set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); $purifier = new HTMLPurifier($purifier_config); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); $row = mysqli_fetch_array($sql); $company_name = nullable_htmlentities($row['company_name']); $company_address = nullable_htmlentities($row['company_address']); $company_city = nullable_htmlentities($row['company_city']); $company_state = nullable_htmlentities($row['company_state']); $company_zip = nullable_htmlentities($row['company_zip']); $company_phone = formatPhoneNumber($row['company_phone']); $company_email = nullable_htmlentities($row['company_email']); $company_website = nullable_htmlentities($row['company_website']); $company_logo = nullable_htmlentities($row['company_logo']); $company_locale = nullable_htmlentities($row['company_locale']); $config_invoice_footer = nullable_htmlentities($row['config_invoice_footer']); //Set Currency Format $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); ?> Incorrect URL."; include "guest_footer.php"; exit(); } $item_id = intval($_GET['id']); $item_key = sanitizeInput($_GET['key']); $sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = $item_id AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1"); $row = mysqli_fetch_array($sql); // Check we got a result if (mysqli_num_rows($sql) !== 1 || !$row) { echo "
No item to view. Check with the person that sent you this link to ensure it is correct and has not expired.
"; include "guest_footer.php"; exit(); } // Check item share is active & hasn't been viewed too many times but allow 0 views as that is consider infinite views if ($row['item_active'] !== "1" || ($row['item_view_limit'] > 0 && $row['item_views'] >= $row['item_view_limit'])) { echo "
Item cannot be viewed at this time. Check with the person that sent you this link to ensure it is correct and has not expired.
"; include "guest_footer.php"; exit(); } // If we got here, we have valid information $item_type = nullable_htmlentities($row['item_type']); $item_related_id = intval($row['item_related_id']); $item_encrypted_credential = nullable_htmlentities($row['item_encrypted_credential']); $item_recipient = nullable_htmlentities($row['item_recipient']); $item_note = nullable_htmlentities($row['item_note']); $item_views = intval($row['item_views']); $item_view_limit = intval($row['item_view_limit']); $item_created = nullable_htmlentities($row['item_created_at']); $item_expire = date('Y-m-d h:i A', strtotime($row['item_expire_at'])); $client_id = intval($row['item_client_id']); ?> <?=nullable_htmlentities($company_name)?> logo"> $company_name"; } ?>
Secure Message intended for:
$item_view_limit"; ?>
$item_expire"; ?>
Error retrieving document to view.
"; require_once "guest_footer.php"; exit(); } $doc_title = nullable_htmlentities($doc_row['document_name']); $doc_title_escaped = sanitizeInput($doc_row['document_name']); $doc_content = $purifier->purify($doc_row['document_content']); echo "

$doc_title

"; echo $doc_content; // Update document view count $new_item_views = $item_views + 1; mysqli_query($mysqli, "UPDATE shared_items SET item_views = $new_item_views WHERE item_id = $item_id"); // Logging $name = mysqli_real_escape_string($mysqli, $doc_title); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type $doc_title_escaped via link', log_client_id = $client_id, log_ip = '$ip', log_user_agent = '$user_agent'"); } elseif ($item_type == "File") { $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = $item_related_id AND file_client_id = $client_id LIMIT 1"); $file_row = mysqli_fetch_array($file_sql); if (mysqli_num_rows($file_sql) !== 1 || !$file_row) { echo "
Error retrieving file.
"; include "guest_footer.php"; exit(); } $file_name = nullable_htmlentities($file_row['file_name']); echo "

A file has been shared with you

"; if (!empty($item_note)) { echo "

Note: $item_note

"; } echo "Download $file_name"; } elseif ($item_type == "Login") { $encryption_key = $_GET['ek']; $login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = $item_related_id AND login_client_id = $client_id LIMIT 1"); $login_row = mysqli_fetch_array($login_sql); if (mysqli_num_rows($login_sql) !== 1 || !$login_row) { echo "
Error retrieving login.
"; include "guest_footer.php"; exit(); } $login_id = intval($login_row['login_id']); $login_name = nullable_htmlentities($login_row['login_name']); $login_uri = nullable_htmlentities($login_row['login_uri']); $username_iv = substr($row['item_encrypted_username'], 0, 16); $username_ciphertext = substr($row['item_encrypted_username'], 16); $login_username = nullable_htmlentities(openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key, 0, $username_iv)); $password_iv = substr($row['item_encrypted_credential'], 0, 16); $password_ciphertext = substr($row['item_encrypted_credential'], 16); $login_password = nullable_htmlentities(openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key, 0, $password_iv)); $login_otp = nullable_htmlentities($login_row['login_otp_secret']); $login_otp_secret = nullable_htmlentities($login_row['login_otp_secret']); $login_id_with_secret = '"' . $login_row['login_id'] . '","' . $login_row['login_otp_secret'] . '"'; if (empty($login_otp_secret)) { $otp_display = "-"; } else { $otp_display = " Hover.."; } $login_notes = nullable_htmlentities($login_row['login_note']); ?>
URL
Username
Password
2FA (TOTP)
This message and any attachments are confidential and intended for the specified recipient(s) only. If you are not the intended recipient, please notify us immediately with the contact info below. Unauthorized use, disclosure, or distribution is prohibited.
$company_phone | $company_website"; ?>