Improve share features: default modal to 1, cleanup expired/used links

2026-02-28 02:44:53 +00:00 · 2022-04-02 15:37:17 +01:00
parent cf739accc9
commit cab2cc923a
4 changed files with 58 additions and 48 deletions
--- a/ajax.php
+++ b/ajax.php
@@ -194,4 +194,49 @@ if(isset($_GET['ticket_query_views'])){
    $response['message'] = "";
  }
  echo json_encode($response);
+}
+
+/*
+ * Generates public/guest links for sharing logins/docs
+ */
+if(isset($_GET['share_generate_link'])){
+  $client_id = intval($_GET['client_id']);
+  $item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
+  $item_id = intval($_GET['id']);
+  $item_note = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['note'])));
+  $item_view_limit = intval($_GET['views']);
+  $item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
+  $item_key = keygen();
+
+  if($item_type == "Login"){
+    $login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
+    $row = mysqli_fetch_array($login);
+
+    $login_password_cleartext = decryptLoginEntry($row['login_password']);
+    $login_encryption_key = keygen();
+    $iv = keygen();
+    $ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
+
+    $item_encrypted_credential = $iv . $ciphertext;
+  }
+  else{
+    $item_encrypted_credential = '';
+  }
+
+  // Insert entry into DB
+  $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
+  $share_id = $mysqli->insert_id;
+
+  // Return URL
+  if($item_type == "Login"){
+    $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
+  }
+  else{
+    $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
+  }
+  echo json_encode($url);
+
+  // Logging
+  mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
 }