Merge pull request #616 from TheSerapher/issue-605

Issue 605
2013-08-19 01:00:12 -07:00 · 2013-08-19 01:00:12 -07:00 · c057efce3e
commit c057efce3e
parent 2e4a94ff8c 59bd71c75d
1 changed files with 30 additions and 0 deletions
--- a/public/include/pages/api/getuserbalance.inc.php
+++ b/public/include/pages/api/getuserbalance.inc.php
@ -0,0 +1,30 @@
+<?php
+
+// Make sure we are called from index.php
+if (!defined('SECURITY')) die('Hacking attempt');
+
+// Check if the API is activated
+$api->isActive();
+
+// Check user token
+$user_id = $user->checkApiKey($_REQUEST['api_key']);
+
+echo $user_id;
+
+// We have to check if that user is admin too
+if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) {
+  header("HTTP/1.1 401 Unauthorized");
+  die("Access denied");
+} else if ($user->isAdmin($user_id) && !empty($_REQUEST['id'])) {
+  $id = $_REQUEST['id'];
+  ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']);
+} else {
+  $id = $user_id;
+}
+
+// Output JSON format
+echo json_encode(array('getuserbalance' => $transaction->getBalance($id)));
+
+// Supress master template
+$supress_master = 1;
+?>