Guest sharing

Incorrect URL."; include("guest_footer.php"); exit(); } $item_id = intval($_GET['id']); $item_key = sanitizeInput($_GET['key']); $sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1"); $row = mysqli_fetch_array($sql); // Check we got a result if (mysqli_num_rows($sql) !== 1 || !$row) { echo "

No item to view. Check with the person that sent you this link to ensure it is correct and has not expired.

"; include("guest_footer.php"); exit(); } // Check item share is active & hasn't been viewed too many times if ($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']) { echo "

Item cannot be viewed at this time. Check with the person that sent you this link to ensure it is correct and has not expired.

"; include("guest_footer.php"); exit(); } // If we got here, we have valid information echo "

You may only be able to view this information for a limited time! Be sure to copy/download what you need.

"; $item_type = htmlentities($row['item_type']); $item_related_id = intval($row['item_related_id']); $item_encrypted_credential = htmlentities($row['item_encrypted_credential']); $item_note = htmlentities($row['item_note']); $item_views = intval($row['item_views']); $item_created = htmlentities($row['item_created_at']); $item_expire = htmlentities($row['item_expire_at']); $client_id = intval($row['item_client_id']); if ($item_type == "Document") { $doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $item_related_id AND document_client_id = $client_id LIMIT 1"); $doc_row = mysqli_fetch_array($doc_sql); if (mysqli_num_rows($doc_sql) !== 1 || !$doc_row) { echo "

Error retrieving document to view.

"; require_once("guest_footer.php"); exit(); } $doc_title = htmlentities($doc_row['document_name']); $doc_content = $doc_row['document_content']; echo "

A document has been shared with you

"; if (!empty($item_note)) { echo "

Note: $item_note

"; } echo "
"; echo "

$doc_title

"; echo $doc_content; // Update document view count $new_item_views = $item_views + 1; mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id"); // Logging $name = mysqli_real_escape_string($mysqli, $doc_title); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent', company_id = 1"); } elseif ($item_type == "File") { $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1"); $file_row = mysqli_fetch_array($file_sql); if (mysqli_num_rows($file_sql) !== 1 || !$file_row) { echo "

Error retrieving file.

"; include("guest_footer.php"); exit(); } $file_name = htmlentities($file_row['file_name']); echo "

A file has been shared with you

"; if (!empty($item_note)) { echo "

Note: $item_note

"; } echo "Download $file_name"; } elseif ($item_type == "Login") { $encryption_key = $_GET['ek']; $login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $item_related_id AND login_client_id = $client_id LIMIT 1"); $login_row = mysqli_fetch_array($login_sql); if (mysqli_num_rows($login_sql) !== 1 || !$login_row) { echo "

Error retrieving login.

"; include("guest_footer.php"); exit(); } $login_name = htmlentities($login_row['login_name']); $login_uri = htmlentities($login_row['login_uri']); $username_iv = substr($row['item_encrypted_username'], 0, 16); $username_ciphertext = substr($row['item_encrypted_username'], 16); $login_username = openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv); $password_iv = substr($row['item_encrypted_credential'], 0, 16); $password_ciphertext = substr($row['item_encrypted_credential'], 16); $login_password = openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv); $login_otp = $login_row['login_otp_secret']; $login_notes = htmlentities($login_row['login_note']); echo "

A login entry has been shared with you

"; if (!empty($item_note)) { echo "

Note: $item_note

"; } echo "
"; echo "

Name: $login_name

"; echo "

URL: $login_uri

"; echo "

Username: $login_username

"; echo "

Password: $login_password

"; echo "

OTP: $login_otp

"; echo "

Notes: $login_notes

"; // Update login view count $new_item_views = $item_views + 1; mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id"); // Logging $name = sanitizeInput($login_row['login_name']); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $name via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$ua', company_id = 1"); } echo "

"; echo $config_app_name; require_once("guest_footer.php");