From 33a81154b63b0f56d74e6e0ef55131ce355ed535 Mon Sep 17 00:00:00 2001
From: Andreas <6977712+AndreasK79@users.noreply.github.com>
Date: Thu, 15 Jun 2023 09:26:17 +0200
Subject: [PATCH] [API] Corrected variable name and check

---
 application/controllers/Api.php | 2 +-
 application/models/Stations.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/controllers/Api.php b/application/controllers/Api.php
index df547f97..2eaf99a7 100644
--- a/application/controllers/Api.php
+++ b/application/controllers/Api.php
@@ -440,7 +440,7 @@ class API extends CI_Controller {
 
 		$userid = $this->api_model->key_userid($obj['key']);
 
-		if(!isset($obj['station_profile_id']) || $this->stations->check_station_against_user($obj['station_profile_id'], $userid) == 0) {
+		if(!isset($obj['station_profile_id']) || $this->stations->check_station_against_user($obj['station_profile_id'], $userid) == false) {
 			http_response_code(401);
 			echo json_encode(['status' => 'failed', 'reason' => "station id does not belong to the API key owner."]);
 			die();
diff --git a/application/models/Stations.php b/application/models/Stations.php
index 0d82b44d..0639c743 100644
--- a/application/models/Stations.php
+++ b/application/models/Stations.php
@@ -427,7 +427,7 @@ class Stations extends CI_Model {
 	public function check_station_against_user($stationid, $userid) {
 		$this->db->select('station_id');
 		$this->db->where('user_id', $userid);
-		$this->db->where('station_id', $id);
+		$this->db->where('station_id', $stationid);
 		$query = $this->db->get('station_profile');
 		if ($query->num_rows() == 1) {
 			return true;