From 36a24f56034f43a529941edd6e03bdd9f4d478ac Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 20 Feb 2022 17:16:28 +0000
Subject: [PATCH] Add file & login sharing functionality & ip/ua view tracking

---
 client_files.php        | 10 ++++++++--
 client_logins.php       |  8 ++++++--
 guest_download_file.php | 10 +++++++---
 guest_header.php        |  3 +++
 guest_view_item.php     | 19 ++++++++++++-------
 post.php                | 24 ++++++++++++++++++++++--
 share_modal.php         |  1 +
 7 files changed, 59 insertions(+), 16 deletions(-)

diff --git a/client_files.php b/client_files.php
index 99add3e0..6db97833 100644
--- a/client_files.php
+++ b/client_files.php
@@ -45,7 +45,9 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
               <div class="card-footer bg-dark text-white p-1">
                 <center>
                   <a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-white float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
-                  <small><?php echo $file_name; ?></small>
+                  <a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-white float-left ml-1"><i class="fa fa-share"></i></a>
+
+                    <small><?php echo $file_name; ?></small>
 
                   <a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-white float-right mr-1"><i class="fa fa-times"></i></a>
                 </center>
@@ -90,6 +92,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
             <td><a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" target="_blank" class="text-secondary"><i class="fa fa-fw fa-2x fa-<?php echo $file_icon; ?> mr-3"></i> <?php echo basename($file_name); ?></a></td>
             <td>
               <a href="<?php echo "uploads/clients/$session_company_id/$client_id/$file_reference_name"; ?>" download="<?php echo $file_name; ?>" class="text-secondary float-left ml-1"><i class="fa fa-cloud-download-alt"></i></a>
+              <a href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'File', $file_id"; ?>)" class="text-secondary float-left ml-1"><i class="fa fa-share"></i></a>
               <a href="post.php?delete_file=<?php echo $file_id; ?>" class="text-secondary float-right mr-1"><i class="fa fa-times"></i></a>
             </td>
           </tr>
@@ -101,4 +104,7 @@ $num_of_files = mysqli_num_rows($sql_files_images) + mysqli_num_rows($sql_files_
   </div>
 </div>
 
-<?php include("client_file_add_modal.php"); ?>
\ No newline at end of file
+<?php
+include("client_file_add_modal.php");
+include("share_modal.php");
+?>
\ No newline at end of file
diff --git a/client_logins.php b/client_logins.php
index 8a1dd175..f18ac77e 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -146,7 +146,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
                 </button>
                 <div class="dropdown-menu">
                   <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editLoginModal<?php echo $login_id; ?>">Edit</a>
-                  <div class="dropdown-divider"></div>
+                  <a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Login', $login_id"; ?>)">Share</a>
+                    <div class="dropdown-divider"></div>
                   <a class="dropdown-item text-danger" href="post.php?delete_login=<?php echo $login_id; ?>">Delete</a>
                 </div>
               </div> 
@@ -167,4 +168,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
   </div>
 </div>
 
-<?php include("client_login_add_modal.php"); ?>
\ No newline at end of file
+<?php
+include("client_login_add_modal.php");
+include("share_modal.php");
+?>
\ No newline at end of file
diff --git a/guest_download_file.php b/guest_download_file.php
index 8c4de511..06e7a039 100644
--- a/guest_download_file.php
+++ b/guest_download_file.php
@@ -1,6 +1,10 @@
 <?php
+// Not including the guest header as we don't want any HTML output
 include("config.php");
 include("functions.php");
+$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,get_ip())));
+$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+
 if(isset($_GET['id']) AND isset($_GET['key'])){
     $item_id = intval($_GET['id']);
     $item_key = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['key'])));
@@ -53,12 +57,12 @@ if(isset($_GET['id']) AND isset($_GET['key'])){
     header('Content-Disposition: attachment; filename=download.' .$file_ext);
     readfile($file_path);
 
-
-    // Update file view count & logging
+    // Update file view count
     $new_item_views = $item_views + 1;
     mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
 
-
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
 
 
 }
\ No newline at end of file
diff --git a/guest_header.php b/guest_header.php
index 887cc6a0..0ce20638 100644
--- a/guest_header.php
+++ b/guest_header.php
@@ -3,6 +3,9 @@
   include("config.php");
   include("functions.php");
 
+$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,get_ip())));
+$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
+
 ?>
 
 <!DOCTYPE html>
diff --git a/guest_view_item.php b/guest_view_item.php
index 37c4dcd0..38fb2ba9 100644
--- a/guest_view_item.php
+++ b/guest_view_item.php
@@ -47,10 +47,10 @@ $item_note = $row['item_note'];
 $item_views = intval($row['item_views']);
 $item_created = $row['item_created_at'];
 $item_expire = $row['item_expire_at'];
-$item_client_id = $row['item_client_id'];
+$client_id = $row['item_client_id'];
 
 if($item_type == "Document"){
-    $doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$item_client_id' LIMIT 1");
+    $doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id' LIMIT 1");
     $doc_row = mysqli_fetch_array($doc_sql);
 
     if(mysqli_num_rows($doc_sql) !== 1 OR !$doc_row){
@@ -73,13 +73,12 @@ if($item_type == "Document"){
     $new_item_views = $item_views + 1;
     mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
 
-    // Logging // TODO: Need to add IP, etc.
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Viewed', log_description = 'Viewed shared $item_type link - Item ID: $item_id', log_client_id = '$item_client_id', log_created_at = NOW(), company_id = '1'");
-
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
 
 }
 elseif($item_type == "File"){
-    $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$item_client_id' LIMIT 1");
+    $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
     $file_row = mysqli_fetch_array($file_sql);
 
     if(mysqli_num_rows($file_sql) !== 1 OR !$file_row){
@@ -101,7 +100,7 @@ elseif($item_type == "File"){
 elseif($item_type == "Login"){
     $encryption_key = $_GET['ek'];
 
-    $login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$item_client_id' LIMIT 1");
+    $login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id' LIMIT 1");
     $login_row = mysqli_fetch_array($login_sql);
     if(mysqli_num_rows($login_sql) !== 1 OR !$login_row){
         echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving login.</div>";
@@ -130,6 +129,12 @@ elseif($item_type == "Login"){
     echo "<p>OTP: $login_otp</p>";
     echo "<p>Notes: $login_notes</p>";
 
+    // Update login view count
+    $new_item_views = $item_views + 1;
+    mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
 
 }
 
diff --git a/post.php b/post.php
index 16b4e91d..2449ccc7 100644
--- a/post.php
+++ b/post.php
@@ -1308,12 +1308,32 @@ if(isset($_GET['share_generate_link'])){
     $item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
     $item_key = keygen();
 
+    if($item_type == "Login"){
+        $login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
+        $row = mysqli_fetch_array($login);
+
+        $login_password_cleartext = decryptLoginEntry($row['login_password']);
+        $login_encryption_key = keygen();
+        $iv = keygen();
+        $ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
+
+        $item_encrypted_credential = $iv . $ciphertext;
+    }
+    else{
+        $item_encrypted_credential = '';
+    }
+
     // Insert entry into DB
-    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_note = '$item_note', item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
+    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
     $share_id = $mysqli->insert_id;
 
     // Return URL
-    $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
+    if($item_type == "Login"){
+        $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
+    }
+    else{
+        $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
+    }
     echo json_encode($url);
 
     // Logging
diff --git a/share_modal.php b/share_modal.php
index c3c419a7..e7fb6f05 100644
--- a/share_modal.php
+++ b/share_modal.php
@@ -62,6 +62,7 @@
                     </div>
                     <button class="form-control" onclick="event.preventDefault(); generateShareLink()">Share</button>
                 </form>
+                <p><i>Note: Login passwords are shared "as is" and will not update</i></p>
 
                 <hr>