From d900a7d341e69f4ad7dd94baff6d438c2e5d6434 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sat, 7 May 2022 17:08:05 +0100
Subject: [PATCH] Show shared item (doc/file/login) name in logs when
 generating a share link

---
 ajax.php | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/ajax.php b/ajax.php
index 26a33637..f5b90fe4 100644
--- a/ajax.php
+++ b/ajax.php
@@ -236,6 +236,8 @@ if(isset($_GET['share_generate_link'])){
     exit();
   }
 
+  $item_encrypted_credential = '';  // Default empty
+
   $client_id = intval($_GET['client_id']);
   $item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
   $item_id = intval($_GET['id']);
@@ -244,10 +246,23 @@ if(isset($_GET['share_generate_link'])){
   $item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
   $item_key = keygen();
 
+  if($item_type == "Document"){
+    $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
+    $item_name = $row['document_name'];
+  }
+
+  if($item_type == "File"){
+    $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
+    $item_name = $row['file_name'];
+  }
+
   if($item_type == "Login"){
-    $login = mysqli_query($mysqli, "SELECT login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
+    $login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
     $row = mysqli_fetch_array($login);
 
+    $item_name = $row['login_name'];
+
+    // Decrypt & re-encrypt password for sharing
     $login_password_cleartext = decryptLoginEntry($row['login_password']);
     $login_encryption_key = keygen();
     $iv = keygen();
@@ -255,9 +270,6 @@ if(isset($_GET['share_generate_link'])){
 
     $item_encrypted_credential = $iv . $ciphertext;
   }
-  else{
-    $item_encrypted_credential = '';
-  }
 
   // Insert entry into DB
   $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
@@ -273,7 +285,7 @@ if(isset($_GET['share_generate_link'])){
   echo json_encode($url);
 
   // Logging
-  mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+  mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
 
 }