AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve share features: default modal to 1, cleanup expired/used links

This commit is contained in:
Marcus Hill 2022-04-02 15:37:17 +01:00
parent cf739accc9
commit cab2cc923a
4 changed files with 58 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
ajax.php
View File

@ -194,4 +194,49 @@ if(isset($_GET['ticket_query_views'])){
$response['message'] = "";
}
echo json_encode($response);
}
/*
* Generates public/guest links for sharing logins/docs
*/
if(isset($_GET['share_generate_link'])){
$client_id = intval($_GET['client_id']);
$item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
$item_id = intval($_GET['id']);
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
$item_view_limit = intval($_GET['views']);
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = keygen();
if($item_type == "Login"){
$login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$row = mysqli_fetch_array($login);
$login_password_cleartext = decryptLoginEntry($row['login_password']);
$login_encryption_key = keygen();
$iv = keygen();
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
$item_encrypted_credential = $iv . $ciphertext;
}
else{
$item_encrypted_credential = '';
}
// Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
$share_id = $mysqli->insert_id;
// Return URL
if($item_type == "Login"){
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
}
else{
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
}
echo json_encode($url);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
}

8
cron.php
View File

@ -48,7 +48,7 @@ while($row = mysqli_fetch_array($sql_companies)){
if($config_backup_enable == 1){
// DATABASE BACKUP
// This needs to be set to the full file sytem path or else when cron runs php it will break cron.php and cron will not run properly
// This needs to be set to the full file system path or else when cron runs php it will break cron.php and cron will not run properly
//$backup_dir = "backups/";
$backup_dir = "$config_backup_path/";
@ -265,6 +265,12 @@ while($row = mysqli_fetch_array($sql_companies)){
// Clean-up ticket views table used for collision detection
mysqli_query($mysqli, "TRUNCATE TABLE ticket_views");
// Clean-up shared items that have been used
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_views = item_view_limit");
// Clean-up shared items that have expired
mysqli_query($mysqli, "DELETE FROM shared_items WHERE item_expire_at < NOW()");
// PAST DUE INVOICE Notifications
//$invoiceAlertArray = [$config_invoice_overdue_reminders];
$invoiceAlertArray = [30,60,90,120,150,180,210,240,270,300,330,360,390,420,450,480,510,540,570,590,620];

43
post.php
View File

@ -1456,6 +1456,7 @@ if(isset($_GET['delete_client'])){
mysqli_query($mysqli,"DELETE FROM vendors WHERE vendor_client_id = $client_id");
mysqli_query($mysqli,"DELETE FROM client_tags WHERE client_id = $client_id");
mysqli_query($mysqli,"DELETE FROM scheduled_tickets WHERE scheduled_ticket_client_id = $client_id");
mysqli_query($mysqli,"DELETE FROM shared_items WHERE item_client_id = $client_id");
$sql = mysqli_query($mysqli,"SELECT recurring_id FROM recurring WHERE recurring_client_id = $client_id");
while($row = mysqli_fetch_array($sql)){
@ -1516,48 +1517,6 @@ if(isset($_GET['delete_client'])){
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_GET['share_generate_link'])){
$client_id = intval($_GET['client_id']);
$item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
$item_id = intval($_GET['id']);
$item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
$item_view_limit = intval($_GET['views']);
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = keygen();
if($item_type == "Login"){
$login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$row = mysqli_fetch_array($login);
$login_password_cleartext = decryptLoginEntry($row['login_password']);
$login_encryption_key = keygen();
$iv = keygen();
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
$item_encrypted_credential = $iv . $ciphertext;
}
else{
$item_encrypted_credential = '';
}
// Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
$share_id = $mysqli->insert_id;
// Return URL
if($item_type == "Login"){
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
}
else{
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
}
echo json_encode($url);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
}
if(isset($_POST['add_calendar'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));

10
share_modal.php
View File

@ -15,13 +15,13 @@
// Check values are provided
if(item_views && item_expires && item_note){
// Send a GET request to post.php as post.php?share_generate_link=true....
// Send a GET request to ajax.php as ajax.php?share_generate_link=true....
jQuery.get(
"post.php",
"ajax.php",
{share_generate_link: 'true', client_id: client_id, type: item_type, id: item_ref_id, note: item_note ,views: item_views, expires: item_expires},
function(data){
// If we get a response from post.php, parse it as JSON
// If we get a response from ajax.php, parse it as JSON
const response = JSON.parse(data);
document.getElementById("share_link_header").hidden = false;
@ -44,13 +44,13 @@
<div class="modal-body bg-white">
<h2>Get Share URL</h2>
<form action="post.php" method="GET" id="newShareLink">
<form action="ajax.php" method="GET" id="newShareLink">
<input type="hidden" name="client_id" id="share_client_id" value="">
<input type="hidden" name="item_type" id="share_item_type" value="">
<input type="hidden" name="item_ref_id" id="share_item_ref_id" value="">
<div class="form-group">
<label for="views">Number of views allowed <strong class="text-danger">*</strong></label>
<input type="number" class="form-control" name="views" id="share_views" placeholder="Views before link expires" required autofocus>
<input type="number" class="form-control" name="views" id="share_views" placeholder="Views before link expires" value="1" required autofocus>
</div>
<div class="form-group">
<label for="views">Link Expiry date <strong class="text-danger">*</strong></label>