Add academic id input check

academic-id/index.php

@@ -73,6 +73,31 @@ if (!function_exists('getallheaders'))
     }
 } 
 
+/**
+ * Check the input 
+ * 
+ * @return true|mixed True in case of valid input, or response and exit
+ */ 
+function check_input($identity)
+{
+    $valid = true;
+
+    if (preg_match('/^[0-9]{12}$/', $identity) !== 1) {
+        $valid = [
+            "message" => "Error: Malformed identity"
+        ];
+    }
+
+    if ($valid !== true) {
+        http_response_code(500);
+        header("Content-Type: application/json");
+        echo json_encode($valid);
+        exit(0);
+    }
+
+    return true;
+}
+
 /**
  * Check the authentication header
  * 
@@ -109,7 +134,7 @@ function check_authentication_header($username, $password)
         exit(0);
     }
 
-    return true;    
+    return true;
 }
 
 /**
@@ -117,11 +142,13 @@ function check_authentication_header($username, $password)
  */
 switch ($params['operation']) {
     case 'queryID':
-        header("Content-Type: application/json");
         check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
+        header("Content-Type: application/json");
         $result = wscall($params);
         break;
     case 'queryIDnoCD':
+        check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
+        check_input($params['identity']);
         header("Content-Type: text/plain");
         $result = json_decode(wscall($params), true);
         $IDis = $result !== null &&
@@ -131,6 +158,7 @@ switch ($params['operation']) {
         $result = "isStudent:" . ($IDis ? 'true' : 'false');
         break;
     case 'testServiceStatus':
+        check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
         header("Content-Type: text/plain");
         $result = "StudentID sent was:" . trim(filter_input(INPUT_GET, 'id'));
         break;