RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing admin requests

Browse Source 
Fixes #605
This commit is contained in:
Sebastian Grewe 2013-08-19 09:59:41 +02:00
parent 16557465e4
commit 59bd71c75d
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/include/pages/api/getuserbalance.inc.php
View File

@ -9,11 +9,13 @@ $api->isActive();
// Check user token // Check user token
$user_id = $user->checkApiKey($_REQUEST['api_key']); $user_id = $user->checkApiKey($_REQUEST['api_key']);
echo $user_id;
// We have to check if that user is admin too // We have to check if that user is admin too
if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
header("HTTP/1.1 401 Unauthorized"); header("HTTP/1.1 401 Unauthorized");
die("Access denied"); die("Access denied");
} else if ($user->isAdmin($user_id)) { } else if ($user->isAdmin($user_id) && !empty($_REQUEST['id'])) {
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
} else { } else {