diff --git a/admin/setup.php b/admin/setup.php
index 88998c3..5cb9691 100644
--- a/admin/setup.php
+++ b/admin/setup.php
@@ -58,85 +58,72 @@ $action = GETPOST('action', 'aZ09');
 // POST: Allgemeine Konstanten speichern
 // ---------------------------------------------------------------
 if ($action === 'save_consts' && $user->hasRight('mahnung', 'setup')) {
-	if (!verifCsrf($_POST['token'] ?? '', 'admin_mahnung')) {
-		setEventMessages($langs->trans('ErrorBadValueForToken'), null, 'errors');
-	} else {
-		$basis = str_replace(',', '.', GETPOST('MAHNUNG_BASISZINS', 'alphanohtml'));
-		$b2c = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2C', 'alphanohtml'));
-		$b2b = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2B', 'alphanohtml'));
-		$pau = str_replace(',', '.', GETPOST('MAHNUNG_PAUSCHALE_B2B', 'alphanohtml'));
-		$topic = GETPOST('MAHNUNG_NTFY_TOPIC', 'alphanohtml');
+	$basis = str_replace(',', '.', GETPOST('MAHNUNG_BASISZINS', 'alphanohtml'));
+	$b2c = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2C', 'alphanohtml'));
+	$b2b = str_replace(',', '.', GETPOST('MAHNUNG_AUFSCHLAG_B2B', 'alphanohtml'));
+	$pau = str_replace(',', '.', GETPOST('MAHNUNG_PAUSCHALE_B2B', 'alphanohtml'));
+	$topic = GETPOST('MAHNUNG_NTFY_TOPIC', 'alphanohtml');
 
-		dolibarr_set_const($db, 'MAHNUNG_BASISZINS', (string) (float) $basis, 'chaine', 0, '', 0);
-		dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2C', (string) (float) $b2c, 'chaine', 0, '', 0);
-		dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2B', (string) (float) $b2b, 'chaine', 0, '', 0);
-		dolibarr_set_const($db, 'MAHNUNG_PAUSCHALE_B2B', (string) (float) $pau, 'chaine', 0, '', 0);
-		dolibarr_set_const($db, 'MAHNUNG_NTFY_TOPIC', (string) $topic, 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, 'MAHNUNG_BASISZINS', (string) (float) $basis, 'chaine', 0, '', 0);
+	dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2C', (string) (float) $b2c, 'chaine', 0, '', 0);
+	dolibarr_set_const($db, 'MAHNUNG_AUFSCHLAG_B2B', (string) (float) $b2b, 'chaine', 0, '', 0);
+	dolibarr_set_const($db, 'MAHNUNG_PAUSCHALE_B2B', (string) (float) $pau, 'chaine', 0, '', 0);
+	dolibarr_set_const($db, 'MAHNUNG_NTFY_TOPIC', (string) $topic, 'chaine', 0, '', $conf->entity);
 
-		setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
-		header('Location: '.$_SERVER['PHP_SELF']);
-		exit;
-	}
+	setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
+	header('Location: '.$_SERVER['PHP_SELF']);
+	exit;
 }
 
 // ---------------------------------------------------------------
 // POST: Stufen-Tabelle speichern (Bulk-Update aller 3 Stufen)
 // ---------------------------------------------------------------
 if ($action === 'save_stufen' && $user->hasRight('mahnung', 'setup')) {
-	if (!verifCsrf($_POST['token'] ?? '', 'admin_mahnung')) {
-		setEventMessages($langs->trans('ErrorBadValueForToken'), null, 'errors');
-	} else {
-		$stufeObj = new MahnungStufe($db);
-		$alle = $stufeObj->fetchAllActive();
-		// Auch inaktive laden (active=0) — fetchAllActive filtert; hier inkl. inaktive:
-		$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."mahnung_stufe WHERE entity = ".((int) $conf->entity)." ORDER BY stufe";
-		$resql = $db->query($sql);
-		$ids = array();
-		if ($resql) {
-			while ($obj = $db->fetch_object($resql)) {
-				$ids[] = (int) $obj->rowid;
-			}
-			$db->free($resql);
+	$stufeObj = new MahnungStufe($db);
+	$alle = $stufeObj->fetchAllActive();
+	// Auch inaktive laden (active=0) — fetchAllActive filtert; hier inkl. inaktive:
+	$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."mahnung_stufe WHERE entity = ".((int) $conf->entity)." ORDER BY stufe";
+	$resql = $db->query($sql);
+	$ids = array();
+	if ($resql) {
+		while ($obj = $db->fetch_object($resql)) {
+			$ids[] = (int) $obj->rowid;
 		}
-		$ok = true;
-		foreach ($ids as $id) {
-			$s = new MahnungStufe($db);
-			if ($s->fetch($id) <= 0 && method_exists($s, 'fetchByStufe')) {
-				// Fallback: per stufe laden
-			}
-			// fetch() existiert in MahnungStufe nicht direkt; wir laden per direktem SQL
-			$s = loadStufeById($db, $id, $conf->entity);
-			if (!$s) {
-				continue;
-			}
-			$prefix = 'stufe_'.$s->stufe.'_';
-			$s->label = GETPOST($prefix.'label', 'alphanohtml');
-			$s->frist_tage = (int) GETPOST($prefix.'frist_tage', 'int');
-			$s->neue_frist_tage = (int) GETPOST($prefix.'neue_frist_tage', 'int');
-			$s->mahngebuehr_b2c = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2c', 'alphanohtml'));
-			$s->mahngebuehr_b2b = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2b', 'alphanohtml'));
-			$s->pauschale_b2b_einmalig = GETPOSTISSET($prefix.'pauschale_b2b_einmalig') ? 1 : 0;
-			$ovB2c = trim((string) GETPOST($prefix.'zinssatz_b2c', 'alphanohtml'));
-			$ovB2b = trim((string) GETPOST($prefix.'zinssatz_b2b', 'alphanohtml'));
-			$s->zinssatz_b2c_uebersteuern = $ovB2c === '' ? null : (float) str_replace(',', '.', $ovB2c);
-			$s->zinssatz_b2b_uebersteuern = $ovB2b === '' ? null : (float) str_replace(',', '.', $ovB2b);
-			$s->versandart_default = GETPOST($prefix.'versandart', 'alphanohtml') ?: 'pdf';
-			$s->pdf_intro = GETPOST($prefix.'pdf_intro', 'restricthtml');
-			$s->email_subject = GETPOST($prefix.'email_subject', 'alphanohtml');
-			$s->email_body = GETPOST($prefix.'email_body', 'restricthtml');
-			$s->active = GETPOSTISSET($prefix.'active') ? 1 : 0;
+		$db->free($resql);
+	}
+	$ok = true;
+	foreach ($ids as $id) {
+		$s = loadStufeById($db, $id, $conf->entity);
+		if (!$s) {
+			continue;
+		}
+		$prefix = 'stufe_'.$s->stufe.'_';
+		$s->label = GETPOST($prefix.'label', 'alphanohtml');
+		$s->frist_tage = (int) GETPOST($prefix.'frist_tage', 'int');
+		$s->neue_frist_tage = (int) GETPOST($prefix.'neue_frist_tage', 'int');
+		$s->mahngebuehr_b2c = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2c', 'alphanohtml'));
+		$s->mahngebuehr_b2b = (float) str_replace(',', '.', GETPOST($prefix.'mahngebuehr_b2b', 'alphanohtml'));
+		$s->pauschale_b2b_einmalig = GETPOSTISSET($prefix.'pauschale_b2b_einmalig') ? 1 : 0;
+		$ovB2c = trim((string) GETPOST($prefix.'zinssatz_b2c', 'alphanohtml'));
+		$ovB2b = trim((string) GETPOST($prefix.'zinssatz_b2b', 'alphanohtml'));
+		$s->zinssatz_b2c_uebersteuern = $ovB2c === '' ? null : (float) str_replace(',', '.', $ovB2c);
+		$s->zinssatz_b2b_uebersteuern = $ovB2b === '' ? null : (float) str_replace(',', '.', $ovB2b);
+		$s->versandart_default = GETPOST($prefix.'versandart', 'alphanohtml') ?: 'pdf';
+		$s->pdf_intro = GETPOST($prefix.'pdf_intro', 'restricthtml');
+		$s->email_subject = GETPOST($prefix.'email_subject', 'alphanohtml');
+		$s->email_body = GETPOST($prefix.'email_body', 'restricthtml');
+		$s->active = GETPOSTISSET($prefix.'active') ? 1 : 0;
 
-			if ($s->update($user) <= 0) {
-				$ok = false;
-				setEventMessages($s->error, null, 'errors');
-			}
-		}
-		if ($ok) {
-			setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
-			header('Location: '.$_SERVER['PHP_SELF']);
-			exit;
+		if ($s->update($user) <= 0) {
+			$ok = false;
+			setEventMessages($s->error, null, 'errors');
 		}
 	}
+	if ($ok) {
+		setEventMessages($langs->trans('MahnungSettingsSaved'), null, 'mesgs');
+		header('Location: '.$_SERVER['PHP_SELF']);
+		exit;
+	}
 }
 
 /**
@@ -189,7 +176,7 @@ print '<span class="opacitymedium">'.$langs->trans('MahnungSetupDescription').'<
 
 // --- Block: Konstanten -------------------------------------------------------
 print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
-print '<input type="hidden" name="token" value="'.newToken('admin_mahnung').'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="action" value="save_consts">';
 
 print '<table class="noborder centpercent">';
@@ -233,7 +220,7 @@ if ($resql) {
 
 print '<br><br>';
 print '<form method="POST" action="'.$_SERVER['PHP_SELF'].'">';
-print '<input type="hidden" name="token" value="'.newToken('admin_mahnung').'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
 print '<input type="hidden" name="action" value="save_stufen">';
 
 print '<table class="noborder centpercent">';