<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("check_session_image.php");
include("lib_std.php");
include("../config/config.inc.php");
include ("sanitize.php");
include ("loggerClass.php");
include ("../config/conf.php");
session_start();
	$conn = mysql_connect($db_host, $db_user, $db_password)
	or die ("Error connecting to database");
	mysql_select_db($db_name);
	$id_case = $_SESSION['case_id'];
	if (user_can_load_this_case($id_case) == true){
		$id_partition = mysql_real_escape_string(sanitize($_GET['partition_id'],INT));
		$user = RemoveXSS($_SESSION['user']);
		$title = basename(sanitize(RemoveXSS($_GET['title']),PARANOID));
		//$title = preg_replace("/\//", "", $title);
		$title = mysql_real_escape_string($title);
		$description = mysql_real_escape_string(sanitize(RemoveXSS($_GET['description']),PARANOID));
		$tags = mysql_real_escape_string(sanitize_tag(RemoveXSS($_GET['tags'])));
		$type = mysql_real_escape_string(sanitize($_GET['type'],INT));
		$reference = mysql_real_escape_string(RemoveXSS($_GET['reference']));
		if($type==1){
			$timeline = file_info_timeline(sanitize($reference,INT), '');
			$title .= " *** ".$timeline['date_time']." *** ".$timeline['action']." *** ".$timeline['permission'];
		}
		$query=mysql_query("
		INSERT INTO bookmarks (id_case, id_partition, user, title, description, tags, type, reference)
		VALUES('$id_case', '$id_partition', '$user', '$title', '$description', '$tags', '$type', '$reference')
		");
		mysql_close();
	
		new Log($_SESSION['ip'], $_SESSION['user'], 'New bookmark created');
	}else{
		new AuditLog('Unauthorized access to new_bookmark ');
	        header("location: goto_home.php");
	}
?>