Location: PHPKode > projects > Ptk-forensics > ptk/lib/get_bookmarks.php
<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("check_session_image.php");
include("lib_std.php");
include("sanitize.php");
include("loggerClass.php");
$token = sanitize(RemoveXSS($_GET['tk']),PARANOID);

if (isset($_SESSION['bk_bro_token']) && (strcmp($_SESSION['bk_bro_token'],$token)==0 )){
$tag = RemoveXSS(sanitize_tag($_GET['arg1']));
if (isset($_GET['arg2'])){
	$part_id = preg_replace("/[^0-9\,]/", "",$_GET['arg2']);
}else{
        $part_id = 0;
}

$bm = get_bookmarks($_SESSION['case_id'], $_SESSION['user'], $part_id, $tag); 
?>
<table class="file">
	<th>User</th><th>Name</th><th>Description</th><th>Type</th><th style="width:40px"></th>
	<?for($i=0; $i<sizeof($bm); $i++){
			$id_bk = sanitize($bm[$i]['id'],INT);
			$offset = sanitize(get_partition_offset_from_id($bm[$i]['id_partition']),INT);
			$title = htmlspecialchars(RemoveXSS($bm[$i]['title']));
			if(preg_match("/\(deleted\)/", $title)){
				$nm = preg_replace("/\(deleted\)/", "", $title);	
				$del = "yes";
			}else{
				$nm = $title;
				$del = "no";
			}			
			$description = sanitize(RemoveXSS(stripslashes($bm[$i]['description'])),PARANOID);
			$type = sanitize(get_bookmark_type($bm[$i]['type']),PARANOID); 
			$reference = sanitize($bm[$i]['reference'],PARANOID);
			if($bm[$i]['type']==1){
				$timeline = file_info_timeline($reference, '');				
				$file = file_info_timeline($reference, $timeline['id_file']);
				$reference = $file['inode'];
			}				
			
			if($del=='yes'){
				echo "<tr style='color: #FF0000' onmouseover='showPanel($i)' onmouseout='hidePanel($i)'>";
			}else{
				echo "<tr onmouseover='showPanel($i)' onmouseout='hidePanel($i)'>";
			}			
			echo "<td>".$bm[$i]['user']."</td>";
			if(strpos($title, "Keyword live:") !== false) {				
				echo "<td style='height:22px'><u style='cursor:pointer' onclick=\"displayMessage('modal_live_file_content.php?arg1=$offset&arg2=$reference', '800', '500');return false;\">$nm</u></td>";
			}else{
				if($bm[$i]['type']==6 || $bm[$i]['type']==7){
					echo "<td style='height:22px'><u style='cursor:pointer' onclick=\"displayMessage('modal_file_content_bookmark.php?arg1=$offset&arg2=".$bm[$i]['id']."&arg3=$id_bk', '800', '500');return false;\">$nm</u></td>";
				}else{
					echo "<td style='height:22px'><u style='cursor:pointer' onclick=\"displayMessage('modal_file_content_bookmark.php?arg1=$offset&arg2=$reference&arg3=$id_bk', '800', '500');return false;\">$nm</u></td>";
				}
			}
			$bk_tk = md5(uniqid(rand(), TRUE));
			$_SESSION['bk_token'] = $bk_tk;

			echo "<td>$description</td>";
			echo "<td>$type</td>";
			echo "<td>";
			echo "<div id='panel$i' style='display:none; text-align:center; width:40px'>";
			echo "<img style='cursor:pointer' src='../img/edit.png' title='Edit bookmark' onclick=\"displayMessage('modal_edit_bookmark.php?tk=".$token."&id=".$bm[$i]['id']."&tag=".urlencode($tag)."&part_id=$part_id', '340', '250');return false\">&nbsp;";
			echo "<img style='cursor:pointer' src='../img/remove_bookmark.png' title='Delete bookmark' onclick=\"confirmSubmit(); ajax_request('delete_bookmark.php?arg3=".$bm[$i]['id']."', ''); ajax_request('get_bookmarks.php?tk=".$token."&arg1=".urlencode($tag)."&arg2=$part_id', 'container_right')\">";
			echo "</div>";			
			echo "</td>";
			echo "</tr>";
	}?>
</table>
<?}else{
	new AuditLog('Unauthorized access to get_bookmarks '.sanitize_tag(RemoveXSS($_GET['arg1'])));
	header("location: goto_home.php");
}?>
Return current item: Ptk-forensics