'webservices/manageurs.php' => $this->make_hook('manageurs', AUTH_PUBLIC, 'user', NO_HTTPS),
'auth-redirect.php' => $this->make_hook('redirect', AUTH_COOKIE, 'user'),
- 'auth-groupex.php' => $this->make_hook('groupex_old', AUTH_COOKIE, 'user'),
- 'auth-groupex' => $this->make_hook('groupex', AUTH_PUBLIC),
- 'admin/auth-groupes-x' => $this->make_hook('admin_authgroupesx', AUTH_MDP, 'admin'),
+ 'auth-groupex.php' => $this->make_hook('groupex_old', AUTH_COOKIE, ''),
+ 'auth-groupex' => $this->make_hook('groupex', AUTH_PUBLIC, ''),
+ 'admin/auth-groupes-x' => $this->make_hook('admin_authgroupesx', AUTH_PASSWD, 'admin'),
);
}
return PL_DO_AUTH;
}
+ if (!S::user()->checkPerms('groups')) {
+ return PL_FORBIDDEN;
+ }
+
$this->load('auth.inc.php');
$gpex_pass = Get::s('pass');
}
if (Get::has('group')) {
- $req_group_id = XDB::fetchOneCell('SELECT asso_id
+ $req_group_id = XDB::fetchOneCell('SELECT id
FROM groups
WHERE diminutif = {?}',
Get::s('group'));
http_redirect($returl);
} else if (S::admin()) {
- $page->kill("La requête d'authentification a échouée (url de retour invalide).");
+ $page->kill("La requête d'authentification a échoué (url de retour invalide).");
}
}
}