diff --git a/application/libraries/api/MY_Admin_Category_Api_Object.php b/application/libraries/api/MY_Admin_Category_Api_Object.php
diff --git a/application/libraries/api/MY_Admin_Reports_Api_Object.php b/application/libraries/api/MY_Admin_Reports_Api_Object.php
diff --git a/modules/csrf/controllers/csrf.php b/modules/csrf/controllers/csrf.php
@@ -0,0 +1,51 @@
+<?php defined('SYSPATH') or die('No direct script access');
+/**
+ * CSRF Controller for JS calls that require CSRF token to authenticate
+ * requests
+ *
+ * PHP version 5
+ * LICENSE: This source file is subject to GPLv3 license 
+ * that is available through the world-wide-web at the following URI:
+ * http://www.gnu.org/copyleft/gpl.html
+ * @author     Ushahidi Team <team@ushahidi.com> 
+ * @package    Ushahidi - http://github.com/ushahidi/Ushahidi_web
+ * @category   Controllers
+ * @copyright  Ushahidi - http://www.ushahidi.com
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU General Public License v3 (GPLv3) 
+ */
+class CSRF_Controller extends Template_Controller {
+
+	/**
+	 * Disable auto rendering
+	 * @var bool
+	 */
+	public $auto_render = FALSE;
+
+	/**
+	 * View template for the controller
+	 * @var string
+	 */
+	public $template = '';
+
+	/**
+	 * Generates a CSRF token. Only honours AJAX requests
+	 */
+	public function generate_token()
+	{
+		header("Content-Type: application/json; charset=utf-8");
+
+		$result = array('token' => '');
+
+		if (request::is_ajax())
+		{
+			$token = csrf::token();
+
+			$result['token'] = $token;
+
+		}
+
+		echo json_encode($result);
+	}
+}
+
+?>
diff --git a/modules/csrf/helpers/MY_form.php b/modules/csrf/helpers/MY_form.php
@@ -0,0 +1,64 @@
+<?php defined('SYSPATH') or die('No direct script access');
+/**
+ * A helper class for generating CSRF-enabled forms - forms with
+ * a hidden field that contains a randomly generated token that
+ * is used for CSRF protection
+ *
+ * PHP version 5
+ * LICENSE: This source file is subject to GPLv3 license 
+ * that is available through the world-wide-web at the following URI:
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @author     Ushahidi Team <team@ushahidi.com> 
+ * @package    Ushahidi - http://github.com/ushahidi/Ushahidi_Web
+ * @category   Helpers
+ * @copyright  Ushahidi - http://www.ushahidi.com
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU General Public License v3 (GPLv3) 
+ */
+class form extends form_Core {
+
+	/**
+	 * Generates an opening HTML form tag.
+	 *
+	 * @param   string  form action attribute
+	 * @param   array   extra attributes
+	 * @param   array   hidden fields to be created immediately after the form tag
+	 * @return  string
+	 */
+	public static function open($action = NULL, $attr = array(), $hidden = NULL)
+	{
+		// Make sure that the method is always set
+		empty($attr['method']) and $attr['method'] = 'post';
+
+		if ($attr['method'] !== 'post' AND $attr['method'] !== 'get')
+		{
+			// If the method is invalid, use post
+			$attr['method'] = 'post';
+		}
+
+		if ($action === NULL)
+		{
+			// Use the current URL as the default action
+			$action = url::site(Router::$complete_uri);
+		}
+		elseif (strpos($action, '://') === FALSE)
+		{
+			// Make the action URI into a URL
+			$action = url::site($action);
+		}
+
+		// Set action
+		$attr['action'] = $action;
+
+		// Form opening tag
+		$form_auth_token = csrf::token();
+		$form = '<form'.form::attributes($attr).'>'."\n"
+		    . form::hidden('form_auth_token', $form_auth_token)."\n";
+
+		// Add hidden fields immediate after opening tag
+		empty($hidden) or $form .= form::hidden($hidden);
+
+		return $form;
+	}
+}
+?>
diff --git a/modules/csrf/helpers/csrf.php b/modules/csrf/helpers/csrf.php
@@ -0,0 +1,86 @@
+<?php defined('SYSPATH') or die('No direct script access');
+/**
+ * CSRF token generation and validation helper library
+ *
+ * PHP version 5
+ * LICENSE: This source file is subject to GPLv3 license 
+ * that is available through the world-wide-web at the following URI:
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @author     Ushahidi Team <team@ushahidi.com> 
+ * @package    Ushahidi - http://github.com/ushahidi/Ushahidi_Web
+ * @category   Helpers
+ * @copyright  Ushahidi - http://www.ushahidi.com
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU General Public License v3 (GPLv3) 
+ */
+class csrf_Core {
+
+	/**
+	 * Session key for the CSRF token
+	 * @var string
+	 */
+	private static $_csrf_session_key = 'csrf-token';
+
+	/**
+	 * Generates an returns a randon token for CSRF
+	 * prevention
+	 *
+	 * @param bool $replace Whether to replace the current token
+	 * @return string
+	 */	
+	public static function token($replace = FALSE)
+	{
+		$token = Session::instance()->get(self::$_csrf_session_key);
+
+		if ( ! $token OR $replace)
+		{
+			// Generates a hash of variable length random alpha-numeric string
+			$token = hash('sha256', text::random('alnum', rand(25, 32)));
+			Session::instance()->set('csrf-token', $token);
+		}
+
+		return $token;
+	}
+
+	/**
+	 * Validates the specified token against the current
+	 * session value
+	 *
+	 * @return bool TRUE if match, FALSE otherwise
+	 */
+	public static function valid($token)
+	{
+		// Get the current token and destroy the session value
+		$current_token = self::token();
+		Session::instance()->delete(self::$_csrf_session_key);
+
+		return $token == $current_token;
+	}
+
+	/**
+	 * Generates and returns Javascript code snippet for
+	 * obtaining a CSRF token from the server. Requires jQuery.
+	 *
+	 * @return string
+	 */
+	public static function javascript()
+	{
+		// JS snippet to get token
+		$js = '<script type="text/javascript">'
+		    . 'function getCSRFToken() {'
+		    . ' var token = null;'
+		    . ' $.ajax({'
+		    . '	    url: "'.url::site('csrf/generate_token').'",'
+		    . '	    async: false,'
+		    . '     success: function(json){ token = json.token; },'
+		    . '     dataType: "json"'
+		    . ' });'
+		    . ' return token;'
+		    . '}'
+		    . '</script>';
+
+		return $js;
+	}
+}
+
+?>