From bcf3aecd1a319fb8af4a32add233b02ca9dffdc3 Mon Sep 17 00:00:00 2001 From: int2001 Date: Sun, 30 Jul 2023 09:05:51 +0000 Subject: [PATCH 01/10] Fixed sec-issues at stations (edit / delete / empty / copy) --- application/controllers/Station.php | 86 ++++++++++++++++------------- 1 file changed, 47 insertions(+), 39 deletions(-) diff --git a/application/controllers/Station.php b/application/controllers/Station.php index c1b39cb3a..b0e8ceb48 100644 --- a/application/controllers/Station.php +++ b/application/controllers/Station.php @@ -31,14 +31,13 @@ class Station extends CI_Controller { $this->load->view('interface_assets/footer'); } - public function create() - { + public function create() { $this->load->model('stations'); $this->load->model('dxcc'); $data['dxcc_list'] = $this->dxcc->list(); - $this->load->model('logbook_model'); - $data['iota_list'] = $this->logbook_model->fetchIota(); + $this->load->model('logbook_model'); + $data['iota_list'] = $this->logbook_model->fetchIota(); $this->load->library('form_validation'); @@ -59,50 +58,57 @@ class Station extends CI_Controller { } } - public function edit($id) - { - $data = $this->load_station_for_editing($id); - $data['page_title'] = "Edit Station Location: {$data['my_station_profile']->station_profile_name}"; + public function edit($id) { + $this->load->model('stations'); + if ($this->stations->check_station_is_accessible($id)) { + $data = $this->load_station_for_editing($id); + $data['page_title'] = "Edit Station Location: {$data['my_station_profile']->station_profile_name}"; - if ($this->form_validation->run() == FALSE) { - $this->load->view('interface_assets/header', $data); - $this->load->view('station_profile/edit'); - $this->load->view('interface_assets/footer'); + if ($this->form_validation->run() == FALSE) { + $this->load->view('interface_assets/header', $data); + $this->load->view('station_profile/edit'); + $this->load->view('interface_assets/footer'); + } else { + $this->stations->edit(); + + $data['notice'] = "Station Profile " . $this->security->xss_clean($this->input->post('station_profile_name', true)) . " Updated"; + + redirect('station'); + } } else { - $this->stations->edit(); - - $data['notice'] = "Station Profile " . $this->security->xss_clean($this->input->post('station_profile_name', true)) . " Updated"; - redirect('station'); } } - public function copy($id) - { - $data = $this->load_station_for_editing($id); - $data['page_title'] = "Duplicate Station Location: {$data['my_station_profile']->station_profile_name}"; + public function copy($id) { + $this->load->model('stations'); + if ($this->stations->check_station_is_accessible($id)) { + $data = $this->load_station_for_editing($id); + $data['page_title'] = "Duplicate Station Location: {$data['my_station_profile']->station_profile_name}"; - // we NULLify station_id and station_profile_name to make sure we are creating a new station - $data['copy_from'] = $data['my_station_profile']->station_id; - $data['my_station_profile']->station_id = NULL; - $data['my_station_profile']->station_profile_name = ''; + // we NULLify station_id and station_profile_name to make sure we are creating a new station + $data['copy_from'] = $data['my_station_profile']->station_id; + $data['my_station_profile']->station_id = NULL; + $data['my_station_profile']->station_profile_name = ''; - if ($this->form_validation->run() == FALSE) - { - $this->load->view('interface_assets/header', $data); - $this->load->view('station_profile/edit'); - $this->load->view('interface_assets/footer'); - } - else - { - $this->stations->add(); + if ($this->form_validation->run() == FALSE) + { + $this->load->view('interface_assets/header', $data); + $this->load->view('station_profile/edit'); + $this->load->view('interface_assets/footer'); + } + else + { + $this->stations->add(); + redirect('station'); + } + } else { redirect('station'); } } - function load_station_for_editing($id): array - { + function load_station_for_editing($id): array { $this->load->library('form_validation'); $this->load->model('stations'); @@ -159,15 +165,17 @@ class Station extends CI_Controller { public function delete($id) { $this->load->model('stations'); - $this->stations->delete($id); - + if ($this->stations->check_station_is_accessible($id)) { + $this->stations->delete($id); + } redirect('station'); } public function deletelog($id) { $this->load->model('stations'); - $this->stations->deletelog($id); - + if ($this->stations->check_station_is_accessible($id)) { + $this->stations->deletelog($id); + } redirect('station'); } From e957402b3725f8f4f73d4078e5c9077ec8139ce1 Mon Sep 17 00:00:00 2001 From: int2001 Date: Sun, 30 Jul 2023 17:25:52 +0000 Subject: [PATCH 02/10] redirect if one wants to try print labels from other station --- application/controllers/Labels.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/application/controllers/Labels.php b/application/controllers/Labels.php index ec83929d1..a871c8e24 100644 --- a/application/controllers/Labels.php +++ b/application/controllers/Labels.php @@ -98,11 +98,16 @@ class Labels extends CI_Controller { public function print($station_id) { $clean_id = xss_clean($station_id); + $this->load->model('stations'); + if ($this->stations->check_station_is_accessible($station_id)) { - $this->load->model('labels_model'); - $result = $this->labels_model->export_printrequested($clean_id); + $this->load->model('labels_model'); + $result = $this->labels_model->export_printrequested($clean_id); - $this->prepareLabel($result); + $this->prepareLabel($result); + } else { + redirect('labels'); + } } function prepareLabel($qsos, $jscall = false) { From feb81eecdeef5e39f2e1d4382be49994522af2b5 Mon Sep 17 00:00:00 2001 From: int2001 Date: Sun, 30 Jul 2023 17:31:54 +0000 Subject: [PATCH 03/10] Only Export Cabrillo for stations belonging to the User --- application/controllers/Cabrillo.php | 150 +++++++++++++++------------ 1 file changed, 82 insertions(+), 68 deletions(-) diff --git a/application/controllers/Cabrillo.php b/application/controllers/Cabrillo.php index 4d02e0159..8c3032f9a 100644 --- a/application/controllers/Cabrillo.php +++ b/application/controllers/Cabrillo.php @@ -16,15 +16,15 @@ class Cabrillo extends CI_Controller { if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); } } - public function index() { - $data['page_title'] = "Export Cabrillo"; + public function index() { + $data['page_title'] = "Export Cabrillo"; - $this->load->model('Contesting_model'); - $this->load->model('stations'); + $this->load->model('Contesting_model'); + $this->load->model('stations'); - $data['station_profile'] = $this->stations->all_of_user(); - $active_station_id = $this->stations->find_active(); - $station_profile = $this->stations->profile($active_station_id); + $data['station_profile'] = $this->stations->all_of_user(); + $active_station_id = $this->stations->find_active(); + $station_profile = $this->stations->profile($active_station_id); $data['active_station_info'] = $station_profile->row(); @@ -32,93 +32,107 @@ class Cabrillo extends CI_Controller { $footerData['scripts'] = [ 'assets/js/sections/cabrillo.js' ]; - - $this->load->view('interface_assets/header', $data); + + $this->load->view('interface_assets/header', $data); $this->load->view('cabrillo/index'); $this->load->view('interface_assets/footer', $footerData); - } + } - public function getContests() { + public function getContests() { $this->load->model('Contesting_model'); - $station_id = $this->security->xss_clean($this->input->post('station_id')); - $year = $this->security->xss_clean($this->input->post('year')); - $result = $this->Contesting_model->get_logged_contests($station_id, $year); + $station_id = $this->security->xss_clean($this->input->post('station_id')); + $this->load->model('stations'); + if ($this->stations->check_station_is_accessible($station_id)) { + $year = $this->security->xss_clean($this->input->post('year')); + $result = $this->Contesting_model->get_logged_contests($station_id, $year); - header('Content-Type: application/json'); - echo json_encode($result); - } + header('Content-Type: application/json'); + echo json_encode($result); + } else { + $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); + } + } - public function getYears() { + public function getYears() { $this->load->model('Contesting_model'); - $station_id = $this->security->xss_clean($this->input->post('station_id')); + $station_id = $this->security->xss_clean($this->input->post('station_id')); $result = $this->Contesting_model->get_logged_years($station_id); header('Content-Type: application/json'); echo json_encode($result); - } + } - public function getContestDates() { - $this->load->model('Contesting_model'); - $station_id = $this->security->xss_clean($this->input->post('station_id')); - $year = $this->security->xss_clean($this->input->post('year')); - $contestid = $this->security->xss_clean($this->input->post('contestid')); + public function getContestDates() { + $this->load->model('Contesting_model'); + $station_id = $this->security->xss_clean($this->input->post('station_id')); + $this->load->model('stations'); + if ($this->stations->check_station_is_accessible($station_id)) { + $year = $this->security->xss_clean($this->input->post('year')); + $contestid = $this->security->xss_clean($this->input->post('contestid')); - $result = $this->Contesting_model->get_contest_dates($station_id, $year, $contestid); + $result = $this->Contesting_model->get_contest_dates($station_id, $year, $contestid); - header('Content-Type: application/json'); - echo json_encode($result); - } + header('Content-Type: application/json'); + echo json_encode($result); + } else { + $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); + } + } - public function export() { - // Set memory limit to unlimited to allow heavy usage + public function export() { + // Set memory limit to unlimited to allow heavy usage ini_set('memory_limit', '-1'); - $this->load->model('Contesting_model'); + $this->load->model('Contesting_model'); - $this->load->model('stations'); + $this->load->model('stations'); - $this->load->model('user_model'); + $this->load->model('user_model'); - $station_id = $this->security->xss_clean($this->input->post('station_id')); - $contest_id = $this->security->xss_clean($this->input->post('contestid')); + $station_id = $this->security->xss_clean($this->input->post('station_id')); + if ($this->stations->check_station_is_accessible($station_id)) { + $contest_id = $this->security->xss_clean($this->input->post('contestid')); - $from = $this->security->xss_clean($this->input->post('contestdatesfrom')); - $to = $this->security->xss_clean($this->input->post('contestdatesto')); + $from = $this->security->xss_clean($this->input->post('contestdatesfrom')); + $to = $this->security->xss_clean($this->input->post('contestdatesto')); - $station = $this->stations->profile($station_id); + $station = $this->stations->profile($station_id); - $station = $station->row(); + $station = $station->row(); - $userinfo = $this->user_model->get_by_id($this->session->userdata('user_id')); + $userinfo = $this->user_model->get_by_id($this->session->userdata('user_id')); - $userinfo = $userinfo->row(); + $userinfo = $userinfo->row(); - $data['qsos'] = $this->Contesting_model->export_custom($from, $to, $contest_id, $station_id); + $data['qsos'] = $this->Contesting_model->export_custom($from, $to, $contest_id, $station_id); - $data['contest_id'] = $contest_id; - $data['callsign'] = $station->station_callsign; - $data['claimed_score'] = ''; - $data['categoryoperator'] = $this->security->xss_clean($this->input->post('categoryoperator')); - $data['categoryassisted'] = $this->security->xss_clean($this->input->post('categoryassisted')); - $data['categoryband'] = $this->security->xss_clean($this->input->post('categoryband')); - $data['categorymode'] = $this->security->xss_clean($this->input->post('categorymode')); - $data['categorypower'] = $this->security->xss_clean($this->input->post('categorypower')); - $data['categorystation'] = $this->security->xss_clean($this->input->post('categorystation')); - $data['categorytransmitter'] = $this->security->xss_clean($this->input->post('categorytransmitter')); - $data['categoryoverlay'] = $this->security->xss_clean($this->input->post('categoryoverlay')); - $data['operators'] = $this->security->xss_clean($this->input->post('operators')); - $data['club'] = $this->security->xss_clean($this->input->post('club')); - $data['name'] = $userinfo->user_firstname . ' ' . $userinfo->user_lastname; - $data['email'] = $userinfo->user_email; - $data['address'] = $this->security->xss_clean($this->input->post('address')); - $data['addresscity'] = $this->security->xss_clean($this->input->post('addresscity')); - $data['addressstateprovince'] = $this->security->xss_clean($this->input->post('addressstateprovince')); - $data['addresspostalcode'] = $this->security->xss_clean($this->input->post('addresspostalcode')); - $data['addresscountry'] = $this->security->xss_clean($this->input->post('addresscountry')); - $data['soapbox'] = $this->security->xss_clean($this->input->post('soapbox')); - $data['gridlocator'] = $station->station_gridsquare; + $data['contest_id'] = $contest_id; + $data['callsign'] = $station->station_callsign; + $data['claimed_score'] = ''; + $data['categoryoperator'] = $this->security->xss_clean($this->input->post('categoryoperator')); + $data['categoryassisted'] = $this->security->xss_clean($this->input->post('categoryassisted')); + $data['categoryband'] = $this->security->xss_clean($this->input->post('categoryband')); + $data['categorymode'] = $this->security->xss_clean($this->input->post('categorymode')); + $data['categorypower'] = $this->security->xss_clean($this->input->post('categorypower')); + $data['categorystation'] = $this->security->xss_clean($this->input->post('categorystation')); + $data['categorytransmitter'] = $this->security->xss_clean($this->input->post('categorytransmitter')); + $data['categoryoverlay'] = $this->security->xss_clean($this->input->post('categoryoverlay')); + $data['operators'] = $this->security->xss_clean($this->input->post('operators')); + $data['club'] = $this->security->xss_clean($this->input->post('club')); + $data['name'] = $userinfo->user_firstname . ' ' . $userinfo->user_lastname; + $data['email'] = $userinfo->user_email; + $data['address'] = $this->security->xss_clean($this->input->post('address')); + $data['addresscity'] = $this->security->xss_clean($this->input->post('addresscity')); + $data['addressstateprovince'] = $this->security->xss_clean($this->input->post('addressstateprovince')); + $data['addresspostalcode'] = $this->security->xss_clean($this->input->post('addresspostalcode')); + $data['addresscountry'] = $this->security->xss_clean($this->input->post('addresscountry')); + $data['soapbox'] = $this->security->xss_clean($this->input->post('soapbox')); + $data['gridlocator'] = $station->station_gridsquare; - $this->load->view('cabrillo/export', $data); - } -} \ No newline at end of file + $this->load->view('cabrillo/export', $data); + }else { + $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); + } + } +} From 4dd62bfa11f5c4551c6812abe2c6d700683e46dd Mon Sep 17 00:00:00 2001 From: int2001 Date: Sun, 30 Jul 2023 17:53:13 +0000 Subject: [PATCH 04/10] Fixed station_id-Check at create_qso --- application/models/Logbook_model.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php index cd14052c5..9e4fa4ed4 100755 --- a/application/models/Logbook_model.php +++ b/application/models/Logbook_model.php @@ -241,6 +241,13 @@ class Logbook_model extends CI_Model { $station_id = $CI->Stations->find_active(); } + $CI =& get_instance(); + $CI->load->model('Stations'); + if (!$CI->Stations->check_station_is_accessible($station_id)) { // Hard Exit if station_profile not accessible + return 'Station not accessible
'; + } + + // If station profile has been provided fill in the fields if($station_id != "0") { $station = $this->check_station($station_id); From ef65d6a7c4de61c3afda929aee5b3e1e3677da3f Mon Sep 17 00:00:00 2001 From: int2001 Date: Mon, 31 Jul 2023 05:03:05 +0000 Subject: [PATCH 05/10] check if qso belongs to user when deleting/requesting/confirming QSOs/QSLs --- application/controllers/Qso.php | 26 +++--- application/models/Logbook_model.php | 120 +++++++++++++++++---------- 2 files changed, 89 insertions(+), 57 deletions(-) diff --git a/application/controllers/Qso.php b/application/controllers/Qso.php index 3189df045..a6b2a2675 100755 --- a/application/controllers/Qso.php +++ b/application/controllers/Qso.php @@ -290,13 +290,13 @@ class QSO extends CI_Controller { function delete($id) { $this->load->model('logbook_model'); - $this->logbook_model->delete($id); - - $this->session->set_flashdata('notice', 'QSO Deleted Successfully'); - $data['message_title'] = "Deleted"; - $data['message_contents'] = "QSO Deleted Successfully"; - $this->load->view('messages/message', $data); - + if ($this->logbook_model->check_qso_is_accessible($id)) { + $this->logbook_model->delete($id); + $this->session->set_flashdata('notice', 'QSO Deleted Successfully'); + $data['message_title'] = "Deleted"; + $data['message_contents'] = "QSO Deleted Successfully"; + $this->load->view('messages/message', $data); + } // If deletes from /logbook dropdown redirect if (strpos($_SERVER['HTTP_REFERER'], '/logbook') !== false) { @@ -309,10 +309,14 @@ class QSO extends CI_Controller { $id = str_replace('"', "", $this->input->post("id")); $this->load->model('logbook_model'); - - $this->logbook_model->delete($id); - header('Content-Type: application/json'); - echo json_encode(array('message' => 'OK')); + if ($this->logbook_model->check_qso_is_accessible($id)) { + $this->logbook_model->delete($id); + header('Content-Type: application/json'); + echo json_encode(array('message' => 'OK')); + } else { + header('Content-Type: application/json'); + echo json_encode(array('message' => 'not allowed')); + } return; } diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php index 9e4fa4ed4..9eb643aec 100755 --- a/application/models/Logbook_model.php +++ b/application/models/Logbook_model.php @@ -1289,68 +1289,88 @@ class Logbook_model extends CI_Model { return $name; } /* Return QSO Info */ - function qso_info($id) { - $this->db->where('COL_PRIMARY_KEY', $id); + function qso_info($id) { + if ($this->logbook_model->check_qso_is_accessible($id)) { + $this->db->where('COL_PRIMARY_KEY', $id); - return $this->db->get($this->config->item('table_name')); - } + return $this->db->get($this->config->item('table_name')); + } else { + return; + } + } // Set Paper to received - function paperqsl_update($qso_id, $method) { + function paperqsl_update($qso_id, $method) { + if ($this->logbook_model->check_qso_is_accessible($qso_id)) { - $data = array( - 'COL_QSLRDATE' => date('Y-m-d H:i:s'), - 'COL_QSL_RCVD' => 'Y', - 'COL_QSL_RCVD_VIA' => $method - ); + $data = array( + 'COL_QSLRDATE' => date('Y-m-d H:i:s'), + 'COL_QSL_RCVD' => 'Y', + 'COL_QSL_RCVD_VIA' => $method + ); - $this->db->where('COL_PRIMARY_KEY', $qso_id); + $this->db->where('COL_PRIMARY_KEY', $qso_id); - $this->db->update($this->config->item('table_name'), $data); - } + $this->db->update($this->config->item('table_name'), $data); + } else { + return; + } + } // Set Paper to sent function paperqsl_update_sent($qso_id, $method) { + if ($this->logbook_model->check_qso_is_accessible($qso_id)) { - $data = array( - 'COL_QSLSDATE' => date('Y-m-d H:i:s'), - 'COL_QSL_SENT' => 'Y', - 'COL_QSL_SENT_VIA' => $method - ); + $data = array( + 'COL_QSLSDATE' => date('Y-m-d H:i:s'), + 'COL_QSL_SENT' => 'Y', + 'COL_QSL_SENT_VIA' => $method + ); - $this->db->where('COL_PRIMARY_KEY', $qso_id); + $this->db->where('COL_PRIMARY_KEY', $qso_id); - $this->db->update($this->config->item('table_name'), $data); + $this->db->update($this->config->item('table_name'), $data); + } else { + return; + } } // Set Paper to requested function paperqsl_requested($qso_id, $method) { + if ($this->logbook_model->check_qso_is_accessible($qso_id)) { - $data = array( - 'COL_QSLSDATE' => date('Y-m-d H:i:s'), - 'COL_QSL_SENT' => 'R', - 'COL_QSL_SENT_VIA' => $method - ); + $data = array( + 'COL_QSLSDATE' => date('Y-m-d H:i:s'), + 'COL_QSL_SENT' => 'R', + 'COL_QSL_SENT_VIA' => $method + ); - $this->db->where('COL_PRIMARY_KEY', $qso_id); + $this->db->where('COL_PRIMARY_KEY', $qso_id); - $this->db->update($this->config->item('table_name'), $data); + $this->db->update($this->config->item('table_name'), $data); + } else { + return; + } } function paperqsl_ignore($qso_id, $method) { + if ($this->logbook_model->check_qso_is_accessible($qso_id)) { - $data = array( - 'COL_QSLSDATE' => date('Y-m-d H:i:s'), - 'COL_QSL_SENT' => 'I' - ); + $data = array( + 'COL_QSLSDATE' => date('Y-m-d H:i:s'), + 'COL_QSL_SENT' => 'I' + ); - $this->db->where('COL_PRIMARY_KEY', $qso_id); + $this->db->where('COL_PRIMARY_KEY', $qso_id); - $this->db->update($this->config->item('table_name'), $data); + $this->db->update($this->config->item('table_name'), $data); + } else { + return; + } } function get_qsos_for_printing($station_id2 = null) { @@ -1427,16 +1447,20 @@ class Logbook_model extends CI_Model { } function get_qso($id) { - $this->db->select($this->config->item('table_name').'.*, station_profile.*, dxcc_entities.*, coalesce(dxcc_entities_2.name, "- NONE -") as station_country, dxcc_entities_2.end as station_end, eQSL_images.image_file as eqsl_image_file, lotw_users.callsign as lotwuser, lotw_users.lastupload'); - $this->db->from($this->config->item('table_name')); - $this->db->join('dxcc_entities', $this->config->item('table_name').'.col_dxcc = dxcc_entities.adif', 'left'); - $this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id', 'left'); - $this->db->join('dxcc_entities as dxcc_entities_2', 'station_profile.station_dxcc = dxcc_entities_2.adif', 'left outer'); - $this->db->join('eQSL_images', $this->config->item('table_name').'.COL_PRIMARY_KEY = eQSL_images.qso_id', 'left outer'); - $this->db->join('lotw_users', $this->config->item('table_name').'.COL_CALL = lotw_users.callsign', 'left outer'); - $this->db->where('COL_PRIMARY_KEY', $id); + if ($this->logbook_model->check_qso_is_accessible($id)) { + $this->db->select($this->config->item('table_name').'.*, station_profile.*, dxcc_entities.*, coalesce(dxcc_entities_2.name, "- NONE -") as station_country, dxcc_entities_2.end as station_end, eQSL_images.image_file as eqsl_image_file, lotw_users.callsign as lotwuser, lotw_users.lastupload'); + $this->db->from($this->config->item('table_name')); + $this->db->join('dxcc_entities', $this->config->item('table_name').'.col_dxcc = dxcc_entities.adif', 'left'); + $this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id', 'left'); + $this->db->join('dxcc_entities as dxcc_entities_2', 'station_profile.station_dxcc = dxcc_entities_2.adif', 'left outer'); + $this->db->join('eQSL_images', $this->config->item('table_name').'.COL_PRIMARY_KEY = eQSL_images.qso_id', 'left outer'); + $this->db->join('lotw_users', $this->config->item('table_name').'.COL_CALL = lotw_users.callsign', 'left outer'); + $this->db->where('COL_PRIMARY_KEY', $id); - return $this->db->get(); + return $this->db->get(); + } else { + return; + } } /* @@ -2627,10 +2651,14 @@ class Logbook_model extends CI_Model { } /* Delete QSO based on the QSO ID */ - function delete($id) { - $this->db->where('COL_PRIMARY_KEY', $id); - $this->db->delete($this->config->item('table_name')); - } + function delete($id) { + if ($this->check_qso_is_accessible($id)) { + $this->db->where('COL_PRIMARY_KEY', $id); + $this->db->delete($this->config->item('table_name')); + } else { + return; + } + } /* Used to check if the qso is already in the database */ function import_check($datetime, $callsign, $band, $mode, $station_callsign) { From 8e5dacea01f6b29710480063739d4edb1306fb09 Mon Sep 17 00:00:00 2001 From: int2001 Date: Mon, 31 Jul 2023 05:34:44 +0000 Subject: [PATCH 06/10] Removed unused functions at Dashboard / Secured webadif --- application/controllers/Dashboard.php | 38 ------------- application/models/Logbook_model.php | 82 +++++++++++---------------- 2 files changed, 34 insertions(+), 86 deletions(-) diff --git a/application/controllers/Dashboard.php b/application/controllers/Dashboard.php index afc0132d7..b7b3b969e 100644 --- a/application/controllers/Dashboard.php +++ b/application/controllers/Dashboard.php @@ -212,42 +212,4 @@ class Dashboard extends CI_Controller { } - function todays_map() { - $this->load->library('qra'); - $this->load->model('logbook_model'); - // TODO: Auth - $qsos = $this->logbook_model->get_todays_qsos(''); - - - echo "{\"markers\": ["; - - foreach ($qsos->result() as $row) { - //print_r($row); - if($row->COL_GRIDSQUARE != null) { - $stn_loc = $this->qra->qra2latlong($row->COL_GRIDSQUARE); - echo "{\"point\":new GLatLng(".$stn_loc[0].",".$stn_loc[1]."), \"html\":\"Callsign: ".$row->COL_CALL."
Date/Time: ".$row->COL_TIME_ON."
Band: ".$row->COL_BAND."
Mode: "; - echo $row->COL_SUBMODE==null?$row->COL_MODE:$row->COL_SUBMODE; - echo "\",\"label\":\"".$row->COL_CALL."\"},"; - } else { - $query = $this->db->query(' - SELECT * - FROM dxcc_entities - WHERE prefix = SUBSTRING( \''.$row->COL_CALL.'\', 1, LENGTH( prefix ) ) - ORDER BY LENGTH( prefix ) DESC - LIMIT 1 - '); - - foreach ($query->result() as $dxcc) { - echo "{\"point\":new GLatLng(".$dxcc->lat.",".$dxcc->long."), \"html\":\"Callsign: ".$row->COL_CALL."
Date/Time: ".$row->COL_TIME_ON."
Band: ".$row->COL_BAND."
Mode: "; - echo $row->COL_SUBMODE==null?$row->COL_MODE:$row->COL_SUBMODE; - echo "\",\"label\":\"".$row->COL_CALL."\"},"; - } - } - - } - echo "]"; - echo "}"; - } - -} diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php index 9eb643aec..86ce49288 100755 --- a/application/models/Logbook_model.php +++ b/application/models/Logbook_model.php @@ -1500,45 +1500,50 @@ class Logbook_model extends CI_Model { /* * Function returns the QSOs from the logbook, which have not been either marked as uploaded to webADIF */ - function get_webadif_qsos($station_id,$from = null, $to = null){ - $sql = " + function get_webadif_qsos($station_id,$from = null, $to = null){ + $CI =& get_instance(); + $CI->load->model('Stations'); + if (!$CI->Stations->check_station_is_accessible($station_id)) { + return; + } + $sql = " SELECT qsos.*, station_profile.*, dxcc_entities.name as station_country FROM %s qsos INNER JOIN station_profile ON qsos.station_id = station_profile.station_id LEFT JOIN dxcc_entities on qsos.col_my_dxcc = dxcc_entities.adif LEFT OUTER JOIN webadif ON qsos.COL_PRIMARY_KEY = webadif.qso_id WHERE qsos.station_id = %d - AND qsos.COL_SAT_NAME = 'QO-100' + AND qsos.COL_SAT_NAME = 'QO-100' AND webadif.upload_date IS NULL "; - $sql = sprintf( - $sql, - $this->config->item('table_name'), - $station_id - ); - if ($from) { - $from = DateTime::createFromFormat('d/m/Y', $from); - $from = $from->format('Y-m-d'); + $sql = sprintf( + $sql, + $this->config->item('table_name'), + $station_id + ); + if ($from) { + $from = DateTime::createFromFormat('d/m/Y', $from); + $from = $from->format('Y-m-d'); - $sql.=" AND qsos.COL_TIME_ON >= %s"; - $sql=sprintf( - $sql, - $this->db->escape($from) - ); - } - if ($to) { - $to = DateTime::createFromFormat('d/m/Y', $to); - $to = $to->format('Y-m-d'); + $sql.=" AND qsos.COL_TIME_ON >= %s"; + $sql=sprintf( + $sql, + $this->db->escape($from) + ); + } + if ($to) { + $to = DateTime::createFromFormat('d/m/Y', $to); + $to = $to->format('Y-m-d'); - $sql.=" AND qsos.COL_TIME_ON <= %s"; - $sql=sprintf( - $sql, - $this->db->escape($to) - ); - } + $sql.=" AND qsos.COL_TIME_ON <= %s"; + $sql=sprintf( + $sql, + $this->db->escape($to) + ); + } - return $this->db->query($sql); - } + return $this->db->query($sql); + } /* * Function returns all the station_id's with HRDLOG Code @@ -1737,26 +1742,7 @@ class Logbook_model extends CI_Model { return $query; } - function get_date_qsos($date) { - $this->db->select('COL_CALL, COL_BAND, COL_TIME_ON, COL_RST_RCVD, COL_RST_SENT, COL_MODE, COL_SUBMODE, COL_NAME, COL_COUNTRY, COL_PRIMARY_KEY, COL_SAT_NAME'); - $this->db->order_by("COL_TIME_ON", "desc"); - $start = $date." 00:00:00"; - $end = $date." 23:59:59"; - - $this->db->where("COL_TIME_ON BETWEEN '".$start."' AND '".$end."'"); - $query = $this->db->get($this->config->item('table_name')); - - return $query; - } - - function get_todays_qsos() { - $morning = date('Y-m-d 00:00:00'); - $night = date('Y-m-d 23:59:59'); - $query = $this->db->query('SELECT * FROM '.$this->config->item('table_name').' WHERE COL_TIME_ON between \''.$morning.'\' AND \''.$night.'\''); - return $query; - } - - function totals_year() { + function totals_year() { $CI =& get_instance(); $CI->load->model('logbooks_model'); From bcc8bda3e5b683a6d0a8b66108ae97eb2d82e11e Mon Sep 17 00:00:00 2001 From: int2001 Date: Mon, 31 Jul 2023 06:59:04 +0000 Subject: [PATCH 07/10] WebAdif fixing. cron is trusted --- application/controllers/Webadif.php | 58 ++++++++++++++-------------- application/models/Logbook_model.php | 36 ++++++++--------- 2 files changed, 48 insertions(+), 46 deletions(-) diff --git a/application/controllers/Webadif.php b/application/controllers/Webadif.php index d5fcb1831..a958f402e 100644 --- a/application/controllers/Webadif.php +++ b/application/controllers/Webadif.php @@ -21,7 +21,7 @@ class Webadif extends CI_Controller { foreach ($station_ids as $station) { $webadif_api_key = $station->webadifapikey; $webadif_api_url = $station->webadifapiurl; - if ($this->mass_upload_qsos($station->station_id, $webadif_api_key, $webadif_api_url)) { + if ($this->mass_upload_qsos($station->station_id, $webadif_api_key, $webadif_api_url, true)) { echo "QSOs have been uploaded to QO-100 Dx Club."; log_message('info', 'QSOs have been uploaded to QO-100 Dx Club.'); } else { @@ -47,9 +47,9 @@ class Webadif extends CI_Controller { * Function gets all QSOs from given station_id, that are not previously uploaded to webADIF consumer. * Adif is build for each qso, and then uploaded, one at a time */ - function mass_upload_qsos($station_id, $webadif_api_key, $webadif_api_url) { + function mass_upload_qsos($station_id, $webadif_api_key, $webadif_api_url, $trusted = false) { $i = 0; - $data['qsos'] = $this->logbook_model->get_webadif_qsos($station_id); + $data['qsos'] = $this->logbook_model->get_webadif_qsos($station_id, $trusted); $errormessages=array(); $CI =& get_instance(); @@ -91,7 +91,7 @@ class Webadif extends CI_Controller { $data['page_title'] = "QO-100 Dx Club Upload"; - $data['station_profiles'] = $this->stations->stations_with_webadif_api_key(); + $data['station_profiles'] = $this->stations->stations_with_webadif_api_key(); $data['station_profile'] = $this->stations->stations_with_webadif_api_key(); $this->load->view('interface_assets/header', $data); @@ -103,32 +103,34 @@ class Webadif extends CI_Controller { * Used for ajax-function when selecting log for upload to webADIF consumer */ public function upload_station() { - $this->setOptions(); - $this->load->model('stations'); + $this->setOptions(); + $postData = $this->input->post(); + $this->load->model('stations'); + if (!$this->stations->check_station_is_accessible($postData['station_id'])) { + return; + } - $postData = $this->input->post(); + $this->load->model('logbook_model'); + $result = $this->logbook_model->exists_webadif_api_key($postData['station_id']); + $webadif_api_key = $result->webadifapikey; + $webadif_api_url = $result->webadifapiurl; + header('Content-type: application/json'); + $result = $this->mass_upload_qsos($postData['station_id'], $webadif_api_key, $webadif_api_url); + if ($result['status'] == 'OK') { + $stationinfo = $this->stations->stations_with_webadif_api_key(); + $info = $stationinfo->result(); - $this->load->model('logbook_model'); - $result = $this->logbook_model->exists_webadif_api_key($postData['station_id']); - $webadif_api_key = $result->webadifapikey; - $webadif_api_url = $result->webadifapiurl; - header('Content-type: application/json'); - $result = $this->mass_upload_qsos($postData['station_id'], $webadif_api_key, $webadif_api_url); - if ($result['status'] == 'OK') { - $stationinfo = $this->stations->stations_with_webadif_api_key(); - $info = $stationinfo->result(); - - $data['status'] = 'OK'; - $data['info'] = $info; - $data['infomessage'] = $result['count'] . " QSOs are now uploaded to QO-100 Dx Club"; - $data['errormessages'] = $result['errormessages']; - echo json_encode($data); - } else { - $data['status'] = 'Error'; - $data['info'] = 'Error: No QSOs found to upload.'; - $data['errormessages'] = $result['errormessages']; - echo json_encode($data); - } + $data['status'] = 'OK'; + $data['info'] = $info; + $data['infomessage'] = $result['count'] . " QSOs are now uploaded to QO-100 Dx Club"; + $data['errormessages'] = $result['errormessages']; + echo json_encode($data); + } else { + $data['status'] = 'Error'; + $data['info'] = 'Error: No QSOs found to upload.'; + $data['errormessages'] = $result['errormessages']; + echo json_encode($data); + } } public function mark_webadif() { diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php index 86ce49288..ee934bc0e 100755 --- a/application/models/Logbook_model.php +++ b/application/models/Logbook_model.php @@ -237,13 +237,13 @@ class Logbook_model extends CI_Model { if($station_id == "" || $station_id == "0") { $CI =& get_instance(); - $CI->load->model('Stations'); - $station_id = $CI->Stations->find_active(); + $CI->load->model('stations'); + $station_id = $CI->stations->find_active(); } $CI =& get_instance(); - $CI->load->model('Stations'); - if (!$CI->Stations->check_station_is_accessible($station_id)) { // Hard Exit if station_profile not accessible + $CI->load->model('stations'); + if (!$CI->stations->check_station_is_accessible($station_id)) { // Hard Exit if station_profile not accessible return 'Station not accessible
'; } @@ -881,8 +881,8 @@ class Logbook_model extends CI_Model { // be sure that station belongs to user $CI =& get_instance(); - $CI->load->model('Stations'); - if (!$CI->Stations->check_station_is_accessible($stationId)) { + $CI->load->model('stations'); + if (!$CI->stations->check_station_is_accessible($stationId)) { return; } @@ -1376,8 +1376,8 @@ class Logbook_model extends CI_Model { function get_qsos_for_printing($station_id2 = null) { $CI =& get_instance(); - $CI->load->model('Stations'); - $station_id = $CI->Stations->find_active(); + $CI->load->model('stations'); + $station_id = $CI->stations->find_active(); $sql = 'SELECT STATION_CALLSIGN, @@ -1500,10 +1500,10 @@ class Logbook_model extends CI_Model { /* * Function returns the QSOs from the logbook, which have not been either marked as uploaded to webADIF */ - function get_webadif_qsos($station_id,$from = null, $to = null){ + function get_webadif_qsos($station_id,$from = null, $to = null,$trusted = false){ $CI =& get_instance(); - $CI->load->model('Stations'); - if (!$CI->Stations->check_station_is_accessible($station_id)) { + $CI->load->model('stations'); + if ((!$trusted) && (!$CI->stations->check_station_is_accessible($station_id))) { return; } $sql = " @@ -1968,8 +1968,8 @@ class Logbook_model extends CI_Model { /* Return QSOs for the year for the active profile */ function map_all_qsos_for_active_station_profile() { $CI =& get_instance(); - $CI->load->model('Stations'); - $station_id = $CI->Stations->find_active(); + $CI->load->model('stations'); + $station_id = $CI->stations->find_active(); $this->db->where("station_id", $station_id); $this->db->order_by("COL_TIME_ON", "ASC"); @@ -2762,12 +2762,12 @@ class Logbook_model extends CI_Model { function import($record, $station_id = "0", $skipDuplicate = false, $markLotw = false, $dxccAdif = false, $markQrz = false, $markHrd = false,$skipexport = false, $operatorName = false, $apicall = false) { // be sure that station belongs to user $CI =& get_instance(); - $CI->load->model('Stations'); - if (!$CI->Stations->check_station_is_accessible($station_id) && $apicall == false ) { + $CI->load->model('stations'); + if (!$CI->stations->check_station_is_accessible($station_id) && $apicall == false ) { return 'Station not accessible
'; } - $station_profile=$CI->Stations->profile_clean($station_id); + $station_profile=$CI->stations->profile_clean($station_id); $station_profile_call=$station_profile->station_callsign; if (($station_id !=0 ) && (!(isset($record['station_callsign'])))) { @@ -3078,8 +3078,8 @@ class Logbook_model extends CI_Model { // Get active station_id from station profile if one hasn't been provided if($station_id == "" || $station_id == "0") { $CI =& get_instance(); - $CI->load->model('Stations'); - $station_id = $CI->Stations->find_active(); + $CI->load->model('stations'); + $station_id = $CI->stations->find_active(); } // Check if QSO is already in the database From 112d997ca505c86a119904064ff9a28d6bd26b2d Mon Sep 17 00:00:00 2001 From: int2001 Date: Mon, 31 Jul 2023 07:16:15 +0000 Subject: [PATCH 08/10] Check if QRZ-QSOs belong to user, when triggering via GUI --- application/controllers/Qrz.php | 6 +++--- application/models/Logbook_model.php | 29 ++++++++++++++++------------ 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/application/controllers/Qrz.php b/application/controllers/Qrz.php index 68eb29db8..7dce6900f 100644 --- a/application/controllers/Qrz.php +++ b/application/controllers/Qrz.php @@ -26,7 +26,7 @@ class Qrz extends CI_Controller { if ($station_ids) { foreach ($station_ids as $station) { $qrz_api_key = $station->qrzapikey; - if($this->mass_upload_qsos($station->station_id, $qrz_api_key)) { + if($this->mass_upload_qsos($station->station_id, $qrz_api_key, true)) { echo "QSOs have been uploaded to QRZ.com."; log_message('info', 'QSOs have been uploaded to QRZ.com.'); } else{ @@ -53,9 +53,9 @@ class Qrz extends CI_Controller { * Function gets all QSOs from given station_id, that are not previously uploaded to qrz. * Adif is build for each qso, and then uploaded, one at a time */ - function mass_upload_qsos($station_id, $qrz_api_key) { + function mass_upload_qsos($station_id, $qrz_api_key, $trusted = false) { $i = 0; - $data['qsos'] = $this->logbook_model->get_qrz_qsos($station_id); + $data['qsos'] = $this->logbook_model->get_qrz_qsos($station_id, $trusted); $errormessages=array(); $CI =& get_instance(); diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php index ee934bc0e..fa43b0505 100755 --- a/application/models/Logbook_model.php +++ b/application/models/Logbook_model.php @@ -1483,19 +1483,24 @@ class Logbook_model extends CI_Model { /* * Function returns the QSOs from the logbook, which have not been either marked as uploaded to qrz, or has been modified with an edit */ - function get_qrz_qsos($station_id){ - $sql = 'select *, dxcc_entities.name as station_country from ' . $this->config->item('table_name') . ' thcv ' . - ' left join station_profile on thcv.station_id = station_profile.station_id' . - ' left outer join dxcc_entities on thcv.col_my_dxcc = dxcc_entities.adif' . - ' where thcv.station_id = ' . $station_id . - ' and (COL_QRZCOM_QSO_UPLOAD_STATUS is NULL - or COL_QRZCOM_QSO_UPLOAD_STATUS = "" - or COL_QRZCOM_QSO_UPLOAD_STATUS = "M" - or COL_QRZCOM_QSO_UPLOAD_STATUS = "N")'; + function get_qrz_qsos($station_id, $trusted = false){ + $CI =& get_instance(); + $CI->load->model('stations'); + if ((!$trusted) && (!$CI->stations->check_station_is_accessible($station_id))) { + return; + } + $sql = 'select *, dxcc_entities.name as station_country from ' . $this->config->item('table_name') . ' thcv ' . + ' left join station_profile on thcv.station_id = station_profile.station_id' . + ' left outer join dxcc_entities on thcv.col_my_dxcc = dxcc_entities.adif' . + ' where thcv.station_id = ' . $station_id . + ' and (COL_QRZCOM_QSO_UPLOAD_STATUS is NULL + or COL_QRZCOM_QSO_UPLOAD_STATUS = "" + or COL_QRZCOM_QSO_UPLOAD_STATUS = "M" + or COL_QRZCOM_QSO_UPLOAD_STATUS = "N")'; - $query = $this->db->query($sql); - return $query; - } + $query = $this->db->query($sql); + return $query; + } /* * Function returns the QSOs from the logbook, which have not been either marked as uploaded to webADIF From bc3002bf863313ace6efba7a9c7835f878d9350b Mon Sep 17 00:00:00 2001 From: int2001 Date: Mon, 31 Jul 2023 09:13:28 +0000 Subject: [PATCH 09/10] Fixed params when calling webadif via cron --- application/controllers/Webadif.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/controllers/Webadif.php b/application/controllers/Webadif.php index a958f402e..7d1f5b487 100644 --- a/application/controllers/Webadif.php +++ b/application/controllers/Webadif.php @@ -49,7 +49,7 @@ class Webadif extends CI_Controller { */ function mass_upload_qsos($station_id, $webadif_api_key, $webadif_api_url, $trusted = false) { $i = 0; - $data['qsos'] = $this->logbook_model->get_webadif_qsos($station_id, $trusted); + $data['qsos'] = $this->logbook_model->get_webadif_qsos($station_id, null, null, $trusted); $errormessages=array(); $CI =& get_instance(); From 4840bc822de5726261138f2b0291780eb081ab06 Mon Sep 17 00:00:00 2001 From: int2001 Date: Mon, 31 Jul 2023 09:44:27 +0000 Subject: [PATCH 10/10] Comments added (testing branch/merge/PR-Issue) --- application/controllers/Webadif.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/controllers/Webadif.php b/application/controllers/Webadif.php index 7d1f5b487..7a98b0f90 100644 --- a/application/controllers/Webadif.php +++ b/application/controllers/Webadif.php @@ -21,7 +21,7 @@ class Webadif extends CI_Controller { foreach ($station_ids as $station) { $webadif_api_key = $station->webadifapikey; $webadif_api_url = $station->webadifapiurl; - if ($this->mass_upload_qsos($station->station_id, $webadif_api_key, $webadif_api_url, true)) { + if ($this->mass_upload_qsos($station->station_id, $webadif_api_key, $webadif_api_url, true)) { // When called via cron it is trusted echo "QSOs have been uploaded to QO-100 Dx Club."; log_message('info', 'QSOs have been uploaded to QO-100 Dx Club.'); } else {