![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Moodle sql injection works, milestone complete.
## Since the Moodle external enrollment database code doesn't work,
## we fall back to manual SQL injection for MySQL, eg:
That was a few hours, 15 deltas and a lot of documentation and fiddling ago.
Now I'm just screwing around with Trac.
## we fall back to manual SQL injection for MySQL, eg:
## +insert into mdl_role_assignments (roleid,contextid,userid,hidden,timestart,timeend,
## timemodified,modifierid,enrol,sortorder) VALUES (5,14,10,0,NOW(),0,NOW(), 2, 'manual',0);+
##get Moodle context id
context_id = CONTEXT_DICTIONARY[course_id]
## get a real MySQL handle, scary!
mysql = ActiveRecord::Base.connection
### p "Debug: injecting mysql with payload of 5,#{context_id},#{user_id},0,unix_timestamp(),0,unix_timestamp(), 2, 'manual',0"
injector = "insert into mdl_role_assignments (roleid,contextid,userid,hidden,timestart,timeend,timemodified,modifierid,enrol,sortorder)
VALUES (5,#{context_id},#{user_id},0,unix_timestamp(),0,unix_timestamp(), 2, 'manual',0);"
r175 | bsk | 2008-12-13 21:44:28 -0500 (Sat, 13 Dec 2008) | 1 line even less debug. also, it seems to work on the dev data
That was a few hours, 15 deltas and a lot of documentation and fiddling ago.
Now I'm just screwing around with Trac.