2.7.6

2.7.6

Author: magicbug

README.md

@@ -5,7 +5,7 @@
 
 Cloudlog is a self-hosted PHP application that allows you to log your amateur radio contacts anywhere. All you need is a web browser and active internet connection.
 
-While Cloudlog as started by Peter Goodhall, 2M0SQL, although since has received a lot of community code contributions. If you would like to contribute to Cloudlog please see the [Contributing](#contributing) section below.
+While Cloudlog as started by Peter Goodhall, MM9SQL, although since has received a lot of community code contributions. If you would like to contribute to Cloudlog please see the [Contributing](#contributing) section below.
 
 Website: [http://www.cloudlog.co.uk](http://www.cloudlog.co.uk)
 
@@ -103,7 +103,7 @@ Cloudlog has two support systems for code issues use Github issues, however if y
 
 ## Security Vulnerabilities
 
-If you discover a security vulnerability within Cloudlog, please send an e-mail to Peter Goodhall, 2M0SQL via [peter@magicbug.co.uk](mailto:peter@magicbug.co.uk). All security vulnerabilities will be promptly addressed.
+If you discover a security vulnerability within Cloudlog, please send an e-mail to Peter Goodhall, MM9SQL via [peter@magicbug.co.uk](mailto:peter@magicbug.co.uk). All security vulnerabilities will be promptly addressed.
 
 ## Want Cloudlog Hosting?
 
@@ -131,4 +131,4 @@ Cloudlog is supported by Patreon and donations via PayPal, thanks to the followi
 
 Paul (M0TZO), Tim (G4VXE), Paul (N8HM), Michelle (W5NYV), Mitchell (AD0HJ), Dan (M0TCB), Martin (DK3ML), Juan Carlos (EA5WA), Iain (M0PCB), Charlie (GM1TGY), Ondrej (OK1CDJ), Trystan (G0KAY), Oliver (DL6KBG), Volkmar Schirmer, Jordan (M0PIR), Thomas Ziegler, Mathis (DB9MAT), Ken (VE3HLS), Tyler (WL7T), Jeremy Taylor, Ben Kuhn, Eric Thresher, Michael Cullen, Juuso (OH1JW), Anthony Castiglia, Fernando Ramirez-Ferrer, Robert Dixon, Mark Percival, Julia (KV1V), Timo Tomasini, Ant (NU1U), Christopher Williams, Danny Barnes, Vic, Tom (M0LTE), smurphboy, Lars (SM0TGU), Theo (PD9DP), Stefan (SM0RGM). Peter (G0ABI), Lou (KI5FTY), Michael (DG3NAB), Dragan (4O4A), minorsecond, Emily (W7AYQ), Steve (M0SKM), Rob (M0VFC), Doug (WA6L), Petr (OK1PKR), Fabian (HB9HIL), Daniel (OK2VLK), John (M5JFS), Johnathan (2E0DEF), Peter (M0LNB)
 
-If you'd like to donate to Cloudlog to help allow @magicbug spend less time doing commercial work and more time coding Cloudlog then you can donate via [PayPal](https://paypal.me/PGoodhall), [Github Sponsor](https://github.com/sponsors/magicbug) or become a [Patreon](https://www.patreon.com/2m0sql)
+If you'd like to donate to Cloudlog to help allow @magicbug spend less time doing commercial work and more time coding Cloudlog then you can donate via [PayPal](https://paypal.me/PGoodhall), [Github Sponsor](https://github.com/sponsors/magicbug) or become a [Patreon](https://www.patreon.com/MM9SQL)

application/config/migration.php

@@ -22,7 +22,7 @@
 |
 */
 
-$config['migration_version'] = 230;
+$config['migration_version'] = 231;
 
 /*
 |--------------------------------------------------------------------------

application/controllers/Awards.php

@@ -276,8 +276,39 @@ public function vucc_details_ajax()
     {
         $this->load->model('logbook_model');
 
-        $gridsquare = str_replace('"', "", $this->security->xss_clean($this->input->post("Gridsquare")));
-        $band = str_replace('"', "", $this->security->xss_clean($this->input->post("Band")));
+        // Validate and sanitize gridsquare input - should be alphanumeric only, max 6 characters
+        $gridsquare_raw = $this->input->post("Gridsquare");
+        $band_raw = $this->input->post("Band");
+        
+        // Validate gridsquare format - VUCC allows multiple gridsquares separated by commas
+        if (!$gridsquare_raw) {
+            show_error('Gridsquare parameter is required', 400);
+            return;
+        }
+        
+        // Split by comma and validate each gridsquare
+        $gridsquares = explode(',', $gridsquare_raw);
+        foreach ($gridsquares as $grid) {
+            $grid = trim($grid);
+            // Each grid should be 4 or 6 characters: AA00 or AA00aa format
+            if (!preg_match('/^[A-Ra-r]{2}[0-9]{2}[A-Xa-x]{0,2}$/', $grid)) {
+                show_error('Invalid gridsquare format: ' . htmlspecialchars($grid), 400);
+                return;
+            }
+        }
+        
+        // Validate band - use Cloudlog's band system for validation
+        $this->load->model('bands');
+        $valid_bands = array_keys($this->bands->bandslots);
+        $valid_bands[] = 'All'; // Add 'All' as a valid option
+        
+        if (!$band_raw || !in_array($band_raw, $valid_bands)) {
+            show_error('Invalid band specified', 400);
+            return;
+        }
+        
+        $gridsquare = strtoupper($gridsquare_raw);
+        $band = $band_raw;
         $data['results'] = $this->logbook_model->vucc_qso_details($gridsquare, $band);
 
         // Render Page

application/controllers/Eqsl.php

@@ -168,10 +168,8 @@ public function export()
 
 			foreach ($qslsnotsent->result_array() as $qsl) {
 				$rows .= "<tr>";
-				// eQSL username changes for linked account.
-				// i.e. when operating /P it must be callsign/p
-				// the password, however, is always the same as the main account
-				$data['user_eqsl_name'] = $qsl['station_callsign'];
+				// Note: eQSL authentication uses the user's actual eQSL credentials
+				// The station callsign is handled in the ADIF data via eqslqthnickname
 				$adif = $this->generateAdif($qsl, $data);
 
 				$status = $this->uploadQso($adif, $qsl);

application/controllers/Lotw.php

@@ -724,15 +724,37 @@ function lotw_download($sync_user_id = null) {
 					'Accept-Language: en-US,en;q=0.9'
 				));
 
-				$response = curl_exec($ch);
-				$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-				$curl_error = curl_error($ch);
+				$max_retries = 3;
+				$retry_delay = 2; // seconds
+				$response = false;
+				$curl_error = '';
+				$http_code = 0;
+
+				for ($attempt = 1; $attempt <= $max_retries; $attempt++) {
+					$response = curl_exec($ch);
+					$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+					$curl_error = curl_error($ch);
+
+					// If successful or non-network error, break out of retry loop
+					if ($response !== false && empty($curl_error)) {
+						break;
+					}
+
+					// Log retry attempt
+					if ($attempt < $max_retries) {
+						log_message('debug', "LoTW download attempt {$attempt} failed for user ".$data['user_lotw_name'].": " . $curl_error . " - retrying in {$retry_delay} seconds");
+						sleep($retry_delay);
+						// Exponential backoff - increase delay for next retry
+						$retry_delay *= 2;
+					}
+				}
+
 				curl_close($ch);
 
-				// Check for cURL errors
+				// Check for cURL errors after all retries
 				if ($response === false || !empty($curl_error)) {
-					$result = "LoTW download failed for user ".$data['user_lotw_name'].": " . $curl_error;
-					log_message('error', 'LoTW cURL error: ' . $curl_error);
+					$result = "LoTW download failed for user ".$data['user_lotw_name']." after {$max_retries} attempts: " . $curl_error;
+					log_message('error', 'LoTW cURL error after retries: ' . $curl_error);
 					continue;
 				}
 

application/migrations/231_tag_2_7_6.php

@@ -0,0 +1,30 @@
+<?php
+
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/*
+*   Tag Cloudlog as 2.7.6
+*/
+
+class Migration_tag_2_7_6 extends CI_Migration {
+
+    public function up()
+    {
+
+        // Tag Cloudlog 2.7.6
+        $this->db->where('option_name', 'version');
+        $this->db->update('options', array('option_value' => '2.7.6'));
+
+        // Trigger Version Info Dialog
+        $this->db->where('option_type', 'version_dialog');
+        $this->db->where('option_name', 'confirmed');
+        $this->db->update('user_options', array('option_value' => 'false'));
+
+    }
+
+    public function down()
+    {
+        $this->db->where('option_name', 'version');
+        $this->db->update('options', array('option_value' => '2.7.5'));
+    }
+}

application/models/Logbook_model.php

@@ -417,9 +417,12 @@ public function qso_details($searchphrase, $band, $mode, $type, $qsl, $searchmod
         break;
       case 'VUCC':
         if ($searchmode == 'activated') {
-          $this->db->where("station_gridsquare like '%" . $searchphrase . "%'");
+          $this->db->like('station_gridsquare', $searchphrase);
         } else {
-          $this->db->where("(COL_GRIDSQUARE like '" . $searchphrase . "%' OR COL_VUCC_GRIDS like '%" . $searchphrase . "%')");
+          $this->db->group_start();
+          $this->db->like('COL_GRIDSQUARE', $searchphrase, 'after');
+          $this->db->or_like('COL_VUCC_GRIDS', $searchphrase);
+          $this->db->group_end();
         }
         break;
       case 'CQZone':
@@ -556,23 +559,34 @@ public function vucc_qso_details($gridsquare, $band)
     $CI->load->model('logbooks_model');
     $logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook'));
 
-    $location_list = "'" . implode("','", $logbooks_locations_array) . "'";
+    if (empty($logbooks_locations_array)) {
+      return $this->db->query("SELECT * FROM " . $this->config->item('table_name') . " WHERE 1=0"); // Return empty result
+    }
 
-    $sql = "select * from " . $this->config->item('table_name') .
-      " where station_id in (" . $location_list . ")" .
-      " and (col_gridsquare like '" . $gridsquare . "%'
-                    or col_vucc_grids like '%" . $gridsquare . "%')";
+    // Use parameterized query to prevent SQL injection
+    $this->db->select('*');
+    $this->db->from($this->config->item('table_name'));
+    $this->db->where_in('station_id', $logbooks_locations_array);
+    
+    // Use parameterized LIKE queries for gridsquare matching
+    $gridsquare_like = $gridsquare . '%';
+    $gridsquare_contains = '%' . $gridsquare . '%';
+    
+    $this->db->group_start();
+    $this->db->like('col_gridsquare', $gridsquare_like, 'after');
+    $this->db->or_like('col_vucc_grids', $gridsquare_contains);
+    $this->db->group_end();
 
     if ($band != 'All') {
       if ($band == 'SAT') {
-        $sql .= " and col_prop_mode ='" . $band . "'";
+        $this->db->where('col_prop_mode', $band);
       } else {
-        $sql .= " and col_prop_mode !='SAT'";
-        $sql .= " and col_band ='" . $band . "'";
+        $this->db->where('col_prop_mode !=', 'SAT');
+        $this->db->where('col_band', $band);
       }
     }
 
-    return $this->db->query($sql);
+    return $this->db->get();
   }
 
   public function activator_details($call, $band, $leogeo)
@@ -1374,6 +1388,22 @@ function edit()
       $data['COL_QRZCOM_QSO_UPLOAD_STATUS'] = 'M';
     }
 
+    if ($this->exists_clublog_credentials($data['station_id'])) {
+      $data['COL_CLUBLOG_QSO_UPLOAD_STATUS'] = 'M';
+    }
+
+    // Reset LoTW and eQSL sent status to 'N' if they were previously sent
+    // This ensures edited QSOs get re-uploaded to these services
+    if ($qso->COL_LOTW_QSL_SENT == 'Y' && $data['COL_LOTW_QSL_SENT'] == 'Y') {
+      $data['COL_LOTW_QSL_SENT'] = 'N';
+      $data['COL_LOTW_QSLSDATE'] = null;
+    }
+
+    if ($qso->COL_EQSL_QSL_SENT == 'Y' && $data['COL_EQSL_QSL_SENT'] == 'Y') {
+      $data['COL_EQSL_QSL_SENT'] = 'N';
+      $data['COL_EQSL_QSLSDATE'] = null;
+    }
+
     $this->db->where('COL_PRIMARY_KEY', $this->input->post('id'));
     $this->db->update($this->config->item('table_name'), $data);
   }

application/views/interface_assets/footer.php

@@ -1885,7 +1885,59 @@ function getUTCDateStamp(el) {
             var now = new Date();
             var localTime = now.getTime();
             var utc = localTime + (now.getTimezoneOffset() * 60000);
-            $(el).attr('value', ("0" + now.getUTCDate()).slice(-2) + '-' + ("0" + (now.getUTCMonth() + 1)).slice(-2) + '-' + now.getUTCFullYear());
+            
+            // Get user's date format preference
+            var userDateFormat = '<?php 
+                if ($this->session->userdata('user_date_format')) {
+                    echo $this->session->userdata('user_date_format');
+                } else {
+                    echo $this->config->item('qso_date_format');
+                }
+            ?>';
+            
+            // Format date according to user preference
+            var day = ("0" + now.getUTCDate()).slice(-2);
+            var month = ("0" + (now.getUTCMonth() + 1)).slice(-2);
+            var year2 = now.getUTCFullYear().toString().slice(-2);
+            var year4 = now.getUTCFullYear();
+            
+            var formattedDate;
+            switch(userDateFormat) {
+                case 'd/m/y':
+                    formattedDate = day + '/' + month + '/' + year2;
+                    break;
+                case 'd/m/Y':
+                    formattedDate = day + '/' + month + '/' + year4;
+                    break;
+                case 'm/d/y':
+                    formattedDate = month + '/' + day + '/' + year2;
+                    break;
+                case 'm/d/Y':
+                    formattedDate = month + '/' + day + '/' + year4;
+                    break;
+                case 'd.m.Y':
+                    formattedDate = day + '.' + month + '.' + year4;
+                    break;
+                case 'y/m/d':
+                    formattedDate = year2 + '/' + month + '/' + day;
+                    break;
+                case 'Y-m-d':
+                    formattedDate = year4 + '-' + month + '-' + day;
+                    break;
+                case 'M d, Y':
+                    var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
+                    formattedDate = months[now.getUTCMonth()] + ' ' + now.getUTCDate() + ', ' + year4;
+                    break;
+                case 'M d, y':
+                    var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
+                    formattedDate = months[now.getUTCMonth()] + ' ' + now.getUTCDate() + ', ' + year2;
+                    break;
+                default:
+                    // Fallback to original format if no match
+                    formattedDate = day + '-' + month + '-' + year4;
+            }
+            
+            $(el).attr('value', formattedDate);
         }
     </script>
 

application/views/mostworked/index.php

@@ -49,6 +49,7 @@
                             <div class="col-md-2">
                                 <label for="min_qsos" class="form-label">Min QSOs:</label>
                                 <select class="form-select form-select-sm" name="min_qsos" id="min_qsos">
+                                    <option value="1" <?php echo ($filters['min_qsos'] == 1) ? 'selected' : ''; ?>>1+</option>
                                     <option value="2" <?php echo ($filters['min_qsos'] == 2) ? 'selected' : ''; ?>>2+</option>
                                     <option value="3" <?php echo ($filters['min_qsos'] == 3) ? 'selected' : ''; ?>>3+</option>
                                     <option value="5" <?php echo ($filters['min_qsos'] == 5) ? 'selected' : ''; ?>>5+</option>

assets/js/sections/common.js

@@ -153,6 +153,48 @@ function qso_edit(id) {
                         }
                     });
 
+                    // Add callsign change handler to update DXCC/location info
+                    $('.modal-content #callsign').on('change blur', function() {
+                        var callsignValue = $(this).val();
+                        if (callsignValue.length >= 3) {
+                            var find_callsign = callsignValue.toUpperCase();
+                            find_callsign = find_callsign.replace(/\//g, "-");
+                            find_callsign = find_callsign.replace('Ø', '0');
+
+                            $.getJSON(base_url + 'index.php/logbook/json/' + find_callsign + '/0/0/0/' + $('.modal-content #stationProfile').val(), function(result) {
+                                if (result.dxcc && result.dxcc.entity !== undefined && result.dxcc.entity !== 'Not Found') {
+                                    // Update country field
+                                    $('.modal-content #country').val(result.dxcc.entity);
+                                    
+                                    // Update DXCC ID
+                                    if (result.dxcc.adif !== undefined) {
+                                        $('.modal-content #dxcc_id').val(result.dxcc.adif);
+                                    }
+                                    
+                                    // Update CQ Zone
+                                    if (result.dxcc.cqz !== undefined) {
+                                        $('.modal-content #cqz').val(result.dxcc.cqz);
+                                    }
+                                    
+                                    // Update ITU Zone
+                                    if (result.dxcc.ituz !== undefined) {
+                                        $('.modal-content #ituz').val(result.dxcc.ituz);
+                                    }
+                                    
+                                    // Update continent
+                                    if (result.dxcc.cont !== undefined) {
+                                        $('.modal-content #continent').val(result.dxcc.cont);
+                                    }
+                                    
+                                    // Update state if available
+                                    if (result.callsign_state && $('.modal-content #input_usa_state_edit').val() == "") {
+                                        $('.modal-content #input_usa_state_edit').val(result.callsign_state).trigger('change');
+                                    }
+                                }
+                            });
+                        }
+                    });
+
                     $('#locator').change(function(){
                         if ($(this).val().length >= 4) {
                             $.ajax({