Add academic id input check

parent 5ba298e9
......@@ -73,6 +73,31 @@ if (!function_exists('getallheaders'))
}
}
/**
* Check the input
*
* @return true|mixed True in case of valid input, or response and exit
*/
function check_input($identity)
{
$valid = true;
if (preg_match('/^[0-9]{12}$/', $identity) !== 1) {
$valid = [
"message" => "Error: Malformed identity"
];
}
if ($valid !== true) {
http_response_code(500);
header("Content-Type: application/json");
echo json_encode($valid);
exit(0);
}
return true;
}
/**
* Check the authentication header
*
......@@ -109,7 +134,7 @@ function check_authentication_header($username, $password)
exit(0);
}
return true;
return true;
}
/**
......@@ -117,11 +142,13 @@ function check_authentication_header($username, $password)
*/
switch ($params['operation']) {
case 'queryID':
header("Content-Type: application/json");
check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
header("Content-Type: application/json");
$result = wscall($params);
break;
case 'queryIDnoCD':
check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
check_input($params['identity']);
header("Content-Type: text/plain");
$result = json_decode(wscall($params), true);
$IDis = $result !== null &&
......@@ -131,6 +158,7 @@ switch ($params['operation']) {
$result = "isStudent:" . ($IDis ? 'true' : 'false');
break;
case 'testServiceStatus':
check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
header("Content-Type: text/plain");
$result = "StudentID sent was:" . trim(filter_input(INPUT_GET, 'id'));
break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment