2007-02-19 Sancho Lerena <slerena@openideas.info>

* operation/incidents/incident.php: Pagination finished. * operation/events/events.php: Pagination finished. * godmode/admin_access_logs.php: Pagination fix (work in progress, not finished yet). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@376 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2025-07-29 16:55:05 +02:00 · 2007-02-19 07:44:07 +00:00 · 2007-02-19 07:44:07 +00:00 · 25f176b0a6
commit 25f176b0a6
parent 55f88630da
6 changed files with 303 additions and 292 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,12 @@
 2007-02-19  Sancho Lerena  <slerena@openideas.info>
 	* operation/incidents/incident.php: Pagination finished.
 	* operation/events/events.php: Pagination finished.
 	* godmode/admin_access_logs.php: Pagination fix (work in progress,
 	not finished yet).
 2007-02-16  Sancho Lerena  <slerena@artica.es>
 	* pandoradb.sql: added unixtime field to tagente_datos,
--- a/pandora_console/godmode/admin_access_logs.php
+++ b/pandora_console/godmode/admin_access_logs.php
@ -2,9 +2,9 @@
 // Pandora - the Free monitoring system
 // ====================================
-// Copyright (c) 2004-2006 Sancho Lerena, slerena@gmail.com
+// Copyright (c) 2004-2007 Sancho Lerena, slerena@gmail.com
-// Copyright (c) 2005-2006 Artica Soluciones Tecnológicas S.L, info@artica.es
+// Copyright (c) 2005-2007 Artica Soluciones Tecnoloicas S.L, info@artica.es
-// Copyright (c) 2004-2006 Raul Mateos Martin, raulofpandora@gmail.com
+// Copyright (c) 2004-2007 Raul Mateos Martin, raulofpandora@gmail.com
 // This program is free software; you can redistribute it and/or
 // modify it under the terms of the GNU General Public License
 // as published by the Free Software Foundation; either version 2
@ -20,9 +20,20 @@
 // Load global vars
 require("include/config.php");
-if (comprueba_login() == 0) 
+if (comprueba_login() != 0) {
-   	$id_usuario= $_SESSION["id_usuario"];
+	audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer");
-   	if ( (dame_admin($id_user)==1) OR (give_acl($id_usuario, 0, "PM")==1)){ 
+	require ("general/noaccess.php");
 	exit;
 }
 $id_usuario =$_SESSION["id_usuario"];
 if (give_acl($id_usuario, 0, "PM")!=1) {
 	audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer");
 	require ("general/noaccess.php");
 	exit;
 }
 	echo "<h2>".$lang_label["audit_title"]."</h2>";
 	if (isset($_GET["offset"]))
 		$offset=$_GET["offset"];
@ -43,44 +54,44 @@ if (comprueba_login() == 0)
 	}
 	else $tipo_log_select= "";
-	// generate select 
+// generate select 
-	echo "<h3>".$lang_label["filter"];
+echo "<h3>".$lang_label["filter"];
-	echo "<a href='help/".$help_code."/chap6.php#6' target='_help' class='help'>
+echo "<a href='help/".$help_code."/chap6.php#6' target='_help' class='help'>
-	&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
+&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
-	echo "<form name='query_sel' method='post' action='index.php?sec=godmode&sec2=godmode/admin_access_logs'>";
+echo "<form name='query_sel' method='post' action='index.php?sec=godmode&sec2=godmode/admin_access_logs'>";
-	echo "<table border='0'><tr><td valign='middle'>";
+echo "<table border='0'><tr><td valign='middle'>";
-	echo "<select name='tipo_log' onChange='javascript:this.form.submit();'>";
+echo "<select name='tipo_log' onChange='javascript:this.form.submit();'>";
-	if (isset($tipo_log))
+if (isset($tipo_log))
 	echo "<option>".$tipo_log;
-	echo "<option value='-1'>".$lang_label["all"];
+echo "<option value='-1'>".$lang_label["all"];
-	$sql3="SELECT DISTINCT (accion) FROM `tsesion`"; 
+$sql3="SELECT DISTINCT (accion) FROM `tsesion`"; 
-	// Prepare index for pagination
+// Prepare index for pagination
-	$result3=mysql_query($sql3);
+$result3=mysql_query($sql3);
-	while ($row3=mysql_fetch_array($result3)){
+while ($row3=mysql_fetch_array($result3)){
 	if (isset($tipo_log)) {
 		if ($tipo_log != $row3[0])
 			echo "<option value='".$row3[0]."'>".$row3[0];
 	} else
 	echo "<option value='".$row3[0]."'>".$row3[0];
-	}
+}
-	echo "</select>";
+echo "</select>";
-	echo "<td valign='middle'><noscript><input name='uptbutton' type='submit' class='sub' value='".$lang_label["show"]."'></noscript>";
+echo "<td valign='middle'><noscript><input name='uptbutton' type='submit' class='sub' value='".$lang_label["show"]."'></noscript>";
-	echo "</table></form>";
+echo "</table></form>";
-	$sql2="SELECT COUNT(*) FROM tsesion ".$tipo_log_select." ORDER BY fecha DESC";
+$sql2="SELECT COUNT(*) FROM tsesion ".$tipo_log_select." ORDER BY fecha DESC";
-	$result2=mysql_query($sql2);
+$result2=mysql_query($sql2);
-	$row2=mysql_fetch_array($result2);
+$row2=mysql_fetch_array($result2);
-	$counter = $row2[0];
+$counter = $row2[0];
-	if (isset ($tipo_log))
+if (isset ($tipo_log))
 	$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log;
-	else
+else
 	$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs";
-	//echo "URLTipolog  $tipo_log";	
+//echo "URLTipolog  $tipo_log";	
 	pagination ($counter, $url, $offset);
 	echo '<br>';
-	// table header
+// table header
 	echo '<table cellpadding="3" cellspacing="3" width=700>'; 
 	echo '<tr>';
 	echo '<th class="w70">'.$lang_label["user"].'</th>'; 
@ -89,7 +100,7 @@ if (comprueba_login() == 0)
 	echo '<th class="w100">'.$lang_label["src_address"].'</th>'; 
 	echo '<th class="w200">'.$lang_label["comments"].'</th>'; 
-	// Skip offset records
+// Skip offset records
 	$query1="SELECT * FROM tsesion ".$tipo_log_select." ORDER BY fecha DESC"; 
 	$result=mysql_query($query1);  
 	$offset_counter = 0;
@ -102,7 +113,7 @@ if (comprueba_login() == 0)
 	$offset_counter = 0;	
 	$color=1;
-	// Get data
+// Get data
 	while ($row=mysql_fetch_array($result) and ($offset_counter < $block_size) ){
 		if ($color == 1){
 			$tdcolor = "datos";
@ -122,12 +133,7 @@ if (comprueba_login() == 0)
 		$offset_counter++;
 	}	 
-	// end table
+// end table
 	echo "<tr><td colspan='5'><div class='raya'></div></td></tr></table>"; 
 	} // End security control
 	else {
 		audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Access Logs section ");
 		require ("general/noaccess.php");
 	}
 ?>
--- a/pandora_console/include/config.php
+++ b/pandora_console/include/config.php
@ -24,8 +24,8 @@ $pandora_version="v1.3 devel";
 // Database configuration
 $dbname="pandora";	// MySQL DataBase
-$dbuser="pandora";	// DB User 
+$dbuser="root";	// DB User 
-$dbpassword="pandora";	// Password
+$dbpassword="";	// Password
 $dbhost="localhost";	// MySQL Host
 $dbtype="mysql"; 	// Type of Database, now only "mysql" its supported
 $attachment_store="/var/www/pandora_console";	//This is directory where placed "attachment" directory, to upload files stores. This MUST be writtable by wwwserver user, and should be in pandora root. Please append "/" to the end :-)
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@ -483,8 +483,8 @@ function pagination ($count, $url, $offset ) {
 			echo "</a>";
 		}
 	// End div and layout
 	}
 	echo "</div>";
 	}
 }
 ?>
--- a/pandora_console/operation/events/events.php
+++ b/pandora_console/operation/events/events.php
@ -186,9 +186,9 @@ echo "<option value='All'>".$lang_label["all"]."</option>";
 // Fill event type combo (DISTINCT!)
 if (isset($ev_group) && ($ev_group > 1))
-	$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group' DESC LIMIT $offset, $block_size";
+	$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group'";
 else
-	$sql="SELECT DISTINCT evento FROM tevento DESC LIMIT $offset, $block_size";
+	$sql="SELECT DISTINCT evento FROM tevento";
 $result=mysql_query($sql);
 // Make query for distinct (to fill combo)
 while ($row=mysql_fetch_array($result))
@ -219,44 +219,47 @@ $result3=mysql_query($sql3);
 $row3=mysql_fetch_array($result3);
 $total_events = $row3[0];
 // Show pagination header
 pagination($total_events, "index.php?sec=eventos&sec2=operation/events/events", $offset);
-// Show data.
+if ($total_events > 0){
 	pagination($total_events, "index.php?sec=eventos&sec2=operation/events/events", $offset);		
 	// Show data.
-echo "<br>";
+	echo "<br>";
-echo "<table cellpadding='3' cellspacing='3' width='775'>";
+	echo "<br>";
-echo "<tr>";
+	echo "<table cellpadding='3' cellspacing='3' width='775'>";
-echo "<th>".$lang_label["status"]."</th>";
+	echo "<tr>";
-echo "<th>".$lang_label["event_name"]."</th>";
+	echo "<th>".$lang_label["status"]."</th>";
-echo "<th>".$lang_label["agent_name"]."</th>";
+	echo "<th>".$lang_label["event_name"]."</th>";
-echo "<th>".$lang_label["group"]."</th>";
+	echo "<th>".$lang_label["agent_name"]."</th>";
-echo "<th>".$lang_label["id_user"]."</th>";
+	echo "<th>".$lang_label["group"]."</th>";
-echo "<th class='w130'>".$lang_label["timestamp"]."</th>";
+	echo "<th>".$lang_label["id_user"]."</th>";
-echo "<th width='62'>".$lang_label["action"]."</th>";
+	echo "<th class='w130'>".$lang_label["timestamp"]."</th>";
-echo "<th class='p10'>";
+	echo "<th width='62'>".$lang_label["action"]."</th>";
-echo "<label for='checkbox' class='p21'>".$lang_label["all"]." </label>";
+	echo "<th class='p10'>";
-echo '<input type="checkbox" class="chk" name="allbox" onclick="CheckAll();"></th>';
+	echo "<label for='checkbox' class='p21'>".$lang_label["all"]." </label>";
-echo "<form name='eventtable' method='POST' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&offset=".$offset."'>";
+	echo '<input type="checkbox" class="chk" name="allbox" onclick="CheckAll();"></th>';
-$color = 1;
+	echo "<form name='eventtable' method='POST' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&offset=".$offset."'>";
-$id_evento = 0;
+	$color = 1;
 	$id_evento = 0;
-// Prepare index for pagination. Prepare queries
+	// Prepare index for pagination. Prepare queries
-if ($event=="All"){
+	if ($event=="All"){
 		if (isset($ev_group) && ($ev_group > 1)) {
 			$sql2="SELECT * FROM tevento WHERE id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size";
 		} else {
 			$sql2="SELECT * FROM tevento ORDER BY timestamp DESC LIMIT $offset, $block_size";
 		}
-} else {
+	} else {
 		if (isset($ev_group) && ($ev_group > 1)) {
 			$sql2="SELECT * FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size";
 		} else {
 			$sql2="SELECT * FROM tevento WHERE evento = '$event' ORDER BY timestamp DESC LIMIT $offset, $block_size";
 		}
-}
+	}
-// Make query for data (all data, not only distinct).
+
-$result2=mysql_query($sql2);
+	// Make query for data (all data, not only distinct).
-while ($row2=mysql_fetch_array($result2)){
+	$result2=mysql_query($sql2);
 	while ($row2=mysql_fetch_array($result2)){
 		$id_grupo = $row2["id_grupo"];
 		if (give_acl($id_user, $id_grupo, "IR") == 1){ // Only incident read access to view data !
 			$id_group = $row2["id_grupo"];
@ -268,7 +271,6 @@ while ($row2=mysql_fetch_array($result2)){
 				$tdcolor = "datos2";
 				$color = 1;
 			}
 			echo "<tr><td class='$tdcolor' align='center'>";
 			if ($row2["estado"] == 0)
 				echo "<img src='images/dot_red.gif'>";
@ -299,21 +301,16 @@ while ($row2=mysql_fetch_array($result2)){
 			echo "<td class='$tdcolor' align='center'>";
 			echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' value='".$row2["id_evento"]."'>";
 			echo "</td></tr>";
 		//}
 		}
-}
+	}
-echo "<tr><td colspan='8'><div class='raya'></div></td></tr>";
+	echo "<tr><td colspan='8'><div class='raya'></div></td></tr>";
-echo "<tr><td colspan='8' align='right'>";
+	echo "<tr><td colspan='8' align='right'>";
-echo "<input class='sub' type='submit' name='updatebt' value='".$lang_label["validate"]."'> ";
+	echo "<input class='sub' type='submit' name='updatebt' value='".$lang_label["validate"]."'> ";
-if (give_acl($id_user, 0,"IM") ==1){
+	if (give_acl($id_user, 0,"IM") ==1){
 		echo "<input class='sub' type='submit' name='deletebt' value='".$lang_label["delete"]."'>";
-}
+	}
-echo "</form></table>";
+	echo "</form></table>";
-
+} // no events to show
 	/* else {echo "</select></form></td></tr></table><br><div class='nf'>".$lang_label["no_event"]."</div>";}
 	} */
 ?>
--- a/pandora_console/operation/incidents/incident.php
+++ b/pandora_console/operation/incidents/incident.php
@ -33,6 +33,14 @@ if (give_acl($id_usuario, 0, "IR")!=1) {
 	exit;
 }
 // Take input parameters
 // Offset adjustment
 if (isset($_GET["offset"]))
 	$offset=$_GET["offset"];
 else
 	$offset=0;
 // Delete incident
 if (isset($_GET["quick_delete"])){
 	$id_inc = $_GET["quick_delete"];
@ -44,8 +52,8 @@ if (isset($_GET["quick_delete"])){
 		if ((give_acl($id_usuario, $row2["id_grupo"], "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){
 			borrar_incidencia($id_inc);
 			echo "<h3 class='suc'>".$lang_label["del_incid_ok"]."</h3>";
-			}
+			audit_db($id_author_inc,$REMOTE_ADDR,"Incident deleted","User ".$id_usuario." deleted incident #".$id_inc);
-		else {
+		} else {
 			audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident");
 			echo "<h3 class='error'>".$lang_label["del_incid_no"]."</h3>";
 			no_permission();
@ -68,8 +76,11 @@ if ((isset($_GET["action"])) AND ($_GET["action"]=="update")){
 		$ahora=date("Y/m/d H:i:s");
 		$sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc;
 		$result=mysql_query($sql);
 		audit_db($id_author_inc,$REMOTE_ADDR,"Incident updated","User ".$id_usuario." deleted updated #".$id_inc);
 		if ($result)
 			echo "<h3 class='suc'>".$lang_label["upd_incid_ok"]."</h3>";
 		else
 			echo "<h3 class='suc'>".$lang_label["upd_incid_no"]."</h3>";
 	} else {
 		audit_db($id_usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident");
 		echo "<h3 class='error'>".$lang_label["upd_incid_no"]."</h3>";
@ -92,9 +103,11 @@ if ((isset($_GET["action"])) AND ($_GET["action"]=="insert")){
 		$id_creator = $id_usuario;
 		$estado = entrada_limpia($_POST["estado_form"]);
 		$sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') ";
-		if (mysql_query($sql))
+		if (mysql_query($sql)){
 			echo "<h3 class='suc'>".$lang_label["create_incid_ok"]."</h3>";
 			$id_inc=mysql_insert_id();
 			audit_db($usuario,$REMOTE_ADDR,"Incident created","User ".$id_usuario." created incident #".$id_inc);
 		}
 	} else {
 		audit_db($id_usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to create  incident");
 		no_permission();
@ -167,10 +180,11 @@ if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['priori
 		}
 	}
 $sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC";
 $sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1;
 $sql1=$sql0;
 $sql1=$sql1." LIMIT $offset, $block_size";
 echo "<h2>".$lang_label["incident_manag"]."</h2>";
 echo "<h3>".$lang_label["manage_incidents"]."<a href='help/".$help_code."/chap4.php#4' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
 if (isset($_POST['operacion'])){
@ -192,9 +206,13 @@ if (isset($_POST['operacion'])){
 	// 3 - Caducada (out of date)
 	// 13 - Cerrada (closed)
-	if (isset($_GET["estado"])){
+	if ((isset($_GET["estado"])) OR (isset($_GET["estado"]))){ 
-		echo "<option value='".$_GET["estado"]."'>";
+		if (isset($_GET["estado"]))
-		switch ($_GET["estado"]){
+			$estado = $_GET["estado"];
 		if (isset($_POST["estado"]))
 			$estado = $_POST["estado"];
 		echo "<option value='".$estado."'>";
 		switch ($estado){
 			case -1: echo $lang_label["all_inc"]; break;
 			case 0: echo $lang_label["opened_inc"]; break;
 			case 13: echo $lang_label["closed_inc"]; break;
@ -233,9 +251,13 @@ if (isset($_POST['operacion'])){
 	<select name="prioridad" onChange="javascript:this.form.submit();" class="w155">
 <?php 
-if (isset($_GET["prioridad"])){
+if ((isset($_GET["prioridad"])) OR (isset($_GET["prioridad"]))){ 
-	echo "<option value=".$_GET["prioridad"].">";
+	if (isset($_GET["prioridad"]))
-	switch ($_GET["prioridad"]){
+		$prioridad = $_GET["prioridad"];
 	if (isset($_POST["prioridad"]))
 		$prioridad = $_POST["prioridad"];
 	echo "<option value=".$prioridad.">";
 	switch ($prioridad){
 		case -1: echo $lang_label["all"]." ".$lang_label["priority"]; break;
 		case 0: echo $lang_label["informative"]; break;
 		case 1: echo $lang_label["low"]; break;
@ -252,17 +274,22 @@ echo '<option value="2">'.$lang_label["medium"];
 echo '<option value="3">'.$lang_label["serious"];
 echo '<option value="4">'.$lang_label["very_serious"];
 echo '<option value="10">'.$lang_label["maintenance"];
-echo "</select></td><td valign='middle¡><noscript>";
+echo "</select></td><td valign='middle><noscript>";
 echo "<input type='submit' class='sub' value='".$lang_label["show"]."' border='0'></noscript>";
 echo "</td>";
 echo '<tr><td><select name="grupo" onChange="javascript:this.form.submit();" class="w155">';
-if (isset($_GET["grupo"])){
+if ((isset($_GET["grupo"])) OR (isset($_GET["grupo"]))){ 
-echo "<option value=".$_GET["grupo"].">";
+	if (isset($_GET["grupo"]))
-if ($_GET["grupo"] == -1)
+		$grupo = $_GET["grupo"];
 	if (isset($_POST["grupo"]))
 		$grupo = $_POST["grupo"];
 	echo "<option value=".$grupo.">";
 	if ($grupo == -1)
 		echo $lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
-else
+	else
-	echo dame_nombre_grupo($_GET["grupo"]);
+		echo dame_nombre_grupo($grupo);
 }
 echo "<option value='-1'>".$lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
 $sql2="SELECT * FROM tgrupo";
@ -285,30 +312,18 @@ echo "
 	<br><br>
 	<table>";
 // Offset adjustment
 if (isset($_GET["offset"]))
 	$offset=$_GET["offset"];
 else
 	$offset=0;
 $offset_counter=0;
 // Prepare index for pagination
 $incident_list[]="";
 $result2=mysql_query($sql1);
 $result2_count=mysql_query($sql1_count);
 $row2_count = mysql_fetch_array($result2_count);
-if (!mysql_num_rows($result2)) {
+if ($row2_count[0] <= 0 ) {
 	echo '<div class="nf">'.$lang_label["no_incidents"].'</div><br></table>';
 } else {
 	while ($row2=mysql_fetch_array($result2)){ // Jump offset records
 		$id_group = $row2["id_grupo"];
 		if (give_acl($id_usuario, $id_group, "IR") ==1){
 		// Only incident read access to view data !
 			$incident_list[]=$row2["id_incidencia"];
 		}
 	}
 	// Fill array with data
 	// TOTAL incidents
-	$total_incidentes = sizeof($incident_list) - 1;
+	$total_incidentes = $row2_count[0];
 	$url = "index.php?sec=incidencias&sec2=operation/incidents/incident";
 	// add form filter values for group, priority, state, and search fields: user and text
@ -322,6 +337,8 @@ if (!mysql_num_rows($result2)) {
 		$url = $url."&usuario=".$_GET["usuario"];
 	if (isset($_GET["texto"]))
 		$url = $url."&texto=".$_GET["texto"];
 	if (isset($_GET["offset"] ))
 		$url = $url."&offset=".$_GET["offset"];
 	// Show pagination
 	pagination ($total_incidentes, $url, $offset);
@ -341,23 +358,9 @@ if (!mysql_num_rows($result2)) {
 	echo "<th>".$lang_label["delete"];
 	$color = 1;
-	// Skip offset records and begin show data
+	while ($row2=mysql_fetch_array($result2)){ 
-	if ($offset !=0)
+		$id_group = $row2["id_grupo"];
-		$offset_begin = $offset+1;
+		if (give_acl($id_usuario, $id_group, "IR") ==1){
 	else
 		$offset_begin = $offset;
 	for ($a=$offset_begin; $a < ($offset + $block_size +1);$a++){
 		if (isset($incident_list[$a])){
 			$id_incidente = $incident_list[$a];
 		} else {
 			$id_incidente ="";
 		}
 		if ($id_incidente != ""){
 			$sql="SELECT * FROM tincidencia WHERE id_incidencia = $id_incidente";
 			$result=mysql_query($sql);
 			$row=mysql_fetch_array($result);
 			$id_group = $row["id_grupo"];
 			if ($color == 1){
 				$tdcolor = "datos";
 				$color = 0;
@ -366,14 +369,12 @@ if (!mysql_num_rows($result2)) {
 				$tdcolor = "datos2";
 				$color = 1;
 			}
-			if (give_acl($id_usuario, $id_group, "IR") ==1){ // Only incident read access to view data !
+			$note_number = dame_numero_notas($row2["id_incidencia"]);
 				$offset_counter++;
 				$note_number = dame_numero_notas($row["id_incidencia"]);
 			echo "<tr>";
-				echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row["id_incidencia"]."'>".$row["id_incidencia"]."</a>";
+			echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".$row2["id_incidencia"]."</a>";
 			// Check for attachments in this incident
-				$result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row["id_incidencia"]);
+			$result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row2["id_incidencia"]);
 			mysql_fetch_array($result3);
 			if (mysql_affected_rows() > 0)
 				echo '&nbsp;&nbsp;<img src="images/file.gif" align="middle">';
@ -386,11 +387,11 @@ if (!mysql_num_rows($result2)) {
 				// 13 - Cerrada (closed)
 			// Verify if the status changes
-				if (($row["estado"] == 0) && ($note_number >0 )){
+			if (($row2["estado"] == 0) && ($note_number >0 )){
-					$row["estado"] = 1;
+				$row2["estado"] = 1;
 			}
 			echo "<td class='$tdcolor' align='center'>";
-				switch ($row["estado"]) {
+			switch ($row2["estado"]) {
 				case 0: echo "<img src='images/dot_red.gif'>";
 							break;
 				case 1: echo "<img src='images/dot_yellow.gif'>";
@ -402,9 +403,9 @@ if (!mysql_num_rows($result2)) {
 				case 13: echo "<img src='images/dot_green.gif'>";
 							break;
 			}
-				echo "<td class='$tdcolor'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row["id_incidencia"]."'>".substr(salida_limpia($row["titulo"]),0,27);
+			echo "<td class='$tdcolor'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".substr(salida_limpia($row2["titulo"]),0,25);
 			echo "<td class='$tdcolor'>";
-				switch ( $row["prioridad"] ){
+			switch ( $row2["prioridad"] ){
 				case 0: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"; break;
 				case 1: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"; break;
 				case 2: echo "<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_red.gif'>"; break;
@ -420,18 +421,16 @@ if (!mysql_num_rows($result2)) {
 			case 4: echo $lang_label["very_serious"]; break;
 			case 10: echo $lang_label["maintenance"]; break;
 			*/
-				echo "<td class='$tdcolor'>".dame_nombre_grupo($row["id_grupo"]);
+			echo "<td class='$tdcolor'>".dame_nombre_grupo($row2["id_grupo"]);
-				echo "<td class='$tdcolor'>".$row["actualizacion"];
+			echo "<td class='$tdcolor'>".$row2["actualizacion"];
-				echo "<td class='$tdcolor'>".$row["origen"];
+			echo "<td class='$tdcolor'>".$row2["origen"];
-				echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row["id_usuario"])."</span></a>".substr($row["id_usuario"], 0, 8)."</a></td>";
+			echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row2["id_usuario"])."</span></a>".substr($row2["id_usuario"], 0, 8)."</a></td>";
-				$id_author_inc = $row["id_usuario"];
+			$id_author_inc = $row2["id_usuario"];
-				if ((give_acl($id_usuario, $id_group, "IM") ==1) OR
+			if ((give_acl($id_usuario, $id_group, "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){
 				($_SESSION["id_usuario"] == $id_author_inc) ){
 			// Only incident owners or incident manager
 			// from this group can delete incidents
-					echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row["id_incidencia"]."' onClick='if (!confirm(\' ".$lang_label["are_you_sure"]."\')) return false;'><img src='images/cancel.gif' border='0'></a></td>";
+				echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row2["id_incidencia"]."' onClick='if (!confirm(\' ".$lang_label["are_you_sure"]."\')) return false;'><img src='images/cancel.gif' border='0'></a></td>";
 			}
 			} // if ACL is correct
 		}
 	}
 	echo "<tr><td colspan='9'><div class='raya'></div>"	;