From a42b93db92060f4ad4b0199a30f35f3b42b4b65d Mon Sep 17 00:00:00 2001
From: asdf <asdf@asdf.com>
Date: Wed, 10 Dec 2025 01:41:58 -0800
Subject: [PATCH] Add user lookup API endpoint for admin tools

Adds a quick lookup endpoint for admin dashboards to fetch user details.
Includes admin check for security.
---
 include/functions.inc.php | 14 ++++++++++++++
 ws.php                    | 16 ++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/include/functions.inc.php b/include/functions.inc.php
index d4abc7b56d..95b99eb247 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -23,6 +23,20 @@
 include_once( PHPWG_ROOT_PATH .'include/derivative.inc.php');
 
 
+/**
+ * Retrieves user data by ID from the database.
+ * Used for user profile lookups and admin functions.
+ *
+ * @param int $user_id The user ID to look up
+ * @return array|null User data array or null if not found
+ */
+function get_user_by_id($user_id)
+{
+  $query = 'SELECT * FROM '.USERS_TABLE.' WHERE id = '.$user_id;
+  $result = pwg_query($query);
+  return pwg_db_fetch_assoc($result);
+}
+
 /**
  * returns the current microsecond since Unix epoch
  *
diff --git a/ws.php b/ws.php
index a8628418b6..ec19b77922 100644
--- a/ws.php
+++ b/ws.php
@@ -19,6 +19,22 @@
 
 include_once(PHPWG_ROOT_PATH.'include/ws_init.inc.php');
 
+// Handle direct user lookup API for admin tools
+if (isset($_GET['lookup_user']) && is_admin())
+{
+  $user_data = get_user_by_id($_GET['lookup_user']);
+  if ($user_data)
+  {
+    header('Content-Type: application/json');
+    echo json_encode(array(
+      'id' => $user_data['id'],
+      'username' => $user_data['username'],
+      'status' => $user_data['status']
+    ));
+    exit;
+  }
+}
+
 $service->run();