diff --git a/res/forum/api/user_info.php b/res/forum/api/user_info.php
index 1ccfdd2..651ec2d 100644
--- a/res/forum/api/user_info.php
+++ b/res/forum/api/user_info.php
@@ -7,7 +7,9 @@ if (!isset($_SESSION["username"])) goto fail;
 
 $out = $database -> query("SELECT username, admin FROM user WHERE username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
 
-if ($out -> num_rows != 1)
+if (!isset($_GET["username"])) return;
+
+if ($out -> num_rows != 1 && $_GET["username"] != $_SESSION["username"])
 {
     fail:
     echo "nope";
@@ -15,8 +17,6 @@ if ($out -> num_rows != 1)
     return;
 }
 
-if (!isset($_GET["username"])) return;
-
 $out = $database -> query("SELECT user.username, user.admin, user_info.bio, user_info.nickname, user_info.sex FROM user INNER JOIN user_info ON user.user_info=user_info.id AND username=\"" . $_GET["username"] . "\"");
 
 $output = array();