Location: PHPKode > projects > Ptk-forensics > ptk/lib/update_profile.php
<?php
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("../config/config.inc.php");
include ("sanitize.php");
include ("loggerClass.php");
session_start();
$token_age = time() - $_SESSION['inv_token_time'];
if (!isset($_SESSION['user']) or strcmp($_SESSION['inv_token'],$_POST['ptktoken'])!=0 or $token_age > 300){
	new AuditLog('Unauthorized access to update_profile ');
        header("location: goto_home.php");
}else{
	$conn = mysql_connect($db_host, $db_user, $db_password)
	or die ("Error connecting to database");
	mysql_select_db($db_name);
	$name = mysql_real_escape_string(sanitize(RemoveXSS($_POST['name']),PARANOID));
	$surname = mysql_real_escape_string(sanitize(RemoveXSS($_POST['surname']),PARANOID));
	$mail1 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['mail1']),PARANOID));
	$mail2 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['mail2']),PARANOID));
	$phone1 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['phone1']),PARANOID));
	$phone2 = mysql_real_escape_string(sanitize(RemoveXSS($_POST['phone2']),PARANOID));
	
	//$username = mysql_real_escape_string($_POST['username']);
	$username = mysql_real_escape_string($_SESSION['user']);
	
	$query=mysql_query("UPDATE users SET name='$name', surname='$surname', mail1='$mail1', mail2='$mail2',
	phone1='$phone1', phone2='$phone2' WHERE username='$username'");
	mysql_close();
	
	$_SESSION['message'] = "Your profile has been updated";
	
	new Log($_SESSION['ip'], $_SESSION['user'], 'Investigator '.$username.' updated');
	header("location: settings.php");
}?>
Return current item: Ptk-forensics