- $tohash .= $min_username;
- $params .= "&$val=".$min_username;
- } else if ($val == 'grpauth' && isset($_GET['group'])) {
- $res = XDB::query("SELECT perms FROM groupex.membres
- INNER JOIN groupex.asso ON(id = asso_id)
- WHERE uid = {?} AND diminutif = {?}", S::v('uid'), $_GET['group']);
- $perms = $res->fetchOneCell();
- $tohash .= $perms;
- $params .= "&$val=".$perms;
+ $params .= gpex_prepare_param($val, $min_username, $tohash, $charset);
+ } else if ($val == 'grpauth') {
+ if (isset($_GET['group'])) {
+ $res = XDB::query("SELECT perms
+ FROM groupex.membres
+ INNER JOIN groupex.asso ON(id = asso_id)
+ WHERE uid = {?} AND diminutif = {?}",
+ S::v('uid'), $_GET['group']);
+ $perms = $res->fetchOneCell();
+ } else {
+ // if no group asked, return main rights
+ $perms = S::has_perms() ? 'admin' : 'membre';
+ }
+ $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
+ } else {
+ $params .= gpex_prepare_param($val, '', $tohash, $charset);