-    "dns-sync": "~0.1.3"
+    "xml2js": "^0.4.5"
   }
 }
diff --git a/admportal/pom.xml b/admportal/pom.xml
index 29f9ce9..f01096a 100644
--- a/admportal/pom.xml
+++ b/admportal/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.onap.ccsdk.parent</groupId>
         <artifactId>binding-parent</artifactId>
-        <version>1.3.0-SNAPSHOT</version>
+        <version>1.3.1-SNAPSHOT</version>
         <relativePath/>
     </parent>
 
diff --git a/admportal/server/app.js b/admportal/server/app.js
index 33cdb64..898645e 100644
--- a/admportal/server/app.js
+++ b/admportal/server/app.js
@@ -8,6 +8,7 @@
 var properties = PropertiesReader(process.argv[2]); //property file passed
 var morgan = require('morgan');
 var _ = require('lodash');
+var expressSanitizer = require('express-sanitizer');
 //var multer = require('multer');
 //var done=false;
 
@@ -47,6 +48,9 @@
   extended: true
 }));
 
+// mount express-sanitizer here
+app.use(expressSanitizer()); // this line needs to follow bodyParser
+
 app.use(accesslog); // http access log
 app.use(express.static(process.cwd() + '/public')); // static files
 
diff --git a/admportal/server/router/index.js b/admportal/server/router/index.js
index 76cd611..a529375 100644
--- a/admportal/server/router/index.js
+++ b/admportal/server/router/index.js
@@ -9,9 +9,9 @@
 	app.use('/odl', require('./routes/odl'));
 	app.use('/sla', require('./routes/sla'));
 	app.use('/user', require('./routes/user'));
-	app.use('/gamma', require('./routes/gamma'));
+	//app.use('/gamma', require('./routes/gamma'));
 	app.use('/mobility', require('./routes/mobility'));
-	app.use('/admin', require('./routes/admin'));
+	//app.use('/admin', require('./routes/admin'));
 	app.use('/preload', require('./routes/preload'));
 	//app.use('/svc-topology-operation', require('./routes/odl'));
 	//app.use('/wklist-delete', require('./routes/odl'));
diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js
index 4b7b808..96c7fd8 100755
--- a/admportal/server/router/routes/admin.js
+++ b/admportal/server/router/routes/admin.js
@@ -5,40 +5,43 @@
 var fs = require('fs');
 var dbRoutes = require('./dbRoutes');
 var csp = require('./csp');
+var cookieParser = require('cookie-parser');
 var bodyParser = require('body-parser');
 var sax = require('sax'),strict=true,parser = sax.parser(strict);
 var async = require('async');
+var csrf = require('csurf');
+
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser());
 
 
 // GET
 router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
     dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
 });
-router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
+router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) {
 
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    tasks.push(function(callback) {
-        dbRoutes.deleteParameter(req,res,callback);
-    });
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Row successfully deleted from PARAMETERS table.');
-            dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
+	var privilegeObj = req.session.loggedInAdmin;
+	var tasks = [];
+	tasks.push(function(callback) { dbRoutes.deleteParameter(req,res,callback); });
+	async.series(tasks, function(err,result){
+		var msgArray = new Array();
+		if(err){
+			msgArray.push(err);
+			dbRoutes.getParameters(req,res,{code:'failure', msg:msgArray},privilegeObj);
+			return;
+		}
+		else {
+			msgArray.push('Row successfully deleted from PARAMETERS table.');
+			dbRoutes.getParameters(req,res,{code:'success', msg:msgArray},privilegeObj);
+			return;
+		}
+	});
 });
 
 
 // POST
-router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/addParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
 
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
@@ -59,7 +62,7 @@
 });
 
 // gamma - updateAicSite
-router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, function(req,res){
+router.post('/updateParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res){
 
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
diff --git a/admportal/server/router/routes/csp.js b/admportal/server/router/routes/csp.js
index 435aaf9..8828052 100644
--- a/admportal/server/router/routes/csp.js
+++ b/admportal/server/router/routes/csp.js
@@ -15,13 +15,18 @@
 
 function login (req,res) {
 
+console.log('login');
+var tkn = req.sanitize(req.body._csrf);
+console.log('login:tkn=' + tkn);
+
 	var loggedInAdmin={};
-	var email = req.body.email;
+	var email = req.sanitize(req.body.email);
+	var pswd = req.sanitize(req.body.password);
 	dbRoutes.findAdminUser(email,res,function(adminUser){
 		if(adminUser !== null){
 			
 			// make sure correct password is provided
-			if (req.body.password != adminUser.password) {
+			if (pswd != adminUser.password) {
 				res.render("pages/login", 
 				{
 					result:
@@ -36,6 +41,7 @@
 				
 			var loggedInAdmin = {
 				email:adminUser.email,
+				csrfToken: tkn,
 				password:adminUser.password,
 				privilege:adminUser.privilege
 			}
@@ -57,6 +63,7 @@
 }
 
 function checkAuth(req,res,next){
+
 	var host = req.get('host');
 	var url = req.url;
 	var originalUrl = req.originalUrl;
@@ -64,8 +71,7 @@
 	console.log("checkAuth");
 
 	var host = req.headers['host'];
-console.log('host=' + host);
-
+	console.log('host=' + host);
 	console.log("cookie is not null "+JSON.stringify(req.session.loggedInAdmin));
 	if(req.session == null || req.session == undefined 
 		|| req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
@@ -79,6 +85,40 @@
 	next();
 }
 
+function checkPriv(req,res,next)
+{
+  var priv = req.session.loggedInAdmin;
+  if(req.session == null || req.session == undefined 
+		|| req.session.loggedInAdmin == null || req.session.loggedInAdmin == undefined)
+  {
+    res.render("pages/err", 
+		{
+			result: {code:'error', msg:'Unexpected null session.'}, 
+			header: process.env.MAIN_MENU
+		});
+    return;
+  }
+  else
+  {
+    if (priv.privilege == 'A')
+    {
+      next();
+      return;
+    }
+    else
+    {
+      res.render("pages/err", 
+			{
+				result: { code:'error', msg:'User does not have permission to run operation.'},
+				header: process.env.MAIN_MENU
+			});
+      return;
+    }
+  }
+}
+
+
 exports.login = login;
 exports.logout = logout;
 exports.checkAuth = checkAuth;
+exports.checkPriv = checkPriv;
diff --git a/admportal/server/router/routes/dbRoutes.js b/admportal/server/router/routes/dbRoutes.js
index 34a90c7..c4a09fd 100644
--- a/admportal/server/router/routes/dbRoutes.js
+++ b/admportal/server/router/routes/dbRoutes.js
@@ -262,18 +262,22 @@
 
 exports.saveUser = function(req,res){
 
-	pool.getConnection(function(err,connection){
+console.log('b4 sani');
+	var email = req.sanitize(req.body.nf_email);
+	var pswd = req.sanitize(req.body.nf_password);
+console.log('after sani');
+
+	pool.getConnection(function(err,connection)
+	{
 		if(err){
 			console.error( String(err) ); // ALARM
 			res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
 			return;
-    	}
-		//var sql = "SELECT AES_DECRYPT(password, '" + enckey + "') password FROM PORTAL_USERS";
-		var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + req.body.nf_email + "'";
+		}
+		var sql = "SELECT email FROM PORTAL_USERS WHERE email='" + email + "'";
 
-		console.log(sql);
-
-		connection.query(sql, function(err,result){
+		connection.query(sql, function(err,result)
+		{
 			if(err){
 				connection.release();
 				res.render("pages/signup", {result:{code:'error', msg:"Unable to get database connection. " + String(err)},header:process.env.MAIN_MENU});
@@ -287,13 +291,12 @@
 			}
 
 			sql = "INSERT INTO PORTAL_USERS (email,password,privilege) VALUES ("
-            +"'"+ req.body.nf_email + "',"
-            + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "'),"
+            +"'"+ email + "',"
+            + "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
             +"'A')";
 
-			console.log(sql);
-
-			connection.query(sql, function(err,result){
+			connection.query(sql, function(err,result)
+			{
 				connection.release();
 				
 				if(err){
@@ -360,172 +363,207 @@
 exports.addUser = function(req,res){
 	
 	var rows={};
-    var resultObj = { code:'', msg:'' };
+	var resultObj = { code:'', msg:'' };
 	var privilegeObj = req.session.loggedInAdmin;
+	var privilege = req.sanitize(req.body.nf_privilege);
+	var email = req.sanitize(req.body.nf_email);
+  var pswd = req.sanitize(req.body.nf_password);
 
-    pool.getConnection(function(err,connection) {
-        if(err){
+
+	pool.getConnection(function(err,connection) 
+	{
+		if(err)
+		{
 			console.error( String(err) ); // ALARM
-            res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err),
-				privilege:privilegeObj },header:process.env.MAIN_MENU});
+			res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. "+ String(err),
+			privilege:privilegeObj },header:process.env.MAIN_MENU});
 			return;
-        }
+		}
 
-        if( req.body.nf_privilege == "admin" ){
-            var char_priv = 'A';
-        }else if(req.body.nf_privilege == 'readonly'){
-            var char_priv = 'R';
-        }else{
-            var char_priv = 'A';
-        }
+		if( privilege == "admin" ){
+			var char_priv = 'A';
+		}else if(privilege == 'readonly'){
+			var char_priv = 'R';
+		}else{
+			var char_priv = 'R';
+		}
+
+		//connection.query(sqlRequest, function(err,result)
+		var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES ("
+			+"'"+ email + "',"
+			+ "AES_ENCRYPT('" + pswd + "','" + enckey + "'),"
+			+"'"+ char_priv + "')";
 
 
-        //connection.query(sqlRequest, function(err,result){
-        var sqlUpdate = "INSERT INTO PORTAL_USERS (email, password, privilege) VALUES ("
-            +"'"+ req.body.nf_email + "',"
-            + "AES_ENCRYPT('" + req.body.nf_password + "','" + enckey + "'),"
-            +"'"+ char_priv + "')";
-
-		console.log(sqlUpdate);
-
-        connection.query(sqlUpdate,function(err,result){
-
-            if(err){
-                 resultObj = {code:'error', msg:'Add of user failed Error: '+err};
-            }
-
-            // Need DB lookup logic here
-            connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows) {
-
-            	connection.release();
-                if(!err) {
-                    if ( rows.length > 0 )
-                    {
+		connection.query(sqlUpdate,function(err,result)
+		{
+			if(err){
+				resultObj = {code:'error', msg:'Add of user failed Error: '+err};
+			}
+			// Need DB lookup logic here
+			connection.query("SELECT email,AES_DECRYPT(password, '" + enckey + "') password,privilege FROM PORTAL_USERS", function(err, rows)
+			{
+				connection.release();
+				if(!err)
+				{
+					if ( rows.length > 0 )
+					{
 						resultObj = {code:'success',msg:'Successfully added user.'};
-                        res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
+						res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
 						return;
-                    }else{
-                        res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
+					}else{
+						res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database, please try again.',
 							privilege:privilegeObj },header:process.env.MAIN_MENU});
 						return;
-                    }
-                } else {
-                    res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err ,
+					}
+				}
+				else {
+					res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. Error: '+ err ,
 						privilege:privilegeObj },header:process.env.MAIN_MENU});
 					return;
-                }
-            }); //end query
-        });
-
-    }); // end of getConnection
+				}
+			}); //end query
+		});
+	}); // end of getConnection
 }
 
 // updateUser
 exports.updateUser= function(req,res){
 
-    var rows={};
+	var rows={};
 	var resultObj = { code:'', msg:'' };
 	var privilegeObj = req.session.loggedInAdmin;
+	var email = req.sanitize(req.body.uf_email);
+	var key_email = req.sanitize(req.body.uf_key_email)
+  var pswd = req.sanitize(req.body.uf_password);
+  var privilege = req.sanitize(req.body.uf_privilege);
 
-    pool.getConnection(function(err,connection) {
-
-        if(err){
+	pool.getConnection(function(err,connection)
+	{
+		if(err){
 			console.error( String(err) ); // ALARM
-            res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
+			res.render("user/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
 				privilege:privilegeObj },header:process.env.MAIN_MENU});
 			return;
-        }
-
-		if( req.body.uf_privilege == "admin" ){
-			var char_priv = 'A';
-		}else if(req.body.uf_privilege == 'readonly'){
-			var char_priv = 'R';
-		}else{
-			var char_priv = 'A';
 		}
 
+		if( privilege == "admin" ){
+			var char_priv = 'A';
+		}else if(privilege == 'readonly'){
+			var char_priv = 'R';
+		}else{
+			var char_priv = 'R';
+		}
 
-        //connection.query(sqlRequest, function(err,result){
 		var sqlUpdate = "UPDATE PORTAL_USERS SET "
-			+ "email = '" + req.body.uf_email + "',"
-			+ "password = " + "AES_ENCRYPT('" + req.body.uf_password + "','" + enckey + "'), "
+			+ "email = '" + email + "',"
+			+ "password = " + "AES_ENCRYPT('" + pswd + "','" + enckey + "'), "
 			+ "privilege = '"+ char_priv + "'"
-			+ " WHERE email = '" + req.body.uf_key_email + "'";
+			+ " WHERE email = '" + key_email + "'";
 
-		console.log(sqlUpdate);
-
-        connection.query(sqlUpdate,function(err,result){
-
+		connection.query(sqlUpdate,function(err,result)
+		{
 			if(err){
-				 resultObj = {code:'error', msg:'Update of user failed Error: '+err};
+				resultObj = {code:'error', msg:'Update of user failed Error: '+err};
 			}
-
-            // Need DB lookup logic here
-            connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows) {
-            	connection.release();
-                if(!err) {
-                    if ( rows.length > 0 )
-                    {
+			// Need DB lookup logic here
+			connection.query("SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege FROM PORTAL_USERS", function(err, rows)
+			{
+				connection.release();
+				if(!err)
+				{
+					if ( rows.length > 0 )
+					{
 						resultObj = {code:'success',msg:'Successfully updated user.'};
-                        res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} );
-            			return;
-                    }else{
-                        res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.',
+						res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU} );
+						return;
+					}else{
+						res.render("user/list", {rows: null, result:{ code:'error', msg:'Unexpected no rows returned from database.',
 							privilege:privilegeObj },header:process.env.MAIN_MENU});
 						return;
-                    }
-                } else {
-                    res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
+					}
+				} else {
+					res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
 						privilege:privilegeObj },header:process.env.MAIN_MENU});
 					return;
 				}
-            }); //end query
-        });
-    }); // end of getConnection
-};
+			}); //end query
+		});
+	}); // end of getConnection
+}
 
 exports.listUsers = function(req,res,resultObj){
 
 	var privilegeObj = req.session.loggedInAdmin;
-    var rows={};
-    pool.getConnection(function(err,connection) {
+	var rows={};
+	pool.getConnection(function(err,connection)
+	{
     
-        if(err){
+		if(err){
 			console.error( String(err) ); // ALARM
-            res.render("pages/list", {rows: null, result:{code:'error', msg:"Unable to get database connection. " + String(err),
-				privilege:privilegeObj },header:process.env.MAIN_MENU});
+			res.render("pages/list", 
+			{
+				rows: null, 
+				result:{
+					code:'error', 
+					msg:"Unable to get database connection. " + String(err), 
+					privilege:privilegeObj },
+					header:process.env.MAIN_MENU
+			});
 			return;
-        }
+		}
 
-        // Need DB lookup logic here
-	var selectUsers = "SELECT email, AES_DECRYPT(password,'" + enckey + "') password, privilege from PORTAL_USERS";
-	console.log(selectUsers);
-        connection.query(selectUsers, function(err, rows) {
+		// Need DB lookup logic here
+		var selectUsers = "SELECT email, AES_DECRYPT(password,'" 
+			+ enckey + "') password, privilege from PORTAL_USERS";
 
-			connection.release();
-			if(err){
-				 resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err};
+		connection.query(selectUsers, function(err, rows) {
+
+		connection.release();
+		if(err){
+			resultObj = {code:'error', msg:'Unable to SELECT users Error: '+err};
+		}
+		if(!err)
+		{
+			if ( rows.length > 0 )
+			{
+				console.log(JSON.stringify(rows));
+				res.render('user/list', 
+				{
+					rows: rows, 
+					result:resultObj, 
+					privilege:privilegeObj,
+					header:process.env.MAIN_MENU 
+				});
+				return;
 			}
-		
-            if(!err) {
-                if ( rows.length > 0 )
-                {
-                    console.log(JSON.stringify(rows));
-                    res.render('user/list', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU });
-					return;
-                }
-                else{
-                    res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database.',
-						privilege:privilegeObj },header:process.env.MAIN_MENU});
-					return;
-                }
-            } else {
-                    res.render("user/list", {rows: null, result:{code:'error', msg:'Unexpected no rows returned from database. ' + String(err),
-						privilege:privilegeObj },header:process.env.MAIN_MENU});
-					return;
+			else{
+				res.render("user/list", 
+				{
+					rows: null, 
+					result:{
+						code:'error', 
+						msg:'Unexpected no rows returned from database.',
+						privilege:privilegeObj },
+						header:process.env.MAIN_MENU
+				});
+				return;
 			}
-        }); //end query
-    }); // end getConnection
+		}
+		else
+		{
+			res.render("user/list", 
+			{
+				rows: null, 
+				result:{
+					code:'error', 
+					msg:'Unexpected no rows returned from database. ' + String(err),
+					privilege:privilegeObj },header:process.env.MAIN_MENU
+			});
+			return;
+		}
+		}); //end query
+	}); // end getConnection
 }
 
 exports.listSLA = function(req,res,resultObj){
@@ -689,29 +727,29 @@
 
 exports.getVnfProfile = function(req,res,resultObj,privilegeObj){
 
-    pool.getConnection(function(err,connection) {
-
-        if(err){
-            console.error( String(err) ); // ALARM
-            res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
-            return;
-        }
-
-        connection.query("SELECT vnf_type,availability_zone_count,equipment_role "
-            + "FROM VNF_PROFILE ORDER BY VNF_TYPE", function(err, rows)
-        {
-            connection.release();
-            if(err) {
-                res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU});
-                return;
-            }
-            else {
-                res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
-                return;
-            }
-        }); //end query
-console.log('after query');
-    }); // end getConnection
+	pool.getConnection(function(err,connection)
+	{
+		if(err){
+			console.error( String(err) ); // ALARM
+			res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+			return;
+		}
+		var sql = "SELECT vnf_type,availability_zone_count,equipment_role FROM VNF_PROFILE ORDER BY VNF_TYPE";
+		console.log(sql);
+		connection.query(sql, function(err, rows)
+		{
+			connection.release();
+			if(err) {
+				res.render("mobility/vnfProfile", {result:{code:'error',msg:'Database Error: '+ String(err)},header:process.env.MAIN_MENU});
+				return;
+			}
+			else {
+				console.log('render vnfProfile');
+				res.render('mobility/vnfProfile', { rows: rows, result:resultObj, privilege:privilegeObj,header:process.env.MAIN_MENU } );
+				return;
+			}
+		}); //end query
+	}); // end getConnection
 }
 
 
@@ -747,103 +785,34 @@
 
 
 
-exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj){
-
-
-    pool.getConnection(function(err,connection) {
-
-        if(err){
-            console.error( String(err) ); // ALARM
-            res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
-            return;
-        }
-
-        // Need DB lookup logic here
-        connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data "
-            + "FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id", function(err, rows)
-        {
-            var msgArray = new Array();
-
-            connection.release();
-            if(err) {
-                msgArray = 'Database Error: '+ String(err);
-                res.render("mobility/vnfPreloadNetworkData", {
-					result:{code:'error',msg:msgArray},
-					preloadImportDirectory: properties.preloadImportDirectory,
-					header:process.env.MAIN_MENU
-				});
-                return;
-            }
-            else {
-                var retData = [];
-                for( r=0; r<rows.length; r++)
-                {
-                    var rowObj = {};
-                    rowObj.row = rows[r];
-                    if ( rows[r].filename.length > 0 )
-                    {
-                        try{
-							var buffer = rows[r].preload_data;
-                            var decode_buffer = decodeURI(buffer);
-                            var filecontent = JSON.parse(decode_buffer);
-                            rowObj.filecontent = filecontent;
-                            rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"];
-                            rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"];
-                        }
-                        catch(error){
-                            msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
-                        }
-                    }
-                    else {
-                        rowObj.filecontent = '';
-                    }
-                    retData.push(rowObj);
-                }
-                if(msgArray.length>0){
-                    resultObj.code = 'failure';
-                    resultObj.msg = msgArray;
-                }
-                res.render('mobility/vnfPreloadNetworkData', { 
-					retData:retData, 
-					result:resultObj, 
-					privilege:privilegeObj,
-					preloadImportDirectory: properties.preloadImportDirectory,
-					header:process.env.MAIN_MENU 
-				});
-                return;
-            }
-        }); //end query
-    }); // end getConnection
-}
-
-exports.getVnfData = function(req,res,resultObj,privilegeObj){
-
-
-    pool.getConnection(function(err,connection) {
-
-        if(err){
-            console.error( String(err) ); // ALARM
-            res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
-            return;
-        }
-
-        // Need DB lookup logic here
-        connection.query("SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data "
-            + "FROM PRE_LOAD_VNF_DATA ORDER BY id", function(err, rows) 
+exports.getVnfNetworkData = function(req,res,resultObj,privilegeObj)
+{ 
+	pool.getConnection(function(err,connection)
+	{
+		if(err){
+			console.error( String(err) ); // ALARM
+			res.render("pages/err",
+				{result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+			return;
+		}
+		// Need DB lookup logic here
+		var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_NETWORK_DATA ORDER BY id";
+		console.log(sql);
+		connection.query(sql, function(err, rows)
 		{
 			var msgArray = new Array();
-
-            connection.release();
-            if(err) {
+			connection.release();
+			if(err) {
 				msgArray = 'Database Error: '+ String(err);
-                res.render("mobility/vnfPreloadData", {
+				res.render("mobility/vnfPreloadNetworkData", {
 					result:{code:'error',msg:msgArray},
+					privilege:privilegeObj,
 					preloadImportDirectory: properties.preloadImportDirectory,
 					header:process.env.MAIN_MENU
 				});
-                return;
-            }
-            else {
+				return;
+			}
+			else {
 				var retData = [];
 				for( r=0; r<rows.length; r++)
 				{
@@ -853,35 +822,103 @@
 					{
 						try{
 							var buffer = rows[r].preload_data;
-                            var s_buffer = decodeURI(buffer);
-							var filecontent = JSON.parse(s_buffer);
+							var decode_buffer = decodeURI(buffer);
+							var filecontent = JSON.parse(decode_buffer);
 							rowObj.filecontent = filecontent;
-							rowObj.vnf_name = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-name"];
-							rowObj.vnf_type = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-type"];
+							rowObj.network_name = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-name"];
+							rowObj.network_type = filecontent.input["network-topology-information"]["network-topology-identifier"]["network-type"];
 						}
 						catch(error){
-                            msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
+							msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
 						}
 					}
 					else {
 						rowObj.filecontent = '';
 					}
 					retData.push(rowObj);
-				}
+				}//endloop
 				if(msgArray.length>0){
 					resultObj.code = 'failure';
 					resultObj.msg = msgArray;
 				}
-                res.render('mobility/vnfPreloadData',{ 
-						retData:retData, result:resultObj, 
-						privilege:privilegeObj,
-						header:process.env.MAIN_MENU, 
-						preloadImportDirectory: properties.preloadImportDirectory
+				res.render('mobility/vnfPreloadNetworkData', { 
+					retData:retData, 
+					result:resultObj, 
+					privilege:privilegeObj,
+					preloadImportDirectory: properties.preloadImportDirectory,
+					header:process.env.MAIN_MENU 
 				});
-                return;
-            }
-        }); //end query
-    }); // end getConnection
+				return;
+			}
+		}); //end query
+	}); // end getConnection
+}
+
+exports.getVnfData = function(req,res,resultObj,privilegeObj)
+{
+	pool.getConnection(function(err,connection)
+	{
+		if(err){
+			console.error( String(err) ); // ALARM
+			res.render("pages/err", {result:{code:'error', msg:"Unable to get database connection. "+ String(err)},header:process.env.MAIN_MENU});
+			return;
+		}
+		// Need DB lookup logic here
+		var sql = "SELECT id,svc_request_id,svc_action,status,filename,ts,preload_data FROM PRE_LOAD_VNF_DATA ORDER BY id";
+		console.log(sql);
+		connection.query(sql,function(err, rows) 
+		{
+			var msgArray = new Array();
+			connection.release();
+			if(err) {
+				msgArray = 'Database Error: '+ String(err);
+				res.render("mobility/vnfPreloadData", {
+					result:{code:'error',msg:msgArray},
+					privilege:privilegeObj,
+					preloadImportDirectory: properties.preloadImportDirectory,
+					header:process.env.MAIN_MENU
+				});
+				return;
+			}
+			else {
+				var retData = [];
+				for( r=0; r<rows.length; r++)
+				{
+					var rowObj = {};
+					rowObj.row = rows[r];
+					if ( rows[r].filename.length > 0 )
+					{
+						try{
+							var buffer = rows[r].preload_data;
+							var s_buffer = decodeURI(buffer);
+							var filecontent = JSON.parse(s_buffer);
+							rowObj.filecontent = filecontent;
+							rowObj.vnf_name = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-name"];
+							rowObj.vnf_type = filecontent.input["vnf-topology-information"]["vnf-topology-identifier"]["vnf-type"];
+						}
+						catch(error){
+							msgArray.push('File ' + rows[r].filename + ' has invalid JSON. Error:' + error);
+						}
+					}
+					else {
+						rowObj.filecontent = '';
+					}
+					retData.push(rowObj);
+				}//endloop
+				if(msgArray.length>0){
+					resultObj.code = 'failure';
+					resultObj.msg = msgArray;
+				}
+				res.render('mobility/vnfPreloadData',{ 
+					retData:retData, result:resultObj, 
+					privilege:privilegeObj,
+					header:process.env.MAIN_MENU, 
+					preloadImportDirectory: properties.preloadImportDirectory
+				});
+				return;
+			}
+		}); //end query
+	}); // end getConnection
 }
 
 
@@ -927,28 +964,27 @@
 
 exports.addRow = function(sql,req,res,callback){
 
-    console.log(sql);
+	console.log(sql);
 
-    pool.getConnection(function(err,connection) {
+	pool.getConnection(function(err,connection) {
 
-        if(err){
-            console.error( String(err) ); // ALARM
-            callback(err, 'Unable to get database connection.' + err);
-            return;
-        }
-
-        connection.query(sql, function(err,result){
-            connection.release();
-               if(err){
-                    console.debug('Database operation failed. ' + err );
-                    callback(err,'Database operation failed. ' + err );
-               }
-               else
-               {
-                	callback(null, result.affectedRows);
-               }
-       }); //end query
-    }); // end getConnection
+		if(err){
+			console.error( String(err) ); // ALARM
+			callback(err, 'Unable to get database connection.' + err);
+			return;
+		}
+		connection.query(sql, function(err,result){
+			connection.release();
+			if(err){
+				console.debug('Database operation failed. ' + err );
+				callback(err,'Database operation failed. ' + err );
+			}
+			else
+			{
+				callback(null, result.affectedRows);
+			}
+		}); //end query
+	}); // end getConnection
 }
 
 
diff --git a/admportal/server/router/routes/gamma.js b/admportal/server/router/routes/gamma.js
index 70e6713..5b8c764 100644
--- a/admportal/server/router/routes/gamma.js
+++ b/admportal/server/router/routes/gamma.js
@@ -53,314 +53,7 @@
 		dbRoutes.getTable(req,res,selectNbVlanRange,'gamma/nbVlanRange',{code:'', msg:''}, req.session.loggedInAdmin);
 });
 
-router.get('/getNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	if (typeof req.query.vlan_plan_id == "undefined"){ 
-		dbRoutes.getTable(req,res,selectNbVlanPool,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
-	}else{
-		var sql = "SELECT aic_site_id,availability_zone,vlan_plan_id,plan_type,purpose,vlan_id,status FROM VLAN_POOL WHERE vlan_plan_id='" + req.query.vlan_plan_id + "' AND vlan_id BETWEEN "
-			+ req.query.range_start + " AND " + req.query.range_end;
-		dbRoutes.getTable(req,res,sql,'gamma/nbVlanPool',{code:'', msg:''}, req.session.loggedInAdmin);
-	}
-});
-
-router.post('/addNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- var network_type = removeNL(req.body.nf_network_type);
- var technology = removeNL(req.body.nf_technology);
- var sql = "INSERT INTO NETWORK_PROFILE (network_type,technology) VALUES ("
-    + "'"+ network_type + "',"
-    + "'"+ technology + "')";
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err)
-        {
-            msgArray.push(err);
-            dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else
-        {
-            if ( result == 1 )
-            {
-                msgArray.push('Successfully added Network Profile.');
-                dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
-                return;
-            }
-            else
-            {
-                msgArray.push('Was not able to add Network Profile.');
-                dbRoutes.getTable(req,res,ucpePhsCredentials, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
-                return;
-            }
-        }
-    });
-});
-
-router.post('/saveNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
- 	var plan_type = req.body.nf_plan_type;
- 	var purpose = req.body.nf_purpose;
- 	var range_start = padLeft(removeNL(req.body.nf_range_start),4);
- 	var range_end = padLeft(removeNL(req.body.nf_range_end),4);
- 	var tasks = [];
- 	var privilegeObj = req.session.loggedInAdmin;
-
- 	tasks.push( function(callback) { 
-		dbRoutes.saveNbVlanRange(range_start,range_end,plan_type,purpose,req,res,callback); 
-	});
-
-	// will probably need to be a new call that is a transaction if i use a new
-	// plan_type-purpose-counter table.
-    //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err)
-        {
-            msgArray.push(err);
-            dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else
-        {
-            msgArray.push('Successfully added VLAN Range.');
-            dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-router.get('/deleteNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    tasks.push(function(callback){
-        dbRoutes.executeSQL("DELETE FROM NETWORK_PROFILE WHERE network_type = '" + req.query.network_type + "'", req,res,callback);
-
-    });
-    async.series(tasks, function(err,result)
-    {
-        var msgArray = new Array();
-        if(err){
-            msgArray.push("Error: " + err);
-            dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else
-        {
-            if ( result[0] == 1 )
-            {
-                msgArray.push('Successfully deleted Network Profile.');
-                dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
-                return;
-            }
-            else
-            {
-                msgArray.push('No rows removed.');
-                dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
-                return;
-            }
-        }
-    });
-});
-
-router.get('/deleteNbVlanRange', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-
-    tasks.push(function(callback){
-        dbRoutes.deleteNbVlanRange(req.query.vlan_plan_id,req,res,callback);
-    });
-    async.series(tasks, function(err,result)
-    {
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else
-        {
-            msgArray.push('Successfully deleted Range.');
-            dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-router.post('/updateNetworkProfile', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
-    var sql = "UPDATE NETWORK_PROFILE SET "
-            + "network_type='"+ removeNL(req.body.uf_network_type) + "', "
-            + "technology='" + removeNL(req.body.uf_technology) + "' "
-            + "WHERE network_type='" + removeNL(req.body.uf_key_network_type) + "'";
-
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Successfully updated Network Profile.');
-            dbRoutes.getTable(req,res,selectNetworkProfile, 'gamma/networkProfile', {code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
-    var sql = "UPDATE VLAN_POOL SET "
-            + "status='"+ removeNL(req.body.uf_status) + "' "
-            + " WHERE aic_site_id='" + removeNL(req.body.uf_key_aic_site_id) + "'"
-            + " AND availability_zone='" + removeNL(req.body.uf_key_availability_zone) + "'"
-            + " AND vlan_plan_id='" + removeNL(req.body.uf_key_vlan_plan_id) + "'"
-            + " AND plan_type='" + removeNL(req.body.uf_key_plan_type) + "'"
-            + " AND purpose='" + removeNL(req.body.uf_key_purpose) + "'"
-            + " AND vlan_id=" + removeNL(req.body.uf_key_vlan_id); 
-
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Successfully updated Network Profile.');
-            dbRoutes.getTable(req,res,selectNbVlanPool, 'gamma/nbVlanPool', {code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-router.post('/updateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-});
-router.get('/generateNbVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res){
-
-    var vlan_plan_id = req.query.vlan_plan_id;
-    var plan_type = req.query.plan_type;
-    var purpose = req.query.purpose;
-    var range_start = req.query.range_start;
-    var range_end = req.query.range_end;
-    var tasks = [];
-    var privilegeObj = req.session.loggedInAdmin;
-
-    tasks.push( function(callback) {
-        dbRoutes.generateNbVlanPool(range_start,range_end,plan_type,purpose,vlan_plan_id,req,res,callback);
-    });
-
-    // will probably need to be a new call that is a transaction if i use a new
-    // plan_type-purpose-counter table.
-    //tasks.push( function(callback) { dbRoutes.addRow(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err)
-        {
-            msgArray.push(err);
-            dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else
-        {
-            msgArray.push('Successfully added VLAN Range.');
-            dbRoutes.getTable(req,res,selectNbVlanRange, 'gamma/nbVlanRange', {code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-///// end 1604
-
-
 // GET
-router.get('/getServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getServiceHoming(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getServiceHomingRollback', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getServiceHomingRollback(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVlanPool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getVlanPool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getAicSite(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicSwitch', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getAicSwitch(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getAicAvailZone', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getAicAvailZone(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVpePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getVpePool(req,res,{code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVplspePool', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-	dbRoutes.getVplspePool(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-
-// ROLLBACK SERVICE_HOMING
-router.get('/rollbackServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    tasks.push(function(callback) {
-        dbRoutes.rollbackServiceHoming(req,res,callback);
-    });
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getServiceHomingRollback(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('SERVICE_HOMING table successfully restored.');
-            dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-// DELETE SERVICE_HOMING
-router.get('/deleteServiceHoming', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    tasks.push(function(callback) {
-        dbRoutes.deleteServiceHoming(req,res,callback);
-    });
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getServiceHoming(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Row successfully deleted from SERVICE_HOMING table.');
-            dbRoutes.getServiceHoming(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-
-// DELETE AIC_SITE
 router.get('/deleteSite', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
 
 	var privilegeObj = req.session.loggedInAdmin;
diff --git a/admportal/server/router/routes/mobility.js b/admportal/server/router/routes/mobility.js
index d19f65a..cd798dc 100644
--- a/admportal/server/router/routes/mobility.js
+++ b/admportal/server/router/routes/mobility.js
@@ -6,13 +6,18 @@
 var dbRoutes = require('./dbRoutes');
 var csp = require('./csp');
 var multer = require('multer');
+var cookieParser = require('cookie-parser');
 var bodyParser = require('body-parser');
 var sax = require('sax'),strict=true,parser = sax.parser(strict);
 var async = require('async');
 var l_ = require('lodash');
 var dateFormat = require('dateformat');
 var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
+var crypto = require('crypto');
+var csrf = require('csurf');
 
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser())
 
 // pass host, username and password to ODL
 // target host for ODL request
@@ -57,30 +62,28 @@
 });
 
 
-
-
 // GET
-router.get('/getVnfData', csp.checkAuth, function(req,res) {
+router.get('/getVnfData', csp.checkAuth, csrfProtection, function(req,res) {
 	dbRoutes.getVnfData(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
 });
-router.get('/getVmNetworks', csp.checkAuth, function(req,res) {
-	dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVnfProfile', csp.checkAuth, function(req,res) {
-	dbRoutes.getVnfProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVnfNetworks', csp.checkAuth, function(req,res) {
-	dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-router.get('/getVmProfile', csp.checkAuth, function(req,res) {
-	dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
-});
-////////
-router.get('/getVnfNetworkData', csp.checkAuth, function(req,res) {
+router.get('/getVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res) {
 	dbRoutes.getVnfNetworkData(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
 });
+router.get('/getVnfProfile', csp.checkAuth, csrfProtection, function(req,res) {
+	dbRoutes.getVnfProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+});
+//router.get('/getVmNetworks', csp.checkAuth, function(req,res) {
+//	dbRoutes.getVmNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+//router.get('/getVnfNetworks', csp.checkAuth, function(req,res) {
+//	dbRoutes.getVnfNetworks(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+//router.get('/getVmProfile', csp.checkAuth, function(req,res) {
+//	dbRoutes.getVmProfile(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
+//});
+////////
 
-router.get('/viewVnfNetworkData', csp.checkAuth, function(req,res)
+router.get('/viewVnfNetworkData', csp.checkAuth, csrfProtection, function(req,res)
 {
     var privilegeObj = req.session.loggedInAdmin;
     var resp_msg = '';
@@ -110,7 +113,7 @@
 
 });
 
-router.get('/viewVnfData', csp.checkAuth, function(req,res) 
+router.get('/viewVnfData', csp.checkAuth, csrfProtection, function(req,res) 
 {
     var privilegeObj = req.session.loggedInAdmin;
     var resp_msg = '';
@@ -140,87 +143,85 @@
 
 });
 
-router.get('/loadVnfNetworkData', csp.checkAuth, function(req,res)
+router.get('/loadVnfNetworkData', csp.checkAuth, csp.checkPriv, function(req,res)
 {
+	var privilegeObj = req.session.loggedInAdmin;
+	var msgArray = new Array();
 
-    var privilegeObj = req.session.loggedInAdmin;
-    var msgArray = new Array();
+	if ( req.query.status != 'pending' )
+	{
+		msgArray.push("Upload Status must be in 'pending' state.");
+		dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+		return;
+	}
 
-    if ( req.query.status != 'pending' )
-    {
-        msgArray.push("Upload Status must be in 'pending' state.");
-        dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
-        return;
-    }
-
-    // build request-id
-    var now = new Date();
-    var df = dateFormat(now,"isoDateTime");
-    var rnum = Math.floor((Math.random() * 9999) +1);
-    var svc_req_id = req.query.id + "-" + df + "-" + rnum;
-
-    var tasks = [];
+	// build request-id
+	var now = new Date();
+	var df = dateFormat(now,"isoDateTime");
+	const rnum = crypto.randomBytes(4);
+	var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');;
+	var tasks = [];
 
 	// first get the contents of the file from the db
-    tasks.push(function(callback){
+	tasks.push(function(callback){
 		dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_NETWORK_DATA",callback);
 	});
 
 	// then format the request and send it using the arg1 parameter
 	// which is the contents of the file returned from the previous function
 	// call in the tasks array
-    tasks.push(function(arg1,callback){
+	tasks.push(function(arg1,callback){
 
 		var s_file = JSON.stringify(arg1);
 
-    	// remove the last two braces, going to add the headers there
-    	// will add them back later.
-    	s_file = s_file.substring(0, (s_file.length-2));
+		// remove the last two braces, going to add the headers there
+		// will add them back later.
+		s_file = s_file.substring(0, (s_file.length-2));
 
-    	// add the request-information header
-    	s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}');
+		// add the request-information header
+		s_file = s_file.concat(',"request-information": {"request-action": "PreloadNetworkRequest"}');
 
-    	// add the sdnc-request-header
-    	s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"');
-    	s_file = s_file.concat(svc_req_id);
-    	s_file = s_file.concat('","svc-action": "reserve"}');
+		// add the sdnc-request-header
+		s_file = s_file.concat(',"sdnc-request-header": {"svc-request-id":"');
+		s_file = s_file.concat(svc_req_id);
+		s_file = s_file.concat('","svc-action": "reserve"}');
 
-    	// add the two curly braces at the end that we stripped off
-    	s_file = s_file.concat('}}');
+		// add the two curly braces at the end that we stripped off
+		s_file = s_file.concat('}}');
 
-        OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation',
-                    options,s_file,res,callback);
-    });
+		OdlInterface.Post('/restconf/operations/VNF-API:preload-network-topology-operation', 
+			options,s_file,res,callback);
+	});
 
 	// if successful then update the status
-    tasks.push(function(arg1,callback){
-        dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
+	tasks.push(function(arg1,callback){
+		dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_NETWORK_DATA SET status='uploaded',svc_request_id='"
             + svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
-    });
+	});
 
 	// use the waterfall method of making calls
 	async.waterfall(tasks, function(err,result)
-    {
-        var msgArray = new Array();
-        if(err){
-            msgArray.push("Error posting pre-load data to ODL: "+err);
-            dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
-            return;
-        }
-        else{
-            msgArray.push('Successfully loaded VNF pre-loaded data.');
-            dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
+	{
+		var msgArray = new Array();
+		if(err){
+			msgArray.push("Error posting pre-load data to ODL: "+err);
+			dbRoutes.getVnfNetworkData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+			return;
+		}
+		else{
+			msgArray.push('Successfully loaded VNF pre-loaded data.');
+			dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
+			return;
+		}
+	});
 });
 
 
-router.get('/loadVnfData', csp.checkAuth, function(req,res) 
+router.get('/loadVnfData', csp.checkAuth, csp.checkPriv, function(req,res) 
 {
-    var privilegeObj = req.session.loggedInAdmin;
+	var privilegeObj = req.session.loggedInAdmin;
 	var full_path_file_name = process.cwd() + "/uploads/" + req.query.filename
-    var msgArray = new Array();
+  var msgArray = new Array();
 
 	if ( req.query.status != 'pending' )
 	{
@@ -232,28 +233,27 @@
 	// build request-id
 	var now = new Date();
 	var df = dateFormat(now,"isoDateTime");
-	var rnum = Math.floor((Math.random() * 9999) +1);
-	var svc_req_id = req.query.id + "-" + df + "-" + rnum;
-
+	const rnum = crypto.randomBytes(4);
+	var svc_req_id = req.query.id + "-" + df + "-" + rnum.toString('hex');
 	var tasks = [];
 
 	// first get the contents of the file from the db
 	tasks.push(function(callback){
-        dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback);
-    });
+		dbRoutes.getVnfPreloadData(req,res,"PRE_LOAD_VNF_DATA",callback);
+  });
 
 	// then format the request and send it using the arg1 parameter
 	// which is the contents of the file returned from the previous function
 	// call in the tasks array
 	tasks.push(function(arg1,callback){
 
-        var s1_file = JSON.stringify(arg1);
-        var s_file = decodeURI(s1_file);
+		var s1_file = JSON.stringify(arg1);
+		var s_file = decodeURI(s1_file);
 
 
 		// remove the last two braces, going to add the headers there
-    	// will add them back later.
-    	s_file = s_file.substring(0, (s_file.length-2));
+   	// will add them back later.
+    s_file = s_file.substring(0, (s_file.length-2));
 
 		// add the request-information header
 		s_file = s_file.concat(',"request-information": {"request-action": "PreloadVNFRequest"}');
@@ -267,12 +267,12 @@
 		s_file = s_file.concat('}}');
 
 		OdlInterface.Post('/restconf/operations/VNF-API:preload-vnf-topology-operation',
-                    options,s_file,res,callback);
+			options,s_file,res,callback);
 	});
 
 	// if successful then update the status
 	tasks.push(function(arg1,callback){
-        dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
+		dbRoutes.executeSQL("UPDATE PRE_LOAD_VNF_DATA SET status='uploaded',svc_request_id='"
 			+ svc_req_id + "',svc_action='reserve' WHERE id="+req.query.id,req,res,callback);
 	});
 
@@ -281,20 +281,20 @@
 	{
 		var msgArray = new Array();
 		if(err){
-        	msgArray.push("Error posting pre-load data to ODL: "+err);
-        	dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
-        	return;
+			msgArray.push("Error posting pre-load data to ODL: "+err);
+      dbRoutes.getVnfData(req,res, {code:'failure', msg:msgArray}, privilegeObj);
+      return;
 		}
 		else{
 			msgArray.push('Successfully loaded VNF pre-loaded data.');
-            dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
+      dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
+      return;
+    }
 	});
 });
 
 
-router.get('/deleteVnfNetworkData', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfNetworkData', csp.checkAuth, csp.checkPriv, csrfProtection,  function(req,res) {
 
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
@@ -347,7 +347,9 @@
 });
 
 
-router.get('/deleteVnfData', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfData', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
+
+console.log('deleteVnfData');
 
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
@@ -360,14 +362,14 @@
             dbRoutes.executeSQL(sql,req,res,callback);
         });
     } else {
-		var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
-		inputString = inputString.concat(req.query.vnf_name);
-		inputString = inputString.concat('","vnf-type":"');
-		inputString = inputString.concat(req.query.vnf_type);
-		inputString = inputString.concat('"}},');
+			var inputString = '{"input":{"vnf-topology-information":{"vnf-topology-identifier":{"service-type":"SDN-MOBILITY","vnf-name": "';
+			inputString = inputString.concat(req.query.vnf_name);
+			inputString = inputString.concat('","vnf-type":"');
+			inputString = inputString.concat(req.query.vnf_type);
+			inputString = inputString.concat('"}},');
 		
-        // add the request-information header
-        inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},');
+      // add the request-information header
+      inputString = inputString.concat('"request-information": {"request-action": "DeletePreloadVNFRequest"},');
 
     	// add the request-information header
     	//inputString = inputString.concat('"request-information": {"request-id": "259c0f93-23cf-46ad-84dc-162ea234fff1",');
@@ -412,36 +414,7 @@
 });
 
 
-router.get('/deleteVmProfile', csp.checkAuth, function(req,res) {
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    var sql = '';
-
-    sql = "DELETE FROM VM_PROFILE WHERE vnf_type='" + req.query.vnf_type + "'"
-        + " AND vm_type='" + req.query.vm_type + "'";
-
-    tasks.push(function(callback) {
-        dbRoutes.executeSQL(sql,req,res,callback);
-    });
-    async.series(tasks, function(err,result)
-    {
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Row successfully deleted from VM_PROFILE table.');
-            dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-
-router.get('/deleteVnfNetwork', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfNetwork', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
 
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
@@ -469,7 +442,7 @@
     });
 });
 
-router.get('/deleteVnfProfile', csp.checkAuth, function(req,res) {
+router.get('/deleteVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res) {
 
     var privilegeObj = req.session.loggedInAdmin;
     var tasks = [];
@@ -496,215 +469,39 @@
     });
 });
 
-router.get('/deleteVmNetwork', csp.checkAuth, function(req,res) {
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    var sql = '';
-
-    sql = "DELETE FROM VM_NETWORKS WHERE vnf_type='" + req.query.vnf_type 
-		+ "' AND vm_type='" + req.query.vm_type + "' AND network_role='"
-		+ req.query.network_role + "'";
-
-    tasks.push(function(callback) {
-        dbRoutes.executeSQL(sql,req,res,callback);
-    });
-    async.series(tasks, function(err,result)
-	{
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Row successfully deleted from VM_NETWORKS table.');
-            dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-
 // POST
-router.post('/addVmProfile', csp.checkAuth, function(req,res){
+router.post('/addVnfProfile', csp.checkAuth, csp.checkPriv, csrfProtection, function(req,res){
 
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
+  var privilegeObj = req.session.loggedInAdmin;
+	var vnf_type = req.sanitize(req.body.nf_vnf_type);
+	var availability_zone_count = req.sanitize(req.body.nf_availability_zone_count);
+  var equipment_role = req.sanitize(req.body.nf_equipment_role);
+  var tasks = [];
 	var sql;
 
-
-	if ( req.body.nf_vm_count.length > 0 )
-    {
-    	sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type,vm_count) VALUES ("
-        	+ "'" + req.body.nf_vnf_type + "',"
-        	+ "'" + req.body.nf_vm_type + "',"
-        	+  req.body.nf_vm_count + ")";
-    }
-	else
-	{
-    	sql = "INSERT INTO VM_PROFILE (vnf_type,vm_type) VALUES ("
-        	+ "'" + req.body.nf_vnf_type + "',"
-        	+ "'" + req.body.nf_vm_type + "')";
-	}
-
-
-    console.log("SQL: " + sql);
-
-    tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getVmProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Successfully added VM Profile');
-            dbRoutes.getVmProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-
-router.post('/addVnfNetwork', csp.checkAuth, function(req,res){
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-
-    var sql = "INSERT INTO VNF_NETWORKS (vnf_type,network_role) VALUES ("
-        + "'" + req.body.nf_vnf_type + "',"
-        + "'" + req.body.nf_network_role + "')";
-
-	console.log("SQL: " + sql);
-
-    tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getVnfNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Successfully added VNF Network');
-            dbRoutes.getVnfNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-router.post('/addVnfProfile', csp.checkAuth, function(req,res){
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-	var sql;
-
-    sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES ("
-       	+ "'" + req.body.nf_vnf_type + "',"
-		+ req.body.nf_availability_zone_count 
-		+ ",'" + req.body.nf_equipment_role + "')"; 
+  sql = "INSERT INTO VNF_PROFILE (vnf_type,availability_zone_count,equipment_role) VALUES ("
+       	+ "'" + vnf_type + "'," + availability_zone_count + ",'" + equipment_role + "')"; 
 
 console.log(sql);
 
-    tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        var msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Successfully added VNF Profile');
-            dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-});
-
-router.post('/addVmNetwork', csp.checkAuth, function(req,res){
-
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-    var msgArray = new Array();
-
-	// convert true|false to 1|0
-	var assign_ips = (req.body.nf_assign_ips == 'true') ? 1 : 0;
-	var assign_macs = (req.body.nf_assign_macs == 'true') ? 1 : 0;
-	var assign_floating_ip = (req.body.nf_assign_floating_ip == 'true') ? 1 : 0;
-
-
-	if ((req.body.nf_assign_ips == 'true' && 
-			(typeof req.body.nf_ip_count == 'undefined' || req.body.nf_ip_count.length <=0)))
-	{
-		msgArray.push("If assign_ips equals 'true', ip_count must be populated with a number.");
-        dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
-        return;
-    }
-
-
-	if ( req.body.nf_ip_count.length >0 )
-	{
-		var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,ip_count,assign_ips,assign_macs,assign_floating_ip) VALUES ("
-			+ "'" + req.body.nf_vnf_type + "',"
-			+ "'" + req.body.nf_vm_type + "',"
-			+ "'" + req.body.nf_network_role + "',"
-			+ req.body.nf_ip_count + ","
-			+ assign_ips + ","
-			+ assign_macs + ","
-			+ assign_floating_ip + ")";
-	}
-	else
-	{
-		var sql = "INSERT INTO VM_NETWORKS (vnf_type,vm_type,network_role,assign_ips,assign_macs,assign_floating_ip) VALUES ("
-			+ "'" + req.body.nf_vnf_type + "',"
-			+ "'" + req.body.nf_vm_type + "',"
-			+ "'" + req.body.nf_network_role + "',"
-			+ assign_ips + ","
-			+ assign_macs + ","
-			+ assign_floating_ip + ")";
-	}
-		
-    tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
-    async.series(tasks, function(err,result){
-        msgArray = new Array();
-        if(err){
-            msgArray.push(err);
-            dbRoutes.getVmNetworks(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            msgArray.push('Successfully added VM Network');
-			var message = '';
-			if (req.body.nf_ip_count.length >0)
-			{
-				message = req.body.nf_vnf_type
-                + ',' + req.body.nf_vm_type
-                + ',' + req.body.nf_network_role
-                + ',' + req.body.nf_ip_count
-                + ',' + req.body.nf_assign_ips
-                + ',' + req.body.nf_assign_macs
-                + ',' + req.body.nf_assign_floating_ip;
-			}
-			else
-			{
-				message = req.body.nf_vnf_type
-                + ',' + req.body.nf_vm_type
-                + ',' + req.body.nf_network_role
-                + ',' + req.body.nf_assign_ips
-                + ',' + req.body.nf_assign_macs
-                + ',' + req.body.nf_assign_floating_ip;
-			}
-            dbRoutes.getVmNetworks(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
+	tasks.push( function(callback) { dbRoutes.executeSQL(sql,req,res,callback); } );
+	async.series(tasks, function(err,result){
+		var msgArray = new Array();
+		if(err){
+			msgArray.push(err);
+			dbRoutes.getVnfProfile(req,res,{code:'failure', msg:msgArray},privilegeObj);
+			return;
+		}
+		else {
+			msgArray.push('Successfully added VNF Profile');
+			dbRoutes.getVnfProfile(req,res,{code:'success', msg:msgArray},privilegeObj);
+			return;
+		}
+	});
 });
 
 // POST
-router.post('/uploadVnfData', csp.checkAuth, upload.single('filename'), function(req, res)
+router.post('/uploadVnfData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res)
 {
 console.log('filename:'+ JSON.stringify(req.file.originalname));
     var msgArray = new Array();
@@ -776,7 +573,7 @@
 
 } );
 
-router.post('/uploadVnfNetworkData', csp.checkAuth, upload.single('filename'), function(req, res)
+router.post('/uploadVnfNetworkData', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res)
 {
     var msgArray = new Array();
     var privilegeObj = req.session.loggedInAdmin;
@@ -846,128 +643,7 @@
 } );
 
 
-router.post('/uploadVmNetworks', csp.checkAuth, upload.single('filename'), function(req, res){
-
-    var msgArray = new Array();
-    var privilegeObj = req.session.loggedInAdmin;
-
-    if(req.file.originalname){
-        if (req.file.originalname.size == 0) {
-            dbRoutes.getVmNetworks(req,res,{code:'failure', msg:'There was an error uploading the file, please try again.'},privilegeObj);
-            return;
-        }
-        fs.exists(req.file.path, function(exists) {
-
-            if(exists) {
-
-                var str = req.file.originalname;
-
-                try {
-                    var csv = require('csv');
-
-                    // the job of the parser is to convert a CSV file
-                    // to a list of rows (array of rows)
-                    var parser = csv.parse({
-                        columns: function(line) {
-                            // By defining this callback, we get handed the
-                            // first line of the spreadsheet. Which we'll
-                            // ignore and effectively skip this line from processing
-                        },
-                        skip_empty_lines: true
-                    });
-
-                    var row = 0;
-                    var f = new Array();
-                    var transformer = csv.transform(function(data){
-                        // this will get row by row data, so for example,
-                        //logger.debug(data[0]+','+data[1]+','+data[2]);
-
-                        // build an array of rows
-                        f[row] = new Array();
-                        for ( col=0; col<data.length; col++ )
-                        {
-                            f[row][col] = data[col];
-                        }
-                        row++;
-                    });
-
-                    // called when done with processing the CSV
-                    transformer.on("finish", function() {
-
-                        var funcArray = new Array();
-
-                        function createFunction(lrow,res)
-                        {
-                            return function(callback) { dbRoutes.addVmNetwork(lrow,res,callback); }
-                        }
-                        // loop for each row and create an array of callbacks for async.parallelLimit
-                        // had to create a function above 'createFunction' to get
-                        for (var x=0; x<f.length; x++)
-                        {
-                            funcArray.push( createFunction(f[x],res) );
-                        }
-
-                        // make db calls in parrallel
-                        async.parallelLimit(funcArray, 50, function(err,result){
-
-                            if ( err ) {
-                                dbRoutes.getVmNetworks(req,res,result,privilegeObj);
-                                return;
-                            }
-                            else {
-                                // result array has an entry in it, success entries are blank, figure out
-                                // how many are not blank, aka errors.
-                                var rowError = 0;
-                                for(var i=0;i<result.length;i++){
-                                    if ( result[i].length > 0 )
-                                    {
-                                        rowError++;
-                                    }
-                                }
-                                var rowsProcessed = f.length - rowError;
-                                result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
-                                if ( rowError > 0 )
-                                {
-                                    result = {code:'failure', msg:result};
-                                }
-                                else
-                                {
-                                    result = {code:'success', msg:result};
-                                }
-                                dbRoutes.getVmNetworks(req,res,result,privilegeObj);
-                                return;
-                            }
-                        });
-                    });
-
-                    var stream = fs.createReadStream(req.file.path, "utf8");
-                    stream.pipe(parser).pipe(transformer);
-
-                } catch(ex) {
-                    msgArray.length = 0;
-                    msgArray.push('There was an error uploading the file. '+ex);
-                    dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
-                    return;
-                }
-
-            } else {
-                msgArray.length = 0;
-                msgArray.push('There was an error uploading the file.');
-                dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
-                return;
-            }
-        });
- 	}
-    else {
-        msgArray.length = 0;
-        msgArray.push('There was an error uploading the file.');
-        dbRoutes.getVmNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
-        return;
-    }
-
-} );
-
-router.post('/uploadVnfProfile', csp.checkAuth, upload.single('filename'), function(req, res){
+router.post('/uploadVnfProfile', csp.checkAuth, csp.checkPriv, upload.single('filename'), function(req, res){
 
     var msgArray = new Array();
     var privilegeObj = req.session.loggedInAdmin;
@@ -1091,249 +767,4 @@
     }
 } );
 
-
-router.post('/uploadVnfNetworks', csp.checkAuth, upload.single('filename'), function(req, res){
-
-    var msgArray = new Array();
-    var privilegeObj = req.session.loggedInAdmin;
-
-    if(req.file.originalname)
-        {
-        if (req.file.originalname.size == 0) {
-            dbRoutes.getVnfProfile(req,res,
-				{code:'failure', msg:'There was an error uploading the file, please try again.'},
-				privilegeObj);
-            return;
-        }
-        fs.exists(req.file.path, function(exists) {
-
-            if(exists) {
-
-                var str = req.file.originalname;
-
-                try {
-                    var csv = require('csv');
-
-                    // the job of the parser is to convert a CSV file
-                    // to a list of rows (array of rows)
-                    var parser = csv.parse({
-                        columns: function(line) {
-                            // By defining this callback, we get handed the
-                            // first line of the spreadsheet. Which we'll
-                            // ignore and effectively skip this line from processing
-                        },
-                        skip_empty_lines: true
-                    });
-
-                    var row = 0;
-                    var f = new Array();
-                    var transformer = csv.transform(function(data){
-                        // this will get row by row data, so for example,
-                        //logger.debug(data[0]+','+data[1]+','+data[2]);
-
-                        // build an array of rows
-                        f[row] = new Array();
-                        for ( col=0; col<data.length; col++ )
-                        {
-                            f[row][col] = data[col];
-                        }
-                        row++;
-                    });
-
-                    // called when done with processing the CSV
-                    transformer.on("finish", function() {
-
-                        var funcArray = new Array();
-
-                        function createFunction(lrow,res)
-                        {
-                            return function(callback) { dbRoutes.addVnfNetwork(lrow,res,callback); }
-                        }
-                        // loop for each row and create an array of callbacks for async.parallelLimit
-                        // had to create a function above 'createFunction' to get
-                        for (var x=0; x<f.length; x++)
-                        {
-                            funcArray.push( createFunction(f[x],res) );
-                        }
-
-                        // make db calls in parrallel
-                        async.series(funcArray, function(err,result){
-
-                            if ( err ) {
-                                dbRoutes.getVnfNetworks(req,res,result,privilegeObj);
-                                return;
-                            }
-                            else {
-                                // result array has an entry in it, success entries are blank, figure out
-                                // how many are not blank, aka errors.
-                                var rowError = 0;
-                                for(var i=0;i<result.length;i++){
-                                    if ( result[i].length > 0 )
-                                    {
-                                        rowError++;
-                                    }
-                                }
-                                var rowsProcessed = f.length - rowError;
-                                result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
-                                if ( rowError > 0 )
-                                {
-                                    result = {code:'failure', msg:result};
-                                }
-                                else
-                                {
-                                    result = {code:'success', msg:result};
-                                }
-                                dbRoutes.getVnfNetworks(req,res,result,privilegeObj);
-                                return;
-                            }
-                        });
-                    });
-
-                    var stream = fs.createReadStream(req.file.path, "utf8");
-                    stream.pipe(parser).pipe(transformer);
-
-                } catch(ex) {
-                    msgArray.length = 0;
-                    msgArray.push('There was an error uploading the file. '+ex);
-                    dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
-                    return;
-                }
-            } else {
-                msgArray.length = 0;
-                msgArray.push('There was an error uploading the file.');
-                dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
-                return;
-            }
-        });
-        }
-    else {
-        msgArray.length = 0;
-        msgArray.push('There was an error uploading the file.');
-        dbRoutes.getVnfNetworks(req,res,{code:'danger', msg:msgArray},privilegeObj);
-        return;
-    }
-} );
-
-router.post('/uploadVmProfile', csp.checkAuth, upload.single('filename'), function(req, res){
-
-    var msgArray = new Array();
-    var privilegeObj = req.session.loggedInAdmin;
-
-    if(req.file.originalname)
-        {
-        if (req.file.originalname.size == 0) {
-            dbRoutes.getVmProfile(req,res,
-            	{code:'failure', msg:'There was an error uploading the file, please try again.'},
-                privilegeObj);
-            return;
-        }
-        fs.exists(req.file.path, function(exists) {
-
-            if(exists) {
-
-                var str = req.file.originalname;
-
-                try {
-                    var csv = require('csv');
-
-                    // the job of the parser is to convert a CSV file
-                    // to a list of rows (array of rows)
-                    var parser = csv.parse({
-                        columns: function(line) {
-                            // By defining this callback, we get handed the
-                            // first line of the spreadsheet. Which we'll
-                            // ignore and effectively skip this line from processing
-                        },
-                        skip_empty_lines: true
-                    });
-
-                    var row = 0;
-                    var f = new Array();
-                    var transformer = csv.transform(function(data){
-                        // this will get row by row data, so for example,
-                        //logger.debug(data[0]+','+data[1]+','+data[2]);
-
-                        // build an array of rows
-                        f[row] = new Array();
-                        for ( col=0; col<data.length; col++ )
-                        {
-                            f[row][col] = data[col];
-                        }
-                        row++;
-                    });
-
-                    // called when done with processing the CSV
-                    transformer.on("finish", function() {
-
-                        var funcArray = new Array();
-
-                        function createFunction(lrow,res)
-                        {
-                            return function(callback) { dbRoutes.addVmProfile(lrow,res,callback); }
-                        }
-                        // loop for each row and create an array of callbacks for async.parallelLimit
-                        // had to create a function above 'createFunction' to get
-                        for (var x=0; x<f.length; x++)
-                        {
-                            funcArray.push( createFunction(f[x],res) );
-                        }
-
-                        // make db calls in parrallel
-                        async.series(funcArray, function(err,result){
-
-                            if ( err ) {
-                                dbRoutes.getVmProfile(req,res,result,privilegeObj);
-                                return;
-                            }
-                            else {
-                                // result array has an entry in it, success entries are blank, figure out
-                                // how many are not blank, aka errors.
-                                var rowError = 0;
-                                for(var i=0;i<result.length;i++){
-                                    if ( result[i].length > 0 )
-                                    {
-                                        rowError++;
-                                    }
-                                }
-                                var rowsProcessed = f.length - rowError;
-                                result.push(rowsProcessed + ' of ' + f.length + ' rows processed.');
-                                if ( rowError > 0 )
-                                {
-                                    result = {code:'failure', msg:result};
-                                }
-                                else
-                                {
-                                    result = {code:'success', msg:result};
-                                }
-                                dbRoutes.getVmProfile(req,res,result,privilegeObj);
-                                return;
-                            }
-                        });
-                    });
-
-                    var stream = fs.createReadStream(req.file.path, "utf8");
-                    stream.pipe(parser).pipe(transformer);
-
-                } catch(ex) {
-                    msgArray.length = 0;
-                    msgArray.push('There was an error uploading the file. '+ex);
-                    dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
-                    return;
-                }
-            } else {
-                msgArray.length = 0;
-                msgArray.push('There was an error uploading the file.');
-                dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
-                return;
-            }
-        });
-        }
-    else {
-        msgArray.length = 0;
-        msgArray.push('There was an error uploading the file.');
-        dbRoutes.getVmProfile(req,res,{code:'danger', msg:msgArray},privilegeObj);
-        return;
-    }
-} );
-
 module.exports = router;
diff --git a/admportal/server/router/routes/network.js b/admportal/server/router/routes/network.js
index c64beae..30aa66b 100644
--- a/admportal/server/router/routes/network.js
+++ b/admportal/server/router/routes/network.js
@@ -20,12 +20,15 @@
 var platform;

 var req,res;

 var preloadVersion;  // 1607, 1610, etc...

+var proc_error = false;

+var filename;

 

 puts = helpers.puts;

 putd = helpers.putd;

 

 network.go = function(lreq,lres,cb,dir) {

   puts("Processing NETWORK workbook");

+	proc_error = false;

   req = lreq;

   res = lres;

   callback = cb;

@@ -49,7 +52,8 @@
     helpers.readCsv(indir, newFileName, gotGeneral);

   }

   else {

-    callback(csvFilename + ' file is missing from upload.');

+    puts('general file is missing from upload.');

+		proc_error=true;

   }

 }

 

@@ -57,8 +61,9 @@
   if (err) {

     puts("\nError!");

     putd(err);

-    callback('General.csv file is missing from upload.');

-    return;

+    proc_error=true;

+		callback('General.csv file is missing from upload.');

+		return;

   }

   csvGeneral = jsonObj;

   puts("\nRead this: ");

@@ -77,7 +82,10 @@
     helpers.readCsv(indir, newFileName, gotSubnets);

   }

   else {

+		puts('subnets file is missing from upload.');

+    proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

+		return;

   }

 }

 

@@ -85,6 +93,7 @@
   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('Subnets.csv file is missing from upload.');

     return;

   }

@@ -108,7 +117,10 @@
     helpers.readCsv(indir, newFileName, gotVpnBindings);

   }

   else {

+		puts('vnp-bindings file is missing from upload.');

+    proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

+		return;

   }

 }

 

@@ -116,6 +128,7 @@
   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('VPN-Bindings.csv file is missing from upload.');

     return;

   }

@@ -140,7 +153,10 @@
     helpers.readCsv(indir, newFileName, gotPolicies);

   }

   else {

+		puts('policies file is missing from upload.');

+    proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

+		return;

   }

 }

 

@@ -148,6 +164,7 @@
   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('Policies.csv file is missing from upload.');

     return;

   }

@@ -178,7 +195,10 @@
     helpers.readCsv(indir, newFileName, gotNetRoutes);

   }

   else {

+		puts('network-routes file is missing from upload.');

+    proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

+		return;

   }

 }

 

@@ -186,6 +206,7 @@
   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('Network-Routes.csv file is missing from upload.');

     return;

   }

@@ -218,6 +239,21 @@
   processPolicies();

   processNetRoutes();

   assembleJson();

+	outputJson();

+

+	puts('proc_error=');

+  putd(proc_error);

+  if ( proc_error ){

+    puts('callback with failure');

+    callback('Error was encountered processing upload.');

+    return;

+  }

+  else

+  {

+    puts('callback with success');

+  	callback(null,  finalJson, filename);

+    return;

+	}

 }

 

 // ASSEMBLE AND OUTPUT RESULTS

@@ -256,7 +292,7 @@
 

   finalJson = {"input": networkInput};

 

-  outputJson();

+  //outputJson();

 }

 

 function outputJson() {

@@ -265,7 +301,7 @@
   puts(JSON.stringify(finalJson,null,2));

   puts("\n");

   puts("\n");

-  var unixTime, fullpath_filename, filename;

+  var unixTime, fullpath_filename;

   unixTime = moment().unix();

   if (platform=='portal') {

     fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".net_worksheet.json";

@@ -275,7 +311,7 @@
     filename = "output.json." + unixTime;

   }

   helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);

-  callback(null,  finalJson, filename);

+  //callback(null,  finalJson, filename);

 }

 

 

@@ -288,7 +324,9 @@
 

   if ( (preloadVersion!='1607') && (preloadVersion!='1610') ) {

     puts("\nError - incorrect version of preload worksheet.");

-    callback('Error - incorrect version of preload worksheet.');

+		proc_error=true;

+    //callback('Error - incorrect version of preload worksheet.');

+		return;

   }

 

   rawJson['network-name'] = getParam(csvGeneral, 'field2', 'network-name', 'field3');

diff --git a/admportal/server/router/routes/preload.js b/admportal/server/router/routes/preload.js
index fd41bb4..522c6da 100644
--- a/admportal/server/router/routes/preload.js
+++ b/admportal/server/router/routes/preload.js
@@ -16,8 +16,6 @@
 var network = require('./network');
 var moment = require('moment');
 
-
-
 // pass host, username and password to ODL
 // target host for ODL request
 var username = properties.odlUser;
@@ -35,14 +33,17 @@
         strictSSL: false
 };
 
-// multer 1.1
+// multer 
 var unixTime = moment().unix();
 var storage = multer.diskStorage({
   destination: function (req, file, cb) {
     cb(null, process.cwd() + '/uploads/')
+		return;
   },
   filename: function (req, file, cb) {
+console.log('filename');
     cb(null, unixTime + "." + file.originalname )
+		return;
   }
 });
 
@@ -54,98 +55,84 @@
 			return cb(null,false);
 		}
 		cb(null,true);
+		return;
 	}
 });
 
 router.post('/uploadVnfCsv', csp.checkAuth, upload.array('filename'), function(req, res)
 {
-	console.log('files:'+ JSON.stringify(req.files,null,4));
-
-	var tasks = []
-    var msgArray = new Array();
-    var privilegeObj = req.session.loggedInAdmin;
-	
+  var msgArray = new Array();
 	var privilegeObj = req.session.loggedInAdmin;
 	var tasks = [];
 
 	tasks.push ( function(callback) { vnf.go(req,res,callback,''); } );
 	tasks.push ( function(arg1,arg2,callback) { formatVnfInsertStatement(arg1,arg2,req,res,callback); } );
-    tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+  tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
 	async.waterfall(tasks, function(err,result)
 	{	
-		 if(err){
-         	msgArray.push(err);
-            dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-        	//logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
-        	msgArray.push('Successfully uploaded file.' );
-            dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
+		if(err){
+			msgArray.push(err);
+			dbRoutes.getVnfData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+			return;
+		}
+		else {
+			msgArray.push('Successfully uploaded file.' );
+			dbRoutes.getVnfData(req,res,{code:'success', msg:msgArray},privilegeObj);
+			return;
+		}
 	});
-
 });
 
 router.post('/uploadNetworkCsv', csp.checkAuth, upload.array('filename'), function(req, res)
 {
-    console.log('files:'+ JSON.stringify(req.files,null,4));
+	console.log('uploadNetworkCsv');
 
-    var tasks = []
-    var msgArray = new Array();
-    var privilegeObj = req.session.loggedInAdmin;
+	var msgArray = new Array();
+	var privilegeObj = req.session.loggedInAdmin;
+	var tasks = [];
 
-    var privilegeObj = req.session.loggedInAdmin;
-    var tasks = [];
-
-    tasks.push ( function(callback) { network.go(req,res,callback,''); } );
-    tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
-    tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
-    async.waterfall(tasks, function(err,result)
-    {
-         if(err){
-            msgArray.push(err);
-            dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
-            return;
-        }
-        else {
-            //logger.debug('Successfully uploaded ' + req.session.worksheetFilename);
-            msgArray.push('Successfully uploaded file.' );
-            dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
-            return;
-        }
-    });
-
+	tasks.push ( function(callback) { network.go(req,res,callback,''); } );
+	tasks.push ( function(arg1,arg2,callback) { formatNetworkInsertStatement(arg1,arg2,req,res,callback); } );
+	tasks.push( function(arg1, callback) { dbRoutes.addRow(arg1,req,res,callback); } );
+	async.waterfall(tasks, function(err,result)
+	{
+		if(err){
+			console.log('ERROR:' + err);
+			msgArray.push(err);
+			dbRoutes.getVnfNetworkData(req,res,{code:'failure', msg:msgArray},privilegeObj);
+		}
+		else {
+			msgArray.push('Successfully uploaded file.' );
+			dbRoutes.getVnfNetworkData(req,res,{code:'success', msg:msgArray},privilegeObj);
+		}
+	});
 });
 
 
 function formatVnfInsertStatement(content,filename,req,res,callback)
 {
-     //var newstr = JSON.stringify(content).replace(/\\\"/g,'\\\\\\"');
-     //var ins_str = newstr.replace("\r\n ", "\\r\\n");
-     var newstr = JSON.stringify(content);
-     var enc_str = encodeURI(newstr);
-	 var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
+	var newstr = JSON.stringify(content);
+	var enc_str = encodeURI(newstr);
+	var sql = "INSERT INTO PRE_LOAD_VNF_DATA "
 		+ "(filename,preload_data) VALUES ("
 		+ "'"+ filename + "',"
 		+ "'" + enc_str + "')";
 
 	callback(null,sql);
+	return;
 }
 
 function formatNetworkInsertStatement(content,filename,req,res,callback)
 {
-     var newstr = JSON.stringify(content);
-     var enc_str = encodeURI(newstr);
-	 var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
+	var newstr = JSON.stringify(content);
+	var enc_str = encodeURI(newstr);
+	var sql = "INSERT INTO PRE_LOAD_VNF_NETWORK_DATA "
 		+ "(filename,preload_data) VALUES ("
 		+ "'"+ filename + "',"
 		+ "'" + enc_str + "')";
 
 	callback(null,sql);
+	return;
 }
 
-
-
 module.exports = router;
diff --git a/admportal/server/router/routes/root.js b/admportal/server/router/routes/root.js
index b314d7d..78b6982 100644
--- a/admportal/server/router/routes/root.js
+++ b/admportal/server/router/routes/root.js
@@ -7,6 +7,12 @@
 var async = require('async');
 var OdlInterface = require('./OdlInterface');
 var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
+var cookieParser = require('cookie-parser')
+var csrf = require('csurf')
+var bodyParser = require('body-parser')
+
+var csrfProtection = csrf({cookie:true});
+var parseForm = bodyParser.urlencoded({ extended: false })
 
 
 
@@ -70,28 +76,33 @@
 	return function(callback) { OdlInterface.Healthcheck(loptions,callback); };
 }
 
-router.get('/mytree', function(req,res) {
-	res.render('pages/tree');
+//router.get('/mytree', function(req,res) {
+//	res.render('pages/tree');
+//});
+//router.get('/setuplogin', function(req,res) {
+//	res.render('pages/setuplogin');
+//});
+//router.post('/formSetupLogin', function(req,res) {
+//	dbRoutes.saveSetupLogin(req,res);
+//});
+
+router.get('/login', csrfProtection, function(req,res) {
+	var tkn = req.csrfToken();
+	res.render('pages/login', {csrfToken:tkn});
+	return;
 });
-router.get('/setuplogin', function(req,res) {
-	res.render('pages/setuplogin');
+router.post('/formlogin', csrfProtection, function(req,res) {
+	csp.login(req,res);
 });
-router.post('/formSetupLogin', function(req,res) {
-	dbRoutes.saveSetupLogin(req,res);
+
+router.get('/signup', csrfProtection, function(req,res) {
+	var tkn = req.csrfToken();
+	res.render('pages/signup', {csrfToken:tkn});
 });
-router.post('/formSignUp', function(req,res) {
+router.post('/formSignUp', csrfProtection, function(req,res) {
 	dbRoutes.saveUser(req,res);
 });
-router.post('/formlogin', csp.login, function(req,res) {
-});
-router.get('/login', function(req,res) {
-	res.render('pages/login');
-	// handle get
-});
-router.get('/signup', function(req,res) {
-	res.render('pages/signup');
-	// handle get
-});
+
 router.get('/info', function(req,res) {
 	// handle get
 	res.send("login info");
diff --git a/admportal/server/router/routes/sla.js b/admportal/server/router/routes/sla.js
index 10d6433..098cd66 100644
--- a/admportal/server/router/routes/sla.js
+++ b/admportal/server/router/routes/sla.js
@@ -6,6 +6,8 @@
 var dbRoutes = require('./dbRoutes');
 var csp = require('./csp');
 var multer = require('multer');
+var cookieParser = require('cookie-parser');
+var csrf = require('csurf');
 var bodyParser = require('body-parser');
 //var sax = require('sax'),strict=true,parser = sax.parser(strict);
 var async = require('async');
@@ -21,9 +23,8 @@
 
 // used for file upload button, retain original file name
 //router.use(bodyParser());
-router.use(bodyParser.urlencoded({
-  extended: true
-}));
+var csrfProtection = csrf({cookie: true});
+router.use(bodyParser.urlencoded({ extended: true }));
 //var upload = multer({ dest: process.cwd() + '/uploads/', rename: function(fieldname,filename){ return filename; } });
 
 // multer 1.1
@@ -57,11 +58,11 @@
 
 
 // GET
-router.get('/listSLA', csp.checkAuth, function(req,res) {
+router.get('/listSLA', csp.checkAuth, csrfProtection, function(req,res) {
 	dbRoutes.listSLA(req,res,{code:'', msg:''} );
 });
 
-router.get('/activate', csp.checkAuth, function(req,res){
+router.get('/activate', csp.checkAuth, csrfProtection, function(req,res){
 
 	var _module = req.query.module;
 	var rpc = req.query.rpc;
@@ -82,7 +83,7 @@
 	});
 });
 
-router.get('/deactivate', csp.checkAuth, function(req,res){
+router.get('/deactivate', csp.checkAuth, csrfProtection, function(req,res){
 
 	var _module = req.query.module;
 	var rpc = req.query.rpc;
@@ -102,7 +103,7 @@
     });
 });
 
-router.get('/deleteDG', csp.checkAuth, function(req,res){
+router.get('/deleteDG', csp.checkAuth, csrfProtection, function(req,res){
 
 	var _module = req.query.module;
 	var rpc = req.query.rpc;
@@ -122,7 +123,7 @@
     });
 });
 
-router.post('/dgUpload', upload.single('filename'), function(req, res, next){
+router.post('/dgUpload', upload.single('filename'), csrfProtection, function(req, res, next){
 
     if(req.file.originalname){
         if (req.file.originalname == 0) {
@@ -188,88 +189,94 @@
 
 
 // POST
-router.post('/upload', csp.checkAuth, upload.single('filename'),  function(req, res, next){
+router.post('/upload', csp.checkAuth, upload.single('filename'), csrfProtection, function(req, res, next){
 
 console.log('file:'+ JSON.stringify(req.file));
 
-	if(req.file.originalname){
-        if (req.file.originalname.size == 0) {
-			dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
-        }
-        fs.exists(req.file.path, function(exists) {
-            if(exists) {
-
+	if(req.file.originalname)
+	{
+		if (req.file.originalname.size == 0)
+		{
+			dbRoutes.listSLA(req,res,
+			{ code:'danger', msg:'There was an error uploading the file, please try again.'});
+		}
+		fs.exists(req.file.path, function(exists)
+		{
+			if(exists)
+			{
 				// parse xml
-				try {
+				try 
+				{
 					//dbRoutes.checkSvcLogic(req,res);
 
 					var currentDB = dbRoutes.getCurrentDB();
-    				var file_buf = fs.readFileSync(req.file.path, "utf8");
+					var file_buf = fs.readFileSync(req.file.path, "utf8");
 
-					// call Dan's svclogic shell script from here
-					 var commandToExec = process.cwd()
-            			+ "/shell/svclogic.sh load "
+					// call svclogic shell script from here
+					var commandToExec = process.cwd() + "/shell/svclogic.sh load "
 						+ req.file.path + " "
-                        + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
+            + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB;
 
-        			console.log("commandToExec:" + commandToExec);
-        			child = exec(commandToExec ,function (error,stdout,stderr){
-            			if(error){
-                			console.error("error:" + error);
+					console.log("commandToExec:" + commandToExec);
+					child = exec(commandToExec ,function (error,stdout,stderr)
+					{
+						if(error)
+						{
+							console.error("error:" + error);
 							dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
 							return;
-            			}
-                        if(stderr){
-                            console.error("stderr:" + JSON.stringify(stderr,null,2));
-                            var s_stderr = JSON.stringify(stderr);
-                            if ( s_stderr.indexOf("Saving") > -1 )
-                            {
-                                dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
-                            }else {
-                                dbRoutes.listSLA(req,res,{code:'failure', msg:stderr});
-                            }
-                            return;
-                        }
-            			if(stdout){
-                			console.log("stderr:" + stdout);
+						}
+						if(stderr){
+							console.error("stderr:" + JSON.stringify(stderr,null,2));
+							var s_stderr = JSON.stringify(stderr);
+            	if ( s_stderr.indexOf("Saving") > -1 )
+            	{
+              	dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
+            	}else {
+              	dbRoutes.listSLA(req,res,{code:'failure', msg:stderr});
+            	}
+            	return;
+						}
+          	if(stdout){
+							console.log("stderr:" + stdout);
 							dbRoutes.listSLA(req,res,{code:'success', msg:'File sucessfully uploaded.'});
-                            return;
+            	return;
 						}
 
 						// remove the grave accents, the sax parser does not like them
     					//parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
 						//dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
 						//dbRoutes.listSLA(req,res, resultObj);
-					});
-				} catch(ex) {
-    				// keep 'em silent
-                	console.error("error:" + ex);
-					dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
-				}
-
-            } else {
-				dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
-            }
-        });
+				});
+			} catch(ex) {
+				// keep 'em silent
+				console.error("error:" + ex);
+				dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
+			}
+		}
+		else {
+			dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
+		}
+		});
 	}
 	else {
 		dbRoutes.listSLA(req,res,{ code:'danger', msg:'There was an error uploading the file, please try again.'});
 	}
 });
 
-router.get('/printAsXml', csp.checkAuth, function(req,res){
+router.get('/printAsXml', csp.checkAuth, csrfProtection, function(req,res){
 
 	try {
 		//dbRoutes.checkSvcLogic(req,res);
 
 		var _module = req.query.module;
-    	var rpc = req.query.rpc;
-    	var version = req.query.version;
-    	var mode = req.query.mode;
+    var rpc = req.query.rpc;
+    var version = req.query.version;
+    var mode = req.query.mode;
 		var currentDB = dbRoutes.getCurrentDB();
 
-       // call Dan's svclogic shell script from here
-       var commandToExec = process.cwd()
+    // call Dan's svclogic shell script from here
+    var commandToExec = process.cwd()
        		+ "/shell/svclogic.sh get-source "
             + _module + " "
             + rpc + " "
@@ -279,91 +286,34 @@
 
 		console.log("commandToExec:" + commandToExec);
 
-        child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){
-	        if(error){
+    child = exec(commandToExec , {maxBuffer: 1024*5000}, function (error,stdout,stderr){
+	  	if(error){
 				console.error("error:" + error);
-                dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
+        dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
 				return;
-            }
-            //if(stderr){
-            	//logger.info("stderr:" + stderr);
-            //}
-            if(stdout){
-                console.log("OUTPUT:" + stdout);
-                res.render('sla/printasxml', {result:{code:'success', 
-					msg:'Module : ' + _module + '\n' + 
+    	}
+    	//if(stderr){
+    	//logger.info("stderr:" + stderr);
+    	//}
+    	if(stdout){
+      	console.log("OUTPUT:" + stdout);
+      	res.render('sla/printasxml', {result:{code:'success', 
+				msg:'Module : ' + _module + '\n' + 
 						'RPC    : ' + rpc + '\n' + 
 						'Mode   : ' + mode + '\n' +
 						'Version: ' + version + '\n\n' + stdout}, header:process.env.MAIN_MENU});
-            }
+   		}
 
-            // remove the grave accents, the sax parser does not like them
-            //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
-            //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
-            //dbRoutes.listSLA(req,res, resultObj);
-        });
-    } catch(ex) {
+   		// remove the grave accents, the sax parser does not like them
+   		//parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
+   		//dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
+   		//dbRoutes.listSLA(req,res, resultObj);
+   });
+ } catch(ex) {
 		console.error("error:" + ex);
 		dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
-   }
+ }
 });
 
 
-router.get('/printAsGv', csp.checkAuth, function(req,res){
-
-	try {	
-		//dbRoutes.checkSvcLogic(req,res);
-
-        var _module = req.query.module;
-        var rpc = req.query.rpc;
-        var version = req.query.version;
-        var mode = req.query.mode;
-		var currentDB = dbRoutes.getCurrentDB();
-console.log('currentDB='+currentDB);
-
-       // call Dan's svclogic shell script from here
-       var commandToExec = process.cwd()
-            + "/shell/svclogic.sh print "
-            + _module + " "
-            + rpc + " "
-            + mode + " "
-            + version + " "
-            + process.env.SDNC_CONFIG_DIR + "/svclogic.properties." + currentDB
-            + " | dot -Tpng";
-
-        console.log("commandToExec:" + commandToExec);
-
-        child = exec(commandToExec , 
-				{encoding:'base64',maxBuffer:5000*1024}, function (error,stdout,stderr){
-            if(error){
-                console.error("error:" + error);
-                dbRoutes.listSLA(req,res,{code:'failure',msg:error} );
-				return;
-            }
-            if(stderr){
-                console.error("stderr:" + stderr);
-            }
-            if(stdout){
-                //logger.info("OUTPUT:" + stdout);
-                //res.render('sla/printasgv', result = {code:'success',
-                    //msg:new Buffer(stdout,'base64')} );
-                res.render('sla/printasgv', {result:{code:'success', 
-							  module: _module,
-							  rpc: rpc,
-							  version: version,
-							  mode:mode,
-							  msg:stdout}, header:process.env.MAIN_MENU});
-            }
-
-            // remove the grave accents, the sax parser does not like them
-            //parser.write(file_buf.replace(/\`/g,'').toString('utf8')).close();
-            //dbRoutes.addDG(_module,version,rpc,mode,file_buf,req,res);
-            //dbRoutes.listSLA(req,res, resultObj);
-        });
-    } catch(ex) {
-		console.error("error:" + ex);
-        dbRoutes.listSLA(req,res,{code:'failure',msg:ex} );
-   }
-
-});
 module.exports = router;
diff --git a/admportal/server/router/routes/user.js b/admportal/server/router/routes/user.js
index 40d3437..df5f860 100644
--- a/admportal/server/router/routes/user.js
+++ b/admportal/server/router/routes/user.js
@@ -5,8 +5,13 @@
 var fs = require('fs');
 var dbRoutes = require('./dbRoutes');
 var csp = require('./csp');
+var cookieParser = require('cookie-parser');
+var csrf = require('csurf');
 var bodyParser = require('body-parser');
-var sax = require('sax'),strict=true,parser = sax.parser(strict);
+//var sax = require('sax'),strict=true,parser = sax.parser(strict);
+
+var csrfProtection = csrf({cookie: true});
+router.use(cookieParser());
 
 // SVC_LOGIC table columns
 var _module=''; // cannot use module its a reserved word
@@ -17,16 +22,21 @@
 
 
 //router.use(bodyParser());
-router.use(bodyParser.urlencoded({
-  extended: true
-}));
+router.use(bodyParser.urlencoded({ extended: true }));
 
 
 // GET
 router.get('/listUsers', csp.checkAuth, function(req,res) {
 	dbRoutes.listUsers(req,res, {user:req.session.loggedInAdmin,code:'', msg:''} );
 });
-router.get('/deleteUser', csp.checkAuth, function(req,res) {
+// POST
+router.post('/updateUser', csp.checkAuth, csrfProtection, function(req,res,next){
+	dbRoutes.updateUser(req,res,{code:'',msg:''});
+});
+router.post('/addUser', csp.checkAuth, csrfProtection, function(req,res) {
+	dbRoutes.addUser(req,res, {code:'', msg:''} );
+});
+router.get('/deleteUser', csp.checkAuth, csrfProtection, function(req,res) {
 	dbRoutes.deleteUser(req,res, {code:'', msg:''} );
 });
 
@@ -93,13 +103,6 @@
 */
 
 
-// POST
-router.post('/updateUser', csp.checkAuth, function(req,res,next){
-	dbRoutes.updateUser(req,res,{code:'',msg:''});
-});
-router.post('/addUser', csp.checkAuth, function(req,res) {
-	dbRoutes.addUser(req,res, {code:'', msg:''} );
-});
 
 //router.post('/upload', csp.checkAuth, function(req, res, next){
 
diff --git a/admportal/server/router/routes/vnf.js b/admportal/server/router/routes/vnf.js
index be004fe..99bb3a7 100644
--- a/admportal/server/router/routes/vnf.js
+++ b/admportal/server/router/routes/vnf.js
@@ -21,12 +21,15 @@
 var platform;

 var req, res;

 var preloadVersion;  // 1607, 1610, etc...

+var proc_error=false;

+var filename;

 

 puts = helpers.puts;

 putd = helpers.putd;

 

 vnf.go = function(lreq,lres,cb,dir){

   puts("Processing VNF workbook");

+	proc_error=false;

   req = lreq;

   res = lres;

   callback = cb;

@@ -51,7 +54,8 @@
     helpers.readCsv(indir, newFileName, gotGeneral);

   }

   else {

-    callback(csvFilename + ' file is missing from upload.');

+    puts('General.csv file is missing from upload.');

+		proc_error=true;

   }

 }

 

@@ -59,6 +63,7 @@
   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('General.csv file is missing from upload.');

     return;

   }

@@ -79,14 +84,17 @@
     helpers.readCsv(indir, newFileName, gotAvailZones);

   }

   else {

+		proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

   }

+	return;

 }

 

 function gotAvailZones(err, jsonObj) {

   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('Availability-zones.csv file is missing from upload.');

     return;

   }

@@ -110,14 +118,17 @@
     helpers.readCsv(indir, newFileName, gotNetworks);

   }

   else {

+		proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

   }

+	return;

 }

 

 function gotNetworks(err, jsonObj) {

   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('Networks.csv file is missing from upload.');

     return;

   }

@@ -142,14 +153,17 @@
     helpers.readCsv(indir, newFileName, gotVMs);

   }

   else {

+		proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

   }

+	return;

 }

 

 function gotVMs(err, jsonObj) {

   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('VMs.csv file is missing from upload.');

     return;

   }

@@ -174,14 +188,17 @@
     helpers.readCsv(indir, newFileName, gotVMnetworks);

   }

   else {

+		proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

   }

+	return;

 }

 

 function gotVMnetworks(err, jsonObj) {

   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('VM-networks.csv file is missing from upload.');

     return;

   }

@@ -206,14 +223,17 @@
     helpers.readCsv(indir, newFileName, gotVMnetworkIPs);

   }

   else {

+		proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

   }

+	return;

 }

 

 function gotVMnetworkIPs(err, jsonObj) {

   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('VM-network-IPs.csv file is missing from upload.');

     return;

   }

@@ -238,14 +258,17 @@
     helpers.readCsv(indir, newFileName, gotVMnetworkMACs);

   }

   else {

+		proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

   }

+	return;

 }

 

 function gotVMnetworkMACs(err, jsonObj) {

   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('VM-network-MACs.csv file is missing from upload.');

     return;

   }

@@ -270,14 +293,17 @@
     helpers.readCsv(indir, newFileName, gotTagValues);

   }

   else {

+		proc_error=true;

     callback(csvFilename + ' file is missing from upload.');

   }

+	return;

 }

 

 function gotTagValues(err, jsonObj) {

   if (err) {

     puts("\nError!");

     putd(err);

+		proc_error=true;

     callback('Tag-values.csv file is missing from upload.');

     return;

   }

@@ -315,6 +341,21 @@
   processVMs();

   processTagValues();

   assembleJson();

+  outputJson();

+

+	puts('proc_error=');

+  putd(proc_error);

+  if ( proc_error ){

+    puts('callback with failure');

+    callback('Error was encountered processing upload.');

+    return;

+  }

+  else

+  {

+    puts('callback with success');

+    callback(null,  finalJson, filename);

+    return;

+  }

 }

 

 // ASSEMBLE AND OUTPUT RESULTS

@@ -350,7 +391,7 @@
 

   finalJson = {"input": vnfInput};

 

-  outputJson();

+  //outputJson();

 }

 

 function outputJson() {

@@ -359,7 +400,7 @@
   puts(JSON.stringify(finalJson,null,2));

   puts("\n");

   puts("\n");

-  var unixTime, fullpath_filename, filename;

+  var unixTime, fullpath_filename;

   unixTime = moment().unix();

   if (platform=='portal') {

     fullpath_filename = process.cwd() + "/uploads/" + unixTime + ".vnf_worksheet.json";

@@ -368,8 +409,8 @@
     fullpath_filename = "./output.json."+unixTime;

     filename = "output.json." + unixTime;

   }

-  helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);

-  callback(null,  finalJson, filename);

+  //helpers.writeOutput(req, fullpath_filename, JSON.stringify(finalJson,null,2), callback);

+  //callback(null,  finalJson, filename);

 }

 

 

diff --git a/admportal/views/mobility/vnfPreloadData.ejs b/admportal/views/mobility/vnfPreloadData.ejs
index 69f02e5..4dc7398 100644
--- a/admportal/views/mobility/vnfPreloadData.ejs
+++ b/admportal/views/mobility/vnfPreloadData.ejs
@@ -110,8 +110,9 @@
     <div class="col-md-8  col-md-push-4">
 	<form method="POST" action="/mobility/uploadVnfData" enctype="multipart/form-data">
 		<div class="form-group">
+				<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
     		<label for="dest">Upload pre processed JSON file.</label>
-    		<input name="filename" type="file" id="dest">
+    		<input name="filename" type="file" id="dest" />
     		<p class="help-block">Choose a JSON file to upload.</p>
             <button type="button" class="btn btn-default"
 				data-toggle="tooltip" data-placement="bottom"
@@ -123,8 +124,9 @@
 	<div class="col-md-4 col-md-pull-8">
 	<form method="POST" action="/preload/uploadVnfCsv" enctype="multipart/form-data">
 		<div class="form-group">
+				<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
     		<label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label>
-    		<input name="filename" type="file" id="dest" multiple>
+    		<input name="filename" type="file" id="dest" multiple />
     		<p class="help-block">Choose Worksheet CSV files to upload.</p>
 			<button type="button" class="btn btn-default" 
 				data-toggle="tooltip" data-placement="bottom" 
diff --git a/admportal/views/mobility/vnfPreloadNetworkData.ejs b/admportal/views/mobility/vnfPreloadNetworkData.ejs
index 099dcba..5d6204c 100644
--- a/admportal/views/mobility/vnfPreloadNetworkData.ejs
+++ b/admportal/views/mobility/vnfPreloadNetworkData.ejs
@@ -111,7 +111,7 @@
     <form method="POST" action="/mobility/uploadVnfNetworkData" enctype="multipart/form-data">
         <div class="form-group">
             <label for="dest">Upload pre processed JSON file.</label>
-            <input name="filename" type="file" id="dest"></input>
+            <input name="filename" type="file" id="dest" />
             <p class="help-block">Choose a JSON file to upload.</p>
             <button type="button" class="btn btn-default"
                 data-toggle="tooltip" data-placement="bottom"
@@ -125,7 +125,7 @@
     <form method="POST" action="/preload/uploadNetworkCsv" enctype="multipart/form-data">
         <div class="form-group">
             <label for="dest">Upload Worksheet CSV files from the <%= preloadImportDirectory %> directory.</label>
-            <input name="filename" type="file" id="dest" multiple></input>
+            <input name="filename" type="file" id="dest" multiple />
             <p class="help-block">Choose Worksheet CSV files to upload.</p>
             <button type="button" class="btn btn-default"
                 data-toggle="tooltip" data-placement="bottom"
diff --git a/admportal/views/mobility/vnfProfile.ejs b/admportal/views/mobility/vnfProfile.ejs
index 1a49498..a801b90 100644
--- a/admportal/views/mobility/vnfProfile.ejs
+++ b/admportal/views/mobility/vnfProfile.ejs
@@ -90,6 +90,7 @@
 	<% if(priv == 'A'){ %>
 	<div class="actions" style="padding:0px 25px;">
 	<form method="POST" action="/mobility/uploadVnfProfile" enctype="multipart/form-data">
+		<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
 		<div class="form-group">
     		<label for="dest">File input</label>
     		<input name="filename" type="file" id="dest">
diff --git a/admportal/views/pages/login.ejs b/admportal/views/pages/login.ejs
index 3a3e5e4..9da2f31 100644
--- a/admportal/views/pages/login.ejs
+++ b/admportal/views/pages/login.ejs
@@ -33,6 +33,7 @@
       <form class="form-signin" method="POST" action="/formlogin">
         <h3 class="form-signin-heading">AdminPortal Login</h3>
 
+				<input type="hidden" name="_csrf" value="<%= csrfToken %>" />
         <input type="text" name="email" id="email" class="form-control" placeholder="Email" required>
         <input type="password" name="password" id="password" class="form-control" placeholder="Password" required>
 
diff --git a/admportal/views/pages/signup.ejs b/admportal/views/pages/signup.ejs
index 03ac7bc..2a03953 100644
--- a/admportal/views/pages/signup.ejs
+++ b/admportal/views/pages/signup.ejs
@@ -33,6 +33,7 @@
       <form class="form-signin" method="POST" action="/formSignUp">
         <h3 class="form-signin-heading">AdminPortal Signup</h3>
 
+				<input type="hidden" name="_csrf" value="<%= csrfToken %>" />
         <input type="email" name="nf_email" id="nf_email" class="form-control" placeholder="Email Address" required>
         <input type="password" name="nf_password" id="nf_password" class="form-control" placeholder="Password" required>
 
diff --git a/admportal/views/partials/new_parameter.ejs b/admportal/views/partials/new_parameter.ejs
index b6d1f5b..4a2c0fe 100644
--- a/admportal/views/partials/new_parameter.ejs
+++ b/admportal/views/partials/new_parameter.ejs
@@ -1,36 +1,37 @@
-   <div class="modal fade" id="new_parameter" tabindex="-1" role="dialog" 
+<div class="modal fade" id="new_parameter" tabindex="-1" role="dialog" 
 		aria-labelledby="new_parameter_label" aria-hidden="true">
-      <div class="modal-dialog">
-        <div class="modal-content">
-          <div class="modal-header">
-            <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
-            <h4 class="modal-title">Add Parameter</h4>
-          </div>
-          <div class="modal-body">
-            <form name="addForm" role="form" action="/admin/addParameter" method="POST">
-              <div class="form-group">
-                <label for="nf_name">*Name</label>
-                <input maxlength="100" type="text" class="form-control" name="nf_name" id="nf_name" placeholder="varchar(100)">
-              </div>
-              <div class="form-group">
-                <label for="nf_value">*Value</label>
-                <input maxlength="100" type="text" class="form-control" name="nf_value" id="nf_value" placeholder="varchar(100)">
-              </div>
-              <div class="form-group">
-                <label for="nf_category">Category</label>
-                <input maxlength="24" type="text" class="form-control" name="nf_category" id="nf_category" placeholder="varchar(24)">
-              </div>
-              <div class="form-group">
-                <label for="nf_memo">Memo</label>
-                <input maxlength="128" type="text" class="form-control" name="nf_memo" id="nf_memo" placeholder="varchar(128)">
-              </div>
-			  <div class="form-group">
-                  <input type="hidden" name="nf_action" id="nf_action">
-                  <button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button>
-                  <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-              </div>
-           </form>
-          </div>
-      </div>
-    </div>
-  </div>
+	<div class="modal-dialog">
+		<div class="modal-content">
+			<div class="modal-header">
+				<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+				<h4 class="modal-title">Add Parameter</h4>
+			</div>
+			<div class="modal-body">
+				<form name="addForm" role="form" action="/admin/addParameter" method="POST">
+					<div class="form-group">
+						<label for="nf_name">*Name</label>
+						<input maxlength="100" type="text" class="form-control" name="nf_name" id="nf_name" placeholder="varchar(100)" />
+					</div>
+					<div class="form-group">
+						<label for="nf_value">*Value</label>
+						<input maxlength="100" type="text" class="form-control" name="nf_value" id="nf_value" placeholder="varchar(100)" />
+					</div>
+					<div class="form-group">
+						<label for="nf_category">Category</label>
+						<input maxlength="24" type="text" class="form-control" name="nf_category" id="nf_category" placeholder="varchar(24)" />
+					</div>
+					<div class="form-group">
+						<label for="nf_memo">Memo</label>
+						<input maxlength="128" type="text" class="form-control" name="nf_memo" id="nf_memo" placeholder="varchar(128)" />
+					</div>
+					<div class="form-group">
+						<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+          	<input type="hidden" name="nf_action" id="nf_action">
+          	<button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button>
+          	<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+        	</div>
+        </form>
+			</div>
+		</div>
+	</div>
+</div>
diff --git a/admportal/views/partials/newuserform.ejs b/admportal/views/partials/newuserform.ejs
index 6045994..61bf2dd 100644
--- a/admportal/views/partials/newuserform.ejs
+++ b/admportal/views/partials/newuserform.ejs
@@ -1,32 +1,33 @@
-<div class="modal fade" id="newUserModal" tabindex="-1" role="dialog" aria-labelledby="newUserModalLabel" aria-hidden="true">
+<div class="modal fade" id="new_user" tabindex="-1" role="dialog" aria-labelledby="new_user" aria-hidden="true">
       <div class="modal-dialog">
         <div class="modal-content">
           <div class="modal-header">
             <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
-            <h4 class="modal-title" id="newUserModalLabel">New User</h4>
+            <h4 class="modal-title">New User</h4>
           </div>
           <div class="modal-body">
             <form id="addForm" name="addForm" role="form" action="/user/addUser" method="POST">
               <div class="form-group">
-                <label for="email">Email</label>
-                <input type="email" class="form-control" name="nf_email" id="nf_email">
+                <label for="nf_email">Email</label>
+                <input type="email" class="form-control" name="nf_email" id="nf_email" placeholder="varchar(64)" maxlength="64" />
               </div>
               <div class="form-group">
                 <label for="nf_password">Password</label>
-                <input type="password" class="form-control" name="nf_password" id="nf_password">
+                <input type="password" class="form-control" name="nf_password" id="nf_password" />
               </div>
               <div class="form-group">
                 <label for="nf_confirm_password">Confirm Password</label>
-                <input type="password" class="form-control" name="nf_confirm_password" id="nf_confirm_password">
+                <input type="password" class="form-control" name="nf_confirm_password" id="nf_confirm_password" />
               </div>
               <div class="form-group">
-                <label for="privilege">Privilege</label>
+                <label for="nf_privilege">Privilege</label>
                 <select class="form-control" name="nf_privilege" id="nf_privilege">
                     <option value=admin>Administrator</option>
                     <option value=readonly>Readonly</option>
                 </select>
               </div>
               <div class="form-group">
+								<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
                 <button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button>
 		<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
               </div>
diff --git a/admportal/views/partials/update_parameter.ejs b/admportal/views/partials/update_parameter.ejs
index c0ef57d..257f657 100644
--- a/admportal/views/partials/update_parameter.ejs
+++ b/admportal/views/partials/update_parameter.ejs
@@ -25,6 +25,7 @@
                 <input maxlength="128" type="text" class="form-control" name="uf_memo" id="uf_memo" placeholder="varchar(128)">
               </div>
 			  <div class="form-group">
+					<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
                   <input type="hidden" name="nf_action" id="nf_action">
                   <input type="hidden" name="uf_key_name" id="uf_key_name">
                   <button type="button" class="btn btn-primary" onclick="submitParam(this.form);">Submit</button>
diff --git a/admportal/views/partials/userform.ejs b/admportal/views/partials/userform.ejs
index fae52ad..f882c6d 100644
--- a/admportal/views/partials/userform.ejs
+++ b/admportal/views/partials/userform.ejs
@@ -1,41 +1,42 @@
-   <div class="modal fade" id="myUserModal" tabindex="-1" role="dialog" aria-labelledby="myUserModalLabel" aria-hidden="true">
-      <div class="modal-dialog">
-        <div class="modal-content">
-          <div class="modal-header">
-            <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
-            <h4 class="modal-title" id="myUserModalLabel">Update User</h4>
-          </div>
-          <div class="modal-body">
-            <form id="updateForm" name="updateForm" role="form" action="/user/updateUser" method="POST">
-              <div class="form-group">
-                <label for="uf_email">attuid</label>
-                <input type="email" class="form-control" name="uf_email" id="uf_email">
-              </div>
-              <div class="form-group">
-                <label for="uf_password">Password</label>
-                <input type="password" class="form-control" name="uf_password" id="uf_password">
-              </div>
-              <div class="form-group">
-                <label for="uf_confirm_password">Confirm Password</label>
-                <input type="password" class="form-control" name="uf_confirm_password" id="uf_confirm_password">
-              </div>
-              <div class="form-group">
-                <label for="privilege">Privilege</label>
-                <select class="form-control" name="uf_privilege" id="uf_privilege">
-                    <option value=admin>Administrator</option>
-                    <option value=readonly>Readonly</option>
-                </select>
-              </div>
-              <div class="form-group">
-		<input type="hidden" name="uf_action" id="uf_action">
-		<input type="hidden" name="uf_key_email" id="uf_key_email">
-                <button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button>
-		<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
-              </div>
-           </form>
-          </div>
-      </div>
-    </div>
-  </div>
+<div class="modal fade" id="myUserModal" tabindex="-1" role="dialog" aria-labelledby="myUserModalLabel" aria-hidden="true">
+	<div class="modal-dialog">
+		<div class="modal-content">
+			<div class="modal-header">
+				<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+				<h4 class="modal-title" id="myUserModalLabel">Update User</h4>
+			</div>
+			<div class="modal-body">
+				<form id="updateForm" name="updateForm" role="form" action="/user/updateUser" method="POST">
+					<div class="form-group">
+						<label for="uf_email">Email</label>
+						<input type="email" class="form-control" name="uf_email" id="uf_email" />
+					</div>
+					<div class="form-group">
+						<label for="uf_password">Password</label>
+						<input type="password" class="form-control" name="uf_password" id="uf_password" />
+					</div>
+					<div class="form-group">
+						<label for="uf_confirm_password">Confirm Password</label>
+						<input type="password" class="form-control" name="uf_confirm_password" id="uf_confirm_password" />
+					</div>
+					<div class="form-group">
+						<label for="uf_privilege">Privilege</label>
+						<select class="form-control" name="uf_privilege" id="uf_privilege">
+							<option value=admin>Administrator</option>
+							<option value=readonly>Readonly</option>
+						</select>
+					</div>
+					<div class="form-group">
+						<input type="hidden" name="uf_action" id="uf_action" />
+						<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+						<input type="hidden" name="uf_key_email" id="uf_key_email" />
+						<button type="button" class="btn btn-primary" onclick="submitUserAdmin(this.form);">Submit</button>
+						<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+					</div>
+				</form>
+			</div>
+		</div>
+	</div>
+</div>
 
 
diff --git a/admportal/views/partials/vnf_profile.ejs b/admportal/views/partials/vnf_profile.ejs
index d67cf1a..f513219 100644
--- a/admportal/views/partials/vnf_profile.ejs
+++ b/admportal/views/partials/vnf_profile.ejs
@@ -21,9 +21,10 @@
                 <input type="text" class="form-control" name="nf_equipment_role" id="nf_equipment_role" maxlength="11" placeholder="varchar(80)">
               </div>
               <div class="form-group">
-				<input type="hidden" name="nf_action" id="nf_action">
-				<button type="button" class="btn btn-primary" onclick="addVnfProfile(this.form);">Submit</button>
-				<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+								<input type="hidden" name="nf_action" id="nf_action">
+								<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+								<button type="button" class="btn btn-primary" onclick="addVnfProfile(this.form);">Submit</button>
+								<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
               </div>
            </form>
           </div>
diff --git a/admportal/views/sla/list.ejs b/admportal/views/sla/list.ejs
index 10bd4f4..575e206 100644
--- a/admportal/views/sla/list.ejs
+++ b/admportal/views/sla/list.ejs
@@ -40,79 +40,73 @@
 
 <div class="container-fluid">
 	<table id="sla" class="table table-hover table-condensed">
-      <thead>
-        <tr>
-		  <th>Module</th>
-          <th>RPC</th>
-          <th>Version</th>
-          <th>Mode</th>
-          <th>Active</th>
-		  <% if(priv == 'A') { %>
-          <th>Activate/Deactive</th>
-		  <% } %>
-          <th>Display</th>
-          <th>XML code</th>
-		  <% if(priv=='A') { %>
-          <th>Delete</th>
-		  <% } %>
-        </tr>
-      </thead>
-      <tbody>
-      <% var i=0; rows.forEach( function(row) { %> 
-        <tr>
-            <td><%= row.module %></td>
-            <td><%= row.rpc %></td>
-            <td><%= row.version %></td>
-            <td><%= row.mode %></td>
-            <td><%= row.active %></td>
-			<% if ( priv == 'A' ) { 
-            	if (row.active == "Y") { %>
-              		<td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('deactivate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Deactivate</button> </td>
-				<% } else { %>
-              		<td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('activate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Activate</button></td>
-				<% } %>
-			<% } %>
-            <td>
-				<button type="button" class="btn btn-default btn-xs"
-              	onclick='location.assign("/sla/printAsGv?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>Display</button>
-			</td>
-			<td>
-				<button type="button" class="btn btn-default btn-xs"
-              	onclick='location.assign("/sla/printAsXml?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>XML code</button>
-            </td>
-			<% if ( priv == 'A' ) { %>
-            <td>
-				<button type="button" class="btn btn-default btn-xs"
+	<thead>
+	<tr>
+		<th>Module</th>
+		<th>RPC</th>
+		<th>Version</th>
+		<th>Mode</th>
+		<th>Active</th>
+		<% if(priv == 'A') { %>
+		<th>Activate/Deactive</th>
+		<% } %>
+		<th>XML code</th>
+		<% if(priv=='A') { %>
+		<th>Delete</th>
+		<% } %>
+	</tr>
+	</thead>
+	<tbody>
+	<% var i=0; rows.forEach( function(row) { %> 
+	<tr>
+		<td><%= row.module %></td>
+		<td><%= row.rpc %></td>
+		<td><%= row.version %></td>
+		<td><%= row.mode %></td>
+		<td><%= row.active %></td>
+		<% if ( priv == 'A' ) { 
+			if (row.active == "Y") { %>
+		<td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('deactivate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Deactivate</button> </td>
+		<% } else { %>
+		<td><button type="button" class="btn btn-default btn-xs" onclick="toggleState('activate','<%= row.module %>','<%= row.rpc %>','<%= row.version %>','<%= row.mode %>');" >Activate</button></td>
+		<% } %>
+		<% } %>
+		<td>
+			<button type="button" class="btn btn-default btn-xs"
+				onclick='location.assign("/sla/printAsXml?module=<%= row.module %>&rpc=<%= row.rpc %>&version=<%= row.version %>&mode=<%= row.mode %>");'>XML code</button>
+		</td>
+		<% if ( priv == 'A' ) { %>
+		<td>
+			<button type="button" class="btn btn-default btn-xs"
 				onclick="deleteGraph('<%=row.module %>',
-						'<%=row.rpc %>', '<%=row.version %>','<%=row.mode %>');">Delete</button>
-			</td>
-			<% } %>
-        </tr>
-    <% i++; }); %>
-      </tbody>
-    </table>
+				'<%=row.rpc %>', '<%=row.version %>','<%=row.mode %>');">Delete</button>
+		</td>
+		<% } %>
+	</tr>
+	<% i++; }); %>
+	</tbody>
+	</table>
 
 	<% if(priv == 'A') { %>
 	<div class="actions" style="padding:0px 25px;">
 	<form method="POST" action="/sla/upload" enctype="multipart/form-data">
 		<div class="form-group">
-    		<label for="dest">File input</label>
-    		<input name="filename" type="file" id="dest">
-    		<p class="help-block">Choose a file to upload.</p>
-  		</div>
-		<%
-        if ( priv == 'A' )
-        {
-        %>
-	        <button type="button" class="btn btn-default"
-                    onclick="uploadFile(this.form);">Upload File</button>
-        <% } else { %>
-            <button type="button" class="btn btn-default disabled"
-                    onclick="uploadFile(this.form);">Upload File</button>
-        <% } %>
+			<label for="dest">File input</label>
+			<input name="filename" type="file" id="dest" />
+			<input type="hidden" name="_csrf" value="<%= privilege.csrfToken %>" />
+			<p class="help-block">Choose a file to upload.</p>
+		</div>
+		<% if ( priv == 'A' ) { %>
+		<button type="button" class="btn btn-default"
+			onclick="uploadFile(this.form);">Upload File</button>
+		<% } else { %>
+		<button type="button" class="btn btn-default disabled"
+			onclick="uploadFile(this.form);">Upload File</button>
+		<% } %>
 	</form>
 	</div>
 	<% } %>
+
 </div>
 
 
diff --git a/admportal/views/user/list.ejs b/admportal/views/user/list.ejs
index 947a811..ec650b0 100644
--- a/admportal/views/user/list.ejs
+++ b/admportal/views/user/list.ejs
@@ -43,7 +43,7 @@
 <div class="container-fluid">
     <div class="actions" style="padding:15px 0px;">
 	<% if(priv == 'A') { %>
-    	<button class="btn btn-primary" data-toggle="modal" data-target="#newUserModal">Add User</button>
+    	<button class="btn btn-primary" data-toggle="modal" data-target="#new_user">Add User</button>
 	<% } %>
 
     </div>
@@ -75,14 +75,14 @@
 				<% } %>
 			</td> 
 			<% if(priv == 'A') { %>
-			<td><form name="rowform">
-				<input type="hidden" name="rfemail" id="rfemail" value="<%= row.email %>"</input>
+			<td>
+				<form name="rowform">
+					<button type="button" class="btn btn-default btn-xs"
+						onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button>
+					<button type="button" class="btn btn-default btn-xs"
+						onclick="deleteRequest('<%=row.email %>');">Delete</button>
 				</form>
-				<button type="button" class="btn btn-default btn-xs"
-                onclick="updateRequest('<%=row.email %>', '<%=row.password %>', '<%=row.privilege %>');">Update</button>
-				<button type="button" class="btn btn-default btn-xs"
-                onclick="deleteRequest('<%=row.email %>');">Delete</button>
-            </td>
+			</td>
 			<% } %>
 			</tr>
     <% }); }; %>