From 30ba927c25465ec8581b8a67fa2c06fc94aa9561 Mon Sep 17 00:00:00 2001
From: Andreas <6977712+AndreasK79@users.noreply.github.com>
Date: Mon, 20 Sep 2021 15:16:53 +0200
Subject: [PATCH] [API] Added userid to the API key.

---
 application/config/migration.php              |  2 +-
 .../migrations/078_add_userid_to_api.php      | 19 +++++++++++++++
 application/models/Api_model.php              | 23 +++++++++++--------
 3 files changed, 34 insertions(+), 10 deletions(-)
 create mode 100644 application/migrations/078_add_userid_to_api.php

diff --git a/application/config/migration.php b/application/config/migration.php
index ad5f4c8e..c0728eb6 100644
--- a/application/config/migration.php
+++ b/application/config/migration.php
@@ -22,7 +22,7 @@ $config['migration_enabled'] = TRUE;
 |
 */
 
-$config['migration_version'] = 75;
+$config['migration_version'] = 78;
 
 /*
 |--------------------------------------------------------------------------
diff --git a/application/migrations/078_add_userid_to_api.php b/application/migrations/078_add_userid_to_api.php
new file mode 100644
index 00000000..c64565af
--- /dev/null
+++ b/application/migrations/078_add_userid_to_api.php
@@ -0,0 +1,19 @@
+<?php
+defined('BASEPATH') or exit('No direct script access allowed');
+
+class Migration_add_userid_to_api extends CI_Migration
+{
+	public function up()
+	{
+		$fields = array(
+			'user_id BIGINT(20) DEFAULT NULL',
+		);
+
+		$this->dbforge->add_column('api', $fields);
+	}
+
+	public function down()
+	{
+		$this->dbforge->drop_column('api', 'user_id');
+	}
+}
diff --git a/application/models/Api_model.php b/application/models/Api_model.php
index f5c9e417..21db4b45 100644
--- a/application/models/Api_model.php
+++ b/application/models/Api_model.php
@@ -16,11 +16,13 @@ class API_Model extends CI_Model {
 
     // GET API Keys
     function keys() {
+		$this->db->where('user_id', $this->session->userdata('user_id'));
     	return $this->db->get('api');
     }
 
     function key_description($key) {
-    	$this->db->where('key', $key); 
+		$this->db->where('user_id', $this->session->userdata('user_id'));
+    	$this->db->where('key', $key);
     	$query = $this->db->get('api');
 
     	return $query->result_array()[0];
@@ -28,17 +30,17 @@ class API_Model extends CI_Model {
 
 
     function update_key_description($key, $description) {
-    	
+
     	$data = array(
         'description' => xss_clean($description),
 		);
 
 		$this->db->where('key', xss_clean($key));
+		$this->db->where('user_id', $this->session->userdata('user_id'));
 		$this->db->update('api', xss_clean($data));
 
     }
 
-
     function country_worked($dxcc_num, $band, $mode){
 
     	if($band == "all") {
@@ -93,35 +95,38 @@ class API_Model extends CI_Model {
 
 
     function delete_key($key) {
+		$this->db->where('user_id', $this->session->userdata('user_id'));
     	$this->db->where('key', xss_clean($key));
 		$this->db->delete('api');
     }
     // Generate API Key
     function generate_key($rights) {
-    	
+
     	// Expects either rw (Read, Write) or r (read only)
 
     	// Generate Unique Key
     	$data['key'] = uniqid("cl");
 
     	$data['rights'] = $rights;
-    	
+
     	// Set API key to active
     	$data['status'] = "active";
 
-    	$this->db->insert('api', $data); 
+		$data['user_id'] = $this->session->userdata('user_id');
+
+    	$this->db->insert('api', $data);
 
     }
 
     function access($key) {
-    	
+
       // No key = no access, mate
       if(!$key) {
         return $status = "No Key Found";
       }
 
     	// Check that the key is valid
-    	$this->db->where('key', $key); 
+    	$this->db->where('key', $key);
      	$query = $this->db->get('api');
 
 		  if ($query->num_rows() > 0)
@@ -334,7 +339,7 @@ class API_Model extends CI_Model {
 			$s[12]  = '/~([a-zA-Z0-9\-\_\*\(\)\=\~]+)/';
 			// *, which becomes '%'
 			$s[13]  = '/\*/';
-	
+
 			$r[0]   = ' AND ';
 			$r[1]   = ' OR ';
 			$r[2]   = ' < ';