Merge branch 'master' of git@github.com:ArtemD/SpeedFreak

author Jukka Kurttila <jktla@suomi24.fi>

Thu, 27 May 2010 08:43:03 +0000 (11:43 +0300)

committer Jukka Kurttila <jktla@suomi24.fi>

Thu, 27 May 2010 08:43:03 +0000 (11:43 +0300)
author Jukka Kurttila <jktla@suomi24.fi>
Thu, 27 May 2010 08:43:03 +0000 (11:43 +0300)
committer Jukka Kurttila <jktla@suomi24.fi>
Thu, 27 May 2010 08:43:03 +0000 (11:43 +0300)
diff --git a/Server/application/controllers/users.php b/Server/application/controllers/users.php

index bcfd042..94badbe 100644 (file)
--- a/Server/application/controllers/users.php
+++ b/Server/application/controllers/users.php
@@ -71,11 +71,15 @@ class Users_Controller extends Controller{
       * @return string Returns XML containing list of all users or error message
       */
      public function list_all(){
-       $users = new User_Model();
-       $list = $users->list_all_users();
-       $view = new View('api/user_list');
-       $view->list = $list;
-       $view->render(true);
+       if (apiler::is_authorized()){
+               $users = new User_Model();
+               $list = $users->list_all_users();
+               $view = new View('api/user_list');
+               $view->list = $list;
+               $view->render(true);
+           }
+           else
+               apiler::not_authorized();
      }
      
      /**
diff --git a/Server/application/models/user.php b/Server/application/models/user.php

index fec78a2..749d0dc 100644 (file)
--- a/Server/application/models/user.php
+++ b/Server/application/models/user.php
@@ -106,7 +106,7 @@ class User_Model extends Model {
       * @return integer|bool User id if successful or false
       */
      public function get_id($username){
-        $result = $this->db->query("SELECT id FROM users WHERE username=?", $username);
+        $result = $this->db->query("SELECT id FROM users WHERE username='?'", $username);
                 if ($result->count()>0)
             return $result[0]->id;
          else
@@ -138,7 +138,7 @@ class User_Model extends Model {
          // hash password
          $password = $this->hash($password);
          
-        if ($this->db->query("SELECT id FROM users WHERE username = ? AND password = ?",
+        if ($this->db->query("SELECT id FROM users WHERE username='?' AND password='?'",
                               $username, $password)->count()>0)
              return true;
          else
author	Jukka Kurttila <jktla@suomi24.fi>
	Thu, 27 May 2010 08:43:03 +0000 (11:43 +0300)
committer	Jukka Kurttila <jktla@suomi24.fi>
	Thu, 27 May 2010 08:43:03 +0000 (11:43 +0300)
Server/application/controllers/users.php		patch \| blob \| history
Server/application/models/user.php		patch \| blob \| history