From 25711a26712cb909c39eeed80e0227d7fd2411cc Mon Sep 17 00:00:00 2001 From: Artem Daniliants Date: Thu, 27 May 2010 11:34:38 +0300 Subject: [PATCH] Fixed minor bugs --- Server/application/controllers/users.php | 14 +++++++++----- Server/application/models/user.php | 4 ++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Server/application/controllers/users.php b/Server/application/controllers/users.php index bcfd042..94badbe 100644 --- a/Server/application/controllers/users.php +++ b/Server/application/controllers/users.php @@ -71,11 +71,15 @@ class Users_Controller extends Controller{ * @return string Returns XML containing list of all users or error message */ public function list_all(){ - $users = new User_Model(); - $list = $users->list_all_users(); - $view = new View('api/user_list'); - $view->list = $list; - $view->render(true); + if (apiler::is_authorized()){ + $users = new User_Model(); + $list = $users->list_all_users(); + $view = new View('api/user_list'); + $view->list = $list; + $view->render(true); + } + else + apiler::not_authorized(); } /** diff --git a/Server/application/models/user.php b/Server/application/models/user.php index fec78a2..749d0dc 100644 --- a/Server/application/models/user.php +++ b/Server/application/models/user.php @@ -106,7 +106,7 @@ class User_Model extends Model { * @return integer|bool User id if successful or false */ public function get_id($username){ - $result = $this->db->query("SELECT id FROM users WHERE username=?", $username); + $result = $this->db->query("SELECT id FROM users WHERE username='?'", $username); if ($result->count()>0) return $result[0]->id; else @@ -138,7 +138,7 @@ class User_Model extends Model { // hash password $password = $this->hash($password); - if ($this->db->query("SELECT id FROM users WHERE username = ? AND password = ?", + if ($this->db->query("SELECT id FROM users WHERE username='?' AND password='?'", $username, $password)->count()>0) return true; else -- 1.7.9.5