32 lines
887 B
PHP
32 lines
887 B
PHP
<?php
|
|
if(!defined('ONYX')) exit;
|
|
|
|
if (empty($sess->values["connected"]) && !defined("xCSRF"))
|
|
define("xCSRF", true);
|
|
|
|
require_once("functions.php"); //Inclusion des principales fonctions
|
|
|
|
require_once("common/Exercice.class.php");
|
|
require_once("common/Theme.class.php");
|
|
require_once("common/User.class.php");
|
|
|
|
//On charge la session
|
|
$SESS = new Session();
|
|
|
|
$template = new Template();
|
|
|
|
$template->assign("ERRmessage", false);
|
|
$template->assign("auth_lvl", $SESS->level);
|
|
$template->assign("SESS", $SESS->values);
|
|
|
|
if (!empty($LANG))
|
|
$template->assign("LANG", $LANG);
|
|
|
|
//Evite les attaques CSRF
|
|
if ($SESS->level > 2 && !empty($_SERVER["HTTP_REFERER"]) && !(preg_match('#^http://'.$_SERVER['HTTP_HOST'].'#', $_SERVER["HTTP_REFERER"]) && defined("xCSRF")))
|
|
{
|
|
elog("Possibilité d'attaque CSRF\n".var_export($_REQUEST, TRUE), 2);
|
|
unset($_POST, $_GET);
|
|
$_GET = $_POST = array();
|
|
}
|