Skip to content
Permalink
Browse files Browse the repository at this point in the history
Sepe plugin: Add Database::escape_string
  • Loading branch information
jmontoyaa committed May 17, 2021
1 parent 2d6ae83 commit 6a98e32
Showing 1 changed file with 12 additions and 14 deletions.
26 changes: 12 additions & 14 deletions plugin/sepe/ws/service.php
@@ -1,8 +1,7 @@
<?php

/* For licensing terms, see /license.txt */
/**
* @package chamilo.webservices
*/

ini_set('log_errors_max_len', 0);
ini_set('soap.wsdl_cache_enabled', '0');
ini_set('soap.wsdl_cache_ttl', '0');
Expand All @@ -16,7 +15,6 @@

require_once $libpath.'nusoap/class.nusoap_base.php';
require_once api_get_path(SYS_PLUGIN_PATH).'sepe/src/wsse/soap-server-wsse.php';
//require_once api_get_path(SYS_PLUGIN_PATH).'sepe/src/wsse/soap-wsse.php';

$ns = api_get_path(WEB_PLUGIN_PATH)."sepe/ws/ProveedorCentroTFWS.wsdl";
$wsdl = api_get_path(SYS_PLUGIN_PATH)."sepe/ws/ProveedorCentroTFWS.wsdl";
Expand Down Expand Up @@ -90,24 +88,24 @@ function authenticate($WSUser, $WSKey)
$tUser = Database::get_main_table(TABLE_MAIN_USER);
$tApi = Database::get_main_table(TABLE_MAIN_USER_API_KEY);
$login = Database::escape_string($WSUser);
$sql = "SELECT u.user_id, u.status FROM $tUser u, $tApi a
WHERE
u.username='".$login."' AND
u.user_id = a.user_id AND
a.api_service = 'dokeos' AND
$WSKey = Database::escape_string($WSKey);

$sql = "SELECT u.user_id, u.status FROM $tUser u, $tApi a
WHERE
u.username='".$login."' AND
u.user_id = a.user_id AND
a.api_service = 'dokeos' AND
a.api_key='".$WSKey."'";
$result = Database::query($sql);

if (Database::num_rows($result) > 0) {
$row = Database::fetch_row($result);
if ($row[1] == '4') { //UserManager::is_admin($row[0])) {
if ($row[1] == '4') {
return true;
} else {
return false;
}
} else {
return false;
}

return false;
}

$doc = new DOMDocument();
Expand Down

0 comments on commit 6a98e32

Please sign in to comment.