fix: Update api-access page to use get_userlist() #6063 (#6082)

* fix: Update api-access page to use get_userlist() #6063

* updated token list

* updated to use on db call

html/pages/api-access.inc.php

@@ -12,7 +12,7 @@
  * the source code distribution for details.
  */
 
-if ($_SESSION['userlevel'] >= '10') {
+if (is_admin() === true) {
     if (empty($_POST['token'])) {
         $_POST['token'] = bin2hex(openssl_random_pseudo_bytes(16));
     }
@@ -54,7 +54,7 @@ if ($_SESSION['userlevel'] >= '10') {
               <div class="col-sm-4">
                 <select class="form-control" id="user_id" name="user_id">
 <?php
-foreach (dbFetchRows("SELECT user_id,username FROM `users` WHERE `level` >= '10'", array()) as $users) {
+foreach ($userlist = get_userlist() as $users) {
     echo '<option value="'.$users['user_id'].'">'.$users['username'].'</option>';
 }
 
@@ -136,15 +136,20 @@ echo '
         </tr>
 ';
 
-foreach (dbFetchRows('SELECT `AT`.*,`U`.`username` FROM `api_tokens` AS AT JOIN users AS U ON AT.user_id=U.user_id ORDER BY AT.user_id') as $api) {
+foreach (dbFetchRows('SELECT * FROM `api_tokens` ORDER BY user_id') as $api) {
     if ($api['disabled'] == '1') {
         $api_disabled = 'checked';
     } else {
         $api_disabled = '';
     }
+    foreach ($userlist as $tmp_user) {
+        if ($tmp_user['user_id'] === $api['user_id']) {
+            $user_details = $tmp_user;
+        }
+    }
     echo '
         <tr id="'.$api['id'].'">
-          <td>'.$api['username'].'</td>
+          <td>'.$user_details['username'].'</td>
           <td>'.$api['token_hash'].'</td>
           <td><button class="btn btn-info btn-xs" data-toggle="modal" data-target="#display-qr" data-token_hash="'.$api['token_hash'].'"><i class="fa fa-qrcode" ></i></button></td>
           <td>'.$api['description'].'</td>