<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("../config/config.inc.php");
include ("loggerClass.php");
include("sanitize.php");
session_start();
$token_age = time() - $_SESSION['up_inv_token_time'];
if (strcmp($_SESSION['user'],"admin")!=0 or strcmp($_SESSION['up_inv_token'],$_POST['ptktoken'])!=0 or $token_age > 300){
	new AuditLog('Unauthorized access to update_investigator ');
        header("location: goto_home.php");
}else{
	$conn = mysql_connect($db_host, $db_user, $db_password)
	or die ("Error connecting to database");
	mysql_select_db($db_name);

	$name = mysql_real_escape_string(sanitize(RemoveXSS($_POST['name']),PARANOID));
	$surname = mysql_real_escape_string(sanitize(RemoveXSS($_POST['surname']),PARANOID));
	$mail1 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['mail1']),PARANOID));
	$mail2 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['mail2']),PARANOID));
	$phone1 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['phone1']),PARANOID));
	$phone2 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['phone2']),PARANOID));
	$username = mysql_real_escape_string(sanitize(RemoveXSS($_POST['username']),PARANOID));
	$password1 = mysql_real_escape_string($_POST['password1']);
	$password2 = mysql_real_escape_string($_POST['password2']);

	if($password1!=''){
		if($password1==$password2) $password = sha1($password1);
	}else{
		$password = $_POST['old_password'];
	}

	$query=mysql_query("UPDATE users SET name='$name', surname='$surname', mail1='$mail1', mail2='$mail2',
	phone1='$phone1', phone2='$phone2', password='$password' WHERE username='$username'");
	mysql_close();

	$_SESSION['message'] = "Investigator's details updated";

	new Log($_SESSION['ip'], $_SESSION['user'], 'Investigator '.$username.' updated');
	header("location: settings.php");
}
?>