Location: PHPKode > projects > Ptk-forensics > ptk/lib/new_image.php
<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("sanitize.php");
include("../config/config.inc.php");
include("lib_std.php");
include ("loggerClass.php");
include ("../config/conf.php");
$token_age = time() - $_SESSION['img_token_time'];

if (strcmp($_SESSION['user'],"admin")!=0 or strcmp($_SESSION['img_token'],$_POST['ptktoken'])!=0 or $token_age > 300){
	new AuditLog('Unauthorized access to new_image ');
        header("location: goto_home.php");
}else{
	$conn = mysql_connect($db_host, $db_user, $db_password)
	or die ("Error connecting to database");
	mysql_select_db($db_name);

	$case_id = $_POST['case_id'];
	$case_id = sanitize($case_id,INT);
	$case_name = case_name_from_id($case_id);
	$case_name = preg_replace("/\s/", "_", $case_name);
	$performed_operations = '';

	//***FROM STEP 1
	$name = mysql_real_escape_string(sanitize(RemoveXSS($_POST['name']),PARANOID));
	$name = preg_replace("/\s/", "_", $name);
	$name = preg_replace("/[\|\\\!\"\£\$\%\&\/\(\)\=\?\^\*\[\]\{\}\,\.;\:]/", "", $name);
	$acquisition_type = mysql_real_escape_string(sanitize(RemoveXSS($_POST['acquisition_type']),PARANOID));
	$acquisition_time = mysql_real_escape_string(sanitize(RemoveXSS($_POST['acquisition_time']),PARANOID));
	$acquisition_operator = mysql_real_escape_string(sanitize(RemoveXSS($_POST['acquisition_operator']),PARANOID));
	$state = mysql_real_escape_string(sanitize(RemoveXSS($_POST['state']),PARANOID));
	$city = mysql_real_escape_string(sanitize(RemoveXSS($_POST['city']),PARANOID));
	$address = mysql_real_escape_string(sanitize(RemoveXSS($_POST['address']),PARANOID));
	$zip = mysql_real_escape_string(sanitize(RemoveXSS($_POST['zip']),PARANOID));
	$acquisition_location = "$state;$city;$address;$zip";
	$description = mysql_real_escape_string(sanitize(RemoveXSS($_POST['description']),PARANOID));


	//***FROM STEP 2
	$image_type = sanitize($_POST['image_type'],PARANOID);
	$part = array();
	if($image_type=='single'){
		$fs = sanitize($_POST['image_fs'],PARANOID);
		$fs = preg_replace("/\s+/", "", $fs);
		if($fs=='Cannotdeterminefilesystemtype'){
			$fs = sanitize($_POST['check_ramdump'],PARANOID);
		}	
		$size = sanitize($_POST['image_size'],PARANOID);
		$timezone = sanitize($_POST['timezone'],PARANOID);
		$part[] = array($fs, $size,0,$timezone);
		$is_partition = '0';
	}else{
		$is_partition = '1';
		$len = sanitize($_POST['partitions_len'],INT);
		for($i=0; $i<$len; $i++){
			if(isset($_POST["partition$i"])){
				$fs = sanitize($_POST["partition$i"],PARANOID);
				$size = sanitize($_POST["partition_size$i"],PARANOID);
				$offset = sanitize($_POST["partition_offset$i"],INT);
				$timezone = $_POST["timezone$i"];
				$part[] = array($fs, $size, $offset, $timezone);
			}
		}
	}

	$source_path = preg_replace("/\..+$/", ".*",  $_POST['image_path']);
	$source_path = preg_replace("/\s/", "\ ", $source_path);
	$source_path = sanitize($source_path,PARANOID);
	$cmd = shell_exec("$ls_bin -lhBL --time-style=long-iso $source_path");
	$source_path = preg_replace("/\\\\s/", " ", $source_path);
	$list = split("\n",$cmd);
	$i=1;
	$source_path ='';
	foreach($list as $file){
		preg_match("/(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\d+:\d+)\s+(.+)/", $file, $file);
		if ($file[8]!=''){
			$source_path .= $file[8]." ";	
			$id = str_pad($i, 3, "0", STR_PAD_LEFT); 
			if(isset($_POST['image_import'])){
				$image_import = sanitize($_POST['image_import'],PARANOID);
				$dest_path .= $INSTALLDIR.'/images/'.$case_name."_".$name.".".$id." ";
			}else{
				$image_import = 'local';
				$dest_path .= $source_path;
			}
	
			$case_name = sanitize($case_name,PARANOID);
			$name = sanitize($name,PARANOID);	
			//IMAGE IMPORTING OR LINKING
			switch($image_import){
				case "symlink":
					shell_exec("$ln_bin -s ".escapeshellarg($file[8]).' '.$INSTALLDIR.'/images/'.$case_name."_".$name.".".$id);	
					break;
				case "copy":				
					shell_exec("$cp_bin ".escapeshellarg($file[8]).' '.$INSTALLDIR.'/images/'.$case_name."_".$name.".".$id);			
					break;	
			}		
		}
		$i = $i+1;
	}

	//DEFINITION OF IMAGE SIZE
	//$source_path = preg_replace("/\s/", "\ ", $source_path);
	$cmd2 = shell_exec("$du_bin -chL $source_path");
	$arr = split("\n",$cmd2);
	$image_size = preg_replace("/\s.+/", "", $arr[sizeof($arr)-2]);
	
	//***FROM STEP 3
	$md5_action = sanitize(RemoveXSS($_POST['md5']),PARANOID);
	$sha1_action = sanitize(RemoveXSS($_POST['sha1']),PARANOID);
	
	$dest_path = sanitize($dest_path,PARANOID);
	//MD5 AND SHA1 CALCULATION
	switch($md5_action){
		case "ignore":
			$md5 = "";
			break;
		case "calc":
			if(($image_import=="symlink")||($image_import=="local")){	
				$md5 = shell_exec("cat $source_path |  $md5_bin");
			}else{			
				$md5 = shell_exec("cat $dest_path |  $md5_bin");
			}
			break;	
		case "use":
			$md5 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['md5_hash']),PARANOID));
			break;	
	}
	switch($sha1_action){
		case "ignore":
			$sha1 = "";
			break;
		case "calc":
			if(($image_import=="symlink")||($image_import=="local")){
				$sha1 = shell_exec("cat $source_path |  $sha1_bin");
			}else{
				$sha1 = shell_exec("cat $dest_path |  $sha1_bin");
			}
			break;	
		case "use":
			$sha1 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['sha1_hash']),PARANOID));
			break;	
	}


	//session_start();
	$host_id = $_SESSION['host_id'];
	
	$query1=mysql_query("
	INSERT INTO images (id_case, name, description, image_path, image_size, image_md5,
	image_sha1, acquisition_type, acquisition_time, acquisition_operator, acquisition_location)
	VALUES ('$case_id', '$name', '$description', '$dest_path', '$image_size',  '$md5',
	'$sha1', '$acquisition_type', '$acquisition_time', '$acquisition_operator', '$acquisition_location')
	");

	$image_id = mysql_insert_id();
	
	for($i=0; $i<sizeof($part); $i++){
		$query2=mysql_query("
		INSERT INTO partitions (id_image, filesystem, performed_operations, size, offset, is_partition, timezone)
		VALUES ('$image_id', '".$part[$i][0]."', '$performed_operations', '".$part[$i][1]."', '".$part[$i][2]."', '$is_partition','".$part[$i][3]."')
		");
	}
	
	mysql_close();
	
	$_SESSION['temp_case_id'] = $case_id;
	$_SESSION['temp_image_id'] = $image_id;
	new Log($_SESSION['ip'],$_SESSION['user'], 'New image '.$name.' added');
	header("location: home.php");
}
?>
Return current item: Ptk-forensics