Update Secure Message with the intended recipient, also added a confidential disclosure method to the email and Secure message link, added number of views left and expire date, and other minor ui updates

ajax.php

@@ -279,7 +279,7 @@ if (isset($_GET['share_generate_link'])) {
     }
 
     // Insert entry into DB
-    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id");
+    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_recipient = '$item_email', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id");
     $share_id = $mysqli->insert_id;
 
     // Return URL
@@ -310,6 +310,9 @@ if (isset($_GET['share_generate_link'])) {
         }
         $body = "Hello,<br><br>$session_name from $company_name sent you a time sensitive secure link regarding \"$item_name\".<br><br>The link will expire in <strong>$item_expires_friendly</strong> and may only be viewed <strong>$item_view_limit</strong> times, before the link is destroyed. <br><br><strong><a href=\'$url\'>Click here to access your secure content</a></strong><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
 
+        // Add the intended recipient disclosure
+        $body .= "<br><br><em>This email and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify the sender and delete this email. Unauthorized use, disclosure, or distribution is prohibited.</em>";
+
         $data = [
             [
                 'from' => $config_mail_from_email,

guest_view_item.php

@@ -69,10 +69,12 @@ if ($row['item_active'] !== "1" || ($row['item_view_limit'] > 0 && $row['item_vi
 $item_type = nullable_htmlentities($row['item_type']);
 $item_related_id = intval($row['item_related_id']);
 $item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']);
+$item_recipient = nullable_htmlentities($row['item_recipient']);
 $item_note = nullable_htmlentities($row['item_note']);
 $item_views = intval($row['item_views']);
+$item_view_limit = intval($row['item_view_limit']);
 $item_created = nullable_htmlentities($row['item_created_at']);
-$item_expire = nullable_htmlentities($row['item_expire_at']);
+$item_expire = date('Y-m-d h:i A', strtotime($row['item_expire_at']));
 $client_id = intval($row['item_client_id']);
 ?>
 
@@ -86,8 +88,24 @@ $client_id = intval($row['item_client_id']);
 ?>
 
 <div class="card mt-2">
+    <div class="card-header bg-dark">
+        <div class="card-title">
+            <h5><small>Secure Message intended for:</small><br><strong><?php echo $item_recipient ?></strong></h5>
+        </div>
+
+        <div class="card-tools">
+            <div>
+                <?php echo "Views: $item_views / <strong>$item_view_limit</strong>"; ?>
+            </div>
+            <div>
+                <?php echo "Expires: <strong>$item_expire</strong>"; ?>
+            </div>
+        </div>
+    </div>
+
     <div class="card-body">
 
+
 <?php
 if ($item_type == "Document") {
 
@@ -105,7 +123,7 @@ if ($item_type == "Document") {
     $doc_title_escaped = sanitizeInput($doc_row['document_name']);
     $doc_content = $purifier->purify($doc_row['document_content']);
 
-    echo "<h2>$doc_title</h2>";
+    echo "<h3>$doc_title</h3>";
     echo $doc_content;
 
     // Update document view count
@@ -176,7 +194,7 @@ if ($item_type == "Document") {
 
     ?>
 
-    <h4><?php echo $login_name; ?></h4>
+    <h5><?php echo $login_name; ?></h5>
     <table class="table col-md-3">
         <tr>
             <th>URL</th>
@@ -235,6 +253,11 @@ if ($item_type == "Document") {
 
 ?>
 
+    <hr>
+    <em>
+        This message and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify us immediately with the contact info below. Unauthorized use, disclosure, or distribution is prohibited.
+    </em>
+
 </div>
 <div class="card-footer">
 <?php echo "<i class='fas fa-phone fa-fw mr-2'></i>$company_phone | <i class='fas fa-globe fa-fw mr-2 ml-2'></i>$company_website"; ?>