diff --git a/application/controllers/Logbook.php b/application/controllers/Logbook.php index cb051dc9..6c38c2d1 100755 --- a/application/controllers/Logbook.php +++ b/application/controllers/Logbook.php @@ -384,7 +384,7 @@ class Logbook extends CI_Controller { function view($id) { $this->load->model('user_model'); - if(!$this->user_model->authorize($this->config->item('auth_mode'))) { return; } + if(!$this->user_model->authorize($this->config->item('auth_mode'))) { return; } $this->load->library('qra'); @@ -408,15 +408,19 @@ class Logbook extends CI_Controller { function partial($id) { $this->load->model('user_model'); - if(!$this->user_model->authorize($this->config->item('auth_mode'))) { return; } + if(!$this->user_model->authorize($this->config->item('auth_mode'))) { return; } + + $CI =& get_instance(); + $CI->load->model('logbooks_model'); + $logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook')); $html = ""; - $this->db->select(''.$this->config->item('table_name').'.COL_CALL, '.$this->config->item('table_name').'.COL_BAND, '.$this->config->item('table_name').'.COL_TIME_ON, '.$this->config->item('table_name').'.COL_RST_RCVD, '.$this->config->item('table_name').'.COL_RST_SENT, '.$this->config->item('table_name').'.COL_MODE, '.$this->config->item('table_name').'.COL_SUBMODE, '.$this->config->item('table_name').'.COL_PRIMARY_KEY, '.$this->config->item('table_name').'.COL_SAT_NAME, '.$this->config->item('table_name').'.COL_GRIDSQUARE, '.$this->config->item('table_name').'.COL_QSL_RCVD, '.$this->config->item('table_name').'.COL_EQSL_QSL_RCVD, '.$this->config->item('table_name').'.COL_EQSL_QSL_SENT, '.$this->config->item('table_name').'.COL_QSL_SENT, '.$this->config->item('table_name').'.COL_STX, '.$this->config->item('table_name').'.COL_STX_STRING, '.$this->config->item('table_name').'.COL_SRX, '.$this->config->item('table_name').'.COL_SRX_STRING, '.$this->config->item('table_name').'.COL_LOTW_QSL_SENT, '.$this->config->item('table_name').'.COL_LOTW_QSL_RCVD, '.$this->config->item('table_name').'.COL_VUCC_GRIDS, station_profile.*'); $this->db->from($this->config->item('table_name')); $this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id'); + $this->db->where_in('station_profile.station_id', $logbooks_locations_array); $this->db->order_by(''.$this->config->item('table_name').'.COL_TIME_ON', "desc"); $this->db->like($this->config->item('table_name').'.COL_CALL', $id); diff --git a/application/models/Logbook_model.php b/application/models/Logbook_model.php index 7ab05190..5269ada6 100755 --- a/application/models/Logbook_model.php +++ b/application/models/Logbook_model.php @@ -571,7 +571,12 @@ class Logbook_model extends CI_Model { /* Return last 10 QSOs */ function last_ten() { + $CI =& get_instance(); + $CI->load->model('logbooks_model'); + $logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook')); + $this->db->select('COL_CALL, COL_BAND, COL_TIME_ON, COL_RST_RCVD, COL_RST_SENT, COL_MODE, COL_SUBMODE, COL_NAME, COL_COUNTRY, COL_PRIMARY_KEY, COL_SAT_NAME'); + $this->db->where_in('station_id', $logbooks_locations_array); $this->db->order_by("COL_TIME_ON", "desc"); $this->db->limit(10); @@ -580,7 +585,12 @@ class Logbook_model extends CI_Model { /* Show custom number of qsos */ function last_custom($num) { + $CI =& get_instance(); + $CI->load->model('logbooks_model'); + $logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook')); + $this->db->select('COL_CALL, COL_BAND, COL_TIME_ON, COL_RST_RCVD, COL_RST_SENT, COL_MODE, COL_SUBMODE, COL_NAME, COL_COUNTRY, COL_PRIMARY_KEY, COL_SAT_NAME'); + $this->db->where_in('station_id', $logbooks_locations_array); $this->db->order_by("COL_TIME_ON", "desc"); $this->db->limit($num); @@ -842,10 +852,15 @@ class Logbook_model extends CI_Model { } function get_qso($id) { + $CI =& get_instance(); + $CI->load->model('logbooks_model'); + $logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook')); + $this->db->select(''.$this->config->item('table_name').'.*, station_profile.*'); $this->db->from($this->config->item('table_name')); $this->db->join('station_profile', 'station_profile.station_id = '.$this->config->item('table_name').'.station_id'); + $this->db->where_in($this->config->item('table_name').'.station_id', $logbooks_locations_array); $this->db->where('COL_PRIMARY_KEY', $id); return $this->db->get(); @@ -2644,6 +2659,19 @@ class Logbook_model extends CI_Model { return $this->db->get($this->config->item('table_name')); } + public function check_qso_is_accessible($id) { + // check if qso belongs to user + $this->db->select($this->config->item('table_name').'.COL_PRIMARY_KEY'); + $this->db->join('station_profile', $this->config->item('table_name').'.station_id = station_profile.station_id'); + $this->db->where('station_profile.user_id', $this->session->userdata('user_id')); + $this->db->where($this->config->item('table_name').'.COL_PRIMARY_KEY', $id); + $query = $this->db->get($this->config->item('table_name')); + if ($query->num_rows() == 1) { + return true; + } + return false; + } + } function validateADIFDate($date, $format = 'Ymd') diff --git a/application/models/Logbooks_model.php b/application/models/Logbooks_model.php index 42356667..82e46858 100644 --- a/application/models/Logbooks_model.php +++ b/application/models/Logbooks_model.php @@ -175,7 +175,8 @@ class Logbooks_model extends CI_Model { } public function check_logbook_is_accessible($id) { - // check if logbook belongs to user + // check if logbook belongs to user + $this->db->select('logbook_id'); $this->db->where('user_id', $this->session->userdata('user_id')); $this->db->where('logbook_id', $id); $query = $this->db->get('station_logbooks'); diff --git a/application/models/Qsl_model.php b/application/models/Qsl_model.php index 613c3e5e..b16ea581 100644 --- a/application/models/Qsl_model.php +++ b/application/models/Qsl_model.php @@ -2,13 +2,13 @@ class Qsl_model extends CI_Model { function getQsoWithQslList() { $CI =& get_instance(); - $CI->load->model('Stations'); - $station_id = $CI->Stations->find_active(); + $CI->load->model('logbooks_model'); + $logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook')); $this->db->select('*'); $this->db->from($this->config->item('table_name')); $this->db->join('qsl_images', 'qsl_images.qsoid = ' . $this->config->item('table_name') . '.col_primary_key'); - $this->db->where('station_id', $station_id); + $this->db->where_in('station_id', $logbooks_locations_array); return $this->db->get(); } @@ -17,6 +17,13 @@ class Qsl_model extends CI_Model { // Clean ID $clean_id = $this->security->xss_clean($id); + // be sure that QSO belongs to user + $CI =& get_instance(); + $CI->load->model('logbook_model'); + if (!$CI->logbook_model->check_qso_is_accessible($clean_id)) { + return; + } + $this->db->select('*'); $this->db->from('qsl_images'); $this->db->where('qsoid', $clean_id); @@ -25,8 +32,18 @@ class Qsl_model extends CI_Model { } function saveQsl($qsoid, $filename) { + // Clean ID + $clean_id = $this->security->xss_clean($qsoid); + + // be sure that QSO belongs to user + $CI =& get_instance(); + $CI->load->model('logbook_model'); + if (!$CI->logbook_model->check_qso_is_accessible($clean_id)) { + return; + } + $data = array( - 'qsoid' => $qsoid, + 'qsoid' => $clean_id, 'filename' => $filename ); @@ -39,6 +56,13 @@ class Qsl_model extends CI_Model { // Clean ID $clean_id = $this->security->xss_clean($id); + // be sure that QSO belongs to user + $CI =& get_instance(); + $CI->load->model('logbook_model'); + if (!$CI->logbook_model->check_qso_is_accessible($clean_id)) { + return; + } + // Delete Mode $this->db->delete('qsl_images', array('id' => $clean_id)); } @@ -47,6 +71,13 @@ class Qsl_model extends CI_Model { // Clean ID $clean_id = $this->security->xss_clean($id); + // be sure that QSO belongs to user + $CI =& get_instance(); + $CI->load->model('logbook_model'); + if (!$CI->logbook_model->check_qso_is_accessible($clean_id)) { + return; + } + $this->db->select('filename'); $this->db->from('qsl_images'); $this->db->where('id', $clean_id); @@ -54,14 +85,14 @@ class Qsl_model extends CI_Model { return $this->db->get(); } - function searchQsos($callsign) { - $CI =& get_instance(); - $CI->load->model('Stations'); - $station_id = $CI->Stations->find_active(); + function searchQsos($callsign) { + $CI =& get_instance(); + $CI->load->model('logbooks_model'); + $logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook')); $this->db->select('*'); $this->db->from($this->config->item('table_name')); - $this->db->where('station_id', $station_id); + $this->db->where_in('station_id', $logbooks_locations_array); $this->db->where('col_call', $callsign); return $this->db->get(); @@ -71,8 +102,15 @@ class Qsl_model extends CI_Model { $clean_qsoid = $this->security->xss_clean($qsoid); $clean_filename = $this->security->xss_clean($filename); + // be sure that QSO belongs to user + $CI =& get_instance(); + $CI->load->model('logbook_model'); + if (!$CI->logbook_model->check_qso_is_accessible($clean_qsoid)) { + return; + } + $data = array( - 'qsoid' => $qsoid, + 'qsoid' => $clean_qsoid, 'filename' => $filename ); diff --git a/application/models/Stations.php b/application/models/Stations.php index 21e20f73..4f16b8b0 100644 --- a/application/models/Stations.php +++ b/application/models/Stations.php @@ -290,6 +290,7 @@ class Stations extends CI_Model { public function check_station_is_accessible($id) { // check if station belongs to user + $this->db->select('station_id'); $this->db->where('user_id', $this->session->userdata('user_id')); $this->db->where('station_id', $id); $query = $this->db->get('station_profile');