AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Secure Message with the intended recipient, also added a confidential disclosure method to the email and Secure message link, added number of views left and expire date, and other minor ui updates

This commit is contained in:
johnnyq 2024-09-18 17:22:39 -04:00
parent 415f536cd7
commit 5f46536a85
2 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ajax.php
View File

@ -279,7 +279,7 @@ if (isset($_GET['share_generate_link'])) {
} }
// Insert entry into DB // Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id"); $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = 1, item_key = '$item_key', item_type = '$item_type', item_related_id = $item_id, item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_recipient = '$item_email', item_views = 0, item_view_limit = $item_view_limit, item_expire_at = NOW() + INTERVAL + $item_expires, item_client_id = $client_id");
$share_id = $mysqli->insert_id; $share_id = $mysqli->insert_id;
// Return URL // Return URL
@ -310,6 +310,9 @@ if (isset($_GET['share_generate_link'])) {
} }
$body = "Hello,<br><br>$session_name from $company_name sent you a time sensitive secure link regarding \"$item_name\".<br><br>The link will expire in <strong>$item_expires_friendly</strong> and may only be viewed <strong>$item_view_limit</strong> times, before the link is destroyed. <br><br><strong><a href=\'$url\'>Click here to access your secure content</a></strong><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone"; $body = "Hello,<br><br>$session_name from $company_name sent you a time sensitive secure link regarding \"$item_name\".<br><br>The link will expire in <strong>$item_expires_friendly</strong> and may only be viewed <strong>$item_view_limit</strong> times, before the link is destroyed. <br><br><strong><a href=\'$url\'>Click here to access your secure content</a></strong><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
// Add the intended recipient disclosure
$body .= "<br><br><em>This email and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify the sender and delete this email. Unauthorized use, disclosure, or distribution is prohibited.</em>";
$data = [ $data = [
[ [
'from' => $config_mail_from_email, 'from' => $config_mail_from_email,

29
guest_view_item.php
View File

@ -69,10 +69,12 @@ if ($row['item_active'] !== "1" || ($row['item_view_limit'] > 0 && $row['item_vi
$item_type = nullable_htmlentities($row['item_type']); $item_type = nullable_htmlentities($row['item_type']);
$item_related_id = intval($row['item_related_id']); $item_related_id = intval($row['item_related_id']);
$item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']); $item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']);
$item_recipient = nullable_htmlentities($row['item_recipient']);
$item_note = nullable_htmlentities($row['item_note']); $item_note = nullable_htmlentities($row['item_note']);
$item_views = intval($row['item_views']); $item_views = intval($row['item_views']);
$item_view_limit = intval($row['item_view_limit']);
$item_created = nullable_htmlentities($row['item_created_at']); $item_created = nullable_htmlentities($row['item_created_at']);
$item_expire = nullable_htmlentities($row['item_expire_at']); $item_expire = date('Y-m-d h:i A', strtotime($row['item_expire_at']));
$client_id = intval($row['item_client_id']); $client_id = intval($row['item_client_id']);
?> ?>
@ -86,8 +88,24 @@ $client_id = intval($row['item_client_id']);
?> ?>
<div class="card mt-2"> <div class="card mt-2">
<div class="card-header bg-dark">
<div class="card-title">
<h5><small>Secure Message intended for:</small><br><strong><?php echo $item_recipient ?></strong></h5>
</div>
<div class="card-tools">
<div>
<?php echo "Views: $item_views / <strong>$item_view_limit</strong>"; ?>
</div>
<div>
<?php echo "Expires: <strong>$item_expire</strong>"; ?>
</div>
</div>
</div>
<div class="card-body"> <div class="card-body">
<?php <?php
if ($item_type == "Document") { if ($item_type == "Document") {
@ -105,7 +123,7 @@ if ($item_type == "Document") {
$doc_title_escaped = sanitizeInput($doc_row['document_name']); $doc_title_escaped = sanitizeInput($doc_row['document_name']);
$doc_content = $purifier->purify($doc_row['document_content']); $doc_content = $purifier->purify($doc_row['document_content']);
echo "<h2>$doc_title</h2>"; echo "<h3>$doc_title</h3>";
echo $doc_content; echo $doc_content;
// Update document view count // Update document view count
@ -176,7 +194,7 @@ if ($item_type == "Document") {
?> ?>
<h4><?php echo $login_name; ?></h4> <h5><?php echo $login_name; ?></h5>
<table class="table col-md-3"> <table class="table col-md-3">
<tr> <tr>
<th>URL</th> <th>URL</th>
@ -235,6 +253,11 @@ if ($item_type == "Document") {
?> ?>
<hr>
<em>
This message and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify us immediately with the contact info below. Unauthorized use, disclosure, or distribution is prohibited.
</em>
</div> </div>
<div class="card-footer"> <div class="card-footer">
<?php echo "<i class='fas fa-phone fa-fw mr-2'></i>$company_phone | <i class='fas fa-globe fa-fw mr-2 ml-2'></i>$company_website"; ?> <?php echo "<i class='fas fa-phone fa-fw mr-2'></i>$company_phone | <i class='fas fa-globe fa-fw mr-2 ml-2'></i>$company_website"; ?>