Index: moodle/mod/lamslesson/callback.php =================================================================== diff -u -rf0f73aaa3bb67feb5d895b84844f8ff3cc7262e5 -r458edcd7121d8676f627e7f74a06952a54423bf6 --- moodle/mod/lamslesson/callback.php (.../callback.php) (revision f0f73aaa3bb67feb5d895b84844f8ff3cc7262e5) +++ moodle/mod/lamslesson/callback.php (.../callback.php) (revision 458edcd7121d8676f627e7f74a06952a54423bf6) @@ -18,23 +18,27 @@ include_once('lib.php'); global $DB; +$hs = required_param('hs', PARAM_ALPHANUM); +$ts = required_param('ts', PARAM_RAW); +$un = required_param('un', PARAM_ALPHANUM); +$lsid = required_param('lsId', PARAM_INT); + if(!isset($CFG->lamslesson_serverid)||!isset($CFG->lamslesson_serverkey)) { header('HTTP/1.1 401 Unauthenticated'); exit(1); } -$plaintext = trim($_GET['ts']).trim($_GET['un']).trim($CFG->lamslesson_serverid).trim($CFG->lamslesson_serverkey); +$plaintext = trim($ts).trim($un).trim($CFG->lamslesson_serverid).trim($CFG->lamslesson_serverkey); $hash = sha1(strtolower($plaintext)); -if($hash!=$_GET['hs']){ +if($hash != $hs){ header('HTTP/1.1 401 Unauthenticated'); exit(1); } //OK, the caller is authenticated. Now let's fulfill its request. // and make Moodle get the latest marks for this user in this lesson -$lsid = $_GET['lsId']; -$user = $DB->get_record('user', array('username'=>$_GET['un'])); +$user = $DB->get_record('user', array('username'=>$un)); if(!$user){ header('HTTP/1.1 401 Unauthenticated'); exit(1); @@ -44,4 +48,4 @@ $gradebookmark = lamslesson_get_lams_outputs($user->username,$lamslesson,$user->username); -?> \ No newline at end of file +?> Index: moodle/mod/lamslesson/lib.php =================================================================== diff -u -r585c2e273fb963a8c0299f704499a71298c22b58 -r458edcd7121d8676f627e7f74a06952a54423bf6 --- moodle/mod/lamslesson/lib.php (.../lib.php) (revision 585c2e273fb963a8c0299f704499a71298c22b58) +++ moodle/mod/lamslesson/lib.php (.../lib.php) (revision 458edcd7121d8676f627e7f74a06952a54423bf6) @@ -711,7 +711,7 @@ $listofcontexts = '('.$sitecontext->id.')'; // must be site } $sql = "SELECT u.id - FROM {$CFG->prefix}user u INNER JOIN {$CFG->prefix}role_assignments r ON u.id=r.userid + FROM {user} u INNER JOIN {role_assignments} r ON u.id=r.userid WHERE r.contextid IN $listofcontexts OR r.contextid=$context->id AND u.deleted=0 AND u.username!='guest'"; $users = $DB->get_records_sql($sql); Index: moodle/mod/lamslesson/userinfo.php =================================================================== diff -u -r82b05bec226a5e8a2e57f35727aefe8b8a3d2fad -r458edcd7121d8676f627e7f74a06952a54423bf6 --- moodle/mod/lamslesson/userinfo.php (.../userinfo.php) (revision 82b05bec226a5e8a2e57f35727aefe8b8a3d2fad) +++ moodle/mod/lamslesson/userinfo.php (.../userinfo.php) (revision 458edcd7121d8676f627e7f74a06952a54423bf6) @@ -16,14 +16,19 @@ include_once($CFG->libdir.'/datalib.php'); global $DB; + $hs = required_param('hs', PARAM_ALPHANUM); + $ts = required_param('ts', PARAM_RAW); + $un = required_param('un', PARAM_ALPHANUM); + $lsid = optional_param('lsid', '', PARAM_INT); + if(!isset($CFG->lamslesson_serverid)||!isset($CFG->lamslesson_serverkey)) { header('HTTP/1.1 401 Unauthenticated'); exit(1); } - $plaintext = trim($_GET['ts']).trim($_GET['un']).trim($CFG->lamslesson_serverid).trim($CFG->lamslesson_serverkey); + $plaintext = trim($ts).trim($un).trim($CFG->lamslesson_serverid).trim($CFG->lamslesson_serverkey); $hash = sha1(strtolower($plaintext)); - if($hash!=$_GET['hs']){ + if($hash != $hs){ header('HTTP/1.1 401 Unauthenticated'); exit(1); } @@ -32,7 +37,7 @@ //What it needs is user info in CSV format. It should be like this: //username,first name,last name,job title, department, organisation, //address,phone,fax,mobile,email - $user = $DB->get_record('user', array('username'=>$_GET['un'])); + $user = $DB->get_record('user', array('username'=>$un)); //return false if none found if(!$user){ @@ -43,4 +48,4 @@ $comma_separated = implode(",", $array);//need more sophiscated algorithm to generate CSV formatted string echo $comma_separated; -?> \ No newline at end of file +?>