Evolution #161: Session sécurité

src/Muzich/CommentBundle/Controller/CommentController.php

     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',

src/Muzich/CommentBundle/Resources/views/Comment/comment.html.twig

 {% if app.user.id != comment.u.i %}
   <a title="{{ 'comment.report.link_title'|trans({}, 'userui') }}" 
     class="comment_report" 
-    href="{{ path('ajax_alert_comment', {'element_id':element_id, 'date': comment.d, 'token':app.user.getPersonalHash}) }}">
+    href="{{ path('ajax_alert_comment', {'element_id':element_id, 'date': comment.d, 'token':app.user.getPersonalHash(element_id)}) }}">
     <img src="{{ asset('bundles/muzichcore/img/1331832708_comment_alert.png') }}" alt="report" />
   </a>
 {% endif %}
 
 {% if app.user.id == comment.u.i %}
   <a title="{{ 'comment.edit.link'|trans({}, 'elements') }}" class="comment_edit_link" 
-     href="{{ path('ajax_edit_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash})  }}" style="display: none;"
+     href="{{ path('ajax_edit_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash(element_id)})  }}" style="display: none;"
   >
     <img src="{{ asset('bundles/muzichcore/img/1327151338_desktop.png') }}" alt="edit" />
   </a>
 
   <a title="{{ 'comment.remove.link'|trans({}, 'elements') }}" class="comment_remove_link" 
-     href="{{ path('ajax_delete_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash})  }}" style="display: none;"
+     href="{{ path('ajax_delete_comment', {'element_id': element_id, 'date':comment.d, 'token':app.user.getPersonalHash(element_id)})  }}" style="display: none;"
   >
     <img src="{{ asset('bundles/muzichcore/img/1327168960_fileclose.png') }}" alt="delete" />
   </a>

src/Muzich/CommentBundle/Resources/views/Comment/edit.html.twig

   action="{{ path('ajax_update_comment', {
     'element_id':element_id, 
     'date': date, 
-    'token':app.user.getPersonalHash,
+    'token':app.user.getPersonalHash(element_id),
     'dom_id': comment.u.i~'_'~(comment.d|date_epurate)
   }) }}" 
   method="post" 

src/Muzich/CoreBundle/Controller/CoreController.php

     }
     
     // Vérifications préléminaires
-    if ($user->getPersonalHash() != $token 
+    if ($user->getPersonalHash($id) != $token 
         || !in_array($type, array('user', 'group')) 
         || !is_numeric($id)
         || ($user->getId() == $id && $type == 'user')
     }
     
     if (!($tag = $this->getDoctrine()->getRepository('MuzichCoreBundle:Tag')
-      ->findOneById($tag_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($tag_id)) || $this->getUser()->getPersonalHash($tag_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
       ->findOneById($element_id)) 
       || !($group = $this->getDoctrine()->getRepository('MuzichCoreBundle:Group')
       ->findOneById($group_id)) 
-      || $this->getUser()->getPersonalHash() != $token)
+      || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
       ->findOneById($element_id)) 
-      || $this->getUser()->getPersonalHash() != $token)
+      || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',

src/Muzich/CoreBundle/Controller/ElementController.php

    * @param int $element_id
    * @return Response 
    */
-  public function removeAction($element_id)
+  public function removeAction($element_id, $token)
   {
     if (($response = $this->mustBeConnected()))
     {
       return $response;
     }
     
+    if ($token != $this->getUser()->getPersonalHash($element_id))
+    {
+      return $this->jsonResponse(array('status' => 'error'));
+    }
+    
     try {
       $element = $this->checkExistingAndOwned($element_id);
       $em = $this->getDoctrine()->getEntityManager();
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
         'a' => array(
           'href' => $this->generateUrl('ajax_element_remove_vote_good', array(
             'element_id' => $element->getId(),
-            'token'      => $this->getUser()->getPersonalHash()
+            'token'      => $this->getUser()->getPersonalHash($element->getId())
           ))
         ),
         'img' => array(
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $this->getUser()->getPersonalHash() != $token)
+      ->findOneById($element_id)) || $this->getUser()->getPersonalHash($element_id) != $token)
     {
       return $this->jsonResponse(array(
         'status' => 'error',
         'a' => array(
           'href' => $this->generateUrl('ajax_element_add_vote_good', array(
             'element_id' => $element->getId(),
-            'token'      => $this->getUser()->getPersonalHash()
+            'token'      => $this->getUser()->getPersonalHash($element->getId())
           ))
         ),
         'img' => array(
     }
     
     if (!($proposition = $this->getDoctrine()->getRepository('MuzichCoreBundle:ElementTagsProposition')
-      ->findOneById($proposition_id)) || $token != $this->getUser()->getPersonalHash())
+      ->findOneById($proposition_id)) || $token != $this->getUser()->getPersonalHash($proposition_id))
     {
       return $this->jsonResponse(array(
         'status' => 'error',
     }
     
     if (!($element = $this->getDoctrine()->getRepository('MuzichCoreBundle:Element')
-      ->findOneById($element_id)) || $token != $this->getUser()->getPersonalHash())
+      ->findOneById($element_id)) || $token != $this->getUser()->getPersonalHash($element_id))
     {
       return $this->jsonResponse(array(
         'status' => 'error',

src/Muzich/CoreBundle/Resources/config/routing.yml

   defaults: { _controller: MuzichCoreBundle:Element:update }
   
 element_remove:
-  pattern: /element/{element_id}/remove
+  pattern: /element/{element_id}/remove/{token}
   defaults: { _controller: MuzichCoreBundle:Element:remove }
   
 element_new_count:

src/Muzich/CoreBundle/Resources/views/Element/tag.propositions.html.twig

           <span class="button">{{ tag.name }}</span>
         {% endfor %}
           
-          <a class="accept_tag_propotision button darkbutton" href="{{ path('ajax_element_proposed_tags_accept', {'proposition_id':proposition.id,'token':app.user.getPersonalHash}) }}">
+          <a class="accept_tag_propotision button darkbutton" href="{{ path('ajax_element_proposed_tags_accept', {'proposition_id':proposition.id,'token':app.user.getPersonalHash(proposition.id)}) }}">
             {{ 'element.view_propositions.link_accept'|trans({}, 'elements') }}
           </a>
           
   </ul>
   
   {% if propositions|length > 1 %}
-    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash}) }}" >
+    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash(element_id)}) }}" >
       {{ 'element.view_propositions.link_refuse_x'|trans({}, 'elements') }}
     </a>
   {% else %}
-    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash}) }}" >
+    <a class="refuse_tag_propositions button darkbutton" href="{{ path('ajax_element_proposed_tags_refuse', {'element_id':element_id,'token':app.user.getPersonalHash(element_id)}) }}" >
       {{ 'element.view_propositions.link_refuse_one'|trans({}, 'elements') }}
     </a>
   {% endif %}

src/Muzich/CoreBundle/Resources/views/SearchElement/element.html.twig

               {% if element.hasVoteGood(app.user.id) %}
                 <a class="vote" href="{{ path('ajax_element_remove_vote_good', {
                   'element_id' : element.id,
-                  'token'      : app.user.getPersonalHash
+                  'token'      : app.user.getPersonalHash(element.id)
                 }) }}" title="{{ 'element.vote.good'|trans({}, 'elements') }}">
                   <img src="{{ asset('img/icon_thumb_red.png') }}" alt="vote" />
                 </a>
               {% else %}
                 <a class="vote" href="{{ path('ajax_element_add_vote_good', {
                   'element_id' : element.id,
-                  'token'      : app.user.getPersonalHash
+                  'token'      : app.user.getPersonalHash(element.id)
                 }) }}" title="{{ 'element.vote.good'|trans({}, 'elements') }}">
                   <img src="{{ asset('img/icon_thumb.png') }}" alt="vote" />
                 </a>
         {% endif %}
         <li class="star">
           {% if element.hasFavoriteUser(app.user.id) %}
-            <a class="favorite_link" href="{{ path('favorite_remove', { 'id': element.id, 'token': app.user.personalHash }) }}" >
+            <a class="favorite_link" href="{{ path('favorite_remove', { 'id': element.id, 'token': app.user.personalHash(element.id) }) }}" >
               <img id="favorite_{{ element.id }}_is" src="{{ asset('img/icon_star_2_red.png') }}" title="{{ 'element.favorite.remove'|trans({}, 'elements') }}" alt="{{ 'element.favorite.remove'|trans({}, 'elements') }}"/>
             </a>
           {% else %}
-            <a class="favorite_link" href="{{ path('favorite_add', { 'id': element.id, 'token': app.user.personalHash }) }}" >
+            <a class="favorite_link" href="{{ path('favorite_add', { 'id': element.id, 'token': app.user.personalHash(element.id) }) }}" >
               <img id="favorite_{{ element.id }}_isnot" src="{{ asset('img/icon_star_2.png') }}" title="{{ 'element.favorite.add'|trans({}, 'elements') }}" alt="{{ 'element.favorite.add'|trans({}, 'elements') }}" />
             </a>
           {% endif %}
             <li class="element_report">
               <a title="{{ 'element.report.link_title'|trans({}, 'userui') }}" 
                 class="element_report" 
-                href="{{ path('ajax_report_element', {'element_id':element.id, 'token':app.user.getPersonalHash}) }}">
+                href="{{ path('ajax_report_element', {'element_id':element.id, 'token':app.user.getPersonalHash(element.id)}) }}">
                 <img src="{{ asset('/img/icon_alert.png') }}" alt="report" />
               </a>
             </li>
 
             <li class="element_remove_link">
               <a title="{{ 'element.remove.link'|trans({}, 'elements') }}" class="element_remove_link" 
-                href="{{ path('element_remove', {'element_id' : element.id})  }}"
+                href="{{ path('element_remove', {'element_id' : element.id, 'token':app.user.getPersonalHash(element.id)})  }}"
               >
                 <img src="{{ asset('/img/icon_close_2.png') }}" alt="delete" />
               </a>
               <a 
                 href="{{ path('ajax_tag_add_to_favorites', {
                   'tag_id' : tag.id,
-                  'token'  : app.user.getPersonalHash
+                  'token'  : app.user.getPersonalHash(tag.id)
                 }) }}" 
                 class="tag_to_favorites" 
                 style="display: none;"
     </div>
       
     <form 
-      action="{{ path('ajax_add_comment', {'element_id':element.id, 'token':app.user.getPersonalHash}) }}" 
+      action="{{ path('ajax_add_comment', {'element_id':element.id, 'token':app.user.getPersonalHash(element.id)}) }}" 
       method="post" 
       name="add_comment"
       style="display: none;"

src/Muzich/CoreBundle/Tests/Controller/CommentControllerTest.php

       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "J'ai réécouté et ouaa je kiff BrOOO"
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
         'dom_id'     => $id,
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(
           'comment' => "Je me modifie mon com kwaa"
       $this->generateUrl('ajax_delete_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
         'dom_id'     => $id,
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(
           'comment' => "Je répond 13 HACKED"
       $this->generateUrl('ajax_delete_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment['d'],
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/ElementControllerTest.php

     
     // On est sur la page home, on peut voir le lien de suppression l'élément
     $this->exist('a[href="'.($url = $this->generateUrl('element_remove', array(
-        'element_id' => $element->getId()
+        'element_id' => $element->getId(), 'token' => $bux->getPersonalHash($element->getId())
     ))).'"]');
   
     // Suppression de l'élément
     // On peut donc voir le lien pour "dé-voter"
     $url_unvote_soul = $this->generateUrl('ajax_element_remove_vote_good', array(
       'element_id' => $element_soul->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element_soul->getId())
     ));
     $this->exist('a.vote[href="'.$url_unvote_soul.'"]');
     
       'GET', 
       $this->generateUrl('ajax_element_add_vote_good', array(
         'element_id' => $element_ed->getId(),
-        'token' => $paul->getPersonalHash()
+        'token' => $paul->getPersonalHash($element_ed->getId())
       )), 
       array(), 
       array(), 
       'GET', 
       $this->generateUrl('ajax_element_add_vote_good', array(
         'element_id' => $element_ed->getId(),
-        'token' => $bob->getPersonalHash()
+        'token' => $bob->getPersonalHash($element_ed->getId())
       )), 
       array(), 
       array(), 
     
     $url_accept_paul = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_paul->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_paul->getId())
     ));
     $url_accept_joelle = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_joelle->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_joelle->getId())
     ));
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_paul.'"') !== false);
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_joelle.'"') !== false);
     $url_refuse = $this->generateUrl('ajax_element_proposed_tags_refuse', array(
       'element_id' => $element->getId(),
-      'token'      => $bux->getPersonalHash()
+      'token'      => $bux->getPersonalHash($element->getId())
     ));
     
     // On accepete la poposition de joelle
     
     $url_accept_paul = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_paul->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_paul->getId())
     ));
     $url_accept_joelle = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_joelle->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_joelle->getId())
     ));
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_paul.'"') !== false);
     $this->assertTrue(strpos($response['html'], 'href="'.$url_accept_joelle.'"') !== false);
     $url_refuse = $this->generateUrl('ajax_element_proposed_tags_refuse', array(
       'element_id' => $element->getId(),
-      'token'      => $bux->getPersonalHash()
+      'token'      => $bux->getPersonalHash($element->getId())
     ));
     
     // On accepete la poposition de joelle

src/Muzich/CoreBundle/Tests/Controller/EventTest.php

       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Du coup ce com va emettre un event"
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element_2->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element_2->getId())
       )), 
       array(
           'comment' => "Du coup ce com va aussi emettre un event"
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element_2->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element_2->getId())
       )), 
       array(
           'comment' => "Du coup ce com va aussi emettre un event"
     // Il ajoute cet élément en favoris
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
     // On enlève des favoris
     $url = $this->generateUrl('favorite_remove', array(
       'id'    => $element->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Je choisis en commentant de suivre l'élément",
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $joelle->getPersonalHash()
+        'token'      => $joelle->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Je choisis en commentant de suivre l'élément (joelle)",
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $bux->getPersonalHash()
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "Voila le com qui declenche les événemetns chez paul et joelle"
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $bux->getPersonalHash()
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "un nouveau com"
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $paul->getPersonalHash()
+        'token'      => $paul->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "ze veux plus",
       'POST', 
       $this->generateUrl('ajax_add_comment', array(
         'element_id' => $element->getId(),
-        'token'      => $bux->getPersonalHash()
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(
           'comment' => "ce com va declencher un event chez joelle mais pas chez paul"
     $url_follow = $this->generateUrl('follow', array(
       'type' => 'user', 
       'id' => $bob->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($bob->getId())
     ));
     
     $this->crawler = $this->client->request('GET', $url_follow);
       $this->generateUrl('ajax_element_proposed_tags_accept', 
         array(
           'proposition_id' => $proposition_id,
-          'token' => $user->getPersonalHash()
+          'token' => $user->getPersonalHash($proposition_id)
         )
       ), 
       array(), 
       $this->generateUrl('ajax_element_proposed_tags_refuse', 
         array(
           'element_id' => $element_id,
-          'token' => $user->getPersonalHash()
+          'token' => $user->getPersonalHash($element_id)
         )
       ), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/FavoriteControllerTest.php

     $this->exist('li:contains("DUDELDRUM")');
     $this->exist('a[href="'.($url = $this->generateUrl('favorite_add', array(
       'id'    => $element_DUDELDRUM->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($element_DUDELDRUM->getId())
     ))).'"]');
     $link = $this->selectLink('a[href="'.$url.'"]');
     $this->clickOnLink($link);
     // Il a laissé place aux lien pour le retirer
     $this->exist('a[href="'.($url_rm = $this->generateUrl('favorite_remove', array(
       'id'    => $element_DUDELDRUM->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($element_DUDELDRUM->getId())
     ))).'"]');
     
     // En base l'enregistrement existe
     // Il ajoute cet élément en favoris
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
     // On enlève des favoris
     $url = $this->generateUrl('favorite_remove', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/Tests/Controller/GroupControllerTest.php

             
     $this->exist('a[href="'.($url = $this->generateUrl('group_delete', array(
       'group_id'  => $Fans_de_psytrance->getId(),
-      'token'     => $this->getUser()->getPersonalHash()
+      'token'     => $this->getUser()->getPersonalHash($Fans_de_psytrance->getId())
     ))).'"]');
     
     $this->crawler = $this->client->request('GET', $url);

src/Muzich/CoreBundle/Tests/Controller/HomeControllerTest.php

         'name' => $fan_de_psy->getName(),
         'id'   => $fan_de_psy->getId(),
         'url'  => $this->generateUrl('ajax_set_element_group', array(
-          'token'      => $this->getUser()->getPersonalHash(),
+          'token'      => $this->getUser()->getPersonalHash($element->getId()),
           'element_id' => $element->getId(),
           'group_id'   => $fan_de_psy->getId()
         ))
       $this->generateUrl('ajax_set_element_group', array(
         'element_id' => $element->getId(),
         'group_id'   => $fan_de_psy->getId(),
-        'token'      => $this->getUser()->getPersonalHash()
+        'token'      => $this->getUser()->getPersonalHash($element->getId())
       )), 
       array(), 
       array(), 
     // On accepte la proposition de paul
     $url_accept_paul = $this->generateUrl('ajax_element_proposed_tags_accept', array(
       'proposition_id' => $proposition_paul->getId(),
-      'token'          => $bux->getPersonalHash()
+      'token'          => $bux->getPersonalHash($proposition_paul->getId())
     ));
     
     $crawler = $this->client->request(

src/Muzich/CoreBundle/Tests/Controller/ModerateControllerTest.php

     // Paul signale cet élément comme pas bien
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $paul->getPersonalHash()
+      'token'      => $paul->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
     // Ca ne doit pas bouger puisqu'il l'a déjà fait
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $paul->getPersonalHash()
+      'token'      => $paul->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
     // Ca ne doit pas bouger puisqu'il l'a déjà fait
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_bab->getId(),
-      'token'      => $paul->getPersonalHash()
+      'token'      => $paul->getPersonalHash($element_bab->getId())
     ));
     
     $crawler = $this->client->request(
     // Paul signale cet élément comme pas bien
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $joelle->getPersonalHash()
+      'token'      => $joelle->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
     // Ca ne doit pas bouger puisqu'elle l'a déjà fait
     $url = $this->generateUrl('ajax_report_element', array(
       'element_id' => $element_ed->getId(),
-      'token'      => $joelle->getPersonalHash()
+      'token'      => $joelle->getPersonalHash($element_ed->getId())
     ));
     
     $crawler = $this->client->request(
       $this->generateUrl('ajax_alert_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment_bux['d'],
-        'token'      => $joelle->getPersonalHash()
+        'token'      => $joelle->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 
       $this->generateUrl('ajax_alert_comment', array(
         'element_id' => $element->getId(),
         'date'       => $comment_paul['d'],
-        'token'      => $joelle->getPersonalHash()
+        'token'      => $joelle->getPersonalHash($element->getId())
       )),
       array(), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/MynetworkControllerTest.php

     $url_follow = $this->generateUrl('follow', array(
       'type' => 'user', 
       'id' => $bux->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($bux->getId())
     ));
     
     // On lance l'action de suivre
     $url_follow = $this->generateUrl('follow', array(
       'type' => 'group', 
       'id' => $DUDELDRUM->getId(),
-      'token' => $this->getUser()->getPersonalHash()
+      'token' => $this->getUser()->getPersonalHash($DUDELDRUM->getId())
     ));
     
     // On lance l'action de suivre

src/Muzich/CoreBundle/Tests/Controller/ReputationTest.php

       'GET', 
       $this->generateUrl('ajax_element_add_vote_good', array(
         'element_id' => $element->getId(),
-        'token' => $paul->getPersonalHash()
+        'token' => $paul->getPersonalHash($element->getId())
       )), 
       array(), 
       array(), 
     $crawler = $this->client->request(
       'GET', 
       $this->generateUrl('element_remove', array(
-        'element_id' => $element->getId()
+        'element_id' => $element->getId(),
+        'token'      => $bux->getPersonalHash($element->getId())
       )), 
       array(), 
       array(), 

src/Muzich/CoreBundle/Tests/Controller/ShowControllerTest.php

     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $bux->getPersonalHash()
+      'token' => $bux->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $joelle->getPersonalHash()
+      'token' => $joelle->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
     
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $joelle->getPersonalHash()
+      'token' => $joelle->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/Tests/Controller/TagsTest.php

     // Il ajoute cet élément en favoris
     $url = $this->generateUrl('favorite_add', array(
       'id'    => $element->getId(),
-      'token' => $paul->getPersonalHash()
+      'token' => $paul->getPersonalHash($element->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/Tests/Controller/UserControllerTest.php

     
     $url = $this->generateUrl('ajax_tag_add_to_favorites', array(
       'tag_id' => $tribe->getId(),
-      'token'  => $paul->getPersonalHash()
+      'token'  => $paul->getPersonalHash($tribe->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
     
     $url = $this->generateUrl('ajax_tag_add_to_favorites', array(
       'tag_id' => $tribe->getId(),
-      'token'  => $paul->getPersonalHash()
+      'token'  => $paul->getPersonalHash($tribe->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(
     
     $url = $this->generateUrl('ajax_tag_add_to_favorites', array(
       'tag_id' => $hardtek->getId(),
-      'token'  => $paul->getPersonalHash()
+      'token'  => $paul->getPersonalHash($hardtek->getId())
     ));
     
     $crawler = $this->client->request('GET', $url, array(), array(), array(

src/Muzich/CoreBundle/lib/Controller.php

               'name' => $group->getName(),
               'id'   => $group->getId(),
               'url'  => $this->generateUrl('ajax_set_element_group', array(
-                'token'      => $this->getUser()->getPersonalHash(),
+                'token'      => $this->getUser()->getPersonalHash($element->getId()),
                 'element_id' => $element->getId(),
                 'group_id'   => $group->getId()
               ))

src/Muzich/FavoriteBundle/Controller/FavoriteController.php

     
     $em = $this->getEntityManager();
     
-    if ($user->getPersonalHash() != $token || !is_numeric($id)
+    if ($user->getPersonalHash($id) != $token || !is_numeric($id)
       || !($element = $em->getRepository('MuzichCoreBundle:Element')->findOneById($id))
     )
     {
         'favorite'      => true,
         'link_new_url'  => $this->generateUrl('favorite_remove', array(
             'id'    => $id,
-            'token' => $token
+            'token' => $user->getPersonalHash($id)
         )),
         'img_new_src'   => $this->getAssetUrl('img/icon_star_2_red.png'),
         'img_new_title' => $this->trans('element.favorite.remove', array(), 'elements')
     $user = $this->getUser();
     $em = $this->getDoctrine()->getEntityManager();
     
-    if ($user->getPersonalHash() != $token || !is_numeric($id)
+    if ($user->getPersonalHash($id) != $token || !is_numeric($id)
       || !($element = $em->getRepository('MuzichCoreBundle:Element')->findOneById($id))
     )
     {
         'favorite'      => true,
         'link_new_url'  => $this->generateUrl('favorite_add', array(
             'id'    => $id,
-            'token' => $token
+            'token' => $user->getPersonalHash($id)
         )),
         'img_new_src'   => $this->getAssetUrl('img/icon_star_2.png'),
         'img_new_title' => $this->trans('element.favorite.add', array(), 'elements')

src/Muzich/GroupBundle/Controller/DefaultController.php

   public function deleteAction($group_id, $token)
   {
     $user = $this->getUser();
-    if ($user->getPersonalHash() != $token)
+    if ($user->getPersonalHash($group_id) != $token)
     {
       throw $this->createNotFoundException('Accès non autorisé.');
     }

src/Muzich/GroupBundle/Resources/views/Default/myList.html.twig

         <a href="{{ path('show_group', { 'slug': group.slug }) }}">{{ group.name }}</a>
         
         <a title="{{ 'group.remove.link'|trans({}, 'groups') }}" class="group_remove_link" 
-          href="{{ path('group_delete', {'group_id' : group.id, 'token': app.user.personalHash})  }}"
+          href="{{ path('group_delete', {'group_id' : group.id, 'token': app.user.personalHash(group.id)})  }}"
         >
           <img src="{{ asset('bundles/muzichcore/img/1327168960_fileclose.png') }}" alt="delete" />
         </a>

src/Muzich/HomeBundle/Resources/views/Show/showGroup.html.twig

         </a>
       {% endif %}
       
-      <a href="{{ path('follow', { 'type': 'group', 'id': group.id, 'token': user.personalHash }) }}" 
+      <a href="{{ path('follow', { 'type': 'group', 'id': group.id, 'token': user.personalHash(group.id) }) }}" 
          class="follow_link button darkbutton {% if following %}following{% else %}notfollowing{% endif %}">
         {% if following %}
           {{ 'group.following'|trans({}, 'groups') }}

src/Muzich/HomeBundle/Resources/views/Show/showUser.html.twig

     <div class="show_options">
             
       {% if app.user.id != viewed_user.id %}
-        <a href="{{ path('follow', { 'type': 'user', 'id': viewed_user.id, 'token': user.personalHash }) }}" 
+        <a href="{{ path('follow', { 'type': 'user', 'id': viewed_user.id, 'token': user.personalHash(viewed_user.id) }) }}" 
            class="follow_link button darkbutton {% if following %}following{% else %}notfollowing{% endif %}" >
           {% if following %}
             {{ 'user.following'|trans({}, 'users') }}