values["connected"]) && !defined("xCSRF")) define("xCSRF", true); require_once("functions.php"); //Inclusion des principales fonctions require_once("common/Exercice.class.php"); require_once("common/Theme.class.php"); require_once("common/User.class.php"); //On charge la session $SESS = new Session(); $template = new Template(); $template->assign("ERRmessage", false); $template->assign("auth_lvl", $SESS->level); $template->assign("SESS", $SESS->values); if (!empty($LANG)) $template->assign("LANG", $LANG); //Evite les attaques CSRF if ($SESS->level > 2 && !empty($_SERVER["HTTP_REFERER"]) && !(preg_match('#^http://'.$_SERVER['HTTP_HOST'].'#', $_SERVER["HTTP_REFERER"]) && defined("xCSRF"))) { elog("Possibilité d'attaque CSRF\n".var_export($_REQUEST, TRUE), 2); unset($_POST, $_GET); $_GET = $_POST = array(); }