Location: PHPKode > projects > Ptk-forensics > ptk/lib/new_case.php
<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("../config/config.inc.php");
include("sanitize.php");
include ("loggerClass.php");
include ("../config/conf.php");
session_start();
$token_age = time() - $_SESSION['new_case_token_time'];
if (!isset($_SESSION['new_case_token']) or strcmp($_SESSION['user'],"admin")!=0 or strcmp($_SESSION['new_case_token'],$_POST['ptktoken'])!=0 or $token_age > 300){
	new AuditLog('Unauthorized access to new_case ');
        header("location: goto_home.php");
}else{
	$conn = mysql_connect($db_host, $db_user, $db_password)
	or die ("Error connecting to database");
	mysql_select_db($db_name);
	
	$pattern = '/(\.|\/|;|\||`|>|<|&|^|"|'."\n|\r|'".'|{|}|[|]|\)|\()/i';
	$name = preg_replace($pattern, "", $_POST['name']);
	$name = mysql_real_escape_string(sanitize(RemoveXSS($name),PARANOID));
	$description = mysql_real_escape_string(sanitize(RemoveXSS($_POST['description']),PARANOID));
	$creation_time = date('Y-m-d H:i:s');

	$query=mysql_query("INSERT INTO cases (name,description,creation_time,closing_time,is_locked) VALUES ('$name', '$description', '$creation_time', '$closing_time', 0)");
	mysql_close();

	$_SESSION['temp']='newCase';
	$_SESSION['message'] = "New case created";
	unset($_SESSION['case']);
	new Log($_SESSION['ip'], $_SESSION['user'], 'New case '.$name.' created');
	header("location: home.php");
}
?>
Return current item: Ptk-forensics