<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("../config/config.inc.php");
include ("sanitize.php");
include ("loggerClass.php");
session_start();
$token_age = time() - $_SESSION['inv_token_time'];
if (strcmp($_SESSION['user'],"admin")!=0 or strcmp($_SESSION['inv_token'],$_GET['tk'])!=0 or $token_age > 300){
	new AuditLog('Unauthorized access to update_case_investigators ');
        header("location: goto_home.php");
}else{
	$conn = mysql_connect($db_host, $db_user, $db_password)
	or die ("Error connecting to database");
	mysql_select_db($db_name);

	$caseID = sanitize($_GET['case'],INT);
	$case_name = sanitize($_GET['name'],PARANOID);
	$case_name = mysql_real_escape_string($case_name);
	$list = preg_replace("/[^a-zA-Z0-9\;]/", "", $_GET['list']);
	$user = array();
	$user = explode(";",$list);
	$datetime = date('Y-m-d H:i:s');

	for($i=1;$i<sizeof($user);$i++){
		$query=mysql_query("SELECT * FROM users_cases WHERE id_user='$user[$i]' AND id_case='$caseID'");
		$line = mysql_fetch_array($query, MYSQL_ASSOC);	
		if(mysql_num_rows($query)==0){
			$query=mysql_query("INSERT INTO users_cases (id_user,id_case,datetime,is_locked) VALUES ('$user[$i]', '$caseID', '$datetime', 0)");
		}else{
			if($line['is_locked']=='1'){
				$query=mysql_query("UPDATE users_cases SET datetime='$datetime', is_locked=0 WHERE id_user='$user[$i]' AND id_case='$caseID'");
			}
		}
	}

	$query=mysql_query("SELECT * FROM users_cases WHERE id_case='$caseID'");
	while($line = mysql_fetch_array($query, MYSQL_ASSOC)){
		if(!in_array($line['id_user'], $user)){
			$update=mysql_query("UPDATE users_cases SET datetime='$datetime', is_locked=1 WHERE id_user='".$line['id_user']."' AND id_case='$caseID'");		
		}
	}

	$_SESSION['message'] = "Investigators modified for case $case_name";
	new Log($_SESSION['ip'], $_SESSION['user'], "Investigators modified for case $case_name");
	header("location: home.php");
}
?>