2007-02-19 Sancho Lerena <slerena@openideas.info>

* operation/incidents/incident.php: Pagination finished.

	* operation/events/events.php: Pagination finished.

	* godmode/admin_access_logs.php: Pagination fix (work in progress,
	not finished yet).
	


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@376 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,12 @@
+2007-02-19  Sancho Lerena  <slerena@openideas.info>
+
+	* operation/incidents/incident.php: Pagination finished.
+
+	* operation/events/events.php: Pagination finished.
+
+	* godmode/admin_access_logs.php: Pagination fix (work in progress,
+	not finished yet).
+
 2007-02-16  Sancho Lerena  <slerena@artica.es>
 
 	* pandoradb.sql: added unixtime field to tagente_datos,

pandora_console/godmode/admin_access_logs.php

@@ -2,9 +2,9 @@
 
 // Pandora - the Free monitoring system
 // ====================================
-// Copyright (c) 2004-2006 Sancho Lerena, slerena@gmail.com
+// Copyright (c) 2004-2007 Sancho Lerena, slerena@gmail.com
-// Copyright (c) 2005-2006 Artica Soluciones Tecnológicas S.L, info@artica.es
+// Copyright (c) 2005-2007 Artica Soluciones Tecnoloicas S.L, info@artica.es
-// Copyright (c) 2004-2006 Raul Mateos Martin, raulofpandora@gmail.com
+// Copyright (c) 2004-2007 Raul Mateos Martin, raulofpandora@gmail.com
 // This program is free software; you can redistribute it and/or
 // modify it under the terms of the GNU General Public License
 // as published by the Free Software Foundation; either version 2
@@ -20,9 +20,20 @@
 // Load global vars
 require("include/config.php");
 
-if (comprueba_login() == 0) 
+if (comprueba_login() != 0) {
+	audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer");
+	require ("general/noaccess.php");
+	exit;
+}
+
 $id_usuario =$_SESSION["id_usuario"];
-   	if ( (dame_admin($id_user)==1) OR (give_acl($id_usuario, 0, "PM")==1)){ 
+if (give_acl($id_usuario, 0, "PM")!=1) {
+	audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer");
+	require ("general/noaccess.php");
+	exit;
+}
+
+
 	echo "<h2>".$lang_label["audit_title"]."</h2>";
 	if (isset($_GET["offset"]))
 		$offset=$_GET["offset"];
@@ -125,9 +136,4 @@ if (comprueba_login() == 0)
 // end table
 	echo "<tr><td colspan='5'><div class='raya'></div></td></tr></table>"; 
 
-	} // End security control
-	else {
-		audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Access Logs section ");
-		require ("general/noaccess.php");
-	}
 ?>

pandora_console/include/config.php

@@ -24,8 +24,8 @@ $pandora_version="v1.3 devel";
 
 // Database configuration
 $dbname="pandora";	// MySQL DataBase
-$dbuser="pandora";	// DB User 
+$dbuser="root";	// DB User 
-$dbpassword="pandora";	// Password
+$dbpassword="";	// Password
 $dbhost="localhost";	// MySQL Host
 $dbtype="mysql"; 	// Type of Database, now only "mysql" its supported
 $attachment_store="/var/www/pandora_console";	//This is directory where placed "attachment" directory, to upload files stores. This MUST be writtable by wwwserver user, and should be in pandora root. Please append "/" to the end :-)

pandora_console/include/functions.php

@@ -483,8 +483,8 @@ function pagination ($count, $url, $offset ) {
 			echo "</a>";
 		}
 	// End div and layout
-	}
 	echo "</div>";
 	}
+}
 
 ?>

pandora_console/operation/events/events.php

@@ -186,9 +186,9 @@ echo "<option value='All'>".$lang_label["all"]."</option>";
 
 // Fill event type combo (DISTINCT!)
 if (isset($ev_group) && ($ev_group > 1))
-	$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group' DESC LIMIT $offset, $block_size";
+	$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group'";
 else
-	$sql="SELECT DISTINCT evento FROM tevento DESC LIMIT $offset, $block_size";
+	$sql="SELECT DISTINCT evento FROM tevento";
 $result=mysql_query($sql);
 // Make query for distinct (to fill combo)
 while ($row=mysql_fetch_array($result))
@@ -219,10 +219,12 @@ $result3=mysql_query($sql3);
 $row3=mysql_fetch_array($result3);
 $total_events = $row3[0];
 // Show pagination header
-pagination($total_events, "index.php?sec=eventos&sec2=operation/events/events", $offset);
 
+if ($total_events > 0){
+	pagination($total_events, "index.php?sec=eventos&sec2=operation/events/events", $offset);		
 	// Show data.
 		
+	echo "<br>";
 	echo "<br>";
 	echo "<table cellpadding='3' cellspacing='3' width='775'>";
 	echo "<tr>";
@@ -254,6 +256,7 @@ if ($event=="All"){
 			$sql2="SELECT * FROM tevento WHERE evento = '$event' ORDER BY timestamp DESC LIMIT $offset, $block_size";
 		}
 	}
+
 	// Make query for data (all data, not only distinct).
 	$result2=mysql_query($sql2);
 	while ($row2=mysql_fetch_array($result2)){
@@ -268,7 +271,6 @@ while ($row2=mysql_fetch_array($result2)){
 				$tdcolor = "datos2";
 				$color = 1;
 			}
-		
 			echo "<tr><td class='$tdcolor' align='center'>";
 			if ($row2["estado"] == 0)
 				echo "<img src='images/dot_red.gif'>";
@@ -299,7 +301,6 @@ while ($row2=mysql_fetch_array($result2)){
 			echo "<td class='$tdcolor' align='center'>";
 			echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' value='".$row2["id_evento"]."'>";
 			echo "</td></tr>";
-		//}
 		}
 	}
 		
@@ -311,9 +312,5 @@ if (give_acl($id_user, 0,"IM") ==1){
 		echo "<input class='sub' type='submit' name='deletebt' value='".$lang_label["delete"]."'>";
 	}
 	echo "</form></table>";
-
+} // no events to show
-	/* else {echo "</select></form></td></tr></table><br><div class='nf'>".$lang_label["no_event"]."</div>";}
-	} */
-
-
 ?>

pandora_console/operation/incidents/incident.php

@@ -33,6 +33,14 @@ if (give_acl($id_usuario, 0, "IR")!=1) {
 	exit;
 }
 
+// Take input parameters
+
+// Offset adjustment
+if (isset($_GET["offset"]))
+	$offset=$_GET["offset"];
+else
+	$offset=0;
+
 // Delete incident
 if (isset($_GET["quick_delete"])){
 	$id_inc = $_GET["quick_delete"];
@@ -44,8 +52,8 @@ if (isset($_GET["quick_delete"])){
 		if ((give_acl($id_usuario, $row2["id_grupo"], "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){
 			borrar_incidencia($id_inc);
 			echo "<h3 class='suc'>".$lang_label["del_incid_ok"]."</h3>";
-			}
+			audit_db($id_author_inc,$REMOTE_ADDR,"Incident deleted","User ".$id_usuario." deleted incident #".$id_inc);
-		else {
+		} else {
 			audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident");
 			echo "<h3 class='error'>".$lang_label["del_incid_no"]."</h3>";
 			no_permission();
@@ -68,8 +76,11 @@ if ((isset($_GET["action"])) AND ($_GET["action"]=="update")){
 		$ahora=date("Y/m/d H:i:s");
 		$sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc;
 		$result=mysql_query($sql);
+		audit_db($id_author_inc,$REMOTE_ADDR,"Incident updated","User ".$id_usuario." deleted updated #".$id_inc);
 		if ($result)
 			echo "<h3 class='suc'>".$lang_label["upd_incid_ok"]."</h3>";
+		else
+			echo "<h3 class='suc'>".$lang_label["upd_incid_no"]."</h3>";
 	} else {
 		audit_db($id_usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident");
 		echo "<h3 class='error'>".$lang_label["upd_incid_no"]."</h3>";
@@ -92,9 +103,11 @@ if ((isset($_GET["action"])) AND ($_GET["action"]=="insert")){
 		$id_creator = $id_usuario;
 		$estado = entrada_limpia($_POST["estado_form"]);
 		$sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') ";
-		if (mysql_query($sql))
+		if (mysql_query($sql)){
 			echo "<h3 class='suc'>".$lang_label["create_incid_ok"]."</h3>";
 			$id_inc=mysql_insert_id();
+			audit_db($usuario,$REMOTE_ADDR,"Incident created","User ".$id_usuario." created incident #".$id_inc);
+		}
 	} else {
 		audit_db($id_usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to create  incident");
 		no_permission();
@@ -167,10 +180,11 @@ if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['priori
 		}
 	}
 
-
 $sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC";
 $sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1;
 $sql1=$sql0;
+$sql1=$sql1." LIMIT $offset, $block_size";
+
 echo "<h2>".$lang_label["incident_manag"]."</h2>";
 echo "<h3>".$lang_label["manage_incidents"]."<a href='help/".$help_code."/chap4.php#4' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
 if (isset($_POST['operacion'])){
@@ -192,9 +206,13 @@ if (isset($_POST['operacion'])){
 	// 3 - Caducada (out of date)
 	// 13 - Cerrada (closed)
 
-	if (isset($_GET["estado"])){
+	if ((isset($_GET["estado"])) OR (isset($_GET["estado"]))){ 
-		echo "<option value='".$_GET["estado"]."'>";
+		if (isset($_GET["estado"]))
-		switch ($_GET["estado"]){
+			$estado = $_GET["estado"];
+		if (isset($_POST["estado"]))
+			$estado = $_POST["estado"];
+		echo "<option value='".$estado."'>";
+		switch ($estado){
 			case -1: echo $lang_label["all_inc"]; break;
 			case 0: echo $lang_label["opened_inc"]; break;
 			case 13: echo $lang_label["closed_inc"]; break;
@@ -233,9 +251,13 @@ if (isset($_POST['operacion'])){
 	<select name="prioridad" onChange="javascript:this.form.submit();" class="w155">
 <?php 
 
-if (isset($_GET["prioridad"])){
+if ((isset($_GET["prioridad"])) OR (isset($_GET["prioridad"]))){ 
-	echo "<option value=".$_GET["prioridad"].">";
+	if (isset($_GET["prioridad"]))
-	switch ($_GET["prioridad"]){
+		$prioridad = $_GET["prioridad"];
+	if (isset($_POST["prioridad"]))
+		$prioridad = $_POST["prioridad"];
+	echo "<option value=".$prioridad.">";
+	switch ($prioridad){
 		case -1: echo $lang_label["all"]." ".$lang_label["priority"]; break;
 		case 0: echo $lang_label["informative"]; break;
 		case 1: echo $lang_label["low"]; break;
@@ -252,17 +274,22 @@ echo '<option value="2">'.$lang_label["medium"];
 echo '<option value="3">'.$lang_label["serious"];
 echo '<option value="4">'.$lang_label["very_serious"];
 echo '<option value="10">'.$lang_label["maintenance"];
-echo "</select></td><td valign='middle¡><noscript>";
+echo "</select></td><td valign='middle><noscript>";
 echo "<input type='submit' class='sub' value='".$lang_label["show"]."' border='0'></noscript>";
 echo "</td>";
 echo '<tr><td><select name="grupo" onChange="javascript:this.form.submit();" class="w155">';
 
-if (isset($_GET["grupo"])){
+if ((isset($_GET["grupo"])) OR (isset($_GET["grupo"]))){ 
-echo "<option value=".$_GET["grupo"].">";
+	if (isset($_GET["grupo"]))
-if ($_GET["grupo"] == -1)
+		$grupo = $_GET["grupo"];
+	if (isset($_POST["grupo"]))
+		$grupo = $_POST["grupo"];
+	echo "<option value=".$grupo.">";
+
+	if ($grupo == -1)
 		echo $lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
 	else
-	echo dame_nombre_grupo($_GET["grupo"]);
+		echo dame_nombre_grupo($grupo);
 }
 echo "<option value='-1'>".$lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
 $sql2="SELECT * FROM tgrupo";
@@ -285,30 +312,18 @@ echo "
 	<br><br>
 	<table>";
 
-// Offset adjustment
-if (isset($_GET["offset"]))
-	$offset=$_GET["offset"];
-else
-	$offset=0;
 $offset_counter=0;
 // Prepare index for pagination
 $incident_list[]="";
 $result2=mysql_query($sql1);
+$result2_count=mysql_query($sql1_count);
+$row2_count = mysql_fetch_array($result2_count);
 
-if (!mysql_num_rows($result2)) {
+if ($row2_count[0] <= 0 ) {
 	echo '<div class="nf">'.$lang_label["no_incidents"].'</div><br></table>';
 } else {
-	while ($row2=mysql_fetch_array($result2)){ // Jump offset records
-		$id_group = $row2["id_grupo"];
-		if (give_acl($id_usuario, $id_group, "IR") ==1){
-		// Only incident read access to view data !
-			$incident_list[]=$row2["id_incidencia"];
-		}
-	}
-	// Fill array with data
-
 	// TOTAL incidents
-	$total_incidentes = sizeof($incident_list) - 1;
+	$total_incidentes = $row2_count[0];
 	$url = "index.php?sec=incidencias&sec2=operation/incidents/incident";
 
 	// add form filter values for group, priority, state, and search fields: user and text
@@ -322,6 +337,8 @@ if (!mysql_num_rows($result2)) {
 		$url = $url."&usuario=".$_GET["usuario"];
 	if (isset($_GET["texto"]))
 		$url = $url."&texto=".$_GET["texto"];
+	if (isset($_GET["offset"] ))
+		$url = $url."&offset=".$_GET["offset"];
 
 	// Show pagination
 	pagination ($total_incidentes, $url, $offset);
@@ -341,23 +358,9 @@ if (!mysql_num_rows($result2)) {
 	echo "<th>".$lang_label["delete"];
 	$color = 1;
 
-	// Skip offset records and begin show data
+	while ($row2=mysql_fetch_array($result2)){ 
-	if ($offset !=0)
+		$id_group = $row2["id_grupo"];
-		$offset_begin = $offset+1;
+		if (give_acl($id_usuario, $id_group, "IR") ==1){
-	else
-		$offset_begin = $offset;
-
-	for ($a=$offset_begin; $a < ($offset + $block_size +1);$a++){
-		if (isset($incident_list[$a])){
-			$id_incidente = $incident_list[$a];
-		} else {
-			$id_incidente ="";
-		}
-		if ($id_incidente != ""){
-			$sql="SELECT * FROM tincidencia WHERE id_incidencia = $id_incidente";
-			$result=mysql_query($sql);
-			$row=mysql_fetch_array($result);
-			$id_group = $row["id_grupo"];
 			if ($color == 1){
 				$tdcolor = "datos";
 				$color = 0;
@@ -366,14 +369,12 @@ if (!mysql_num_rows($result2)) {
 				$tdcolor = "datos2";
 				$color = 1;
 			}
-			if (give_acl($id_usuario, $id_group, "IR") ==1){ // Only incident read access to view data !
+			$note_number = dame_numero_notas($row2["id_incidencia"]);
-				$offset_counter++;
-				$note_number = dame_numero_notas($row["id_incidencia"]);
 			echo "<tr>";
-				echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row["id_incidencia"]."'>".$row["id_incidencia"]."</a>";
+			echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".$row2["id_incidencia"]."</a>";
 
 			// Check for attachments in this incident
-				$result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row["id_incidencia"]);
+			$result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row2["id_incidencia"]);
 			mysql_fetch_array($result3);
 			if (mysql_affected_rows() > 0)
 				echo '&nbsp;&nbsp;<img src="images/file.gif" align="middle">';
@@ -386,11 +387,11 @@ if (!mysql_num_rows($result2)) {
 				// 13 - Cerrada (closed)
 
 			// Verify if the status changes
-				if (($row["estado"] == 0) && ($note_number >0 )){
+			if (($row2["estado"] == 0) && ($note_number >0 )){
-					$row["estado"] = 1;
+				$row2["estado"] = 1;
 			}
 			echo "<td class='$tdcolor' align='center'>";
-				switch ($row["estado"]) {
+			switch ($row2["estado"]) {
 				case 0: echo "<img src='images/dot_red.gif'>";
 							break;
 				case 1: echo "<img src='images/dot_yellow.gif'>";
@@ -402,9 +403,9 @@ if (!mysql_num_rows($result2)) {
 				case 13: echo "<img src='images/dot_green.gif'>";
 							break;
 			}
-				echo "<td class='$tdcolor'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row["id_incidencia"]."'>".substr(salida_limpia($row["titulo"]),0,27);
+			echo "<td class='$tdcolor'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".substr(salida_limpia($row2["titulo"]),0,25);
 			echo "<td class='$tdcolor'>";
-				switch ( $row["prioridad"] ){
+			switch ( $row2["prioridad"] ){
 				case 0: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"; break;
 				case 1: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"; break;
 				case 2: echo "<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_red.gif'>"; break;
@@ -420,18 +421,16 @@ if (!mysql_num_rows($result2)) {
 			case 4: echo $lang_label["very_serious"]; break;
 			case 10: echo $lang_label["maintenance"]; break;
 			*/
-				echo "<td class='$tdcolor'>".dame_nombre_grupo($row["id_grupo"]);
+			echo "<td class='$tdcolor'>".dame_nombre_grupo($row2["id_grupo"]);
-				echo "<td class='$tdcolor'>".$row["actualizacion"];
+			echo "<td class='$tdcolor'>".$row2["actualizacion"];
-				echo "<td class='$tdcolor'>".$row["origen"];
+			echo "<td class='$tdcolor'>".$row2["origen"];
-				echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row["id_usuario"])."</span></a>".substr($row["id_usuario"], 0, 8)."</a></td>";
+			echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row2["id_usuario"])."</span></a>".substr($row2["id_usuario"], 0, 8)."</a></td>";
-				$id_author_inc = $row["id_usuario"];
+			$id_author_inc = $row2["id_usuario"];
-				if ((give_acl($id_usuario, $id_group, "IM") ==1) OR
+			if ((give_acl($id_usuario, $id_group, "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){
-				($_SESSION["id_usuario"] == $id_author_inc) ){
 			// Only incident owners or incident manager
 			// from this group can delete incidents
-					echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row["id_incidencia"]."' onClick='if (!confirm(\' ".$lang_label["are_you_sure"]."\')) return false;'><img src='images/cancel.gif' border='0'></a></td>";
+				echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row2["id_incidencia"]."' onClick='if (!confirm(\' ".$lang_label["are_you_sure"]."\')) return false;'><img src='images/cancel.gif' border='0'></a></td>";
 			}
-			} // if ACL is correct
 		}
 	}
 	echo "<tr><td colspan='9'><div class='raya'></div>"	;