X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fxnet.php;h=2c048356d4220fc7673fe24fe2382783a310fab8;hb=67e06366aa6d020c4e1ed3bfcb36cb877eae1829;hp=d57101aa3d8e61212b95a81ab94975b742cc2d55;hpb=eaf30d86cc99df2414cf4f171a9b0f11b0561e3b;p=platal.git diff --git a/modules/xnet.php b/modules/xnet.php index d57101a..2c04835 100644 --- a/modules/xnet.php +++ b/modules/xnet.php @@ -1,6 +1,6 @@ $this->make_hook('index', AUTH_PUBLIC), - 'exit' => $this->make_hook('exit', AUTH_PUBLIC), - - 'admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), - 'groups' => $this->make_hook('groups', AUTH_PUBLIC), - 'groupes.php' => $this->make_hook('groups2', AUTH_PUBLIC), - 'plan' => $this->make_hook('plan', AUTH_PUBLIC), - 'photo' => $this->make_hook('photo', AUTH_MDP), - 'autologin' => $this->make_hook('autologin', AUTH_MDP), + 'index' => $this->make_hook('index', AUTH_PUBLIC), + 'exit' => $this->make_hook('exit', AUTH_PUBLIC), + + 'admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), + 'groups' => $this->make_hook('groups', AUTH_PUBLIC), + 'groupes.php' => $this->make_hook('groups2', AUTH_PUBLIC), + 'plan' => $this->make_hook('plan', AUTH_PUBLIC), + 'photo' => $this->make_hook('photo', AUTH_MDP), + 'autologin' => $this->make_hook('autologin', AUTH_MDP), ); } @@ -65,8 +65,8 @@ class XnetModule extends PLModule function handler_exit(&$page) { - XnetSession::killSuid(); - XnetSession::destroy(); + Platal::session()->stopSUID(); + Platal::session()->destroy(); $page->changeTpl('xnet/deconnexion.tpl'); } @@ -81,27 +81,29 @@ class XnetModule extends PLModule list($id, $nom, $domain) = $res->fetchOneRow(); $page->assign('nom', $nom); if ($id && Post::has('del')) { + S::assert_xsrf_token(); + XDB::query('DELETE FROM groupex.membres WHERE asso_id={?}', $id); - $page->trig('membres supprimés'); + $page->trigSuccess('membres supprimés'); if ($domain) { XDB::query('DELETE FROM virtual_domains WHERE domain={?}', $domain); XDB::query('DELETE FROM virtual, virtual_redirect USING virtual INNER JOIN virtual_redirect USING (vid) WHERE alias LIKE {?}', '%@'.$domain); - $page->trig('suppression des alias mails'); + $page->trigSuccess('suppression des alias mails'); $mmlist = new MMList(S::v('uid'), S::v('password'), $domain); if ($listes = $mmlist->get_lists()) { foreach ($listes as $l) { $mmlist->delete_list($l['list'], true); } - $page->trig('mail lists surpprimées'); + $page->trigSuccess('mail lists surpprimées'); } } XDB::query('DELETE FROM groupex.asso WHERE id={?}', $id); - $page->trig("Groupe $nom supprimé"); + $page->trigSuccess("Groupe $nom supprimé"); Get::kill('del'); } if (!$id) { @@ -110,12 +112,26 @@ class XnetModule extends PLModule } if (Post::has('diminutif')) { - XDB::query('INSERT INTO groupex.asso (id,diminutif) - VALUES(NULL,{?})', Post::v('diminutif')); - pl_redirect('../'.Post::v('diminutif').'/edit'); + S::assert_xsrf_token(); + + $res = XDB::query('SELECT COUNT(*) + FROM groupex.asso + WHERE diminutif = {?}', + Post::v('diminutif')); + + if ($res->fetchOneCell() == 0) { + XDB::execute('INSERT INTO groupex.asso (id, diminutif) + VALUES (NULL, {?})', + Post::v('diminutif')); + pl_redirect('../' . Post::v('diminutif') . '/edit'); + } else { + $page->trigError('Le diminutif demandé est déjà pris.'); + } } - $res = XDB::query('SELECT nom,diminutif FROM groupex.asso ORDER by NOM'); + $res = XDB::query('SELECT nom, diminutif + FROM groupex.asso + ORDER BY nom'); $page->assign('assos', $res->fetchAllAssoc()); }