API overhaul for easier handling of API calls

* [FEATURE] Allow in-class checking for user permissions * [FEATURE] Allow in-class creation of the JSON data for coherence * [FEATURE} Added API version in JSON data for client side checks * [IMPROVEMENT] Adjusted all API calls to use the new JSON layout **NOTE**: This is breaking backwads compatibility with the old API! Please adjust your client application to support this new version. The data array should not change much more other than added features.
2013-09-17 11:55:54 +02:00 · 2013-09-17 11:55:54 +02:00 · 4ffca7d5ac
commit 4ffca7d5ac
parent ffe6a01003
21 changed files with 149 additions and 242 deletions
--- a/public/include/autoloader.inc.php
+++ b/public/include/autoloader.inc.php
@ -29,7 +29,6 @@ define('THEME', $theme);
 require_once(INCLUDE_DIR . '/smarty.inc.php');

 // Load everything else in proper order
-require_once(CLASS_DIR . '/api.class.php');
 require_once(CLASS_DIR . '/mail.class.php');
 require_once(CLASS_DIR . '/tokentype.class.php');
 require_once(CLASS_DIR . '/token.class.php');
@ -45,6 +44,7 @@ require_once(CLASS_DIR . '/roundstats.class.php');
 require_once(CLASS_DIR . '/transaction.class.php');
 require_once(CLASS_DIR . '/notification.class.php');
 require_once(CLASS_DIR . '/news.class.php');
+require_once(CLASS_DIR . '/api.class.php');
 require_once(INCLUDE_DIR . '/lib/Michelf/Markdown.php');
 require_once(INCLUDE_DIR . '/lib/scrypt.php');

--- a/public/include/classes/api.class.php
+++ b/public/include/classes/api.class.php
@ -7,6 +7,11 @@ if (!defined('SECURITY')) die('Hacking attempt');
 * Helper class for our API
 **/
 class Api extends Base {
+  private $api_version = '1.0.0';
+
+  function setStartTime($dStartTime) {
+    $this->dStartTime = $dStartTime;
+  }
  function isActive($error=true) {
    if (!$this->setting->getValue('disable_api')) {
      return true;
@ -17,8 +22,45 @@ class Api extends Base {
      }
    }
  }
+
+  /**
+   * Create API json object from input array
+   * @param data Array data to create JSON for
+   * @param force bool Enforce a JSON object
+   * @return string JSON object
+   **/
+  function get_json($data, $force=false) {
+    return json_encode(
+      array( $_REQUEST['action'] => array(
+        'version' => $this->api_version,
+        'runtime' => (microtime(true) - $this->dStartTime) * 1000,
+        'data' => $data
+      )), $force ? JSON_FORCE_OBJECT : 0
+    );
+  }
+
+  /**
+   * Check user access level to the API call
+   **/
+  function checkAccess($user_id, $get_id=NULL) {
+    if ( ! $this->user->isAdmin($user_id) && (!empty($get_id) && $get_id != $user_id)) {
+      // User is NOT admin and tries to access an ID that is not their own
+      header("HTTP/1.1 401 Unauthorized");
+      die("Access denied");
+    } else if ($this->user->isAdmin($user_id) && !empty($get_id)) {
+      // User is an admin and tries to fetch another users data
+      $id = $get_id;
+      // Is it a username or a user ID
+      ctype_digit($_REQUEST['id']) ? $id = $get_id : $id = $this->user->getUserId($get_id);
+    } else {
+      $id = $user_id;
+    }
+    return $id;
+  }
 }

 $api = new Api();
 $api->setConfig($config);
+$api->setUser($user);
 $api->setSetting($setting);
+$api->setStartTime($dStartTime);
--- a/public/include/pages/api/getblockcount.inc.php
+++ b/public/include/pages/api/getblockcount.inc.php
@ -7,19 +7,16 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 if ($bitcoin->can_connect() === true){
-  if (!$iBlock = $memcache->get('iBlock')) {
-    $iBlock = $bitcoin->query('getblockcount');
-    $memcache->set('iBlock', $iBlock);
-  }
+  $iBlock = $bitcoin->getblockcount();
 } else {
  $iBlock = 0;
 }

 // Output JSON format
-echo json_encode(array('getblockcount' => $iBlock));
+echo $api->get_json($iBlock);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getblocksfound.inc.php
+++ b/public/include/pages/api/getblocksfound.inc.php
@ -7,15 +7,13 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

-// Set a sane limit, overwrite with URL parameter
-$iLimit = 10;
-if (@$_REQUEST['limit'])
-  $iLimit = $_REQUEST['limit'];
+// Check how many blocks to fetch
+$setting->getValue('statistics_block_count') ? $iLimit = $setting->getValue('statistics_block_count') : $iLimit = 20;

 // Output JSON format
-echo json_encode(array('getblocksfound' => $statistics->getBlocksFound($iLimit)));
+echo $api->get_json($statistics->getBlocksFound($iLimit));

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getcurrentworkers.inc.php
+++ b/public/include/pages/api/getcurrentworkers.inc.php
@ -7,10 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Output JSON format
-echo json_encode(array('getcurrentworkers' => $worker->getCountAllActiveWorkers()));
+echo $api->get_json($worker->getCountAllActiveWorkers());

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getdashboarddata.inc.php
+++ b/public/include/pages/api/getdashboarddata.inc.php
@ -6,34 +6,20 @@ if (!defined('SECURITY')) die('Hacking attempt');
 // Check if the API is activated
 $api->isActive();

-// Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
+// Check user token and access level permissions
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

-/**
- * This check will ensure the user can do the following:
- * Admin: Check any user via request id
- * Regular: Check your own status
- * Other: Deny access via checkApiKey
- **/
-if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
-  // User is admin and tries to access an ID that is not their own
-  header("HTTP/1.1 401 Unauthorized");
-  die("Access denied");
-} else if ($user->isAdmin($user_id)) {
-  // Admin, so allow any ID passed in request
-  $id = $_REQUEST['id'];
-  // Is it a username or a user ID
-  ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id'];
-  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
+// Fetch RPC information
+if ($bitcoin->can_connect() === true) {
+  $dNetworkHashrate = $bitcoin->getnetworkhashps();
+  $dDifficulty = $bitcoin->getdifficulty();
+  $iBlock = $bitcoin->getblockcount();
 } else {
-  // Not admin, only allow own user ID
-  $id = $user_id;
-  $username = $user->getUserName($id);
+  $dNetworkHashrate = 0;
+  $dDifficulty = 1;
+  $iBlock = 0;
 }

-// Fetch raw RPC data
-$bitcoin->can_connect() === true ? $dNetworkHashrate = $bitcoin->query('getnetworkhashps') : $dNetworkHashrate = 0;
-
 // Some settings
 if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300;
 if ( ! $dPoolHashrateModifier = $setting->getValue('statistics_pool_hashrate_modifier') ) $dPoolHashrateModifier = 1;
@ -44,12 +30,12 @@ if ( ! $dNetworkHashrateModifier = $setting->getValue('statistics_network_hashra
 $statistics->setGetCache(false);
 $dPoolHashrate = $statistics->getCurrentHashrate($interval);
 if ($dPoolHashrate > $dNetworkHashrate) $dNetworkHashrate = $dPoolHashrate;
-$dPersonalHashrate = $statistics->getUserHashrate($id, $interval);
-$dPersonalSharerate = $statistics->getUserSharerate($id, $interval);
+$dPersonalHashrate = $statistics->getUserHashrate($user_id, $interval);
+$dPersonalSharerate = $statistics->getUserSharerate($user_id, $interval);
 $statistics->setGetCache(true);

 // Use caches for this one
-$aUserRoundShares = $statistics->getUserShares($id);
+$aUserRoundShares = $statistics->getUserShares($user_id);
 $aRoundShares = $statistics->getRoundShares();

 // Apply pool modifiers
@ -58,13 +44,13 @@ $dPoolHashrateAdjusted = $dPoolHashrate * $dPoolHashrateModifier;
 $dNetworkHashrateAdjusted = $dNetworkHashrate / 1000 * $dNetworkHashrateModifier;

 // Output JSON format
-echo json_encode(array($_REQUEST['action'] => array(
-  'runtime' => (microtime(true) - $dTimeStart) * 1000,
+$data = array(
  'raw' => array( 'personal' => array( 'hashrate' => $dPersonalHashrate ), 'pool' => array( 'hashrate' => $dPoolHashrate ), 'network' => array( 'hashrate' => $dNetworkHashrate / 1000 ) ),
  'personal' => array ( 'hashrate' => $dPersonalHashrateAdjusted, 'sharerate' => $dPersonalSharerate, 'shares' => $aUserRoundShares),
  'pool' => array( 'hashrate' => $dPoolHashrateAdjusted, 'shares' => $aRoundShares ),
-  'network' => array( 'hashrate' => $dNetworkHashrateAdjusted ),
-)));
+  'network' => array( 'hashrate' => $dNetworkHashrateAdjusted, 'difficulty' => $dDifficulty, 'block' => $iBlock ),
+);
+echo $api->get_json($data);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getdifficulty.inc.php
+++ b/public/include/pages/api/getdifficulty.inc.php
@ -7,17 +7,13 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Fetch data from wallet
-if ($bitcoin->can_connect() === true){
-  $dDifficulty = $bitcoin->getdifficulty();
-} else {
-  $iDifficulty = 1;
-}
+$bitcoin->can_connect() === true ? $dDifficulty = $bitcoin->getdifficulty() : $iDifficulty = 1;

 // Output JSON format
-echo json_encode(array('getdifficulty' => $dDifficulty));
+echo $api->get_json($dDifficulty);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getestimatedtime.inc.php
+++ b/public/include/pages/api/getestimatedtime.inc.php
@ -7,13 +7,14 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Estimated time to find the next block
 $iCurrentPoolHashrate = $statistics->getCurrentHashrate() * 1000;
+$bitcoin->can_connect() === true ? $dEstimatedTime = $bitcoin->getestimatedtime($iCurrentPoolHashrate) : $dEstimatedTime = 0;

 // Output JSON format
-echo json_encode(array('getestimatedtime' => $bitcoin->getestimatedtime($iCurrentPoolHashrate)));
+echo $api->get_json($dEstimatedTime);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/gethourlyhashrates.inc.php
+++ b/public/include/pages/api/gethourlyhashrates.inc.php
@ -7,25 +7,15 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
-
-if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
-  // User is admin and tries to access an ID that is not their own
-  header("HTTP/1.1 401 Unauthorized");
-  die("Access denied");
-} else if ($user->isAdmin($user_id)) {
-  // Is it a username or a user ID
-  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
-} else {
-  // Not admin, only allow own user ID
-  $id = $user_id;
-}
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Output JSON format
-echo json_encode(array('gethourlyhashrates' => array(
+$data = array(
  'mine' => $statistics->getHourlyHashrateByAccount($id),
  'pool' => $statistics->getHourlyHashrateByPool()
-)), JSON_FORCE_OBJECT);
+);
+
+echo $api->json($data);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getpoolhashrate.inc.php
+++ b/public/include/pages/api/getpoolhashrate.inc.php
@ -7,19 +7,17 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);
+
+// Fetch settings
+if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300;

 // Output JSON format
 $statistics->setGetCache(false);
-$start = microtime(true);
-$dPoolHashrate = $statistics->getCurrentHashrate(300);
-$end = microtime(true);
-$runtime = ($end - $start) * 1000;
+$dPoolHashrate = $statistics->getCurrentHashrate($interval);
 $statistics->setGetCache(true);
-echo json_encode(array('getpoolhashrate' => array(
-  'runtime' => $runtime,
-  'hashrate' => $dPoolHashrate,
-)));
+
+echo $api->get_json($dPoolHashrate);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getpoolsharerate.inc.php
+++ b/public/include/pages/api/getpoolsharerate.inc.php
@ -7,7 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);
+
+// Fetch settings
+if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300;

 // Output JSON format
 echo json_encode(array('getpoolsharerate' => $statistics->getCurrentShareRate()));
--- a/public/include/pages/api/getpoolstatus.inc.php
+++ b/public/include/pages/api/getpoolstatus.inc.php
@ -7,7 +7,7 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Fetch last block information
 $aLastBlock = $block->getLast();
@ -20,7 +20,7 @@ $aShares['valid'] > 0 ? $dEfficiency = round((100 - (100 / $aShares['valid'] * $
 if ($bitcoin->can_connect() === true){
  $dDifficulty = $bitcoin->getdifficulty();
  $iBlock = $bitcoin->getblockcount();
-  $dNetworkHashrate = $bitcoin->query('getnetworkhashps');
+  $dNetworkHashrate = $bitcoin->getnetworkhashps();
 } else {
  $dDifficulty = 1;
  $iBlock = 0;
@ -46,21 +46,21 @@ if (!empty($aLastBlock)) {
 }

 // Output JSON format
-echo json_encode(
-  array(
-    'getpoolstatus' => array(
-      'hashrate' => $iCurrentPoolHashrate,
-      'efficiency' => $dEfficiency,
-      'workers' => $worker->getCountAllActiveWorkers(),
-      'currentnetworkblock' =>  $iBlock,
-      'nextnetworkblock' =>  $iBlock + 1,
-      'lastblock' => $aLastBlock['height'],
-      'networkdiff' => $dDifficulty,
-      'esttime' => $iEstTime,
-      'estshares' => $iEstShares,
-      'timesincelast' => $dTimeSinceLast,
-      'nethashrate' => $dNetworkHashrate
-    )));
+$data = array(
+  'hashrate' => $iCurrentPoolHashrate,
+  'efficiency' => $dEfficiency,
+  'workers' => $worker->getCountAllActiveWorkers(),
+  'currentnetworkblock' =>  $iBlock,
+  'nextnetworkblock' =>  $iBlock + 1,
+  'lastblock' => $aLastBlock['height'],
+  'networkdiff' => $dDifficulty,
+  'esttime' => $iEstTime,
+  'estshares' => $iEstShares,
+  'timesincelast' => $dTimeSinceLast,
+  'nethashrate' => $dNetworkHashrate
+);
+
+echo $api->get_json($data);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/gettimesincelastblock.inc.php
+++ b/public/include/pages/api/gettimesincelastblock.inc.php
@ -7,21 +7,17 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Fetch our last block found
 $aBlocksFoundData = $statistics->getBlocksFound(1);

 // Time since last block
 $now = new DateTime( "now" );
-if (!empty($aBlocksFoundData)) {
-  $dTimeSinceLast = ($now->getTimestamp() - $aBlocksFoundData[0]['time']);
-} else {
-  $dTimeSinceLast = 0;
-}
+! empty($aBlocksFoundData) ? $dTimeSinceLast = ($now->getTimestamp() - $aBlocksFoundData[0]['time']) : $dTimeSinceLast = 0;

 // Output JSON format
-echo json_encode(array('gettimesincelastblock' => $dTimeSinceLast));
+echo $api->get_json($dTimeSinceLast);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getuserbalance.inc.php
+++ b/public/include/pages/api/getuserbalance.inc.php
@ -7,23 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
-
-echo $user_id;
-
-// We have to check if that user is admin too
-if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
-  header("HTTP/1.1 401 Unauthorized");
-  die("Access denied");
-} else if ($user->isAdmin($user_id) && !empty($_REQUEST['id'])) {
-  $id = $_REQUEST['id'];
-  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
-} else {
-  $id = $user_id;
-}
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Output JSON format
-echo json_encode(array('getuserbalance' => $transaction->getBalance($id)));
+echo $api->get_json($transaction->getBalance($user_id));

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getuserhashrate.inc.php
+++ b/public/include/pages/api/getuserhashrate.inc.php
@ -7,48 +7,19 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
-
-/**
- * This check will ensure the user can do the following:
- * Admin: Check any user via request id
- * Regular: Check your own status
- * Other: Deny access via checkApiKey
- **/
-if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
-  // User is admin and tries to access an ID that is not their own
-  header("HTTP/1.1 401 Unauthorized");
-  die("Access denied");
-} else if ($user->isAdmin($user_id)) {
-  // Admin, so allow any ID passed in request
-  $id = $_REQUEST['id'];
-  // Is it a username or a user ID
-  ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id'];
-  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
-} else {
-  // Not admin, only allow own user ID
-  $id = $user_id;
-  $username = $user->getUserName($id);
-}
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Fetch some settings
 if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300;

 // Gather un-cached data
 $statistics->setGetCache(false);
-$start = microtime(true);
-$hashrate = $statistics->getUserHashrate($id, $interval);
-$end = microtime(true);
-$runtime = ($end - $start)* 1000;
-
-// Output JSON format
-echo json_encode(array('getuserhashrate' => array(
-  'username' => $username,
-  'runtime' => $runtime,
-  'hashrate' => $hashrate
-)));
+$hashrate = $statistics->getUserHashrate($user_id, $interval);
 $statistics->setGetCache(true);

+// Output JSON
+echo $api->get_json($hashrate);
+
 // Supress master template
 $supress_master = 1;
 ?>
--- a/public/include/pages/api/getusersharerate.inc.php
+++ b/public/include/pages/api/getusersharerate.inc.php
@ -7,44 +7,18 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

-/**
- * This check will ensure the user can do the following:
- * Admin: Check any user via request id
- * Regular: Check your own status
- * Other: Deny access via checkApiKey
- **/
-if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
-  // User is admin and tries to access an ID that is not their own
-  header("HTTP/1.1 401 Unauthorized");
-  die("Access denied");
-} else if ($user->isAdmin($user_id)) {
-  // Admin, so allow any ID passed in request
-  $id = $_REQUEST['id'];
-  // Is it a username or a user ID
-  ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id'];
-  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
-} else {
-  // Not admin, only allow own user ID
-  $id = $user_id;
-  $username = $user->getUserName($id);
-}
+// Fetch settings
+if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300;

 // Gather un-cached data
 $statistics->setGetCache(false);
-$start = microtime(true);
-$sharerate = $statistics->getUserSharerate($id, 60);
-$end = microtime(true);
-$runtime = ($end - $start)* 1000;
+$sharerate = $statistics->getUserSharerate($user_id, $interval);
+$statistics->setGetCache(true);

 // Output JSON format
-echo json_encode(array('getusersharerate' => array(
-  'username' => $username,
-  'runtime' => $runtime,
-  'sharerate' => $sharerate
-)));
-$statistics->setGetCache(true);
+echo $api->get_json($sharerate);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getuserstatus.inc.php
+++ b/public/include/pages/api/getuserstatus.inc.php
@ -7,37 +7,15 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
-
-/**
- * This check will ensure the user can do the following:
- * Admin: Check any user via request id
- * Regular: Check your own status
- * Other: Deny access via checkApiKey
- **/
-if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
-  // User is admin and tries to access an ID that is not their own
-  header("HTTP/1.1 401 Unauthorized");
-  die("Access denied");
-} else if ($user->isAdmin($user_id)) {
-  // Admin, so allow any ID passed in request
-  $id = $_REQUEST['id'];
-  // Is it a username or a user ID
-  ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id'];
-  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
-} else {
-  // Not admin, only allow own user ID
-  $id = $user_id;
-  $username = $user->getUserName($id);
-}
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Output JSON format
-echo json_encode(array('getuserstatus' => array(
-  'username' => $username,
-  'shares' =>  $statistics->getUserShares($id),
-  'hashrate' => $statistics->getUserHashrate($id),
-  'sharerate' => $statistics->getUserSharerate($id)
-)));
+$data = array(
+  'shares' =>  $statistics->getUserShares($user_id),
+  'hashrate' => $statistics->getUserHashrate($user_id),
+  'sharerate' => $statistics->getUserSharerate($user_id)
+);
+echo $api->get_json($data);

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/getuserworkers.inc.php
+++ b/public/include/pages/api/getuserworkers.inc.php
@ -7,21 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt');
 $api->isActive();

 // Check user token
-$user_id = $user->checkApiKey($_REQUEST['api_key']);
-
-// We have to check if that user is admin too
-if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
-  header("HTTP/1.1 401 Unauthorized");
-  die("Access denied");
-} else if ($user->isAdmin($user_id)) {
-  $id = $_REQUEST['id'];
-  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
-} else {
-  $id = $user_id;
-}
+$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']);

 // Output JSON format
-echo json_encode(array('getuserworkers' => $worker->getWorkers($id)));
+echo $api->get_json($worker->getWorkers($user_id));

 // Supress master template
 $supress_master = 1;
--- a/public/include/pages/api/public.inc.php
+++ b/public/include/pages/api/public.inc.php
@ -13,6 +13,7 @@ $aShares = $statistics->getRoundShares();
 // RPC Calls
 $bitcoin->can_connect() === true ? $dNetworkHashrate = $bitcoin->getnetworkhashps() : $dNetworkHashrate = 0;

+// Backwards compatible with the existing services
 echo json_encode(
  array(
    'pool_name' => $setting->getValue('website_name'),
--- a/public/index.php
+++ b/public/index.php
@ -19,7 +19,7 @@ limitations under the License.
 */

 // Used for performance calculations
-$dTimeStart = microtime(true);
+$dStartTime = microtime(true);

 // This should be okay
 define("BASEPATH", "./");
@ -84,7 +84,7 @@ require_once(INCLUDE_DIR . '/smarty_globals.inc.php');
 // Load debug information into template
 $debug->append("Loading debug information into template", 4);
 $smarty->assign('DebuggerInfo', $debug->getDebugInfo());
-$smarty->assign('RUNTIME', (microtime(true) - $dTimeStart) * 1000);
+$smarty->assign('RUNTIME', (microtime(true) - $dStartTime) * 1000);

 // Display our page
 if (!@$supress_master) $smarty->display("master.tpl", $smarty_cache_key);
--- a/public/templates/test/dashboard/js.tpl
+++ b/public/templates/test/dashboard/js.tpl
@ -88,30 +88,30 @@ $(document).ready(function(){

  // Helper to initilize gauges
  function initGauges(data) {
-    g1 = new JustGage({id: "nethashrate", value: parseFloat(data.getdashboarddata.network.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.network.hashrate * 2), title: "Net Hashrate", label: "{/literal}{$GLOBAL.hashunits.network}{literal}"});
-    g2 = new JustGage({id: "poolhashrate", value: parseFloat(data.getdashboarddata.pool.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.pool.hashrate * 2), title: "Pool Hashrate", label: "{/literal}{$GLOBAL.hashunits.pool}{literal}"});
-    g3 = new JustGage({id: "hashrate", value: parseFloat(data.getdashboarddata.personal.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.personal.hashrate * 2), title: "Hashrate", label: "{/literal}{$GLOBAL.hashunits.personal}{literal}"});
-    g4 = new JustGage({id: "sharerate", value: parseFloat(data.getdashboarddata.personal.sharerate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.personal.sharerate * 2), title: "Sharerate", label: "shares/s"});
+    g1 = new JustGage({id: "nethashrate", value: parseFloat(data.getdashboarddata.data.network.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.network.hashrate * 2), title: "Net Hashrate", label: "{/literal}{$GLOBAL.hashunits.network}{literal}"});
+    g2 = new JustGage({id: "poolhashrate", value: parseFloat(data.getdashboarddata.data.pool.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.pool.hashrate * 2), title: "Pool Hashrate", label: "{/literal}{$GLOBAL.hashunits.pool}{literal}"});
+    g3 = new JustGage({id: "hashrate", value: parseFloat(data.getdashboarddata.data.personal.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.personal.hashrate * 2), title: "Hashrate", label: "{/literal}{$GLOBAL.hashunits.personal}{literal}"});
+    g4 = new JustGage({id: "sharerate", value: parseFloat(data.getdashboarddata.data.personal.sharerate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.personal.sharerate * 2), title: "Sharerate", label: "shares/s"});
    g5 = new JustGage({id: "querytime", value: parseFloat(data.getdashboarddata.runtime).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.runtime * 3), title: "Querytime", label: "ms"});
  }

  // Helper to refresh graphs
  function refreshInformation(data) {
-    g1.refresh(parseFloat(data.getdashboarddata.network.hashrate).toFixed(2));
-    g2.refresh(parseFloat(data.getdashboarddata.pool.hashrate).toFixed(2));
-    g3.refresh(parseFloat(data.getdashboarddata.personal.hashrate).toFixed(2));
-    g4.refresh(parseFloat(data.getdashboarddata.personal.sharerate).toFixed(2));
+    g1.refresh(parseFloat(data.getdashboarddata.data.network.hashrate).toFixed(2));
+    g2.refresh(parseFloat(data.getdashboarddata.data.pool.hashrate).toFixed(2));
+    g3.refresh(parseFloat(data.getdashboarddata.data.personal.hashrate).toFixed(2));
+    g4.refresh(parseFloat(data.getdashboarddata.data.personal.sharerate).toFixed(2));
    g5.refresh(parseFloat(data.getdashboarddata.runtime).toFixed(2));
    if (storedPersonalHashrate.length > 20) { storedPersonalHashrate.shift(); }
    if (storedPoolHashrate.length > 20) { storedPoolHashrate.shift(); }
    if (storedPersonalSharerate.length > 20) { storedPersonalSharerate.shift(); }
    timeNow = new Date().getTime();
-    storedPersonalHashrate[storedPersonalHashrate.length] = [timeNow, data.getdashboarddata.raw.personal.hashrate];
-    storedPersonalSharerate[storedPersonalSharerate.length] = [timeNow, parseFloat(data.getdashboarddata.personal.sharerate)];
-    storedPoolHashrate[storedPoolHashrate.length] = [timeNow, data.getdashboarddata.raw.pool.hashrate];
+    storedPersonalHashrate[storedPersonalHashrate.length] = [timeNow, data.getdashboarddata.data.raw.personal.hashrate];
+    storedPersonalSharerate[storedPersonalSharerate.length] = [timeNow, parseFloat(data.getdashboarddata.data.personal.sharerate)];
+    storedPoolHashrate[storedPoolHashrate.length] = [timeNow, data.getdashboarddata.data.raw.pool.hashrate];
    tempShareinfoData = [
-        [parseInt(data.getdashboarddata.personal.shares.valid), parseInt(data.getdashboarddata.personal.shares.invalid)],
-        [parseInt(data.getdashboarddata.pool.shares.valid), parseInt(data.getdashboarddata.pool.shares.invalid)]
+        [parseInt(data.getdashboarddata.data.personal.shares.valid), parseInt(data.getdashboarddata.data.personal.shares.invalid)],
+        [parseInt(data.getdashboarddata.data.pool.shares.valid), parseInt(data.getdashboarddata.data.pool.shares.invalid)]
    ];
    replotOverviewOptions = {
      data: [storedPersonalHashrate, storedPoolHashrate, storedPersonalSharerate],