check if qso belongs to user when deleting/requesting/confirming QSOs/QSLs

application/controllers/Qso.php

@@ -290,13 +290,13 @@ class QSO extends CI_Controller {
 	function delete($id) {
 		$this->load->model('logbook_model');
 
+		if ($this->logbook_model->check_qso_is_accessible($id)) {
 			$this->logbook_model->delete($id);
-
 			$this->session->set_flashdata('notice', 'QSO Deleted Successfully');
 			$data['message_title'] = "Deleted";
 			$data['message_contents'] = "QSO Deleted Successfully";
 			$this->load->view('messages/message', $data);
-
+		}
 
 		// If deletes from /logbook dropdown redirect
 		if (strpos($_SERVER['HTTP_REFERER'], '/logbook') !== false) {
@@ -309,10 +309,14 @@ class QSO extends CI_Controller {
         $id = str_replace('"', "", $this->input->post("id"));
 
         $this->load->model('logbook_model');
-
+	if ($this->logbook_model->check_qso_is_accessible($id)) {
         	$this->logbook_model->delete($id);
         	header('Content-Type: application/json');
         	echo json_encode(array('message' => 'OK'));
+	} else {
+        	header('Content-Type: application/json');
+        	echo json_encode(array('message' => 'not allowed'));
+	}
         return;
     }
 

application/models/Logbook_model.php

@@ -1290,14 +1290,19 @@ class Logbook_model extends CI_Model {
 	}
   /* Return QSO Info */
 	function qso_info($id) {
+		if ($this->logbook_model->check_qso_is_accessible($id)) {
 			$this->db->where('COL_PRIMARY_KEY', $id);
 
 			return $this->db->get($this->config->item('table_name'));
+		} else {
+			return;
+		}
 	}
 
 
   // Set Paper to received
 	function paperqsl_update($qso_id, $method) {
+		if ($this->logbook_model->check_qso_is_accessible($qso_id)) {
 
 			$data = array(
 				'COL_QSLRDATE' => date('Y-m-d H:i:s'),
@@ -1308,11 +1313,15 @@ class Logbook_model extends CI_Model {
 			$this->db->where('COL_PRIMARY_KEY', $qso_id);
 
 			$this->db->update($this->config->item('table_name'), $data);
+		} else {
+			return;
+		}
 	}
 
 
   // Set Paper to sent
   function paperqsl_update_sent($qso_id, $method) {
+	  if ($this->logbook_model->check_qso_is_accessible($qso_id)) {
 
 		  $data = array(
 			  'COL_QSLSDATE' => date('Y-m-d H:i:s'),
@@ -1323,11 +1332,15 @@ class Logbook_model extends CI_Model {
 		  $this->db->where('COL_PRIMARY_KEY', $qso_id);
 
 		  $this->db->update($this->config->item('table_name'), $data);
+	  } else {
+		  return;
+	  }
   }
 
 
   // Set Paper to requested
   function paperqsl_requested($qso_id, $method) {
+	  if ($this->logbook_model->check_qso_is_accessible($qso_id)) {
 
 		  $data = array(
 			  'COL_QSLSDATE' => date('Y-m-d H:i:s'),
@@ -1338,10 +1351,14 @@ class Logbook_model extends CI_Model {
 		  $this->db->where('COL_PRIMARY_KEY', $qso_id);
 
 		  $this->db->update($this->config->item('table_name'), $data);
+	  } else {
+		  return;
+	  }
   }
 
 
   function paperqsl_ignore($qso_id, $method) {
+	  if ($this->logbook_model->check_qso_is_accessible($qso_id)) {
 
 		  $data = array(
 			  'COL_QSLSDATE' => date('Y-m-d H:i:s'),
@@ -1351,6 +1368,9 @@ class Logbook_model extends CI_Model {
 		  $this->db->where('COL_PRIMARY_KEY', $qso_id);
 
 		  $this->db->update($this->config->item('table_name'), $data);
+	  } else {
+		  return;
+	  }
   }
 
   function get_qsos_for_printing($station_id2 = null) {
@@ -1427,6 +1447,7 @@ class Logbook_model extends CI_Model {
   }
 
   function get_qso($id) {
+	  if ($this->logbook_model->check_qso_is_accessible($id)) {
 		  $this->db->select($this->config->item('table_name').'.*, station_profile.*, dxcc_entities.*, coalesce(dxcc_entities_2.name, "- NONE -") as station_country, dxcc_entities_2.end as station_end, eQSL_images.image_file as eqsl_image_file, lotw_users.callsign as lotwuser, lotw_users.lastupload');
 		  $this->db->from($this->config->item('table_name'));
 		  $this->db->join('dxcc_entities', $this->config->item('table_name').'.col_dxcc = dxcc_entities.adif', 'left');
@@ -1437,6 +1458,9 @@ class Logbook_model extends CI_Model {
 		  $this->db->where('COL_PRIMARY_KEY', $id);
 
 		  return $this->db->get();
+	  } else {
+		  return;
+	  }
   }
 
     /*
@@ -2628,8 +2652,12 @@ class Logbook_model extends CI_Model {
 
     /* Delete QSO based on the QSO ID */
   function delete($id) {
+	  if ($this->check_qso_is_accessible($id)) {
 		  $this->db->where('COL_PRIMARY_KEY', $id);
 		  $this->db->delete($this->config->item('table_name'));
+	  } else {
+		  return;
+	  }
   }
 
   /* Used to check if the qso is already in the database */