From eef70a0cf1ec5d76c87109ff9ca3b5efef727660 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sat, 11 Feb 2023 15:10:27 +0000
Subject: [PATCH] Add read api endpoint for payments; fix requirement for all
 clients api key

---
 api/v1/payments/read.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/v1/payments/read.php b/api/v1/payments/read.php
index 5d8adb1e..4b3de23d 100644
--- a/api/v1/payments/read.php
+++ b/api/v1/payments/read.php
@@ -6,19 +6,19 @@ require_once('../require_get_method.php');
 // Payments aren't stored against client IDs, so we instead validate the API key is for All Clients
 
 
-if (isset($_GET['payment_id']) && $client_id !== "*") {
+if (isset($_GET['payment_id']) && $client_id == "%") {
     // Payment via ID (single)
 
     $id = intval($_GET['payment_id']);
     $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id' AND company_id = '$company_id'");
 
-} elseif (isset($_GET['payment_invoice_id']) && $client_id !== "*") {
+} elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
     // Payments for an invoice
 
     $id = intval($_GET['payment_invoice_id']);
     $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id' AND company_id = '$company_id'");
 
-} elseif ($client_id !== "*") {
+} elseif ($client_id == "%") {
     // All payments
 
     $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE company_id = '$company_id' ORDER BY payment_id LIMIT $limit OFFSET $offset");