From 7988f917f3203a3b3f62efc769e5f542f97370eb Mon Sep 17 00:00:00 2001 From: Thomas Werzmirzowsky Date: Thu, 9 Sep 2021 17:55:51 +0200 Subject: [PATCH] changed to POST request in order to not send password in query string --- application/controllers/Eqsl.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/application/controllers/Eqsl.php b/application/controllers/Eqsl.php index 5462d8dd..3eb830e2 100644 --- a/application/controllers/Eqsl.php +++ b/application/controllers/Eqsl.php @@ -144,19 +144,17 @@ class eqsl extends CI_Controller { $active_station_info = $station_profile->row(); // Query the logbook to determine when the last LoTW confirmation was $eqsl_last_qsl_date = $this->logbook_model->eqsl_last_qsl_rcvd_date(); - - // Build URL for eQSL inbox file - $eqsl_url .= "?"; - $eqsl_url .= "UserName=" . $data['user_eqsl_name']; - $eqsl_url .= "&Password=" . urlencode($data['user_eqsl_password']); - - $eqsl_url .= "&RcvdSince=" . $eqsl_last_qsl_date; - $eqsl_url .= "&QTHNickname=" . urlencode($active_station_info->eqslqthnickname); - - // Pull back only confirmations - $eqsl_url .= "&ConfirmedOnly=1"; - //echo "

".$eqsl_url."

"; + // Build parameters for eQSL inbox file + $eqsl_params = http_build_query(array( + 'UserName' => $data['user_eqsl_name'], + 'Password' => $data['user_eqsl_password'], + 'RcvdSince' => $eqsl_last_qsl_date, + 'QTHNickname' => $active_station_info->eqslqthnickname, + 'ConfirmedOnly' => 1 + )); + + //echo "

".$eqsl_url."
".$eqsl_params."

"; // At this point, what we get isn't the ADI file we need, but rather // an HTML page, which contains a link to the generated ADI file that we want. @@ -170,8 +168,10 @@ class eqsl extends CI_Controller { curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); - // use the URL we built + // use the URL and params we built curl_setopt($ch, CURLOPT_URL, $eqsl_url); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, $eqsl_params); $input = curl_exec($ch); $chi = curl_getinfo($ch);