From 59bd71c75d49b5d29592faf67240f0607de156cb Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebgrewe@bigpoint.net>
Date: Mon, 19 Aug 2013 09:59:41 +0200
Subject: [PATCH] Fixing admin requests

Fixes #605
---
 public/include/pages/api/getuserbalance.inc.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/public/include/pages/api/getuserbalance.inc.php b/public/include/pages/api/getuserbalance.inc.php
index 9b765ce7..76462c00 100644
--- a/public/include/pages/api/getuserbalance.inc.php
+++ b/public/include/pages/api/getuserbalance.inc.php
@@ -9,11 +9,13 @@ $api->isActive();
 // Check user token
 $user_id = $user->checkApiKey($_REQUEST['api_key']);
 
+echo $user_id;
+
 // We have to check if that user is admin too
 if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
   header("HTTP/1.1 401 Unauthorized");
   die("Access denied");
-} else if ($user->isAdmin($user_id)) {
+} else if ($user->isAdmin($user_id) && !empty($_REQUEST['id'])) {
   $id = $_REQUEST['id'];
   ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
 } else {