check_image_integrity.php at Ptk-forensics

<?php
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("sanitize.php");
include("lib_std.php");
include ("../config/conf.php");

if (isset($_SESSION['check_token']) && strcmp($_SESSION['check_token'],$_GET['tk'])==0){
  $conn = mysql_connect($db_host, $db_user, $db_password)
  or die ("Error connecting to database");
  mysql_select_db($db_name);

  $image_id = sanitize($_GET['id'],INT);
  $type = sanitize($_GET['type'],INT);

  $image = image_info($image_id);
  $path = $image['image_path'];
  $date = date('Y-m-d H:i:s');

  $path = sanitize($path,PARANOID);

  switch($type){
	case '0':
		$md5 = shell_exec("cat $path |  $md5_bin");
		$update = mysql_query("UPDATE images SET image_md5='$md5' WHERE id='$image_id'");
		$md5 = substr($md5, 0, 32);
		echo $md5;
		break;
		
	case '1':
		$md5 = shell_exec("cat $path |  $md5_bin");
		$update = mysql_query("UPDATE images SET image_md5_check='$date' WHERE id='$image_id'");
		$md5 = substr($md5, 0, 32);
		echo $md5;
		break;
		
	case '2':
		$sha1 = shell_exec("cat $path |  $sha1_bin");
		$update = mysql_query("UPDATE images SET image_sha1='$sha1' WHERE id='$image_id'");
		$sha1 = substr($sha1, 0, 40);
		echo $sha1;
		break;		
		
	case '3':
		$sha1 = shell_exec("cat $path |  $sha1_bin");
		$update = mysql_query("UPDATE images SET image_sha1_check='$date' WHERE id='$image_id'");
		$sha1 = substr($sha1, 0, 40);
		echo $sha1;
		break;		
  }
}else{
	new AuditLog('Unauthorized access to check_image_integrity');
	header("location: goto_home.php");
}