AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-07 14:24:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Finished up santizeInput Conv and UI updates

Browse Source
This commit is contained in:
johnnyq
2023-02-23 16:09:37 -05:00
parent 2b50302cf9
commit f7552cd25a
179 changed files with 1572 additions and 1349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
guest_download_file.php
View File

@@ -3,14 +3,14 @@
require_once("config.php");
require_once("functions.php");
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli, getIP())));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$ip = sanitizeInput(getIP());
$user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
if (isset($_GET['id']) && isset($_GET['key'])) {
$item_id = intval($_GET['id']);
$item_key = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['key'])));
$item_key = sanitizeInput($_GET['key']);
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = '$item_id' AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1");
$row = mysqli_fetch_array($sql);
// Check result
@@ -28,8 +28,8 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
exit("Item cannot be viewed at this time.");
}
$item_related_id = $row['item_related_id'];
$client_id = $row['item_client_id'];
$item_related_id = intval($row['item_related_id']);
$client_id = intval($row['item_client_id']);
if (empty($row['item_views'])) {
$item_views = 0;
@@ -37,18 +37,18 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
$item_views = intval($row['item_views']);
}
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1");
$file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1");
$file_row = mysqli_fetch_array($file_sql);
if (mysqli_num_rows($file_sql) !== 1 || !$file_row) {
exit("No file.");
}
$file_name = strip_tags(mysqli_real_escape_string($mysqli, $file_row['file_name']));
$file_ext = $file_row['file_ext'];
$file_reference_name = $file_row['file_reference_name'];
$client_id = $file_row['file_client_id'];
$company_id = $file_row['company_id'];
$file_name = sanitizeInput($file_row['file_name']);
$file_ext = sanitizeInput($file_row['file_ext']);
$file_reference_name = sanitizeInput($file_row['file_reference_name']);
$client_id = intval($file_row['file_client_id']);
$company_id = intval($file_row['company_id']);
$file_path = "uploads/clients/$company_id/$client_id/$file_reference_name";
// Display file as download
@@ -59,9 +59,9 @@ if (isset($_GET['id']) && isset($_GET['key'])) {
// Update file view count
$new_item_views = $item_views + 1;
mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'");
mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id");
// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Downloaded shared file $file_name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1");
}