--- a/msitegen.inc.php	Tue Jan 24 16:44:30 2017 +0200
+++ b/msitegen.inc.php	Tue Jan 24 17:25:48 2017 +0200
@@ -959,6 +959,72 @@
 }
 
 
+function stCommonAJAX($backend, $failover)
+{
+?>
+function jsSendPOSTRequest(params, success, failure)
+{
+<?php
+  if (($csrfID = stGetSessionItem("csrfID", FALSE)) !== FALSE)
+    echo "  params += \"&csrfID=".$csrfID."\";\n";
+  else
+    echo "// No CSRF?\n";
+?>
+  var req = jsCreateXMLRequest();
+  req.open("POST", "<? echo $backend ?>", true);
+  req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+  req.setRequestHeader("Content-length", params.length);
+  req.setRequestHeader("Connection", "close");
+
+  req.onreadystatechange = function()
+  {
+    if (req.readyState == 4)
+    {
+      switch (req.status)
+      {
+        case 404:
+          window.location = "<? echo $failover ?>";
+          break;
+        
+        case 902:
+          jsStatusMsg(req.statusText);
+          jsMessageBox(req.responseText);
+          break;
+
+        case 903:
+          {
+            var nitem = document.getElementById("messageBox");
+            if (nitem)
+            {
+              nitem.innerHTML = "<div class='messageBoxInner'>"+ req.responseText +
+                "<div class='messageBoxControls'>"+
+                "</div></div>";
+              nitem.style.display = "block";
+            }
+          }
+          break;
+        
+        case 200:
+          if (success)
+            success(req.responseText);
+          jsStatusMsg(req.statusText);
+          break;
+        
+        default:
+          if (failure)
+            failure(req.status, req.statusText, req.responseText);
+          else
+            jsStatusMsg("["+req.status+" - "+req.statusText+"] "+ req.responseText);
+          break;
+      }
+    }
+  }
+  req.send(params);
+}
+
+<?php
+}
+
 //
 // CLI related helper functions
 //