From 761ea241f7df2c99b8b6c062df66bee496a79ef6 Mon Sep 17 00:00:00 2001
From: kc9uhi <kc9uhi@gmail.com>
Date: Mon, 16 Feb 2026 16:42:56 -0700
Subject: [PATCH] reduce list_clubmembers data output, move key from request
 URI to POST data

---
 application/controllers/Api.php | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/application/controllers/Api.php b/application/controllers/Api.php
index 3699b9542..cede9ef85 100644
--- a/application/controllers/Api.php
+++ b/application/controllers/Api.php
@@ -1314,19 +1314,28 @@ class API extends CI_Controller {
 	* API key needs to be of a club officer (permission level 9)
 	* returns array of club member details
 	*/
-	function list_clubmembers($key = '') {
+	function list_clubmembers() {
 		header('Content-type: application/json');
 
 		$this->load->model('api_model');
-		if ($this->api_model->access($key) == "No Key Found" || $this->api_model->access($key) == "Key Disabled") {
+
+		// Decode JSON and store
+		$obj = json_decode(file_get_contents("php://input"), true);
+		if ($obj === NULL) {
+		    http_response_code(400);
+			echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
+			return;
+		}
+
+		if ($this->api_model->access($obj['key']) == "No Key Found" || $this->api_model->access($obj['key']) == "Key Disabled") {
 			http_response_code(401);
 			echo json_encode(['status' => 'error', 'message' => 'Auth Error, invalid key']);
 			return;
 		}
 
 		$this->load->model('club_model');
-		$userid = $this->api_model->key_userid($key);
-		$created_by = $this->api_model->key_created_by($key);
+		$userid = $this->api_model->key_userid($obj['key']);
+		$created_by = $this->api_model->key_created_by($obj['key']);
 		$club_perm = $this->club_model->get_permission_noui($userid,$created_by);
 		if (($userid == $created_by) || (($club_perm ?? 0) != 9)) { // not club officer
 			http_response_code(401);
@@ -1339,10 +1348,7 @@ class API extends CI_Controller {
 			foreach($memberlist as $member) {
 				$members[] = [
 					'callsign' => $member->user_callsign,
-					'first_name' => $member->user_firstname,
-					'last_name' => $member->user_lastname,
 					'user_name' => $member->user_name,
-					'email' => $member->user_email,
 					'p_level' => $member->p_level
 				];
 			}