mirror of https://github.com/itflow-org/itflow
Merge pull request #428 from wrongecho/sharing
Item/Link Sharing enhancements
This commit is contained in:
Johnny
GitHub
commit
32f3b0a005
45
ajax.php
45
ajax.php
|
|
@ -194,4 +194,49 @@ if(isset($_GET['ticket_query_views'])){
|
|||
$response['message'] = "";
|
||||
}
|
||||
echo json_encode($response);
|
||||
}
|
||||
|
||||
/*
|
||||
* Generates public/guest links for sharing logins/docs
|
||||
*/
|
||||
if(isset($_GET['share_generate_link'])){
|
||||
$client_id = intval($_GET['client_id']);
|
||||
$item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
|
||||
$item_id = intval($_GET['id']);
|
||||
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
|
||||
$item_view_limit = intval($_GET['views']);
|
||||
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
|
||||
$item_key = keygen();
|
||||
|
||||
if($item_type == "Login"){
|
||||
$login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
|
||||
$row = mysqli_fetch_array($login);
|
||||
|
||||
$login_password_cleartext = decryptLoginEntry($row['login_password']);
|
||||
$login_encryption_key = keygen();
|
||||
$iv = keygen();
|
||||
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
|
||||
|
||||
$item_encrypted_credential = $iv . $ciphertext;
|
||||
}
|
||||
else{
|
||||
$item_encrypted_credential = '';
|
||||
}
|
||||
|
||||
// Insert entry into DB
|
||||
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
|
||||
$share_id = $mysqli->insert_id;
|
||||
|
||||
// Return URL
|
||||
if($item_type == "Login"){
|
||||
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
|
||||
}
|
||||
else{
|
||||
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
|
||||
}
|
||||
echo json_encode($url);
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
|
||||
|
||||
}
|
||||
|
|
@ -102,6 +102,11 @@ if(isset($_GET['tab'])){
|
|||
elseif($_GET['tab'] == "logs"){
|
||||
include("client_logs.php");
|
||||
}
|
||||
elseif($_GET['tab'] == "shared-items"){
|
||||
if($session_user_role > 1){
|
||||
include("client_shared_items.php");
|
||||
}
|
||||
}
|
||||
}
|
||||
else{
|
||||
include("client_overview.php");
|
||||
|
|
|
|||
|
|
@ -0,0 +1,152 @@
|
|||
<?php
|
||||
|
||||
//Paging
|
||||
if(isset($_GET['p'])){
|
||||
$p = intval($_GET['p']);
|
||||
$record_from = (($p)-1)*$_SESSION['records_per_page'];
|
||||
$record_to = $_SESSION['records_per_page'];
|
||||
}else{
|
||||
$record_from = 0;
|
||||
$record_to = $_SESSION['records_per_page'];
|
||||
$p = 1;
|
||||
}
|
||||
|
||||
if(isset($_GET['q'])){
|
||||
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
|
||||
//Phone Numbers
|
||||
$phone_query = preg_replace("/[^0-9]/", '',$q);
|
||||
if(empty($phone_query)){
|
||||
$phone_query = $q;
|
||||
}
|
||||
}else{
|
||||
$q = "";
|
||||
$phone_query = "";
|
||||
}
|
||||
|
||||
// Sort
|
||||
$sb = "item_created_at";
|
||||
|
||||
if(isset($_GET['o'])){
|
||||
if($_GET['o'] == 'ASC'){
|
||||
$o = "ASC";
|
||||
$disp = "DESC";
|
||||
}else{
|
||||
$o = "DESC";
|
||||
$disp = "ASC";
|
||||
}
|
||||
}else{
|
||||
$o = "ASC";
|
||||
$disp = "DESC";
|
||||
}
|
||||
|
||||
//Rebuild URL
|
||||
$url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM shared_items
|
||||
WHERE item_client_id = $client_id
|
||||
AND item_active = '1'
|
||||
AND item_views != item_view_limit
|
||||
AND item_expire_at > NOW()
|
||||
AND (item_note LIKE '%$q%') ORDER BY $sb $o LIMIT $record_from, $record_to");
|
||||
|
||||
$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
|
||||
|
||||
?>
|
||||
|
||||
<div class="card card-dark">
|
||||
<div class="card-header">
|
||||
<h3 class="card-title mt-2"><i class="fa fa-fw fa-share"></i> Shared Items (Links)</h3>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<form autocomplete="off">
|
||||
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
|
||||
<input type="hidden" name="tab" value="<?php echo strip_tags($_GET['tab']); ?>">
|
||||
<div class="row">
|
||||
|
||||
<div class="col-md-4">
|
||||
<div class="input-group mb-3 mb-md-0">
|
||||
<input type="search" class="form-control" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords(strip_tags($_GET['tab'])); ?>">
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-dark"><i class="fa fa-search"></i></button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</form>
|
||||
<hr>
|
||||
<div class="table-responsive">
|
||||
<table class="table table-striped table-borderless table-hover">
|
||||
<thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
|
||||
<tr>
|
||||
<th>Item Name</th>
|
||||
<th>Item Type</th>
|
||||
<th>Share Note</th>
|
||||
<th>Views</th>
|
||||
<th>Expires</th>
|
||||
<th class="text-center">Action</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php
|
||||
|
||||
while($row = mysqli_fetch_array($sql)){
|
||||
$item_id = $row['item_id'];
|
||||
$item_active = $row['item_active'];
|
||||
$item_key = $row['item_key'];
|
||||
$item_type = $row['item_type'];
|
||||
$item_related_id = $row['item_related_id'];
|
||||
$item_note = $row['item_note'];
|
||||
$item_views = $row['item_views'];
|
||||
$item_view_limit = $row['item_view_limit'];
|
||||
$item_created_at = $row['item_created_at'];
|
||||
$item_expire_at = $row['item_expire_at'];
|
||||
|
||||
if($item_type == 'Login'){
|
||||
$share_item_sql = mysqli_query($mysqli, "SELECT login_name FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id'");
|
||||
$share_item = mysqli_fetch_array($share_item_sql);
|
||||
$item_name = $share_item['login_name'];
|
||||
}
|
||||
elseif($item_type == 'Document'){
|
||||
$share_item_sql = mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id'");
|
||||
$share_item = mysqli_fetch_array($share_item_sql);
|
||||
$item_name = $share_item['document_name'];
|
||||
}
|
||||
elseif($item_type == 'File'){
|
||||
$share_item_sql = mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id'");
|
||||
$share_item = mysqli_fetch_array($share_item_sql);
|
||||
$item_name = $share_item['file_name'];
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
<tr>
|
||||
<td><?php echo $item_name; ?></td>
|
||||
<td><?php echo $item_type ?></td>
|
||||
<td><?php echo $item_note ?></td>
|
||||
<td><?php echo "$item_views / $item_view_limit" ?></td>
|
||||
<td><?php echo $item_expire_at ?></td>
|
||||
<td>
|
||||
<?php if($session_user_role == 3) { ?>
|
||||
<div class="dropdown dropleft text-center">
|
||||
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
|
||||
<i class="fas fa-ellipsis-h"></i>
|
||||
</button>
|
||||
<div class="dropdown-menu">
|
||||
<a class="dropdown-item text-danger" href="post.php?deactivate_shared_item=<?php echo $item_id; ?>">Deactivate</a>
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<?php include("pagination.php"); ?>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -299,6 +299,13 @@
|
|||
|
||||
<li class="nav-header mt-3">MORE</li>
|
||||
|
||||
<li class="nav-item">
|
||||
<a href="?client_id=<?php echo $client_id; ?>&tab=shared-items" class="nav-link <?php if($_GET['tab'] == "shared-items") { echo "active"; } ?>">
|
||||
<i class="nav-icon fas fa-share"></i>
|
||||
<p>Shared Links</p>
|
||||
</a>
|
||||
</li>
|
||||
|
||||
<li class="nav-item">
|
||||
<a href="?client_id=<?php echo $client_id; ?>&tab=logs" class="nav-link <?php if($_GET['tab'] == "logs") { echo "active"; } ?>">
|
||||
<i class="nav-icon fas fa-eye"></i>
|
||||
|
|
|
|||
8
cron.php
8
cron.php
|
|
@ -48,7 +48,7 @@ while($row = mysqli_fetch_array($sql_companies)){
|
|||
|
||||
if($config_backup_enable == 1){
|
||||
// DATABASE BACKUP
|
||||
// This needs to be set to the full file sytem path or else when cron runs php it will break cron.php and cron will not run properly
|
||||
// This needs to be set to the full file system path or else when cron runs php it will break cron.php and cron will not run properly
|
||||
//$backup_dir = "backups/";
|
||||
$backup_dir = "$config_backup_path/";
|
||||
|
||||
|
|
@ -265,6 +265,12 @@ while($row = mysqli_fetch_array($sql_companies)){
|
|||
// Clean-up ticket views table used for collision detection
|
||||
mysqli_query($mysqli, "TRUNCATE TABLE ticket_views");
|
||||
|
||||
// Clean-up shared items that have been used
|
||||
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_views = item_view_limit");
|
||||
|
||||
// Clean-up shared items that have expired
|
||||
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_expire_at < NOW()");
|
||||
|
||||
// PAST DUE INVOICE Notifications
|
||||
//$invoiceAlertArray = [$config_invoice_overdue_reminders];
|
||||
$invoiceAlertArray = [30,60,90,120,150,180,210,240,270,300,330,360,390,420,450,480,510,540,570,590,620];
|
||||
|
|
|
|||
70
post.php
70
post.php
|
|
@ -1483,6 +1483,7 @@ if(isset($_GET['delete_client'])){
|
|||
mysqli_query($mysqli,"DELETE FROM vendors WHERE vendor_client_id = $client_id");
|
||||
mysqli_query($mysqli,"DELETE FROM client_tags WHERE client_id = $client_id");
|
||||
mysqli_query($mysqli,"DELETE FROM scheduled_tickets WHERE scheduled_ticket_client_id = $client_id");
|
||||
mysqli_query($mysqli,"DELETE FROM shared_items WHERE item_client_id = $client_id");
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT recurring_id FROM recurring WHERE recurring_client_id = $client_id");
|
||||
while($row = mysqli_fetch_array($sql)){
|
||||
|
|
@ -1543,48 +1544,6 @@ if(isset($_GET['delete_client'])){
|
|||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if(isset($_GET['share_generate_link'])){
|
||||
$client_id = intval($_GET['client_id']);
|
||||
$item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
|
||||
$item_id = intval($_GET['id']);
|
||||
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
|
||||
$item_view_limit = intval($_GET['views']);
|
||||
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
|
||||
$item_key = keygen();
|
||||
|
||||
if($item_type == "Login"){
|
||||
$login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
|
||||
$row = mysqli_fetch_array($login);
|
||||
|
||||
$login_password_cleartext = decryptLoginEntry($row['login_password']);
|
||||
$login_encryption_key = keygen();
|
||||
$iv = keygen();
|
||||
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
|
||||
|
||||
$item_encrypted_credential = $iv . $ciphertext;
|
||||
}
|
||||
else{
|
||||
$item_encrypted_credential = '';
|
||||
}
|
||||
|
||||
// Insert entry into DB
|
||||
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
|
||||
$share_id = $mysqli->insert_id;
|
||||
|
||||
// Return URL
|
||||
if($item_type == "Login"){
|
||||
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
|
||||
}
|
||||
else{
|
||||
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
|
||||
}
|
||||
echo json_encode($url);
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
|
||||
|
||||
}
|
||||
|
||||
if(isset($_POST['add_calendar'])){
|
||||
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
|
||||
|
|
@ -7078,6 +7037,33 @@ if (isset($_POST['rename_document_tag'])) {
|
|||
|
||||
}
|
||||
|
||||
if(isset($_GET['deactivate_shared_item'])){
|
||||
if($session_user_role != 3){
|
||||
$_SESSION['alert_type'] = "danger";
|
||||
$_SESSION['alert_message'] = "You are not permitted to do that!";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
exit();
|
||||
}
|
||||
|
||||
$item_id = intval($_GET['deactivate_shared_item']);
|
||||
|
||||
// Get details of the shared link
|
||||
$sql = mysqli_query($mysqli, "SELECT item_type, item_related_id, item_client_id FROM shared_items WHERE item_id = '$item_id'");
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$item_type = $row['item_type'];
|
||||
$item_related_id = $row['item_related_id'];
|
||||
$item_client_id = $row['item_client_id'];
|
||||
|
||||
// Deactivate item id
|
||||
mysqli_query($mysqli, "UPDATE shared_items SET item_active = '0' WHERE item_id = '$item_id'");
|
||||
|
||||
// Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Delete', log_description = '$session_name deactivated shared $item_type link. Item ID: $item_related_id. Share ID $item_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = '$item_client_id', log_user_id = $session_user_id, company_id = $session_company_id");
|
||||
|
||||
$_SESSION['alert_message'] = "Link deactivated";
|
||||
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
||||
}
|
||||
|
||||
if(isset($_GET['force_recurring'])){
|
||||
$recurring_id = intval($_GET['force_recurring']);
|
||||
|
||||
|
|
|
|||
|
|
@ -15,13 +15,13 @@
|
|||
|
||||
// Check values are provided
|
||||
if(item_views && item_expires && item_note){
|
||||
// Send a GET request to post.php as post.php?share_generate_link=true....
|
||||
// Send a GET request to ajax.php as ajax.php?share_generate_link=true....
|
||||
jQuery.get(
|
||||
"post.php",
|
||||
"ajax.php",
|
||||
{share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires},
|
||||
function(data){
|
||||
|
||||
// If we get a response from post.php, parse it as JSON
|
||||
// If we get a response from ajax.php, parse it as JSON
|
||||
const response = JSON.parse(data);
|
||||
|
||||
document.getElementById("share_link_header").hidden = false;
|
||||
|
|
@ -44,13 +44,13 @@
|
|||
<div class="modal-body bg-white">
|
||||
|
||||
<h2>Get Share URL</h2>
|
||||
<form action="post.php" method="GET" id="newShareLink">
|
||||
<form action="ajax.php" method="GET" id="newShareLink">
|
||||
<input type="hidden" name="client_id" id="share_client_id" value="">
|
||||
<input type="hidden" name="item_type" id="share_item_type" value="">
|
||||
<input type="hidden" name="item_ref_id" id="share_item_ref_id" value="">
|
||||
<div class="form-group">
|
||||
<label for="views">Number of views allowed <strong class="text-danger">*</strong></label>
|
||||
<input type="number" class="form-control" name="views" id="share_views" placeholder="Views before link expires" required autofocus>
|
||||
<input type="number" class="form-control" name="views" id="share_views" placeholder="Views before link expires" value="1" required autofocus>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="views">Link Expiry date <strong class="text-danger">*</strong></label>
|
||||
|
|
|
|||
Loading…
Reference in New Issue