Merge branch 'platal-0.9.16'

[platal.git] / modules / auth / auth.inc.php

diff --git a/modules/auth/auth.inc.php b/modules/auth/auth.inc.php
index e8502a7..a1a562f 100644 (file)
--- a/modules/auth/auth.inc.php
+++ b/modules/auth/auth.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -23,7 +23,7 @@ function gpex_prepare_param($name, $val, &$to_hash,  $charset)
 {
     $val = iconv('UTF-8', $charset, $val);
     $to_hash .= $val;
-    return '&' . $name . '=' . $val;
+    return '&' . $name . '=' . urlencode($val);
 }
 
 function gpex_make($chlg, $privkey, $datafields, $charset)
@@ -56,13 +56,16 @@ function gpex_make($chlg, $privkey, $datafields, $charset)
             if (isset($_GET['group'])) {
                 $res = XDB::query("SELECT  perms
                                      FROM  groupex.membres
-                               INNER JOIN  groupex.asso ON(id = asso_id) 
+                               INNER JOIN  groupex.asso ON(id = asso_id)
                                     WHERE  uid = {?} AND diminutif = {?}",
                                   S::v('uid'), $_GET['group']);
                 $perms = $res->fetchOneCell();
+                if (S::has_perms()) {
+                    $perms = 'admin';
+                }
             } else {
                 // if no group asked, return main rights
-                $perms = Session::has_perms()?'admin':'membre';
+                $perms = S::has_perms() ? 'admin' : 'membre';
             }
             $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
         }