Location: PHPKode > projects > Ptk-forensics > ptk/lib/lib_std.php
<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("../config/config.inc.php");
$conn = mysql_connect($db_host, $db_user, $db_password)
or die ("Error connecting to database");
mysql_select_db($db_name);
/****************************************************************
Check int value
****************************************************************/
function check_is_int($integer, $min='', $max='')
{
  $int = intval($integer);
  if((($min != '') && ($int < $min)) || (($max != '') && ($int > $max)))
    return FALSE;
  return $int;
}
/****************************************************************
Log
****************************************************************/
function LogThis($string){
	 $timestamp = date('d/m/Y , H:i:s');
         $fp = fopen('../log/audit.log', 'a');
	 $message = $timestamp." , ".$_SESSION['user']." , ".$_SESSION['ip']." , ".$string."\n";
         fwrite($fp, $message);
}
/****************************************************************
List of all cases
****************************************************************/
function case_list(){
	$got = array();
	session_start();
	if($_SESSION['user']=='admin'){
		$query=mysql_query("SELECT * FROM cases ORDER BY id");
	}else{
		$user_id = user_id(mysql_real_escape_string($_SESSION['user']));
		$query=mysql_query("SELECT * FROM cases WHERE id IN (
		SELECT id_case FROM users_cases WHERE id_user = '$user_id' AND is_locked=0
		) 
		ORDER BY id");
	}
	while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
		array_push ($got, $line);
	}
	return $got;
}	
/****************************************************************
Check if user can load info
****************************************************************/
function user_can_load_this_case($id)
{
	if ($_SESSION['user'] == 'admin'){
		return true;
	}else{
	        $id = check_is_int($id);
		$query=mysql_query("SELECT COUNT(*) AS item FROM users_cases,users WHERE users_cases.is_locked=0 AND id_case=$id AND id_user=users.id AND users.username='".$_SESSION['user']."'");
	        $line = mysql_fetch_array($query, MYSQL_ASSOC);
		if ($line['item'] == 0){
//			LogThis($_SESSION['user'],)
	        	return false;
		}else{
			return true;
		}
	}
}
/****************************************************************
Check if user can load info
****************************************************************/
function user_can_load_this_image($id)
{
        if ($_SESSION['user'] == 'admin'){
                return true;
        }else{
                $id = check_is_int($id);
		$query=mysql_query("SELECT COUNT(*) AS item FROM images,users_cases,users WHERE images.id=$id AND users_cases.id_case=images.id_case AND users_cases.is_locked=0 AND users_cases.id_user=users.id AND users.username='".$_SESSION['user']."'");
                $line = mysql_fetch_array($query, MYSQL_ASSOC);
                if ($line['item'] == 0){
                        return false;
                }else{
                        return true;
                }
        }
}
/****************************************************************
Check if user can load info
****************************************************************/
function user_can_load_this_partition($id)
{
        if ($_SESSION['user'] == 'admin'){
                return true;
        }else{
                $id = check_is_int($id);
		$query=mysql_query("SELECT COUNT(*) AS item FROM partitions,images,users_cases,users WHERE partitions.id=$id AND partitions.id_image=images.id AND users_cases.id_case=images.id_case AND users_cases.id_user = users.id AND users_cases.is_locked=0 AND users.username='".$_SESSION['user']."'");
                $line = mysql_fetch_array($query, MYSQL_ASSOC);
                if ($line['item'] == 0){
                        return false;
                }else{
                        return true;
                }
        }
}
/****************************************************************
Check if user can load info
****************************************************************/
function user_can_load_this_timeline($id)
{
        if ($_SESSION['user'] == 'admin'){
                return true;
        }else{
                $id = check_is_int($id);
		$query=mysql_query("SELECT COUNT(*) AS item FROM timeline_files,partition_files,partitions,images,users_cases,users WHERE timeline_files.id=$id AND partition_files.id_partition=partitions.id AND partition_files.id=timeline_files.id_file AND partitions.id_image=images.id AND users_cases.id_case=images.id_case AND users_cases.id_user = users.id AND users_cases.is_locked=0 AND users.username='".$_SESSION['user']."'");
                $line = mysql_fetch_array($query, MYSQL_ASSOC);
                if ($line['item'] == 0){
                        return false;
                }else{
                        return true;
                }
        }
}
/****************************************************************
Single case informations
****************************************************************/
function case_info($id){
	$id = check_is_int($id);
	if (user_can_load_this_case($id) == true){
		$got = array();
		$query=mysql_query("SELECT * FROM cases WHERE id=$id");
		$line = mysql_fetch_array($query, MYSQL_ASSOC);
		return $line;	
	}
}
/****************************************************************
Case name from case id
****************************************************************/
function case_name_from_id($id){
	$id = check_is_int($id);
	if (user_can_load_this_case($id) == true){
		$got = array();
		$query=mysql_query("SELECT name FROM cases WHERE id=$id");
		$line = mysql_fetch_array($query, MYSQL_ASSOC);
		return $line['name'];	
	}
}
/****************************************************************
Case id from case name
****************************************************************/
function case_id_from_name($name){
	$name = mysql_real_escape_string($name);
	$got = array();
	$query = mysql_query("SELECT id FROM cases WHERE name='$name'");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
	if (user_can_load_this_case($line['id']) == true){
		return $line['id'];	
	}else{
		return 0;
	}
}
/****************************************************************
List of all application users
****************************************************************/
function user_list(){
	if($_SESSION['user']=='admin'){
		$got = array();
		$query=mysql_query("SELECT * FROM users");
		while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
			array_push ($got, $line);
		}
		return $got;
	}
}
/****************************************************************
Single user's informations
****************************************************************/
function user_info($id){
	$id = check_is_int($id);
	$got = array();
	$query=mysql_query("SELECT * FROM users WHERE id=$id");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
	if($_SESSION['user']=='admin'){
		return $line;	
	}else{
		if($line['username']==$_SESSION['user']){
			return $line;
		}
	}
}
/****************************************************************
Single user's id
****************************************************************/
function user_id($username){
	$got = array();
	$query=mysql_query("SELECT * FROM users WHERE username='$username'");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
 	if($_SESSION['user']=='admin'){
		return $line['id'];	
	}else{
        	if($line['username']==$_SESSION['user']){
                	return $line['id'];
                }
        }
}
/****************************************************************
Users not associated with a case
****************************************************************/
function user_case_available($caseID){
	if($_SESSION['user']=='admin'){
		$caseID = check_is_int($caseID);
		$got = array();
		$query=mysql_query(
			"SELECT * FROM users WHERE id NOT IN (
				SELECT id_user FROM users_cases
				WHERE id_case=$caseID
				AND is_locked<>1
			)
			AND username<>'admin'
			AND is_locked=0
		"
		);
		while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
			array_push ($got, $line);
		}
		return $got;
	}
}
/****************************************************************
Users associated with a case
****************************************************************/
function user_case_associated($caseID){
	if($_SESSION['user']=='admin'){
		$caseID = check_is_int($caseID);
		$got = array();
		$query=mysql_query(
			"SELECT * FROM users WHERE id IN (
				SELECT id_user FROM users_cases
				WHERE id_case=$caseID
				AND is_locked=0
			)
			AND username<>'admin'
			AND is_locked=0
		"
		);
		while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
			array_push ($got, $line);
		}
		return $got;
	}
}
/****************************************************************
List of images of a case
****************************************************************/
function image_list($caseID){
	$caseID = check_is_int($caseID);
	if (user_can_load_this_case($caseID) == true){
		$got = array();
		$query=mysql_query("SELECT * FROM images WHERE id_case=$caseID ORDER BY id");
		while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
			array_push ($got, $line);
		}
		return $got;	
	}
}
/****************************************************************
Informations of an image
****************************************************************/
function image_info($id){
	$id = check_is_int($id);
	if (user_can_load_this_image($id) == true){
		$got = array();
		$query=mysql_query("SELECT * FROM images WHERE id=$id");
		$line = mysql_fetch_array($query, MYSQL_ASSOC);
		return $line;	
	}
}
/****************************************************************
Informations of a single partition
****************************************************************/
function partition_info($id_image){
	$id_image = check_is_int($id_image);
	if (user_can_load_this_image($id_image) == true){
		$got = array();
		$query=mysql_query("SELECT * FROM partitions WHERE id_image=$id_image");
		while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
			array_push ($got, $line);
		}
		return $got;	
	}
}
/****************************************************************
Informations of a file
****************************************************************/
function file_info($inode, $name){
	$inode = mysql_real_escape_string($inode);
      	$name = mysql_real_escape_string($name);
	for($i=0; $i<$_SESSION["len_partitions"];$i++){
		$part .= $_SESSION["partition".$i."_id"].",";
	}	
	$part = preg_replace("/,$/", "", $part);
	$query=mysql_query("SELECT * FROM partition_files WHERE inode='$inode' 
	AND file_name like '%$name%' AND id_partition IN($part)");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
	if (user_can_load_this_partition($line['id_partition']) == true){
		return $line;	
	}
}
/****************************************************************
Informations of a file
****************************************************************/
function file_info_from_id($id){
	$id = check_is_int($id);	
	$query=mysql_query("SELECT * FROM partition_files WHERE id='$id'");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
 	if (user_can_load_this_partition($line['id_partition']) == true){
                return $line;
        }
}
function file_info_from_inode_and_partition($id_inode,$id_partition){
	$inode = mysql_real_escape_string($id_inode);
	$id_partition = check_is_int($id_partition);
        $query=mysql_query("SELECT * FROM partition_files WHERE inode='$id_inode' AND id_partition='$id_partition'");
        $line = mysql_fetch_array($query, MYSQL_ASSOC);
	if (user_can_load_this_partition($line['id_partition']) == true){
                return $line;
        }
}

function file_info_from_timeline($id){
	$id = check_is_int($id);
	$query=mysql_query("SELECT DISTINCT * FROM timeline_files WHERE id_file='$id'");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
	if (user_can_load_this_timeline($line['id_file']) == true){
                return $line;
        }
}

/****************************************************************
Informations of a file from timeline view
****************************************************************/
function file_info_timeline($id, $id_file){
	$id = check_is_int($id);
	$id_file = check_is_int($id_file);
	$got = array();
	$line1 = array();$line2 = array();
	$query=mysql_query("SELECT * FROM timeline_files WHERE id=$id");
	if(mysql_num_rows($query)!=0)
		$line1 = mysql_fetch_array($query, MYSQL_ASSOC);

	if($id_file!='' or $id_file!='0'){
		$query=mysql_query("SELECT * FROM partition_files WHERE id=$id_file");
		$line2 = mysql_fetch_array($query, MYSQL_ASSOC);
	}
	if (user_can_load_this_timeline($line1['id']) == true){
		$got = array_merge($line1, $line2);
	        return $got;        
       	}
}
/****************************************************************
Partition offset from partition id
****************************************************************/
function get_partition_offset_from_id($id){
	$id = check_is_int($id);
 	if (user_can_load_this_partition($id) == true){
		$got = array();
		$query=mysql_query("SELECT offset FROM partitions WHERE id=$id");
		$line = mysql_fetch_array($query, MYSQL_ASSOC);
		return $line['offset'];		
	}
}
/****************************************************************
Partition filesystem from partition id
****************************************************************/
function get_partition_fs_from_id($id){
	$id = check_is_int($id);
	if (user_can_load_this_partition($id) == true){
		$got = array();
		$query=mysql_query("SELECT filesystem FROM partitions WHERE id=$id");
		$line = mysql_fetch_array($query, MYSQL_ASSOC);
		return $line['filesystem'];		
	}
}
/****************************************************************
Image path from partition id
****************************************************************/
function get_image_path_from_partition($id){
	$id = check_is_int($id);
	$got = array();
	$query=mysql_query("SELECT id_image FROM partitions WHERE id=$id");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
	$id_image = $line['id_image'];
	if (strcmp($id_image,'') == 0){
		$id_image = 0;
	}
	$query=mysql_query("SELECT image_path FROM images WHERE id=$id_image");
	$line = mysql_fetch_array($query, MYSQL_ASSOC);	
	if (user_can_load_this_partition($id) == true){
		return $line['image_path'];	
	}	
}
/****************************************************************
Returns timeline for selected partitions
****************************************************************/
function get_timeline($id_partition, $start, $end){
	$id_partition = check_is_int($id_partition);
	if (user_can_load_this_partition($id_partition) == true){
		$got = array();	
		$query=mysql_query("SELECT * from partition_files,timeline_files WHERE 
		partition_files.id = timeline_files.id_file AND partition_files.id_partition = $id_partition
		AND timeline_files.date_time >= '$start'  AND timeline_files.date_time <= '$end'
		ORDER BY timeline_files.date_time ASC
		");
		while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
			array_push ($got, $line); 
		}
		return $got;
	}
}
/****************************************************************
Returns result of indexed search
****************************************************************/
function get_indexed_search($string, $part_id, $regexp){
	$part_id = preg_replace("/[^a-z0-9\,]/", "", $part_id);
 	if (user_can_load_this_partition($part_id) == true){
		$got = array();
		if($regexp=='true'){
			$query=mysql_query("SELECT * FROM partition_files WHERE (keywords REGEXP '$string' OR file_name REGEXP '$string') AND id_partition IN ($part_id)");	
		}else{
			$query=mysql_query("SELECT * FROM partition_files WHERE (keywords LIKE '%$string%' OR file_name LIKE '%$string%') AND id_partition IN ($part_id)");
		}
		while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
			array_push ($got, $line);
		}
		return $got;		
	}
}
/****************************************************************
Checks if a year is leap
****************************************************************/
function is_leap($year){
	return date("L",mktime(0,0,0,1,1,$year));
}
/****************************************************************
Returns total days in a month
****************************************************************/
function get_month_days($month, $leap){
	$month = check_is_int($month);
	switch($month){
		case 1: $ret = 31; break;			
		case 2: 
			if($leap==0) $ret = 28; 
			else $ret=29;
			break;			
		case 3: $ret = 31; break;			
		case 4: $ret = 30; break;			
		case 5: $ret = 31; break;			
		case 6: $ret = 30; break;			
		case 7: $ret = 31; break;			
		case 8: $ret = 31; break;			
		case 9: $ret = 30; break;			
		case 10: $ret = 31; break;			
		case 11: $ret = 30; break;			
		case 12: $ret = 31; break;			
	}
	return $ret;
}
/****************************************************************
Returns the list of all log files
****************************************************************/
function get_log_list(){
	if($_SESSION['user']=='admin'){
		$ret = array();
		if ($handle = opendir('../log')) {
			while (false !== ($file = readdir($handle))) {
				if($file!="." && $file !=".." && $file!="audit.log")
					array_push($ret, $file);
			}
			closedir($handle);
		}
		rsort($ret);
		return $ret;
	}
}
/****************************************************************
Returns bookmark type description
****************************************************************/
function get_bookmark_type($id){
	$id = check_is_int($id);
	switch($id){
		case 0: $ret='File analysis'; break;
		case 1: $ret='Timeline analysis'; break;
		case 2: $ret='Keyword search'; break;
		case 3: $ret='Gallery analysis'; break;
		case 4: $ret='Data unit analysis'; break;
		case 5: $ret='Keyword live search'; break;
		case 6: $ret='Ram keyword search'; break;
		case 7: $ret='Ram analysis'; break;
	}	
	return $ret;
}
/****************************************************************
We want to check if a bookmark exists
****************************************************************/
function check_bookmark($user, $id_case, $id_partition, $reference, $type, $name){
	$id_case = check_is_int($id_case);
	$id_partition = check_is_int($id_partition);
 	$type = check_is_int($type);
	$reference = mysql_real_escape_string($reference);
	$name = mysql_real_escape_string($name);
	$user = mysql_real_escape_string($user);
	if($type==2 || $type==5){
		$query=mysql_query("SELECT * FROM bookmarks WHERE id_case='$id_case' AND id_partition='$id_partition' AND user='$user' AND reference='$reference' AND type=$type AND title='$name'");
	}
	elseif($type == 6){
		$query=mysql_query("SELECT * FROM bookmarks WHERE id_case='$id_case' AND id_partition='$id_partition' AND user='$user' AND type=$type AND title='$name'");	
	}
	else{
		$query=mysql_query("SELECT * FROM bookmarks WHERE id_case='$id_case' AND id_partition='$id_partition' AND user='$user' AND reference='$reference' AND type=$type");
	}
	$ret = mysql_num_rows($query);
	return $ret;		
}
/****************************************************************
Select all bookmarks of current image
****************************************************************/
function get_bookmarks($id_case, $user, $id_partition, $tag){
	$id_case = check_is_int($id_case);
	$id_partition = preg_replace("/[^a-z0-9\,]/", "", $id_partition);
        $tag = mysql_real_escape_string(html_entity_decode($tag));
        $user = mysql_real_escape_string($user);
	$got = array();	
	if($user=='admin'){
		$query=mysql_query("SELECT * FROM bookmarks WHERE id_case='$id_case' AND tags LIKE '%$tag%' AND id_partition IN ($id_partition)");
	}else{
		$query=mysql_query("SELECT * FROM bookmarks WHERE id_case='$id_case' AND user='$user' AND tags LIKE '%$tag%' AND id_partition IN ($id_partition)");
	}
	while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
		array_push ($got, $line); 
	}
	return $got;	
}
/****************************************************************
Get details of a bookmark
****************************************************************/
function bookmark_info_from_id($id){
	$id = check_is_int($id);
	if($_SESSION['user']=='admin'){
		$query=mysql_query("SELECT * FROM bookmarks WHERE id='$id'");	
	}else{
		$query=mysql_query("SELECT * FROM bookmarks WHERE id='$id' AND user='".$_SESSION['user']."'");
	}
	$line = mysql_fetch_array($query, MYSQL_ASSOC);
	return $line;	
}
/****************************************************************
Returns the list of all bookmark tags in a case
****************************************************************/
function get_tag_list($id_case, $id_partition){
	$id_case = check_is_int($id_case);
        $id_partition = preg_replace("/[^a-z0-9\,]/", "", $id_partition);
	if($_SESSION['user']=='admin'){
		if($id_partition=='null') $query = "SELECT tags FROM bookmarks WHERE id_case='$id_case'";
		else $query = "SELECT tags FROM bookmarks WHERE id_case='$id_case' AND id_partition IN ($id_partition)";	
	}else{
		if($id_partition=='null') $query = "SELECT tags FROM bookmarks WHERE id_case='$id_case' AND user='".$_SESSION['user']."'";
		else $query = "SELECT tags FROM bookmarks WHERE id_case='$id_case' AND user='".$_SESSION['user']."' AND id_partition IN ($id_partition)";			
	}
	$result = mysql_query($query) or die("Query failed: " . mysql_error());

	if(mysql_num_rows($result)!=0){
		mysql_data_seek($result, 0);
		while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
				$tag_list .= sanitize_tag($row['tags']).";";
		}
	}
	  
	$tag_list = preg_replace("/\;$/", "", $tag_list);
	$tags = preg_split("/\;/", $tag_list);
	$total = array_count_values($tags);

	for($i=0;$i<sizeof($tags);$i++){	
		$tags[$i] = $tags[$i]."(".$total[$tags[$i]].")";
		$tags[$i] = preg_replace("/^\s/", "", $tags[$i]);
	}

	$tags = array_unique($tags);
	sort($tags);	
	return $tags;
}
/****************************************************************
Returns the list of all report files
****************************************************************/
function get_report_list(){
	$ret = array();
	if (user_can_load_this_case($_SESSION['case_id']) == true){
	        $case = case_info($_SESSION['case_id']);
		$name = stripslashes($case['name']);
	        if ($handle = opendir('../report')) {
        	        while (false !== ($file = readdir($handle))) {
                	        if($file!="." && $file !=".."){
				  if(preg_match("/\d+\_$name\.pdf/", $file))
				  {
				    array_push($ret, $file);
				  }
		                }
        		}
                closedir($handle);
		}
        	rsort($ret);
	        return $ret;
	}
}
/****************************************************************
Returns the list of all filter files
****************************************************************/
function get_filter_list(){
        $ret = array();
        if ($handle = opendir('../filter')) {
                while (false !== ($file = readdir($handle))) {
                        if($file!="." && $file !=".."){
                                array_push($ret, $file);
                        }
                }
                closedir($handle);
        }
        rsort($ret);
        return $ret;
}

?>
Return current item: Ptk-forensics