X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fxnet.php;h=d3c9c4e112d8c9883dd13a656eb3042a0debf315;hb=f981776842674edfa2c654e4248a7b290df98501;hp=66972df9c42d40ff92ebda175614eec23fa01e2a;hpb=4a8a1e0a0c0f0ede05ba5b4485add0e2ee7bf5cd;p=platal.git

diff --git a/modules/xnet.php b/modules/xnet.php
index 66972df..d3c9c4e 100644
--- a/modules/xnet.php
+++ b/modules/xnet.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -56,7 +56,7 @@ class XnetModule extends PLModule
         }
         exit;
     }
-    
+
     function handler_index(&$page)
     {
         $page->nomenu = true;
@@ -65,14 +65,14 @@ class XnetModule extends PLModule
 
     function handler_exit(&$page)
     {
-        XnetSession::killSuid();
-        XnetSession::destroy();
+        Platal::session()->stopSUID();
+        Platal::session()->destroy();
         $page->changeTpl('xnet/deconnexion.tpl');
     }
 
     function handler_admin(&$page)
     {
-        new_admin_page('xnet/admin.tpl');
+        $page->changeTpl('xnet/admin.tpl');
 
         if (Get::has('del')) {
             $res = XDB::query('SELECT id, nom, mail_domain
@@ -81,27 +81,29 @@ class XnetModule extends PLModule
             list($id, $nom, $domain) = $res->fetchOneRow();
             $page->assign('nom', $nom);
             if ($id && Post::has('del')) {
+                S::assert_xsrf_token();
+
                 XDB::query('DELETE FROM groupex.membres WHERE asso_id={?}', $id);
-                $page->trig('membres supprimés');
+                $page->trigSuccess('membres supprimés');
 
                 if ($domain) {
                     XDB::query('DELETE FROM  virtual_domains WHERE domain={?}', $domain);
                     XDB::query('DELETE FROM  virtual, virtual_redirect
                                                 USING  virtual INNER JOIN virtual_redirect USING (vid)
                                                 WHERE  alias LIKE {?}', '%@'.$domain);
-                    $page->trig('suppression des alias mails');
+                    $page->trigSuccess('suppression des alias mails');
 
                     $mmlist = new MMList(S::v('uid'), S::v('password'), $domain);
                     if ($listes = $mmlist->get_lists()) {
                         foreach ($listes as $l) {
                             $mmlist->delete_list($l['list'], true);
                         }
-                        $page->trig('mail lists surpprimées');
+                        $page->trigSuccess('mail lists surpprimées');
                     }
                 }
 
                 XDB::query('DELETE FROM groupex.asso WHERE id={?}', $id);
-                $page->trig("Groupe $nom supprimé");
+                $page->trigSuccess("Groupe $nom supprimé");
                 Get::kill('del');
             }
             if (!$id) {
@@ -110,6 +112,8 @@ class XnetModule extends PLModule
         }
 
         if (Post::has('diminutif')) {
+            S::assert_xsrf_token();
+
             XDB::query('INSERT INTO groupex.asso (id,diminutif)
                                  VALUES(NULL,{?})', Post::v('diminutif'));
             pl_redirect('../'.Post::v('diminutif').'/edit');
@@ -197,11 +201,14 @@ class XnetModule extends PLModule
 
         $page->setType($cat);
     }
-    
+
     function handler_autologin(&$page)
     {
+        $allkeys = func_get_args();
+        unset($allkeys[0]);
+        $url = join('/',$allkeys);
         header("Content-type: text/javascript; charset=utf-8");
-        echo '$.ajax({ url: "index?forceXml=1", dataType: "xml", success: function(xml) { $("body").empty(); $("body",xml).prependTo("body"); }});';
+        echo '$.ajax({ url: "'.$url.'?forceXml=1", dataType: "xml", success: function(xml) { $("body",xml).insertBefore("body"); $("body:eq(1)").remove(); }});';
         exit;
     }
 }