AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add file & login sharing functionality & ip/ua view tracking

Browse Source
This commit is contained in:
Marcus Hill
2022-02-20 17:16:28 +00:00
parent 8f529fb659
commit 36a24f5603
7 changed files with 59 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
post.php
View File

@@ -1308,12 +1308,32 @@ if(isset($_GET['share_generate_link'])){
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = keygen();
if($item_type == "Login"){
$login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$row = mysqli_fetch_array($login);
$login_password_cleartext = decryptLoginEntry($row['login_password']);
$login_encryption_key = keygen();
$iv = keygen();
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
$item_encrypted_credential = $iv . $ciphertext;
}
else{
$item_encrypted_credential = '';
}
// Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_note = '$item_note', item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
$share_id = $mysqli->insert_id;
// Return URL
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
if($item_type == "Login"){
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
}
else{
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
}
echo json_encode($url);
// Logging