AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Guest Sharing - File downloads 

- Fix a bug where the file name wouldn't be shown to guests in certain situations
- General refactor and tidy of the file download code
This commit is contained in:
Marcus Hill 2024-03-10 19:06:40 +00:00
parent 4b839c8b23
commit 52685e424b
2 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
guest_download_file.php
View File

@ -15,35 +15,42 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
// Check result
if (mysqli_num_rows($sql) !== 1 || !$row) {
exit("No file.");
}
// Check it is a file
if ($row['item_type'] !== "File") {
exit("Bad item type.");
}
// Check item share is active & hasn't been viewed too many times
if ($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']) {
exit("Item cannot be viewed at this time.");
}
$item_active = intval($row['item_active']);
$item_type = sanitizeInput($row['item_type']);
$item_views = intval($row['item_views']);
$item_view_limit = intval($row['item_view_limit']);
$item_related_id = intval($row['item_related_id']);
$client_id = intval($row['item_client_id']);
if (empty($row['item_views'])) {
$item_views = 0;
} else {
$item_views = intval($row['item_views']);
// Check result
if (mysqli_num_rows($sql) !== 1 || !$row) {
exit("Item cannot be viewed at this time (disabled or invalid).");
}
// Check it is a file
if ($item_type !== "File") {
exit("Item cannot be viewed at this time (Bad item type: expected File but got $item_type).");
}
// Check item sharing link is active
if ($item_active != "1") {
exit("Item cannot be viewed at this time (disabled).");
}
// Check view limit (if not unlimited)
if ($item_view_limit !== 0) {
// Not unlimited
if ($item_views >= $item_view_limit) {
// Views exceed
exit("Item cannot be viewed at this time (view limit exceeded).");
}
}
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if (mysqli_num_rows($file_sql) !== 1 || !$file_row) {
exit("No file.");
exit("Item cannot be viewed at this time (No file, may have been deleted).");
}
$file_name = sanitizeInput($file_row['file_name']);
@ -51,11 +58,12 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
$file_reference_name = sanitizeInput($file_row['file_reference_name']);
$client_id = intval($file_row['file_client_id']);
$file_path = "uploads/clients/$client_id/$file_reference_name";
$file_download_name = str_replace('.', '', $file_name) . '-' . $config_app_name . '-download.' . $file_ext; // Brand the downloaded file name, and also force the original file extension
// Display file as download
$mime_type = mime_content_type($file_path);
header('Content-type: '.$mime_type);
header('Content-Disposition: attachment; filename=download.' . $file_ext);
header('Content-Disposition: attachment; filename=' . $file_download_name);
readfile($file_path);
// Update file view count

10
guest_view_item.php
View File

@ -76,13 +76,13 @@ $item_expire = nullable_htmlentities($row['item_expire_at']);
$client_id = intval($row['item_client_id']);
?>
<?php
<?php
if (!empty($company_logo)) { ?>
<img alt="<?=nullable_htmlentities($company_name)?> logo" height="40" width="80" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
<?php
<?php
} else {
echo "<h3>$company_name</h3>";
}
}
?>
<div class="card mt-2">
@ -133,7 +133,7 @@ if ($item_type == "Document") {
if (!empty($item_note)) {
echo "<p class='lead'>Note: <i>$item_note</i></p>";
}
echo "<a href='guest_download_file.php?id=$item_id&key=$item_key' download='$file_name'>Download $file_name</a>";
echo "<a href='guest_download_file.php?id=$item_id&key=$item_key'>Download $file_name</a>";
} elseif ($item_type == "Login") {
@ -243,4 +243,4 @@ if ($item_type == "Document") {
<?php
require_once "guest_footer.php";
?>
?>