AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add document sharing via link #315

This commit is contained in:
Marcus Hill 2022-02-19 20:02:14 +00:00
parent 6b98035812
commit 6f6f5a0217
7 changed files with 306 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client_contact_edit_modal.php
View File

@ -103,7 +103,7 @@
<option value="">- Location -</option>
<?php
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE (location_archived_at > '$network_created_at' OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC");
$sql_locations = mysqli_query($mysqli,"SELECT * FROM locations WHERE (location_archived_at > NOW() OR location_archived_at IS NULL) AND location_client_id = $client_id ORDER BY location_name ASC");
while($row = mysqli_fetch_array($sql_locations)){
$location_id_select = $row['location_id'];
$location_name_select = $row['location_name'];

4
client_documents.php
View File

@ -165,6 +165,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editDocumentModal<?php echo $document_id; ?>">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#shareModal" onclick="populateShareModal(<?php echo "$client_id, 'Document', $document_id"; ?>)">Share</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="post.php?delete_document=<?php echo $document_id; ?>">Delete</a>
</div>
@ -187,5 +188,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
</div>
</div>
<?php include("share_modal.php"); ?>
<?php include("client_document_add_modal.php"); ?>
<?php include("client_document_tags_modal.php"); ?>
<?php include("client_document_tags_modal.php"); ?>

64
guest_download_file.php Normal file
View File

@ -0,0 +1,64 @@
<?php
include("config.php");
include("functions.php");
if(isset($_GET['id']) AND isset($_GET['key'])){
$item_id = intval($_GET['id']);
$item_key = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['key'])));
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = '$item_id' AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
// Check result
if(mysqli_num_rows($sql) !== 1 OR !$row){
exit("No file.");
}
// Check it is a file
if($row['item_type'] !== "File"){
exit("Bad item type.");
}
// Check item share is active & hasn't been viewed too many times
if($row['item_active'] !== "1" OR $row['item_views'] >= $row['item_view_limit']){
exit("Item cannot be viewed at this time.");
}
$item_related_id = $row['item_related_id'];
$client_id = $row['item_client_id'];
if(empty($row['item_views'])){
$item_views = 0;
}
else {
$item_views = intval($row['item_views']);
}
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if(mysqli_num_rows($file_sql) !== 1 OR !$file_row){
exit("No file.");
}
$file_name = $file_row['file_name'];
$file_ext = $file_row['file_ext'];
$file_reference_name = $file_row['file_reference_name'];
$client_id = $file_row['file_client_id'];
$company_id = $file_row['company_id'];
$file_path = "uploads/clients/$company_id/$client_id/$file_reference_name";
// Display file as download
$mime_type = mime_content_type($file_path);
header('Content-type: '.$mime_type);
header('Content-Disposition: attachment; filename=download.' .$file_ext);
readfile($file_path);
// Update file view count & logging
$new_item_views = $item_views + 1;
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
}

4
guest_header.php
View File

@ -6,10 +6,6 @@
?>
<!DOCTYPE html>
<!--
This is a starter template page. Use this page to start your new project from
scratch. This page gets rid of all links and provides the needed markup only.
-->
<html lang="en">
<head>
<meta charset="utf-8">

138
guest_view_item.php Normal file
View File

@ -0,0 +1,138 @@
<?php
header('Expires: Sun, 01 Jan 2014 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
include("guest_header.php"); ?>
<h1> <?php echo $config_app_name ?> Guest sharing </h1>
<hr>
<?php
if(!isset($_GET['id']) OR !isset($_GET['key'])){
echo "<div class=\"alert alert-danger\" role=\"alert\">Incorrect URL.</div>";
include("guest_footer.php");
exit();
}
$item_id = intval($_GET['id']);
$item_key = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['key'])));
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = '$item_id' AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
// Check we got a result
if(mysqli_num_rows($sql) !== 1 OR !$row){
echo "<div class=\"alert alert-danger\" role=\"alert\">No item to view. Check with the person that sent you this link to ensure it is correct and has not expired.</div>";
include("guest_footer.php");
exit();
}
// Check item share is active & hasn't been viewed too many times
if($row['item_active'] !== "1" OR $row['item_views'] >= $row['item_view_limit']){
echo "<div class=\"alert alert-danger\" role=\"alert\">Item cannot be viewed at this time. Check with the person that sent you this link to ensure it is correct and has not expired.</div>";
include("guest_footer.php");
exit();
}
// If we got here, we have valid information
echo "<div class=\"alert alert-warning\" role=\"alert\">You may only be able to view this information for a limited time! Be sure to copy/download what you need.</div>";
$item_type = $row['item_type'];
$item_related_id = $row['item_related_id'];
$item_encrypted_credential = $row['item_encrypted_credential'];
$item_note = $row['item_note'];
$item_views = intval($row['item_views']);
$item_created = $row['item_created_at'];
$item_expire = $row['item_expire_at'];
$item_client_id = $row['item_client_id'];
if($item_type == "Document"){
$doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$item_client_id' LIMIT 1");
$doc_row = mysqli_fetch_array($doc_sql);
if(mysqli_num_rows($doc_sql) !== 1 OR !$doc_row){
echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving document to view.</div>";
include("guest_footer.php");
exit();
}
$doc_title = $doc_row['document_name'];
$doc_content = $doc_row['document_content'];
echo "<h3>$doc_title has been shared with you</h3>";
if(!empty($item_note)){
echo "<p class=\"lead\">$item_note</p>";
}
echo "<br>";
echo $doc_content;
// Update file view count
$new_item_views = $item_views + 1;
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
// Logging // TODO: Need to add IP, etc.
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Viewed', log_description = 'Viewed shared $item_type link - Item ID: $item_id', log_client_id = '$item_client_id', log_created_at = NOW(), company_id = '1'");
}
elseif($item_type == "File"){
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$item_client_id' LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if(mysqli_num_rows($file_sql) !== 1 OR !$file_row){
echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving file.</div>";
include("guest_footer.php");
exit();
}
$file_name = $file_row['file_name'];
echo "<h3>$file_name has been shared with you</h3>";
if(!empty($item_note)){
echo "<p class=\"lead\">$item_note</p>";
}
echo "<a href=\"guest_download_file.php?id=$item_id&key=$item_key\" download=\"$file_name;\">Download</a>";
}
elseif($item_type == "Login"){
$encryption_key = $_GET['ek'];
$login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$item_client_id' LIMIT 1");
$login_row = mysqli_fetch_array($login_sql);
if(mysqli_num_rows($login_sql) !== 1 OR !$login_row){
echo "<div class=\"alert alert-danger\" role=\"alert\">Error retrieving login.</div>";
include("guest_footer.php");
exit();
}
$login_name = $login_row['login_name'];
$login_uri = $login_row['login_uri'];
$login_username = $login_row['login_username'];
$login_iv = substr($row['item_encrypted_credential'], 0, 16);
$login_ciphertext = substr($row['item_encrypted_credential'], 16);
$login_password = openssl_decrypt($login_ciphertext, 'aes-128-cbc', $encryption_key,0, $login_iv);
$login_otp = $login_row['login_otp_secret'];
$login_notes = $login_row['login_note'];
echo "<h3>$login_name has been shared with you</h3>";
if(!empty($item_note)){
echo "<p class=\"lead\">$item_note</p>";
}
echo "<p>Name: $login_name</p>";
echo "<p>URL: $login_uri</p>";
echo "<p>Username: $login_username</p>";
echo "<p>Password: $login_password</p>";
echo "<p>OTP: $login_otp</p>";
echo "<p>Notes: $login_notes</p>";
}
echo "<hr>";
include("guest_footer.php");

22
post.php
View File

@ -1275,6 +1275,28 @@ if(isset($_GET['delete_client'])){
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['share_generate_link'])){
$client_id = intval($_GET['client_id']);
$item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
$item_id = intval($_GET['id']);
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
$item_view_limit = intval($_GET['views']);
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = keygen();
// Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_note = '$item_note', item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
$share_id = $mysqli->insert_id;
// Return URL
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
echo json_encode($url);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
}
if(isset($_POST['add_calendar'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));

78
share_modal.php Normal file
View File

@ -0,0 +1,78 @@
<script>
function populateShareModal(client_id, item_type, item_ref_id){
document.getElementById("share_client_id").value = client_id;
document.getElementById("share_item_type").value = item_type;
document.getElementById("share_item_ref_id").value = item_ref_id;
}
function generateShareLink(){
let client_id = document.getElementById("share_client_id").value;
let item_type = document.getElementById("share_item_type").value;
let item_ref_id = document.getElementById("share_item_ref_id").value;
let item_note = document.getElementById("share_note").value;
let item_views = document.getElementById("share_views").value;
let item_expires = document.getElementById("share_expires").value;
// Check values are provided
if(item_views && item_expires && item_note){
// Send a GET request to post.php as post.php?share_generate_link=true....
jQuery.get(
"post.php",
{share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires},
function(data){
// If we get a response from post.php, parse it as JSON
const response = JSON.parse(data);
document.getElementById("share_link_header").hidden = false;
document.getElementById("share_link").hidden = false;
document.getElementById("share_link").value = response;
}
);
}
}
</script>
<div class="modal" id="shareModal" tabindex="-1">
<div class="modal-dialog modal-md">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fa fa-fw fa-share"></i> Share</h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<div class="modal-body bg-white">
<h2>Get Share URL</h2>
<form action="post.php" method="GET" id="newShareLink">
<input type="hidden" name="client_id" id="share_client_id" value="">
<input type="hidden" name="item_type" id="share_item_type" value="">
<input type="hidden" name="item_ref_id" id="share_item_ref_id" value="">
<div class="form-group">
<label for="views">Number of views allowed <strong class="text-danger">*</strong></label>
<input type="number" class="form-control" name="views" id="share_views" placeholder="Views before link expires" required autofocus>
</div>
<div class="form-group">
<label for="views">Link Expiry date <strong class="text-danger">*</strong></label>
<input type="datetime-local" class="form-control" name="expires" id="share_expires" required autofocus>
</div>
<div class="form-group">
<label for="note">Note <strong class="text-danger">*</strong></label>
<input type="text" class="form-control" name="note" id="share_note" placeholder="Client visible note" required autofocus>
</div>
<button class="form-control" onclick="event.preventDefault(); generateShareLink()">Share</button>
</form>
<hr>
<h3 id="share_link_header" hidden>Share URL:</h3>
<input type="text" class="form-control" disabled id="share_link" hidden value="">
</div>
<div class="modal-footer bg-white">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>