Guest sharing

Incorrect URL."; include("guest_footer.php"); exit(); } $item_id = intval($_GET['id']); $item_key = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['key']))); $sql = mysqli_query($mysqli, "SELECT * FROM shared_items WHERE item_id = '$item_id' AND item_key = '$item_key' AND item_expire_at > NOW() LIMIT 1"); $row = mysqli_fetch_array($sql); // Check we got a result if(mysqli_num_rows($sql) !== 1 || !$row){ echo "

No item to view. Check with the person that sent you this link to ensure it is correct and has not expired.

"; include("guest_footer.php"); exit(); } // Check item share is active & hasn't been viewed too many times if($row['item_active'] !== "1" || $row['item_views'] >= $row['item_view_limit']){ echo "

Item cannot be viewed at this time. Check with the person that sent you this link to ensure it is correct and has not expired.

"; include("guest_footer.php"); exit(); } // If we got here, we have valid information echo "

You may only be able to view this information for a limited time! Be sure to copy/download what you need.

"; $item_type = htmlentities($row['item_type']); $item_related_id = $row['item_related_id']; $item_encrypted_credential = htmlentities($row['item_encrypted_credential']); $item_note = htmlentities($row['item_note']); $item_views = intval($row['item_views']); $item_created = $row['item_created_at']; $item_expire = $row['item_expire_at']; $client_id = $row['item_client_id']; if($item_type == "Document"){ $doc_sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$item_related_id' AND document_client_id = '$client_id' LIMIT 1"); $doc_row = mysqli_fetch_array($doc_sql); if(mysqli_num_rows($doc_sql) !== 1 || !$doc_row){ echo "

Error retrieving document to view.

"; include("guest_footer.php"); exit(); } $doc_title = htmlentities($doc_row['document_name']); $doc_content = $doc_row['document_content']; echo "

A document has been shared with you

"; if(!empty($item_note)){ echo "

Note: $item_note

"; } echo "
"; echo "

$doc_title

"; echo $doc_content; // Update document view count $new_item_views = $item_views + 1; mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'"); // Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'"); }elseif($item_type == "File"){ $file_sql = mysqli_query($mysqli, "SELECT * FROM files WHERE file_id = '$item_related_id' AND file_client_id = '$client_id' LIMIT 1"); $file_row = mysqli_fetch_array($file_sql); if(mysqli_num_rows($file_sql) !== 1 || !$file_row){ echo "

Error retrieving file.

"; include("guest_footer.php"); exit(); } $file_name = htmlentities($file_row['file_name']); echo "

A file has been shared with you

"; if(!empty($item_note)){ echo "

Note: $item_note

"; } echo "Download $file_name"; }elseif($item_type == "Login"){ $encryption_key = $_GET['ek']; $login_sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$item_related_id' AND login_client_id = '$client_id' LIMIT 1"); $login_row = mysqli_fetch_array($login_sql); if(mysqli_num_rows($login_sql) !== 1 || !$login_row){ echo "

Error retrieving login.

"; include("guest_footer.php"); exit(); } $login_name = htmlentities($login_row['login_name']); $login_uri = htmlentities($login_row['login_uri']); $login_username = htmlentities($login_row['login_username']); $login_iv = substr($row['item_encrypted_credential'], 0, 16); $login_ciphertext = substr($row['item_encrypted_credential'], 16); $login_password = openssl_decrypt($login_ciphertext, 'aes-128-cbc', $encryption_key,0, $login_iv); $login_otp = $login_row['login_otp_secret']; $login_notes = htmlentities($login_row['login_note']); echo "

A login entry has been shared with you

"; if(!empty($item_note)){ echo "

Note: $item_note

"; } echo "
"; echo "

Name: $login_name

"; echo "

URL: $login_uri

"; echo "

Username: $login_username

"; echo "

Password: $login_password

"; echo "

OTP: $login_otp

"; echo "

Notes: $login_notes

"; // Update login view count $new_item_views = $item_views + 1; mysqli_query($mysqli, "UPDATE shared_items SET item_views = '$new_item_views' WHERE item_id = '$item_id'"); // Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'View', log_description = 'Viewed shared $item_type via link - Item ID: $item_id', log_client_id = '$client_id', log_created_at = NOW(), log_ip = '$ip', log_user_agent = '$user_agent', company_id = '1'"); } echo "

"; echo $config_app_name; include("guest_footer.php");