* @return string Returns XML containing list of all users or error message
*/
public function list_all(){
- $users = new User_Model();
- $list = $users->list_all_users();
- $view = new View('api/user_list');
- $view->list = $list;
- $view->render(true);
+ if (apiler::is_authorized()){
+ $users = new User_Model();
+ $list = $users->list_all_users();
+ $view = new View('api/user_list');
+ $view->list = $list;
+ $view->render(true);
+ }
+ else
+ apiler::not_authorized();
}
/**
* @return integer|bool User id if successful or false
*/
public function get_id($username){
- $result = $this->db->query("SELECT id FROM users WHERE username=?", $username);
+ $result = $this->db->query("SELECT id FROM users WHERE username='?'", $username);
if ($result->count()>0)
return $result[0]->id;
else
// hash password
$password = $this->hash($password);
- if ($this->db->query("SELECT id FROM users WHERE username = ? AND password = ?",
+ if ($this->db->query("SELECT id FROM users WHERE username='?' AND password='?'",
$username, $password)->count()>0)
return true;
else