set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); $purifier = new HTMLPurifier($purifier_config); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); $row = mysqli_fetch_array($sql); $company_name = nullable_htmlentities($row['company_name']); $company_address = nullable_htmlentities($row['company_address']); $company_city = nullable_htmlentities($row['company_city']); $company_state = nullable_htmlentities($row['company_state']); $company_zip = nullable_htmlentities($row['company_zip']); $company_phone = formatPhoneNumber($row['company_phone']); $company_email = nullable_htmlentities($row['company_email']); $company_website = nullable_htmlentities($row['company_website']); $company_logo = nullable_htmlentities($row['company_logo']); $company_locale = nullable_htmlentities($row['company_locale']); $config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']); //Set Currency Format $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); ?> Incorrect URL."; include "guest_footer.php"; exit(); } $item_id = intval($_GET['id']); $item_key = sanitizeInput($_GET['key']); $sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1"); $row = mysqli_fetch_array($sql); // Check we got a result if (mysqli_num_rows($sql) !== 1 || !$row) { echo "
No item to view. Check with the person that sent you this link to ensure it is correct and has not expired.
"; include "guest_footer.php"; exit(); } // Check item share is active & hasn't been viewed too many times but allow 0 views as that is consider infinite views if ($row['item_active'] !== "1" || ($row['item_view_limit'] > 0 && $row['item_views'] >= $row['item_view_limit'])) { echo "
Item cannot be viewed at this time. Check with the person that sent you this link to ensure it is correct and has not expired.
"; include "guest_footer.php"; exit(); } // If we got here, we have valid information $item_type = nullable_htmlentities($row['item_type']); $item_related_id = intval($row['item_related_id']); $item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']); $item_note = nullable_htmlentities($row['item_note']); $item_views = intval($row['item_views']); $item_created = nullable_htmlentities($row['item_created_at']); $item_expire = nullable_htmlentities($row['item_expire_at']); $client_id = intval($row['item_client_id']); ?> <?=nullable_htmlentities($company_name)?> logo"> $company_name"; } ?>
Error retrieving document to view.
"; require_once "guest_footer.php"; exit(); } $doc_title = nullable_htmlentities($doc_row['document_name']); $doc_title_escaped = sanitizeInput($doc_row['document_name']); $doc_content = $purifier->purify($doc_row['document_content']); echo "

$doc_title

"; echo $doc_content; // Update document view count $new_item_views = $item_views + 1; mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id"); // Logging $name = mysqli_real_escape_string($mysqli, $doc_title); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $doc_title_escaped via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'"); } elseif ($item_type == "File") { $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1"); $file_row = mysqli_fetch_array($file_sql); if (mysqli_num_rows($file_sql) !== 1 || !$file_row) { echo "
Error retrieving file.
"; include "guest_footer.php"; exit(); } $file_name = nullable_htmlentities($file_row['file_name']); echo "

A file has been shared with you

"; if (!empty($item_note)) { echo "

Note: $item_note

"; } echo "Download $file_name"; } elseif ($item_type == "Login") { $encryption_key = $_GET['ek']; $login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $item_related_id AND login_client_id = $client_id LIMIT 1"); $login_row = mysqli_fetch_array($login_sql); if (mysqli_num_rows($login_sql) !== 1 || !$login_row) { echo "
Error retrieving login.
"; include "guest_footer.php"; exit(); } $login_id = intval($login_row['login_id']); $login_name = nullable_htmlentities($login_row['login_name']); $login_uri = nullable_htmlentities($login_row['login_uri']); $username_iv = substr($row['item_encrypted_username'], 0, 16); $username_ciphertext = substr($row['item_encrypted_username'], 16); $login_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv)); $password_iv = substr($row['item_encrypted_credential'], 0, 16); $password_ciphertext = substr($row['item_encrypted_credential'], 16); $login_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv)); $login_otp = nullable_htmlentities($login_row['login_otp_secret']); $login_otp_secret = nullable_htmlentities($login_row['login_otp_secret']); $login_id_with_secret = '"' . $login_row['login_id'] . '","' . $login_row['login_otp_secret'] . '"'; if (empty($login_otp_secret)) { $otp_display = "-"; } else { $otp_display = " Hover.."; } $login_notes = nullable_htmlentities($login_row['login_note']); ?>

URL
Username
Password
2FA (TOTP)
$company_phone | $company_website"; ?>