AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Show shared item (doc/file/login) name in logs when generating a share link

This commit is contained in:
Marcus Hill 2022-05-07 17:08:05 +01:00
parent b2c0994577
commit d900a7d341
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ajax.php
View File

@ -236,6 +236,8 @@ if(isset($_GET['share_generate_link'])){
exit();
}
$item_encrypted_credential = ''; // Default empty
$client_id = intval($_GET['client_id']);
$item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
$item_id = intval($_GET['id']);
@ -244,10 +246,23 @@ if(isset($_GET['share_generate_link'])){
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = keygen();
if($item_type == "Document"){
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
$item_name = $row['document_name'];
}
if($item_type == "File"){
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
$item_name = $row['file_name'];
}
if($item_type == "Login"){
$login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$row = mysqli_fetch_array($login);
$item_name = $row['login_name'];
// Decrypt & re-encrypt password for sharing
$login_password_cleartext = decryptLoginEntry($row['login_password']);
$login_encryption_key = keygen();
$iv = keygen();
@ -255,9 +270,6 @@ if(isset($_GET['share_generate_link'])){
$item_encrypted_credential = $iv . $ciphertext;
}
else{
$item_encrypted_credential = '';
}
// Insert entry into DB
$sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
@ -273,7 +285,7 @@ if(isset($_GET['share_generate_link'])){
echo json_encode($url);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
}