tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2007-02-05 Sancho Lerena <slerena@artica.es> 

* include/functions_db.php: Added function to get
	info for events (return_event_description().
	
	* include/languages/language_en.php: More new strings.
	
	* include/functions.php: Pagination improved !. not finished yet.
	
	* pandora_console/index.php: Added some credits to main page.
	
	* operation/incidents/incident.php: Improved incident
	visualization. Fixed some render bugs in last raul's commit :->
	
	* operation/incidents/incident_detail.php: Now incidents could be
	"reported" using event button for submit incident.
	
	* operation/events/events.php: Pagination is now using LIMIT SQL
	syntax, and pagination works fine. Several issues fixed, and added
	function to report incident from here.
	
	* images/ok.gif, cancel.gif: Changed icon.

	* images/control_start_blue.png: Added.

	* images/page_lightning.png: Added.
	
	* images/control_rewind_blue.png: Added.
	
	* images/control_end_blue.png: Added.
	
	* images/control_fastforward_blue.png: Added.
	


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@372 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
slerena 2007-02-05 17:45:14 +00:00
parent 8c91b61a29
commit 2b497cb953
16 changed files with 990 additions and 916 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
pandora_console/ChangeLog
View File

@ -1,3 +1,36 @@
2007-02-05 Sancho Lerena <slerena@artica.es>
* include/functions_db.php: Added function to get
info for events (return_event_description().
* include/languages/language_en.php: More new strings.
* include/functions.php: Pagination improved !. not finished yet.
* pandora_console/index.php: Added some credits to main page.
* operation/incidents/incident.php: Improved incident
visualization. Fixed some render bugs in last raul's commit :->
* operation/incidents/incident_detail.php: Now incidents could be
"reported" using event button for submit incident.
* operation/events/events.php: Pagination is now using LIMIT SQL
syntax, and pagination works fine. Several issues fixed, and added
function to report incident from here.
* images/ok.gif, cancel.gif: Changed icon.
* images/control_start_blue.png: Added.
* images/page_lightning.png: Added.
* images/control_rewind_blue.png: Added.
* images/control_end_blue.png: Added.
* images/control_fastforward_blue.png: Added.
2007-02-02 Manuel Arostegui <marostegui@artica.es>
* pandora_console.spec: Fixed small weird bug submitted to my email.

BIN
pandora_console/images/cancel.gif
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 517 B

After

Width:  |  Height:  |  Size: 596 B

BIN
pandora_console/images/control_end_blue.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 737 B

BIN
pandora_console/images/control_fastforward_blue.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 736 B

BIN
pandora_console/images/control_rewind_blue.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 745 B

BIN
pandora_console/images/control_start_blue.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 720 B

BIN
pandora_console/images/ok.gif
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 295 B

After

Width:  |  Height:  |  Size: 795 B

BIN
pandora_console/images/page_lightning.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 839 B

2
pandora_console/include/config.php
View File

@ -33,7 +33,7 @@ $attachment_store="/var/www/pandora_console"; //This is directory where placed "
$config_fontpath = "../reporting/FreeSans.ttf"; // Change this to your font folder, if needed.
// Do not display any ERROR
error_reporting(0);
error_reporting(E_ALL);
// Uncomment next to Display all errors, warnings and notices
// error_reporting(E_ALL);

51
pandora_console/include/functions.php
View File

@ -398,11 +398,13 @@ function pagination ($count, $url, $offset ) {
" http://pandora/index.php?sec=godmode&sec2=godmode/admin_access_logs "
*/
$block_limit = 10; // Visualize only $block_limit blocks
$block_limit = 15; // Visualize only $block_limit blocks
if ($count > $block_size){
// If exists more registers than I can put in a page, calculate index markers
$index_counter = ceil($count/$block_size); // Number of blocks of block_size with data
$index_page = ceil($offset/$block_size); // block to begin to show data
$index_page = ceil($offset/$block_size)-(ceil($block_limit/2)); // block to begin to show data;
if ($index_page < 0)
$index_page = 0;
// This calculate index_limit, block limit for this search.
if (($index_page + $block_limit) > $index_counter)
@ -425,43 +427,56 @@ function pagination ($count, $url, $offset ) {
else
$inicio_pag = 0;
// This shows first "<" in query, only if there
if (($index_page > 0) and ($paginacion_maxima ==1)){
$index_page_prev= ($index_page-1)*$block_size;
echo '<a href="'.$url.'&offset='.$index_page_prev.'">&lt;</a> ';
echo "<div>";
// Show GOTO FIRST button
echo '<a href="'.$url.'&offset=0">';
echo "<img src='images/control_start_blue.png'>";
echo "</a>";
echo "&nbsp;";
// Show PREVIOUS button
if ($index_page > 0){
$index_page_prev= ($index_page-$block_limit)*$block_size;
if ($index_page_prev < 0)
$index_page_prev = 0;
echo '<a href="'.$url.'&offset='.$index_page_prev.'"><img src="images/control_rewind_blue.png"></a> ';
}
// Draw blocks markers
echo "<div>";
for ($i = $inicio_pag; $i <= $index_limit; $i++) {
for ($i = $inicio_pag; $i < $index_limit; $i++) {
$inicio_bloque = ($i * $block_size);
$final_bloque = $inicio_bloque + $block_size;
if ($final_bloque > $count){ // if upper limit is beyond max, this shouldnt be possible !
$final_bloque = ($i-1)*$block_size + $count-(($i-1) * $block_size);
}
if (isset($filter_item))
echo '<a href="'.$url.'&offset='.$inicio_bloque.'">';
else
echo '<a href="'.$url.'&offset='.$inicio_bloque.'">';
echo "<span>";
echo '<a href="'.$url.'&offset='.$inicio_bloque.'">';
$inicio_bloque_fake = $inicio_bloque + 1;
// Show ">" marker if paginacion maxima limit reached and last block is shown.
if (($i==$inicio_pag + $block_limit) AND ($paginacion_maxima ==1)){
echo "&gt;</a> ";
// Show NEXT PAGE
if (($i >= $inicio_pag + $block_limit) AND ($paginacion_maxima == 1)){
echo "<img src='images/control_fastforward_blue.png'></a> ";
$i = $index_counter;
}
else { // Calculate last block (doesnt end with round data, it must be shown if not round to block limit)
if ($inicio_bloque == $offset)
echo '<b>[ '.$inicio_bloque_fake.'-'.$final_bloque.' ]</b>';
echo "<b>[ $i ]</b>";
else
echo '[ '.$inicio_bloque_fake.'-'.$final_bloque.' ]';
echo "[ $i ]";
echo '</a> ';
}
echo "</span>";
}
echo "</div>";
// if exists more registers than i can put in a page (defined by $block_size config parameter)
// get offset for index calculation
}
// Draw "last" block link
if (($count - $block_size) > 0){
echo '&nbsp;<a href="'.$url.'&offset='.($count - $block_size).'">';
echo "<img src='images/control_end_blue.png'>";
echo "</a>";
}
// End div and layout
echo "</div>";
}
?>

14
pandora_console/include/functions_db.php
View File

@ -164,6 +164,20 @@ function dame_agente_modulo_id($id_agente, $id_tipomodulo, $nombre){
return $pro;
}
// ---------------------------------------------------------------
// Returns event description given it's id
// ---------------------------------------------------------------
function return_event_description ($id_event){
require("config.php");
$query1="SELECT evento FROM tevento WHERE id_evento = $id_event";
$resq1=mysql_query($query1);
if ($rowdup=mysql_fetch_array($resq1))
$pro=$rowdup[0];
else
$pro = "";
return $pro;
}
// ---------------------------------------------------------------
// Return ID_Group from an event given as id_event

7
pandora_console/include/languages/language_en.php
View File

@ -600,7 +600,7 @@ $lang_label["no_incidents"]="No incident matches your search filter";
$lang_label["no_agent_alert"]=" so there are no alerts";
$lang_label["wrote"]=" wrote";
$lang_label["no_snmp_agent"]="There are no SNMP agents";
$lang_label["no_snmp_agent"]="There are no SNMP traps in database";
$lang_label["no_snmp_alert"]="There are no SNMP alerts";
$lang_label["no_agent_def"]="There are no defined agents";
@ -651,6 +651,8 @@ $lang_label["background_image"]="Background image";
$lang_label["help"]="Help";
$lang_label["no_monitors_g"]="This group doesn't have any monitor";
// New strings for 1.3 version
// 15 dev, new for 1.3 dev
$lang_label["reporting"]="Reporting";
$lang_label["agent_general_reporting"]="Agent overview";
@ -658,7 +660,8 @@ $lang_label["agent_general_reporting"]="Agent overview";
// 5 Jan 2007
$lang_label["active_console"]="Active console";
$lang_label["validate_event_failed"]="Event validation failed";
//
global $lang_label;
global $help_label;
?>

6
pandora_console/index.php
View File

@ -17,6 +17,12 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Pandora FMS 1.x uses icons from famfamfam, licensed under CC Atr. 2.5
// Silk icon set 1.3
// (cc) Mark James, http://www.famfamfam.com/lab/icons/silk/
// Pandora FMS 1.x uses Pear Image::Graph code
session_start();
include "include/config.php";
include "include/languages/language_".$language_code.".php";

520
pandora_console/operation/events/events.php
View File

@ -52,282 +52,268 @@
// Load global vars
require("include/config.php");
if (comprueba_login() == 0) {
$accion = "";
if (give_acl($id_user, 0, "AR")==1) {
// OPERATIONS
// Delete Event (only incident management access).
if (isset($_GET["delete"])){
$id_evento = $_GET["delete"];
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent($id_evento);
if (give_acl($id_user, $id_group, "IM") ==1){
$sql2="DELETE FROM tevento WHERE id_evento =".$id_evento;
$result2=mysql_query($sql2);
if ($result) {
echo "<h3 class='suc'>".$lang_label["delete_event_ok"]."</h3>";
}
} else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation",
"Trying to delete event ID".$id_evento);
}
}
// Check Event (only incident write access).
if (isset($_GET["check"])){
$id_evento = $_GET["check"];
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent($id_evento);
if (give_acl($id_user, $id_group, "IW") ==1){
$sql2="UPDATE tevento SET estado=1, id_user = '".$id_user."' WHERE id_evento = ".$id_evento;
$result2=mysql_query($sql2);
if ($result2) { echo "<h3 class='suc'>".$lang_label["validate_event_ok"]."</h3>";}
if (comprueba_login() != 0) {
audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer");
no_permission();
}
} else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento);
$accion = "";
if (give_acl($id_user, 0, "AR")!=1) {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer");
no_permission();
}
// OPERATIONS
// Delete Event (only incident management access).
if (isset($_GET["delete"])){
$id_evento = $_GET["delete"];
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent($id_evento);
if (give_acl($id_user, $id_group, "IM") ==1){
$sql2="DELETE FROM tevento WHERE id_evento =".$id_evento;
$result2=mysql_query($sql2);
if ($result) {
echo "<h3 class='suc'>".$lang_label["delete_event_ok"]."</h3>";
}
}
// Mass-process DELETE
if (isset($_POST["deletebt"])){
$count=0;
while ($count <= $block_size){
if (isset($_POST["eventid".$count])){
$event_id = $_POST["eventid".$count];
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent($event_id);
if (give_acl($id_user, $id_group, "IM") ==1){
mysql_query("DELETE FROM tevento WHERE id_evento =".$event_id);
} else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to delete event ID".$id_evento);
}
}
$count++;
}
}
// Mass-process UPDATE
if (isset($_POST["updatebt"])){
$count=0;
while ($count <= $block_size){
if (isset($_POST["eventid".$count])){
$id_evento = $_POST["eventid".$count];
$id_group = gime_idgroup_from_idevent($id_evento);
if (give_acl($id_user, $id_group, "IW") ==1){
$sql2="UPDATE tevento SET estado=1, id_user = '".$id_user."' WHERE estado = 0 AND id_evento = ".$id_evento;
$result2=mysql_query($sql2);
} else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento);
}
}
$count++;
}
}
echo "<h2>".$lang_label["events"]."</h2>";
echo "<h3>".$lang_label["event_main_view"]."<a href='help/".$help_code."/chap5.php#5' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
echo "<table cellpadding='3' cellspacing='3'><tr>";
if (isset($_POST["ev_group"])) {
$ev_group = $_POST["ev_group"];
} else {
$ev_group = -1;
audit_db($id_user,$REMOTE_ADDR, "ACL Violation",
"Trying to delete event ID".$id_evento);
}
echo "<form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60'>";
}
// Check Event (only incident write access).
if (isset($_GET["check"])){
$id_evento = $_GET["check"];
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent($id_evento);
if (give_acl($id_user, $id_group, "IW") ==1){
$sql2="UPDATE tevento SET estado = 1, id_usuario = '".$id_user."' WHERE id_evento = ".$id_evento;
$result2=mysql_query($sql2);
if ($result2) {
echo "<h3 class='suc'>".$lang_label["validate_event_ok"]."</h3>";
} else {
echo "<h3 class='error'>".$lang_label["validate_event_failed"]."</h3>";
}
echo "<td>".$lang_label["group"]."</td>";
echo "<td>";
echo "<select name='ev_group' onChange='javascript:this.form.submit();' class='w130'>";
if ( $ev_group > 1 ){
echo "<option value='".$ev_group."'>".dame_nombre_grupo($ev_group);
}
echo "<option value=1>".dame_nombre_grupo(1)."</option>";
list_group ($id_user);
echo "</select>";
echo "<td class='f9l30w17t'>";
echo "<img src='images/dot_green.gif'> - ".$lang_label["validated_event"];
echo "<br>";
echo "<img src='images/dot_red.gif'> - ".$lang_label["not_validated_event"];
echo "</td>";
echo "<td class='f9l30w17t'>";
echo "<img src='images/ok.gif'> - ".$lang_label["validate_event"];
echo "<br>";
echo "<img src='images/cancel.gif'> - ".$lang_label["delete_event"];
echo "</td>";
echo "<tr><td valign='middle'>".$lang_label["events"]."</td>";
echo "<td><form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60'>";
echo "<select name='event' onChange='javascript:this.form.submit();' class='w155'>";
// Prepare index for pagination
$event_list[]="";
if (isset($_POST["event"])){
$event = entrada_limpia($_POST["event"]);
if ($event=="All")
{
if (isset($ev_group) && ($ev_group > 1)) {
$sql2="SELECT * FROM tevento WHERE id_grupo = '$ev_group' ORDER BY timestamp DESC";
} else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento);
}
}
// Mass-process DELETE
if (isset($_POST["deletebt"])){
$count=0;
while ($count <= $block_size){
if (isset($_POST["eventid".$count])){
$event_id = $_POST["eventid".$count];
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent($event_id);
if (give_acl($id_user, $id_group, "IM") ==1){
mysql_query("DELETE FROM tevento WHERE id_evento =".$event_id);
} else {
$sql2="SELECT * FROM tevento ORDER BY timestamp DESC";
}
} else {
if (isset($ev_group) && ($ev_group > 1)) {
$sql2="SELECT * FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group' ORDER BY timestamp DESC";
} else {
$sql2="SELECT * FROM tevento WHERE evento = '$event' ORDER BY timestamp DESC";
}
echo "<option value='".$event."'>".$event."</option>";
}
} else {
$sql2="SELECT * FROM tevento ORDER BY timestamp DESC";
}
echo "<option value='All'>".$lang_label["all"]."</option>";
$result2=mysql_query($sql2);
if (mysql_num_rows($result2)){
while ($row2=mysql_fetch_array($result2)){ // Jump offset records
$id_grupo = $row2["id_grupo"];
if (give_acl($id_user, $id_grupo, "IR") == 1) // Only incident read access to view data !
$event_list[]=$row2["id_evento"];
}
if (isset($_GET["offset"]))
$offset=$_GET["offset"];
else
$offset=0;
$offset_counter=0;
if (isset($ev_group) && ($ev_group > 1)) {
$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group'";
} else {
$sql="SELECT DISTINCT evento FROM tevento";
}
$result=mysql_query($sql);
while ($row=mysql_fetch_array($result)){
echo "<option value='".$row["evento"]."'>".$row["evento"]."</option>";
}
echo "</select>";
echo "</form>";
echo "<td valign='middle'>";
echo "<noscript>
<input type='submit' class='sub' value='".$lang_label["show"]."'>
</noscript>";
echo "</td></tr>";
echo "</table>";
echo "<br>";
//pagination
$total_eventos = count($event_list);
pagination($total_eventos, "index.php?sec=eventos&sec2=operation/events/events", $offset);
if (isset($_GET["offset"])){
$offset=entrada_limpia($_GET["offset"]);
} else {
$offset=0;
}
echo "<br>";
echo "<table cellpadding='3' cellspacing='3' width='775'>";
echo "<tr>";
echo "<th>".$lang_label["status"]."</th>";
echo "<th>".$lang_label["event_name"]."</th>";
echo "<th>".$lang_label["agent_name"]."</th>";
echo "<th>".$lang_label["group"]."</th>";
echo "<th>".$lang_label["id_user"]."</th>";
echo "<th class='w130'>".$lang_label["timestamp"]."</th>";
echo "<th>".$lang_label["action"]."</th>";
echo "<th class='p10'>";
echo "<label for='checkbox' class='p21'>".$lang_label["all"]." </label>";
echo '<input type="checkbox" class="chk" name="allbox" onclick="CheckAll();"></th>';
echo "<form name='eventtable' method='POST' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&offset=".$offset."'>";
$color = 1;
$id_evento = 0;
if ($offset !=0)
$offset_limit = $offset +1;
else
$offset_limit = $offset;
// Skip offset records
for ($a=$offset_limit;$a < ($block_size + $offset + 1);$a++){
if (isset($event_list[$a])) {
$id_evento = $event_list[$a];
if ($id_evento != ""){
if (isset($_POST["event"])) {
$event = entrada_limpia($_POST["event"]);
if ($event=="All") {
if (isset($ev_group) && ($ev_group > 1)) {
$sql="SELECT * FROM tevento WHERE id_evento = '$id_evento' AND id_grupo = '$ev_group'";
} else {
$sql="SELECT * FROM tevento WHERE id_evento = '$id_evento'";
}
} else {
if (isset($ev_group) && ($ev_group > 1)) {
$sql="SELECT * FROM tevento WHERE evento= '$event' AND id_evento = '$id_evento' AND id_grupo = '$ev_group'";
} else {
$sql="SELECT * FROM tevento WHERE evento= '$event' AND id_evento = '$id_evento'";
}
}
} else {
$sql="SELECT * FROM tevento WHERE id_evento = $id_evento";
}
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$id_group = $row["id_grupo"];
if ($color == 1){
$tdcolor = "datos";
$color = 0;
}
else {
$tdcolor = "datos2";
$color = 1;
}
//if (give_acl($id_user, $id_group, "IR") == 1){ // Only incident read access to view data
$offset_counter++;
echo "<tr><td class='$tdcolor' align='center'>";
if ($row["estado"] == 0)
echo "<img src='images/dot_red.gif'>";
else
echo "<img src='images/dot_green.gif'>";
echo "<td class='$tdcolor'>".$row["evento"];
if ($row["id_agente"] > 0){
echo "<td class='$tdcolor'><a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row["id_agente"]."'><b>".dame_nombre_agente($row["id_agente"])."</b></a>";
echo "<td class='$tdcolor'><img src='images/g_".show_icon_group($id_group).".gif'> ( ".dame_grupo($id_group)." )</td>";
echo "<td class='$tdcolor'>";
} else { // for SNMP generated alerts
echo "<td class='$tdcolor' colspan='2'>".$lang_label["alert"]." / SNMP";
echo "<td class='$tdcolor'>";
}
if ($row["estado"] <> 0)
echo "<a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row["id_usuario"])."</span></a>".substr($row["id_usuario"],0,8)."</a>";
echo "<td class='$tdcolor'>".$row["timestamp"];
echo "<td class='$tdcolor' align='center'>";
if (($row["estado"] == 0) and (give_acl($id_user,$id_group,"IW") ==1))
echo "<a href='index.php?sec=eventos&sec2=operation/events/events&check=".$row["id_evento"]."'><img src='images/ok.gif' border='0'></a>";
if (give_acl($id_user,$id_group,"IM") ==1)
echo "<a href='index.php?sec=eventos&sec2=operation/events/events&delete=".$row["id_evento"]."&refr=60&offset=".$offset."'><img src='images/cancel.gif' border=0></a>";
echo "<td class='$tdcolor' align='center'>";
echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' value='".$row["id_evento"]."'>";
echo "</td></tr>";
//}
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to delete event ID".$id_evento);
}
}
}
echo "<tr><td colspan='8'><div class='raya'></div></td></tr>";
echo "<tr><td colspan='8' align='right'>";
echo "<input class='sub' type='submit' name='updatebt' value='".$lang_label["validate"]."'> ";
if (give_acl($id_user, 0,"IM") ==1){
echo "<input class='sub' type='submit' name='deletebt' value='".$lang_label["delete"]."'>";
}
echo "</form></table>";
}
else {echo "</select></form></td></tr></table><br><div class='nf'>".$lang_label["no_event"]."</div>";}
}
else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer");
require ("general/noaccess.php");
$count++;
}
}
// Mass-process UPDATE
if (isset($_POST["updatebt"])){
$count=0;
while ($count <= $block_size){
if (isset($_POST["eventid".$count])){
$id_evento = $_POST["eventid".$count];
$id_group = gime_idgroup_from_idevent($id_evento);
if (give_acl($id_user, $id_group, "IW") ==1){
$sql2="UPDATE tevento SET estado=1, id_user = '".$id_user."' WHERE estado = 0 AND id_evento = ".$id_evento;
$result2=mysql_query($sql2);
} else {
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento);
}
}
$count++;
}
}
// ***********************************************************************
// Main code form / page
// ***********************************************************************
// Get data
$offset=0;
if (isset($_GET["offset"]))
$offset=$_GET["offset"];
$ev_group = -1;
if (isset($_POST["ev_group"]))
$ev_group = $_POST["ev_group"];
$event="All";
if (isset($_POST["event"]))
$event = entrada_limpia($_POST["event"]);
echo "<h2>".$lang_label["events"]."</h2>";
echo "<h3>".$lang_label["event_main_view"]."<a href='help/".$help_code."/chap5.php#5' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
echo "<table cellpadding='3' cellspacing='3'><tr>";
echo "<form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60'>";
echo "<td>".$lang_label["group"]."</td>";
echo "<td>";
echo "<select name='ev_group' onChange='javascript:this.form.submit();' class='w130'>";
if ( $ev_group > 1 ){
echo "<option value='".$ev_group."'>".dame_nombre_grupo($ev_group);
}
echo "<option value=1>".dame_nombre_grupo(1)."</option>";
list_group ($id_user);
echo "</select>";
echo "<td class='f9l30w17t'>";
echo "<img src='images/dot_green.gif'> - ".$lang_label["validated_event"];
echo "<br>";
echo "<img src='images/dot_red.gif'> - ".$lang_label["not_validated_event"];
echo "</td>";
echo "<td class='f9l30w17t'>";
echo "<img src='images/ok.gif'> - ".$lang_label["validate_event"];
echo "<br>";
echo "<img src='images/cancel.gif'> - ".$lang_label["delete_event"];
echo "</td>";
echo "<tr><td valign='middle'>".$lang_label["events"]."</td>";
echo "<td><form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60'>";
echo "<select name='event' onChange='javascript:this.form.submit();' class='w155'>";
echo "<option value='All'>".$lang_label["all"]."</option>";
// Fill event type combo (DISTINCT!)
if (isset($ev_group) && ($ev_group > 1))
$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group' DESC LIMIT $offset, $block_size";
else
$sql="SELECT DISTINCT evento FROM tevento DESC LIMIT $offset, $block_size";
$result=mysql_query($sql);
// Make query for distinct (to fill combo)
while ($row=mysql_fetch_array($result))
echo "<option value='".$row["evento"]."'>".$row["evento"]."</option>";
echo "</select>";
echo "</form>";
echo "<td valign='middle'>";
echo "<noscript><input type='submit' class='sub' value='".$lang_label["show"]."'></noscript>";
echo "</td></tr>";
echo "</table>";
echo "<br>";
// How many events do I have in total ?
if ($event=="All"){
if (isset($ev_group) && ($ev_group > 1)) {
$sql3="SELECT COUNT(id_evento) FROM tevento WHERE id_grupo = '$ev_group' ";
} else {
$sql3="SELECT COUNT(id_evento) FROM tevento";
}
} else {
if (isset($ev_group) && ($ev_group > 1)) {
$sql3="SELECT COUNT(id_evento) FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group'";
} else {
$sql3="SELECT COUNT(id_evento) FROM tevento WHERE evento = '$event' ";
}
}
$result3=mysql_query($sql3);
$row3=mysql_fetch_array($result3);
$total_events = $row3[0];
// Show pagination header
pagination($total_events, "index.php?sec=eventos&sec2=operation/events/events", $offset);
// Show data.
echo "<br>";
echo "<table cellpadding='3' cellspacing='3' width='775'>";
echo "<tr>";
echo "<th>".$lang_label["status"]."</th>";
echo "<th>".$lang_label["event_name"]."</th>";
echo "<th>".$lang_label["agent_name"]."</th>";
echo "<th>".$lang_label["group"]."</th>";
echo "<th>".$lang_label["id_user"]."</th>";
echo "<th class='w130'>".$lang_label["timestamp"]."</th>";
echo "<th width='62'>".$lang_label["action"]."</th>";
echo "<th class='p10'>";
echo "<label for='checkbox' class='p21'>".$lang_label["all"]." </label>";
echo '<input type="checkbox" class="chk" name="allbox" onclick="CheckAll();"></th>';
echo "<form name='eventtable' method='POST' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&offset=".$offset."'>";
$color = 1;
$id_evento = 0;
// Prepare index for pagination. Prepare queries
if ($event=="All"){
if (isset($ev_group) && ($ev_group > 1)) {
$sql2="SELECT * FROM tevento WHERE id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size";
} else {
$sql2="SELECT * FROM tevento ORDER BY timestamp DESC LIMIT $offset, $block_size";
}
} else {
if (isset($ev_group) && ($ev_group > 1)) {
$sql2="SELECT * FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size";
} else {
$sql2="SELECT * FROM tevento WHERE evento = '$event' ORDER BY timestamp DESC LIMIT $offset, $block_size";
}
}
// Make query for data (all data, not only distinct).
$result2=mysql_query($sql2);
while ($row2=mysql_fetch_array($result2)){
$id_grupo = $row2["id_grupo"];
if (give_acl($id_user, $id_grupo, "IR") == 1){ // Only incident read access to view data !
$id_group = $row2["id_grupo"];
if ($color == 1){
$tdcolor = "datos";
$color = 0;
}
else {
$tdcolor = "datos2";
$color = 1;
}
echo "<tr><td class='$tdcolor' align='center'>";
if ($row2["estado"] == 0)
echo "<img src='images/dot_red.gif'>";
else
echo "<img src='images/dot_green.gif'>";
echo "<td class='$tdcolor'>".$row2["evento"];
if ($row2["id_agente"] > 0){
echo "<td class='$tdcolor'><a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."'><b>".dame_nombre_agente($row2["id_agente"])."</b></a>";
echo "<td class='$tdcolor'><img src='images/g_".show_icon_group($id_group).".gif'></td>";
echo "<td class='$tdcolor'>";
} else { // for SNMP generated alerts
echo "<td class='$tdcolor' colspan='2'>".$lang_label["alert"]." / SNMP";
echo "<td class='$tdcolor' width='95'>";
}
if ($row2["estado"] <> 0)
echo "<a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row2["id_usuario"])."</span></a>".substr($row2["id_usuario"],0,8)."</a>";
echo "<td class='$tdcolor'>".$row2["timestamp"];
echo "<td class='$tdcolor' align='right'>";
if (($row2["estado"] == 0) and (give_acl($id_user,$id_group,"IW") ==1))
echo "<a href='index.php?sec=eventos&sec2=operation/events/events&offset=".$offset."&check=".$row2["id_evento"]."'><img src='images/ok.gif' border='0'></a>";
if (give_acl($id_user,$id_group,"IM") ==1)
echo "<a href='index.php?sec=eventos&sec2=operation/events/events&delete=".$row2["id_evento"]."&refr=60&offset=".$offset."'><img src='images/cancel.gif' border=0></a> ";
if (give_acl($id_user,$id_group,"IW") == 1)
echo "<a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form&from_event=".$row2["id_evento"]."'><img src='images/page_lightning.png' border=0></a>";
echo "<td class='$tdcolor' align='center'>";
echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' value='".$row2["id_evento"]."'>";
echo "</td></tr>";
//}
}
}
echo "<tr><td colspan='8'><div class='raya'></div></td></tr>";
echo "<tr><td colspan='8' align='right'>";
echo "<input class='sub' type='submit' name='updatebt' value='".$lang_label["validate"]."'> ";
if (give_acl($id_user, 0,"IM") ==1){
echo "<input class='sub' type='submit' name='deletebt' value='".$lang_label["delete"]."'>";
}
echo "</form></table>";
/* else {echo "</select></form></td></tr></table><br><div class='nf'>".$lang_label["no_event"]."</div>";}
} */
?>

400
pandora_console/operation/incidents/incident.php
View File

@ -18,108 +18,115 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
if (comprueba_login() == 0) {
$accion = "";
if (comprueba_login() != 0) {
audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access incident viewer");
require ("general/noaccess.php");
exit;
}
$id_usuario =$_SESSION["id_usuario"];
if ((give_acl($id_user, 0, "IR")==1) OR (give_acl($id_user, 0, "IM")==1) or (dame_admin($id_user)==1)) {
if (isset($_GET["quick_delete"])){
$id_inc = $_GET["quick_delete"];
$sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc;
$result2=mysql_query($sql2);
$row2=mysql_fetch_array($result2);
if ($row2) {
$id_author_inc = $row2["id_usuario"];
if ((give_acl($id_usuario, $row2["id_grupo"], "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){
borrar_incidencia($id_inc);
echo "<h3 class='suc'>".$lang_label["del_incid_ok"]."</h3>";
}
else {
audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident");
echo "<h3 class='error'>".$lang_label["del_incid_no"]."</h3>";
no_permission();
$accion = "";
if (give_acl($id_usuario, 0, "IR")!=1) {
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access incident viewer");
require ("general/noaccess.php");
exit;
}
if (isset($_GET["quick_delete"])){
$id_inc = $_GET["quick_delete"];
$sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc;
$result2=mysql_query($sql2);
$row2=mysql_fetch_array($result2);
if ($row2) {
$id_author_inc = $row2["id_usuario"];
if ((give_acl($id_usuario, $row2["id_grupo"], "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){
borrar_incidencia($id_inc);
echo "<h3 class='suc'>".$lang_label["del_incid_ok"]."</h3>";
}
else {
audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident");
echo "<h3 class='error'>".$lang_label["del_incid_no"]."</h3>";
no_permission();
}
}
// Search
$busqueda="";
if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){
if (isset($_POST["texto"])){
$texto_form = $_POST["texto"];
$_GET["texto"]=$texto_form; // Update GET vars if data comes from POST
} else // GET
$texto_form = $_GET["texto"];
}
$busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )";
}
// Search
$busqueda="";
if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){
if (isset($_POST["texto"])){
$texto_form = $_POST["texto"];
$_GET["texto"]=$texto_form; // Update GET vars if data comes from POST
} else // GET
$texto_form = $_GET["texto"];
if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){
if (isset($_POST["usuario"])){
$usuario_form = $_POST["usuario"];
$_GET["usuario"]=$usuario_form;
} else // GET
$usuario_form=$_GET["usuario"];
if ($usuario_form != ""){
if (isset($_GET["texto"]))
$busqueda = $busqueda." and ";
$busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' ";
}
$busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )";
}
if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){
if (isset($_POST["usuario"])){
$usuario_form = $_POST["usuario"];
$_GET["usuario"]=$usuario_form;
} else // GET
$usuario_form=$_GET["usuario"];
if ($usuario_form != ""){
if (isset($_GET["texto"]))
$busqueda = $busqueda." and ";
$busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' ";
}
// Filter
if ($busqueda != "")
$sql1= "WHERE ".$busqueda;
else
$sql1="";
}
if (isset($_GET["estado"]) and (!isset($_POST["estado"])))
$_POST["estado"]=$_GET["estado"];
if (isset($_GET["grupo"]) and (!isset($_POST["grupo"])))
$_POST["grupo"]=$_GET["grupo"];
if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"])))
$_POST["prioridad"]=$_GET["prioridad"];
// Filter
if ($busqueda != "")
$sql1= "WHERE ".$busqueda;
else
$sql1="";
if (isset($_GET["estado"]) and (!isset($_POST["estado"])))
$_POST["estado"]=$_GET["estado"];
if (isset($_GET["grupo"]) and (!isset($_POST["grupo"])))
$_POST["grupo"]=$_GET["grupo"];
if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"])))
$_POST["prioridad"]=$_GET["prioridad"];
if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) {
if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){
$_GET["estado"] = $_POST["estado"];
if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) {
if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){
$_GET["estado"] = $_POST["estado"];
if ($sql1 == "")
$sql1='WHERE estado='.$_POST["estado"];
else
$sql1 =$sql1.' AND estado='.$_POST["estado"];
}
if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) {
$_GET["prioridad"]=$_POST["prioridad"];
if ($sql1 == "")
$sql1='WHERE estado='.$_POST["estado"];
$sql1='WHERE prioridad='.$_POST["prioridad"];
else
$sql1 =$sql1.' AND estado='.$_POST["estado"];
}
$sql1 =$sql1.' and prioridad='.$_POST["prioridad"];
}
if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) {
$_GET["prioridad"]=$_POST["prioridad"];
if ($sql1 == "")
$sql1='WHERE prioridad='.$_POST["prioridad"];
else
$sql1 =$sql1.' and prioridad='.$_POST["prioridad"];
}
if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) {
$_GET["grupo"] = $_POST["grupo"];
if ($sql1 == "")
$sql1='WHERE id_grupo='.$_POST["grupo"];
else
$sql1 =$sql1.' AND id_grupo='.$_POST["grupo"];
}
}
if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) {
$_GET["grupo"] = $_POST["grupo"];
if ($sql1 == "")
$sql1='WHERE id_grupo='.$_POST["grupo"];
else
$sql1 =$sql1.' AND id_grupo='.$_POST["grupo"];
}
}
$sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC";
$sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1;
$sql1=$sql0;
echo "<h2>".$lang_label["incident_manag"]."</h2>";
echo "<h3>".$lang_label["manage_incidents"]."<a href='help/".$help_code."/chap4.php#4' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
?>
<?php
$sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC";
$sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1;
$sql1=$sql0;
echo "<h2>".$lang_label["incident_manag"]."</h2>";
echo "<h3>".$lang_label["manage_incidents"]."<a href='help/".$help_code."/chap4.php#4' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
if (isset($_POST['operacion'])){
echo "<h3>".$lang_label["incident_view_filter"]." - ".$_POST['operacion']."</h3>";
}
}
?>
<form name='visualizacion' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident'>
@ -129,22 +136,22 @@ if (isset($_POST['operacion'])){
<h3><?php echo $lang_label["filter"]; ?></h3>
<select name="estado" onChange="javascript:this.form.submit();" class="w155">
<?php
// Tipo de estado (Type)
// Tipo de estado (Type)
// 0 - Abierta / Sin notas (Open without notes)
// 1 - Abierta / Notas aniadidas (Open with notes)
// 2 - Descartada (Not valid)
// 3 - Caducada (out of date)
// 13 - Cerrada (closed)
if (isset($_GET["estado"])){
echo "<option value='".$_GET["estado"]."'>";
switch ($_GET["estado"]){
case -1: echo $lang_label["all_inc"]; break;
case 0: echo $lang_label["opened_inc"]; break;
case 13: echo $lang_label["closed_inc"]; break;
case 2: echo $lang_label["rej_inc"]; break;
case 3: echo $lang_label["exp_inc"]; break;
}
echo "<option value='".$_GET["estado"]."'>";
switch ($_GET["estado"]){
case -1: echo $lang_label["all_inc"]; break;
case 0: echo $lang_label["opened_inc"]; break;
case 13: echo $lang_label["closed_inc"]; break;
case 2: echo $lang_label["rej_inc"]; break;
case 3: echo $lang_label["exp_inc"]; break;
}
}
echo "<option value='-1'>".$lang_label["all_inc"];
@ -153,31 +160,31 @@ if (isset($_POST['operacion'])){
echo "<option value='2'>".$lang_label["rej_inc"];
echo "<option value='3'>".$lang_label["exp_inc"];
?>
</select>
</td>
<td valign="middle"><noscript><input type="submit" class="sub" value="<?php echo $lang_label["show"] ?>" border="0"></noscript>
</td>
<td rowspan="5" class="f9l30t">
<h3><?php echo $lang_label["status"] ?></h3>
<img src='images/dot_red.gif'> - <?php echo $lang_label["opened_inc"] ?><br>
<img src='images/dot_yellow.gif'> - <?php echo $lang_label["openedcom_inc"] ?><br>
<img src='images/dot_blue.gif'> - <?php echo $lang_label["rej_inc"] ?><br>
<img src='images/dot_green.gif'> - <?php echo $lang_label["closed_inc"] ?><br>
<img src='images/dot_white.gif'> - <?php echo $lang_label["exp_inc"] ?></td>
</select>
</td>
<td valign="middle"><noscript><input type="submit" class="sub" value="<?php echo $lang_label["show"] ?>" border="0"></noscript>
</td>
<td rowspan="5" class="f9l30t">
<h3><?php echo $lang_label["status"] ?></h3>
<img src='images/dot_red.gif'> - <?php echo $lang_label["opened_inc"] ?><br>
<img src='images/dot_yellow.gif'> - <?php echo $lang_label["openedcom_inc"] ?><br>
<img src='images/dot_blue.gif'> - <?php echo $lang_label["rej_inc"] ?><br>
<img src='images/dot_green.gif'> - <?php echo $lang_label["closed_inc"] ?><br>
<img src='images/dot_white.gif'> - <?php echo $lang_label["exp_inc"] ?></td>
<td rowspan="5" class="f9l30t">
<h3><?php echo $lang_label["priority"] ?></h3>
<img src='images/dot_red.gif'><img src='images/dot_red.gif'><img src='images/dot_red.gif'> - <?php echo $lang_label["very_serious"] ?><br>
<img src='images/dot_yellow.gif'><img src='images/dot_red.gif'><img src='images/dot_red.gif'> - <?php echo $lang_label["serious"] ?><br>
<img src='images/dot_yellow.gif'><img src='images/dot_yellow.gif'><img src='images/dot_red.gif'> - <?php echo $lang_label["medium"] ?><br>
<img src='images/dot_green.gif'><img src='images/dot_yellow.gif'><img src='images/dot_yellow.gif'> - <?php echo $lang_label["low"] ?><br>
<img src='images/dot_green.gif'><img src='images/dot_green.gif'><img src='images/dot_yellow.gif'> - <?php echo $lang_label["informative"] ?><br>
<img src='images/dot_green.gif'><img src='images/dot_green.gif'><img src='images/dot_green.gif'> - <?php echo $lang_label["maintenance"] ?><br>
<tr><td>
<select name="prioridad" onChange="javascript:this.form.submit();" class="w155">
<td rowspan="5" class="f9l30t">
<h3><?php echo $lang_label["priority"] ?></h3>
<img src='images/dot_red.gif'><img src='images/dot_red.gif'><img src='images/dot_red.gif'> - <?php echo $lang_label["very_serious"] ?><br>
<img src='images/dot_yellow.gif'><img src='images/dot_red.gif'><img src='images/dot_red.gif'> - <?php echo $lang_label["serious"] ?><br>
<img src='images/dot_yellow.gif'><img src='images/dot_yellow.gif'><img src='images/dot_red.gif'> - <?php echo $lang_label["medium"] ?><br>
<img src='images/dot_green.gif'><img src='images/dot_yellow.gif'><img src='images/dot_yellow.gif'> - <?php echo $lang_label["low"] ?><br>
<img src='images/dot_green.gif'><img src='images/dot_green.gif'><img src='images/dot_yellow.gif'> - <?php echo $lang_label["informative"] ?><br>
<img src='images/dot_green.gif'><img src='images/dot_green.gif'><img src='images/dot_green.gif'> - <?php echo $lang_label["maintenance"] ?><br>
<tr><td>
<select name="prioridad" onChange="javascript:this.form.submit();" class="w155">
<?php
if (isset($_GET["prioridad"])){
if (isset($_GET["prioridad"])){
echo "<option value=".$_GET["prioridad"].">";
switch ($_GET["prioridad"]){
case -1: echo $lang_label["all"]." ".$lang_label["priority"]; break;
@ -188,79 +195,72 @@ if (isset($_POST['operacion'])){
case 4: echo $lang_label["very_serious"]; break;
case 10: echo $lang_label["maintenance"]; break;
}
}
echo "<option value='-1'>".$lang_label["all"]." ".$lang_label["priority"]; // al priorities (default)
echo '<option value="0">'.$lang_label["informative"];
echo '<option value="1">'.$lang_label["low"];
echo '<option value="2">'.$lang_label["medium"];
echo '<option value="3">'.$lang_label["serious"];
echo '<option value="4">'.$lang_label["very_serious"];
echo '<option value="10">'.$lang_label["maintenance"];
?>
</select>
</td>
<td valign="middle"><noscript><input type="submit" class="sub" value="<?php echo $lang_label["show"] ?>" border="0"></noscript>
</td>
}
echo "<option value='-1'>".$lang_label["all"]." ".$lang_label["priority"]; // al priorities (default)
echo '<option value="0">'.$lang_label["informative"];
echo '<option value="1">'.$lang_label["low"];
echo '<option value="2">'.$lang_label["medium"];
echo '<option value="3">'.$lang_label["serious"];
echo '<option value="4">'.$lang_label["very_serious"];
echo '<option value="10">'.$lang_label["maintenance"];
echo "</select></td><td valign='middle¡><noscript>";
echo "<input type='submit' class='sub' value='".$lang_label["show"]."' border='0'></noscript>";
echo "</td>";
echo '<tr><td><select name="grupo" onChange="javascript:this.form.submit();" class="w155">';
<tr><td>
<select name="grupo" onChange="javascript:this.form.submit();" class="w155">
<?php
if (isset($_GET["grupo"])){
echo "<option value=".$_GET["grupo"].">";
if ($_GET["grupo"] == -1)
echo $lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
else
echo dame_nombre_grupo($_GET["grupo"]);
}
echo "<option value='-1'>".$lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
$sql2="SELECT * FROM tgrupo";
$result2=mysql_query($sql2);
while ($row2=mysql_fetch_array($result2)){
echo "<option value=".$row2["id_grupo"].">".$row2["nombre"];
}
if (isset($_GET["grupo"])){
echo "<option value=".$_GET["grupo"].">";
if ($_GET["grupo"] == -1)
echo $lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
else
echo dame_nombre_grupo($_GET["grupo"]);
}
echo "<option value='-1'>".$lang_label["all"]." ".$lang_label["groups"]; // all groups (default)
$sql2="SELECT * FROM tgrupo";
$result2=mysql_query($sql2);
while ($row2=mysql_fetch_array($result2)){
echo "<option value=".$row2["id_grupo"].">".$row2["nombre"];
}
?>
</select>
</td>
<td valign="middle"><noscript><input type="submit" class="sub" value="<?php echo $lang_label["show"] ?>" border="0"></noscript>
</td>
echo "</select></td><td valign='middle'><noscript><input type='submit' class='sub' value='".$lang_label["show"]."' border='0'></noscript></td>";
<?php
// Pass search parameters for possible future filter searching by user
if (isset($_GET["usuario"]))
echo "<input type='hidden' name='usuario' value='".$_GET["usuario"]."'>";
if (isset($_GET["texto"]))
echo "<input type='hidden' name='texto' value='".$_GET["texto"]."'>";
?>
if (isset($_GET["usuario"]))
echo "<input type='hidden' name='usuario' value='".$_GET["usuario"]."'>";
if (isset($_GET["texto"]))
echo "<input type='hidden' name='texto' value='".$_GET["texto"]."'>";
</table>
</form>
<?php
echo "
</table>
</form>
<br><br>
<table>";
// Offset adjustment
if (isset($_GET["offset"]))
$offset=$_GET["offset"];
else
$offset=0;
$offset_counter=0;
// Prepare index for pagination
$incident_list[]="";
$result2=mysql_query($sql1);
if (!mysql_num_rows($result2)) {
echo '<div class="nf">'.$lang_label["no_incidents"].'</div><br><table>';}
else {
// Offset adjustment
if (isset($_GET["offset"]))
$offset=$_GET["offset"];
else
$offset=0;
$offset_counter=0;
// Prepare index for pagination
$incident_list[]="";
$result2=mysql_query($sql1);
if (!mysql_num_rows($result2)) {
echo '<div class="nf">'.$lang_label["no_incidents"].'</div><br></table>';
} else {
while ($row2=mysql_fetch_array($result2)){ // Jump offset records
$id_group = $row2["id_grupo"];
if (give_acl($id_usuario, $id_group, "IR") ==1){ // Only incident read access to view data !
$id_group = $row2["id_grupo"];
if (give_acl($id_usuario, $id_group, "IR") ==1){
// Only incident read access to view data !
$incident_list[]=$row2["id_incidencia"];
}
}
}
// Fill array with data
// TOTAL incidents
$total_incidentes = sizeof($incident_list);
$url = "index.php?sec=incidencias&sec2=operation/incidents/incident";
// add form filter values for group, priority, state, and search fields: user and text
@ -275,10 +275,11 @@ if (isset($_POST['operacion'])){
if (isset($_GET["texto"]))
$url = $url."&texto=".$_GET["texto"];
// Show pagination
// Show pagination
pagination ($total_incidentes, $url, $offset);
echo '<br>';
// Show headers
echo "<table cellpadding='3' cellspacing='3' width='770'>";
echo "<tr>";
echo "<th width='43'>ID";
@ -299,7 +300,7 @@ if (isset($_POST['operacion'])){
$offset_begin = $offset;
for ($a=$offset_begin; $a < ($offset + $block_size +1);$a++){
if (isset($incident_list[$a])){
if (isset($incident_list[$a])){
$id_incidente = $incident_list[$a];
} else {
$id_incidente ="";
@ -323,19 +324,19 @@ if (isset($_POST['operacion'])){
echo "<tr>";
echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row["id_incidencia"]."'>".$row["id_incidencia"]."</a>";
// Check for attachments in this incident
// Check for attachments in this incident
$result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row["id_incidencia"]);
mysql_fetch_array($result3);
if (mysql_affected_rows() > 0)
echo '&nbsp;&nbsp;<img src="images/file.gif" align="middle">';
// Tipo de estado (Type)
// 0 - Abierta / Sin notas (Open, no notes)
// 1 - Abierta / Notas anyadidas (Open with notes)
// 2 - Descartada (not valid)
// 3 - Caducada (out of date)
// 13 - Cerrada (closed)
// Verify if the status changes
if (($row["estado"] == 0) && ($note_number >0 )){
$row["estado"] = 1;
@ -356,12 +357,12 @@ if (isset($_POST['operacion'])){
echo "<td class='$tdcolor'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row["id_incidencia"]."'>".substr(salida_limpia($row["titulo"]),0,27);
echo "<td class='$tdcolor'>";
switch ( $row["prioridad"] ){
case 0: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"; break;
case 1: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"; break;
case 2: echo "<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_red.gif'>"; break;
case 3: echo "<img src='images/dot_yellow.gif'>"."<img src='images/dot_red.gif'>"."<img src='images/dot_red.gif'>"; break;
case 4: echo "<img src='images/dot_red.gif'>"."<img src='images/dot_red.gif'>"."<img src='images/dot_red.gif'>"; break;
case 10: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"; break;
case 0: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"; break;
case 1: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"; break;
case 2: echo "<img src='images/dot_yellow.gif'>"."<img src='images/dot_yellow.gif'>"."<img src='images/dot_red.gif'>"; break;
case 3: echo "<img src='images/dot_yellow.gif'>"."<img src='images/dot_red.gif'>"."<img src='images/dot_red.gif'>"; break;
case 4: echo "<img src='images/dot_red.gif'>"."<img src='images/dot_red.gif'>"."<img src='images/dot_red.gif'>"; break;
case 10: echo "<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"."<img src='images/dot_green.gif'>"; break;
}
/*
case 0: echo $lang_label["informative"]; break;
@ -376,26 +377,23 @@ if (isset($_POST['operacion'])){
echo "<td class='$tdcolor'>".$row["origen"];
echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row["id_usuario"])."</span></a>".substr($row["id_usuario"], 0, 8)."</a></td>";
$id_author_inc = $row["id_usuario"];
if ((give_acl($id_usuario, $id_group, "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){ // Only incident owners or incident manager from this group can delete incidents
if ((give_acl($id_usuario, $id_group, "IM") ==1) OR
($_SESSION["id_usuario"] == $id_author_inc) ){
// Only incident owners or incident manager
// from this group can delete incidents
echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row["id_incidencia"]."' onClick='if (!confirm(\' ".$lang_label["are_you_sure"]."\')) return false;'><img src='images/cancel.gif' border='0'></a></td>";
}
} // if ACL is correct
}
}
echo "<tr><td colspan='9'><div class='raya'></div>" ;
echo "<tr><td colspan='9'><div class='raya'></div>" ;
}
if (give_acl($_SESSION["id_usuario"], 0, "IW")==1) {
echo "<tr><td align='right' colspan='9'>";
echo "<form method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form'>";
echo "<input type='submit' class='sub' name='crt' value='".$lang_label["create_incident"]."'></form>";
}
if (give_acl($_SESSION["id_usuario"], 0, "IW")==1) {
echo "<tr><td align='right' colspan='9'>";
echo "<form method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form'>";
echo "<input type='submit' class='sub' name='crt' value='".$lang_label["create_incident"]."'></form>";
}
echo "</td></tr></table>";
}
else {
require ("general/noaccess.php");
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Incident section");
}
}
?>

873
pandora_console/operation/incidents/incident_detail.php
View File

@ -20,451 +20,470 @@
// Load global vars
require("include/config.php");
if (comprueba_login() == 0) {
if (comprueba_login() != 0) {
audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer");
require ("general/noaccess.php");
exit;
}
if (isset($_GET["id_grupo"]))
$id_grupo = $_GET["id_grupo"];
else
$id_grupo = 0;
$id_user=$_SESSION['id_usuario'];
if (give_acl($id_user, $id_grupo, "IR") != 1){
// Doesn't have access to this page
audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access to incident ".$id_inc." '".$titulo."'");
include ("general/noaccess.php");
exit;
}
$id_grupo = "";
$creacion_incidente = "";
if (isset($_GET["id"])){
$creacion_incidente = 0;
$id_inc = $_GET["id"];
$iduser_temp=$_SESSION['id_usuario'];
// Obtain group of this incident
$sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc;
$result=mysql_query($sql1);
$row=mysql_fetch_array($result);
// Get values
$titulo = $row["titulo"];
$texto = $row["descripcion"];
$inicio = $row["inicio"];
$actualizacion = $row["actualizacion"];
$estado = $row["estado"];
$prioridad = $row["prioridad"];
$origen = $row["origen"];
$usuario = $row["id_usuario"];
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"];
$id_creator = $row["id_creator"];
$grupo = dame_nombre_grupo($id_grupo);
// Has access to this page ???
if (give_acl($iduser_temp, $id_grupo, "IR")==1){
// Note add
if (isset($_GET["insertar_nota"])){
$id_inc = entrada_limpia($_POST["id_inc"]);
$timestamp = entrada_limpia($_POST["timestamp"]);
$nota = entrada_limpia($_POST["nota"]);
$id_usuario=$_SESSION["id_usuario"];
$sql1 = "INSERT INTO tnota (id_usuario,timestamp,nota) VALUES ('".$id_usuario."','".$timestamp."','".$nota."')";
$res1=mysql_query($sql1);
if ($res1) { echo "<h3 class='suc'>".$lang_label["create_note_ok"]."</h3>"; }
$sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$id_usuario."' AND timestamp = '".$timestamp."'";
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$id_nota = $row2["id_nota"];
$sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")";
$res3=mysql_query($sql3);
$sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc;
$res4 = mysql_query($sql4);
}
// Modify incident
if (isset($_POST["accion"])){
$id_inc = $_POST["id_inc"];
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { // Only admins (manage incident) or owners can modify incidents
// Edicion !!
if ($_POST["accion"] == $lang_label["in_modinc"]){ // Modify Incident
$id_author_inc = give_incident_author($id_inc);
$titulo = entrada_limpia($_POST["titulo"]);
$descripcion = entrada_limpia($_POST['descripcion']);
$origen = entrada_limpia($_POST['origen']);
$prioridad = entrada_limpia($_POST['prioridad']);
$grupo = entrada_limpia($_POST['grupo']);
$usuario= entrada_limpia($_POST["usuario"]);
$estado = entrada_limpia($_POST["estado"]);
$ahora=date("Y/m/d H:i:s");
$sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc;
$result=mysql_query($sql);
if ($result) echo "<h3 class='suc'>".$lang_label["upd_incid_ok"]."</h3>";
// Re-read data for correct presentation
// Obtain group of this incident
$sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc;
$result=mysql_query($sql1);
$row=mysql_fetch_array($result);
// Get values
$titulo = $row["titulo"];
$texto = $row["descripcion"];
$inicio = $row["inicio"];
$actualizacion = $row["actualizacion"];
$estado = $row["estado"];
$prioridad = $row["prioridad"];
$origen = $row["origen"];
$usuario = $row["id_usuario"];
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"];
$grupo = dame_nombre_grupo($id_grupo);
}
} else {
audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident");
echo "<h3 class='error'>".$lang_label["upd_incid_no"]."</h3>";
no_permission();
}
}
// Delete note
if (isset($_GET["id_nota"])){
$note_user = give_note_author ($_GET["id_nota"]);
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes
// But note authors was able to delete this own notes
$id_nota = $_GET["id_nota"];
$id_nota_inc = $_GET["id_nota_inc"];
$query ="DELETE FROM tnota WHERE id_nota = ".$id_nota;
$query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc;
//echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2;
mysql_query($query);
mysql_query($query2);
if (mysql_query($query)) echo "<h3 class='suc'>".$lang_label["del_note_ok"];
}
}
// Delete file
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){
$file_id = $_GET["delete_file"];
$sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$filename = $row2["filename"];
$sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
unlink ($attachment_store."attachment/pand".$file_id."_".$filename);
}
// Upload file
if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) {
if (( $_FILES['userfile']['name'] != "" ) && ($userfile != "none")){ //if file
$tipo = $_FILES['userfile']['type'];
if (isset($_POST["file_description"]))
$description = $_POST["file_description"];
else
$description = "No description available";
// Insert into database
$filename= $_FILES['userfile']['name'];
$filesize = $_FILES['userfile']['size'];
$sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") ";
// EDITION MODE
if (isset($_GET["id"])){
$creacion_incidente = 0;
$id_inc = $_GET["id"];
$iduser_temp=$_SESSION['id_usuario'];
// Obtain group of this incident
$sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc;
$result=mysql_query($sql1);
$row=mysql_fetch_array($result);
// Get values
$titulo = $row["titulo"];
$texto = $row["descripcion"];
$inicio = $row["inicio"];
$actualizacion = $row["actualizacion"];
$estado = $row["estado"];
$prioridad = $row["prioridad"];
$origen = $row["origen"];
$usuario = $row["id_usuario"];
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"];
$id_creator = $row["id_creator"];
$grupo = dame_nombre_grupo($id_grupo);
mysql_query($sql);
$id_attachment=mysql_insert_id();
// Copy file to directory and change name
$nombre_archivo = $attachment_store."attachment/pand".$id_attachment."_".$filename;
// Note add
if (isset($_GET["insertar_nota"])){
if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){
echo "<h3 class=error>".$lang_label["attach_error"]."</h3>";
$sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
mysql_query($sql);
} else {
// Delete temporal file
unlink ($_FILES['userfile']['tmp_name']);
}
}
$id_inc = entrada_limpia($_POST["id_inc"]);
$timestamp = entrada_limpia($_POST["timestamp"]);
$nota = entrada_limpia($_POST["nota"]);
$id_usuario=$_SESSION["id_usuario"];
$sql1 = "INSERT INTO tnota (id_usuario,timestamp,nota) VALUES ('".$id_usuario."','".$timestamp."','".$nota."')";
$res1=mysql_query($sql1);
if ($res1) { echo "<h3 class='suc'>".$lang_label["create_note_ok"]."</h3>"; }
$sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$id_usuario."' AND timestamp = '".$timestamp."'";
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$id_nota = $row2["id_nota"];
$sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")";
$res3=mysql_query($sql3);
$sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc;
$res4 = mysql_query($sql4);
}
// Modify incident
if (isset($_POST["accion"])){
$id_inc = $_POST["id_inc"];
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { // Only admins (manage incident) or owners can modify incidents
// Edicion !!
if ($_POST["accion"] == $lang_label["in_modinc"]){ // Modify Incident
$id_author_inc = give_incident_author($id_inc);
$titulo = entrada_limpia($_POST["titulo"]);
$descripcion = entrada_limpia($_POST['descripcion']);
$origen = entrada_limpia($_POST['origen']);
$prioridad = entrada_limpia($_POST['prioridad']);
$grupo = entrada_limpia($_POST['grupo']);
$usuario= entrada_limpia($_POST["usuario"]);
$estado = entrada_limpia($_POST["estado"]);
$ahora=date("Y/m/d H:i:s");
$sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc;
$result=mysql_query($sql);
if ($result) echo "<h3 class='suc'>".$lang_label["upd_incid_ok"]."</h3>";
// Re-read data for correct presentation
// Obtain group of this incident
$sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc;
$result=mysql_query($sql1);
$row=mysql_fetch_array($result);
// Get values
$titulo = $row["titulo"];
$texto = $row["descripcion"];
$inicio = $row["inicio"];
$actualizacion = $row["actualizacion"];
$estado = $row["estado"];
$prioridad = $row["prioridad"];
$origen = $row["origen"];
$usuario = $row["id_usuario"];
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"];
$grupo = dame_nombre_grupo($id_grupo);
}
}
} else { // Not given id
// Insert data !
if (isset($_POST["accion"]) and ($_POST["accion"] == $lang_label["create"])) {
$iduser_temp=$_SESSION['id_usuario'];
// Read input variables
$titulo = entrada_limpia($_POST['titulo']);
$inicio = date("Y/m/d H:i:s");
$descripcion = entrada_limpia($_POST['descripcion']);
$texto = $descripcion; // to view in textarea after insert
$origen = entrada_limpia($_POST['origen']);
$prioridad = entrada_limpia($_POST['prioridad']);
$grupo = entrada_limpia($_POST['grupo']);
$usuario= entrada_limpia($_SESSION["id_usuario"]);
$actualizacion = $inicio;
$id_creator = $iduser_temp;
$estado = 0; // if the indicent is new, state (estado) is 0
$sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') ";
if (give_acl($iduser_temp, $grupo, "IW")==1){
if (mysql_query($sql)) echo "<h3 class='suc'>".$lang_label["create_incid_ok"]."</h3>";
$id_inc=mysql_insert_id();
} else
no_permission();
} elseif (isset($_GET["insert_form"])){ // Create from to insert
$iduser_temp=$_SESSION['id_usuario'];
$titulo = "";
$descripcion = "";
$origen = "";
$prioridad = 0;
$id_grupo = 0;
$grupo = dame_nombre_grupo(1);
$usuario= $_SESSION["id_usuario"];
$estado = 0;
$actualizacion=date("Y/m/d H:i:s");
$inicio = $actualizacion;
$id_creator = $iduser_temp;
$creacion_incidente = 1;
} else {
audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident");
echo "<h3 class='error'>".$lang_label["upd_incid_no"]."</h3>";
no_permission();
}
}
// Has access to this page ???
if (give_acl($iduser_temp, $id_grupo, "IR")==1){
// ********************************************************************************************************
// ********************************************************************************************************
// Show the form
// ********************************************************************************************************
if ($creacion_incidente == 0)
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."'>";
else
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail'>";
if (isset($id_inc)) {echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";}
echo "<h2>".$lang_label["incident_manag"]."</h2>";
if (isset($id_inc)) {
echo "<h3>".$lang_label["rev_incident"]." # ".$id_inc." <a href='help/".$help_code."/chap4.php#42' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
} else {
echo "<h3>".$lang_label["create_incident"]."<a href='help/".$help_code."/chap4.php#41' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
// Delete note
if (isset($_GET["id_nota"])){
$note_user = give_note_author ($_GET["id_nota"]);
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes
// But note authors was able to delete this own notes
$id_nota = $_GET["id_nota"];
$id_nota_inc = $_GET["id_nota_inc"];
$query ="DELETE FROM tnota WHERE id_nota = ".$id_nota;
$query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc;
//echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2;
mysql_query($query);
mysql_query($query2);
if (mysql_query($query)) echo "<h3 class='suc'>".$lang_label["del_note_ok"];
}
echo '<table cellpadding=3 cellspacing=3 border=0 width=600>';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<tr><td class="lb" rowspan="6" width="5"><td class="datos"><b>'.$lang_label["incident"].'</b><td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'">';
else
echo '<tr><td class="datos"><b>'.$lang_label["incident"].'</b><td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'" readonly>';
echo '<tr><td class="datos2"><b>'.$lang_label["in_openedwhen"].'</b>';
echo "<td class='datos2' <i>".$inicio."</i>";
echo '<td class="datos2"><b>'.$lang_label["updated_at"].'</b>';
echo "<td class='datos2'><i>".$actualizacion."</i>";
echo '<tr><td class="datos"><b>'.$lang_label["in_openedby"].'</b><td class="datos">';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo "<select name='usuario' class='w200'>";
echo "<option value='".$usuario."'>".$usuario." - ".dame_nombre_real($usuario);
$sql1='SELECT * FROM tusuario ORDER BY id_usuario';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["id_usuario"]."'>".$row2["id_usuario"]." - ".$row2["nombre_real"];
}
// Delete file
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){
$file_id = $_GET["delete_file"];
$sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$filename = $row2["filename"];
$sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
unlink ($attachment_store."attachment/pand".$file_id."_".$filename);
}
// Upload file
if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) {
if (( $_FILES['userfile']['name'] != "" ) && ($userfile != "none")){ //if file
$tipo = $_FILES['userfile']['type'];
if (isset($_POST["file_description"]))
$description = $_POST["file_description"];
else
$description = "No description available";
// Insert into database
$filename= $_FILES['userfile']['name'];
$filesize = $_FILES['userfile']['size'];
$sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") ";
mysql_query($sql);
$id_attachment=mysql_insert_id();
// Copy file to directory and change name
$nombre_archivo = $attachment_store."attachment/pand".$id_attachment."_".$filename;
if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){
echo "<h3 class=error>".$lang_label["attach_error"]."</h3>";
$sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
mysql_query($sql);
} else {
// Delete temporal file
unlink ($_FILES['userfile']['tmp_name']);
}
echo "</select>";
}
else {
echo "<input type=hidden name='usuario' value='".$usuario."'>";
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
}
// Tipo de estado
// 0 - Abierta / Sin notas - Open, without notes
// 1 - Abierta / Notas aniadidas - Open, with notes
// 2 - Descartada / Not valid
// 3 - Caducada / Outdated
// 13 - Cerrada / Closed
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<td class="datos"><b>'.$lang_label["status"].'</b><td class="datos"><select name="estado" class="w135">';
else
echo '<td class="datos"><b>'.$lang_label["status"].'</b><td class="datos"><select disabled name="estado" class="w135">';
switch ( $estado ){
case 0: echo '<option value="0">'.$lang_label["in_state_0"]; break;
//case 1: echo '<option value="2">'.$lang_label["in_state_1"]; break;
case 2: echo '<option value="2">'.$lang_label["in_state_2"]; break;
case 3: echo '<option value="3">'.$lang_label["in_state_3"]; break;
case 13: echo '<option value="13">'.$lang_label["in_state_13"]; break;
}
echo '<option value="0">'.$lang_label["in_state_0"];
//echo '<option value="1">'.$lang_label["in_state_1"];
echo '<option value="2">'.$lang_label["in_state_2"];
echo '<option value="3">'.$lang_label["in_state_3"];
echo '<option value="13">'.$lang_label["in_state_13"];
echo '</select>';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<tr><td class="datos2"><b>'.$lang_label["source"].'</b><td class="datos2"><select name="origen" class="w135">';
else
echo '<tr><td class="datos2"><b>'.$lang_label["source"].'</b><td class="datos2"><select disabled name="origen" class="w135">';
// Fill combobox with source (origen)
if ($origen != "")
echo "<option value='".$origen."'>".$origen;
$sql1='SELECT * FROM torigen ORDER BY origen';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["origen"]."'>".$row2["origen"];
}
echo "</select>";
// Group combo
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<td class="datos2"><b>'.$lang_label["group"].'</b><td class="datos2"><select name="grupo" class="w135">';
else
echo '<td class="datos2"><b>'.$lang_label["group"].'</b><td class="datos2"><select disabled name="grupo" class="w135">';
if ($id_grupo != 0)
echo "<option value='".$id_grupo."'>".$grupo;
$sql1='SELECT * FROM tgrupo ORDER BY nombre';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
if (give_acl($iduser_temp, $row["id_grupo"], "IR")==1)
echo "<option value='".$row["id_grupo"]."'>".$row["nombre"];
}
echo '</select><tr>';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<td class="datos"><b>'.$lang_label["priority"].'</b><td class="datos"><select name="prioridad" class="w135">';
else
echo '<td class="datos"><b>'.$lang_label["priority"].'</b><td class="datos"><select disabled name="prioridad" class="w135">';
switch ( $prioridad ){
case 0: echo '<option value="0">'.$lang_label["informative"]; break;
case 1: echo '<option value="1">'.$lang_label["low"]; break;
case 2: echo '<option value="2">'.$lang_label["medium"]; break;
case 3: echo '<option value="3">'.$lang_label["serious"]; break;
case 4: echo '<option value="4">'.$lang_label["very_serious"]; break;
case 10: echo '<option value="10">'.$lang_label["maintenance"]; break;
}
echo '<option value="0">'.$lang_label["informative"];
echo '<option value="1">'.$lang_label["low"];
echo '<option value="2">'.$lang_label["medium"];
echo '<option value="3">'.$lang_label["serious"];
echo '<option value="4">'.$lang_label["very_serious"];
echo '<option value="10">'.$lang_label["maintenance"];
echo "<td class='datos'><b>Creator</b><td class='datos'>".$id_creator." ( <i>".dame_nombre_real($id_creator)." </i>)";
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '</select><tr><td class="datos2" colspan="4"><textarea name="descripcion" rows="15" cols="85">';
else
echo '</select><tr><td class="datos2" colspan="4"><textarea readonly name="descripcion" rows="15" cols="85">';
if (isset($texto)) {echo $texto;}
echo "</textarea>";
echo '<tr><td colspan="5"><div class="raya"></div></td></tr>';
echo "<tr><td colspan='5' align='right'>";
// Only if user is the used who opened incident or (s)he is admin
}
} else { // Not given id
// Insert data !
if (isset($_POST["accion"]) and ($_POST["accion"] == $lang_label["create"])) {
$iduser_temp=$_SESSION['id_usuario'];
if ($creacion_incidente == 0){
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){
echo '<input type="submit" class="sub" name="accion" value="'.$lang_label["in_modinc"].'" border="0">';
}
// Read input variables
$titulo = entrada_limpia($_POST['titulo']);
$inicio = date("Y/m/d H:i:s");
$descripcion = entrada_limpia($_POST['descripcion']);
$texto = $descripcion; // to view in textarea after insert
$origen = entrada_limpia($_POST['origen']);
$prioridad = entrada_limpia($_POST['prioridad']);
$grupo = entrada_limpia($_POST['grupo']);
$usuario= entrada_limpia($_SESSION["id_usuario"]);
$actualizacion = $inicio;
$id_creator = $iduser_temp;
$estado = 0; // if the indicent is new, state (estado) is 0
$sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') ";
if (give_acl($iduser_temp, $grupo, "IW")==1){
if (mysql_query($sql)) echo "<h3 class='suc'>".$lang_label["create_incid_ok"]."</h3>";
$id_inc=mysql_insert_id();
} else
no_permission();
// INSERT FORM.
} elseif (isset($_GET["insert_form"])){
$iduser_temp=$_SESSION['id_usuario'];
$titulo = "";
if (isset($_GET["from_event"])){
$titulo = return_event_description($_GET["from_event"]);
$descripcion = "";
$origen = "Pandora FMS event";
} else {
$titulo = "";
$descripcion = "";
$origen = "";
}
else
if (give_acl($iduser_temp, $id_grupo, "IW")) {
echo '<input type="submit" class="sub" name="accion" value="'.$lang_label["create"].'" border="0">';
$prioridad = 0;
$id_grupo = 0;
$grupo = dame_nombre_grupo(1);
$usuario= $_SESSION["id_usuario"];
$estado = 0;
$actualizacion=date("Y/m/d H:i:s");
$inicio = $actualizacion;
$id_creator = $iduser_temp;
$creacion_incidente = 1;
} else {
audit_db($id_user,$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way");
no_permission();
}
}
// ********************************************************************************************************
// ********************************************************************************************************
// Show the form
// ********************************************************************************************************
if ($creacion_incidente == 0)
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."'>";
else
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail'>";
if (isset($id_inc)) {
echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";
}
echo "<h2>".$lang_label["incident_manag"]."</h2>";
if (isset($id_inc)) {
echo "<h3>".$lang_label["rev_incident"]." # ".$id_inc." <a href='help/".$help_code."/chap4.php#42' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
} else {
echo "<h3>".$lang_label["create_incident"]."<a href='help/".$help_code."/chap4.php#41' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
}
echo '<table cellpadding=3 cellspacing=3 border=0 width=600>';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<tr><td class="lb" rowspan="6" width="5"><td class="datos"><b>'.$lang_label["incident"].'</b><td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'">';
else
echo '<tr><td class="datos"><b>'.$lang_label["incident"].'</b><td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'" readonly>';
echo '<tr><td class="datos2"><b>'.$lang_label["in_openedwhen"].'</b>';
echo "<td class='datos2' <i>".$inicio."</i>";
echo '<td class="datos2"><b>'.$lang_label["updated_at"].'</b>';
echo "<td class='datos2'><i>".$actualizacion."</i>";
echo '<tr><td class="datos"><b>'.$lang_label["in_openedby"].'</b><td class="datos">';
if ((give_acl($id_user, $id_grupo, "IM")==1) OR ($usuario == $id_user)) {
echo "<select name='usuario' class='w200'>";
echo "<option value='".$usuario."'>".$usuario." - ".dame_nombre_real($usuario);
$sql1='SELECT * FROM tusuario ORDER BY id_usuario';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["id_usuario"]."'>".$row2["id_usuario"]." - ".$row2["nombre_real"];
}
echo "</select>";
}
else {
echo "<input type=hidden name='usuario' value='".$usuario."'>";
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
}
// Tipo de estado
// 0 - Abierta / Sin notas - Open, without notes
// 1 - Abierta / Notas aniadidas - Open, with notes
// 2 - Descartada / Not valid
// 3 - Caducada / Outdated
// 13 - Cerrada / Closed
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<td class="datos"><b>'.$lang_label["status"].'</b><td class="datos"><select name="estado" class="w135">';
else
echo '<td class="datos"><b>'.$lang_label["status"].'</b><td class="datos"><select disabled name="estado" class="w135">';
switch ( $estado ){
case 0: echo '<option value="0">'.$lang_label["in_state_0"]; break;
//case 1: echo '<option value="2">'.$lang_label["in_state_1"]; break;
case 2: echo '<option value="2">'.$lang_label["in_state_2"]; break;
case 3: echo '<option value="3">'.$lang_label["in_state_3"]; break;
case 13: echo '<option value="13">'.$lang_label["in_state_13"]; break;
}
echo '<option value="0">'.$lang_label["in_state_0"];
//echo '<option value="1">'.$lang_label["in_state_1"];
echo '<option value="2">'.$lang_label["in_state_2"];
echo '<option value="3">'.$lang_label["in_state_3"];
echo '<option value="13">'.$lang_label["in_state_13"];
echo '</select>';
// Only owner could change source or user with Incident management privileges
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<tr><td class="datos2"><b>'.$lang_label["source"].'</b><td class="datos2"><select name="origen" class="w135">';
else
echo '<tr><td class="datos2"><b>'.$lang_label["source"].'</b><td class="datos2"><select disabled name="origen" class="w135">';
// Fill combobox with source (origen)
if ($origen != "")
echo "<option value='".$origen."'>".$origen;
$sql1='SELECT * FROM torigen ORDER BY origen';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["origen"]."'>".$row2["origen"];
}
echo "</select>";
// Group combo
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<td class="datos2"><b>'.$lang_label["group"].'</b><td class="datos2"><select name="grupo" class="w135">';
else
echo '<td class="datos2"><b>'.$lang_label["group"].'</b><td class="datos2"><select disabled name="grupo" class="w135">';
if ($id_grupo != 0)
echo "<option value='".$id_grupo."'>".$grupo;
$sql1='SELECT * FROM tgrupo ORDER BY nombre';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
if (give_acl($iduser_temp, $row["id_grupo"], "IR")==1)
echo "<option value='".$row["id_grupo"]."'>".$row["nombre"];
}
echo '</select><tr>';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '<td class="datos"><b>'.$lang_label["priority"].'</b><td class="datos"><select name="prioridad" class="w135">';
else
echo '<td class="datos"><b>'.$lang_label["priority"].'</b><td class="datos"><select disabled name="prioridad" class="w135">';
switch ( $prioridad ){
case 0: echo '<option value="0">'.$lang_label["informative"]; break;
case 1: echo '<option value="1">'.$lang_label["low"]; break;
case 2: echo '<option value="2">'.$lang_label["medium"]; break;
case 3: echo '<option value="3">'.$lang_label["serious"]; break;
case 4: echo '<option value="4">'.$lang_label["very_serious"]; break;
case 10: echo '<option value="10">'.$lang_label["maintenance"]; break;
}
echo '<option value="0">'.$lang_label["informative"];
echo '<option value="1">'.$lang_label["low"];
echo '<option value="2">'.$lang_label["medium"];
echo '<option value="3">'.$lang_label["serious"];
echo '<option value="4">'.$lang_label["very_serious"];
echo '<option value="10">'.$lang_label["maintenance"];
echo "<td class='datos'><b>Creator</b><td class='datos'>".$id_creator." ( <i>".dame_nombre_real($id_creator)." </i>)";
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
echo '</select><tr><td class="datos2" colspan="4"><textarea name="descripcion" rows="15" cols="85">';
else
echo '</select><tr><td class="datos2" colspan="4"><textarea readonly name="descripcion" rows="15" cols="85">';
if (isset($texto)) {echo $texto;}
echo "</textarea>";
echo '<tr><td colspan="5"><div class="raya"></div></td></tr>';
echo "<tr><td colspan='5' align='right'>";
// Only if user is the used who opened incident or (s)he is admin
$iduser_temp=$_SESSION['id_usuario'];
if ($creacion_incidente == 0){
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){
echo '<input type="submit" class="sub" name="accion" value="'.$lang_label["in_modinc"].'" border="0">';
}
} else {
if (give_acl($iduser_temp, $id_grupo, "IW")) {
echo '<input type="submit" class="sub" name="accion" value="'.$lang_label["create"].'" border="0">';
}
}
echo "</form>";
if ($creacion_incidente == 0){
echo "<tr><td colspan='7' style='text-align: right;'>";
echo '<form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_note&id_inc='.$id_inc.'"><input type="hidden" name="nota" value="add"><input align=right name="addnote" type="submit" class="sub" value="'.$lang_label["add_note"].'"></form>';
}
echo "</tr></table><br>";
if ($creacion_incidente == 0){
// Upload control
if (give_acl($iduser_temp, $id_grupo, "IW")==1){
echo "<table cellpadding=3 cellspacing=3 border=0 width='400'>";
echo "<tr><td colspan='3'><b>".$lang_label["attachfile"]."</b>";
echo "<tr><td class='lb' rowspan='2' width='5'>";
echo '<td class="datos">'.$lang_label["filename"].'</td><td class="datos"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">';
echo '<input type="file" name="userfile" value="userfile" class="sub" size="40">';
echo '<tr><td class="datos2">'.$lang_label["description"].'</td><td class="datos2" colspan=3><input type="text" name="file_description" size=47>';
echo '<tr><td colspan="4"><div class="raya"></div></td></tr>';
echo '<tr><td colspan="4" style="text-align: right;"><input type="submit" name="upload" value="'.$lang_label["upload"].'" class="sub">';
echo '</td></tr></table><br>';
}
// ************************************************************
// Files attached to this incident
// ************************************************************
// Attach head if there's attach for this incident
$att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc);
if (mysql_num_rows($att_fil))
{
echo "<table cellpadding='3' cellspacing='3' border='0' width='650'>";
echo "<tr><td>";
echo "<h3>".$lang_label["attached_files"]."</h3>";
echo "</td></tr><td>";
echo "<table width='650'><tr><th class=datos>".$lang_label["filename"];
echo "<th class=datos>".$lang_label["description"];
echo "<th class=datos>".$lang_label["size"];
echo "<th class=datos>".$lang_label["delete"];
while ($row=mysql_fetch_array($att_fil)){
echo "<tr><td class=datos><a target='_new' href='attachment/pand".$row["id_attachment"]."_".$row["filename"]."'><img src='images/file.gif' border=0 align='middle'> ".$row["filename"]."</a>";
echo "<td class=datos>".$row["description"];
echo "<td class=datos>".$row["size"];
if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment
echo '<td class=datos align="center"><a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/delete.gif" border=0>';
}
echo "</form>";
if ($creacion_incidente == 0){
echo "<tr><td colspan='7' style='text-align: right;'>";
echo '<form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_note&id_inc='.$id_inc.'"><input type="hidden" name="nota" value="add"><input align=right name="addnote" type="submit" class="sub" value="'.$lang_label["add_note"].'"></form>';
}
echo "</tr></table><br>";
if ($creacion_incidente == 0){
// Upload control
if (give_acl($iduser_temp, $id_grupo, "IW")==1){
echo "<table cellpadding=3 cellspacing=3 border=0 width='400'>";
echo "<tr><td colspan='3'><b>".$lang_label["attachfile"]."</b>";
echo "<tr><td class='lb' rowspan='2' width='5'>";
echo '<td class="datos">'.$lang_label["filename"].'</td><td class="datos"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">';
echo '<input type="file" name="userfile" value="userfile" class="sub" size="40">';
echo '<tr><td class="datos2">'.$lang_label["description"].'</td><td class="datos2" colspan=3><input type="text" name="file_description" size=47>';
echo '<tr><td colspan="4"><div class="raya"></div></td></tr>';
echo '<tr><td colspan="4" style="text-align: right;"><input type="submit" name="upload" value="'.$lang_label["upload"].'" class="sub">';
echo '</td></tr></table><br>';
}
// ************************************************************
// Files attached to this incident
// ************************************************************
// Attach head if there's attach for this incident
$att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc);
if (mysql_num_rows($att_fil))
{
echo "<table cellpadding='3' cellspacing='3' border='0' width='650'>";
echo "<tr><td>";
echo "<h3>".$lang_label["attached_files"]."</h3>";
echo "</td></tr><td>";
echo "<table width='650'><tr><th class=datos>".$lang_label["filename"];
echo "<th class=datos>".$lang_label["description"];
echo "<th class=datos>".$lang_label["size"];
echo "<th class=datos>".$lang_label["delete"];
while ($row=mysql_fetch_array($att_fil)){
echo "<tr><td class=datos><a target='_new' href='attachment/pand".$row["id_attachment"]."_".$row["filename"]."'><img src='images/file.gif' border=0 align='middle'> ".$row["filename"]."</a>";
echo "<td class=datos>".$row["description"];
echo "<td class=datos>".$row["size"];
if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment
echo '<td class=datos align="center"><a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/delete.gif" border=0>';
}
}
echo "<tr><td colspan='4'><div class='raya'></div></td></tr></table></table><br>";
}
// ********************************************************************
// Notes
// ********************************************************************
$cabecera=0;
$sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc;
$res4=mysql_query($sql4);
while ($row2=mysql_fetch_array($res4)){
if ($cabecera == 0) { // Show head only one time
echo "<table cellpadding='3' cellspacing='3' border='0' class='w550'>";
echo "<tr><td>";
echo "<h3>".$lang_label["in_notas_t1"]."</h3>";
echo "<table cellpadding='3' cellspacing='3' border='0'>";
echo "<tr><td>";
$cabecera = 1;
}
$sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC';
$res3=mysql_query($sql3);
while ($row3=mysql_fetch_array($res3)){
$timestamp = $row3["timestamp"];
$nota = $row3["nota"];
$id_usuario_nota = $row3["id_usuario"];
// Show data
echo '<tr><td rowspan="3" class="top"><img src="images/nota.gif"></td><td class="datos" width=40><b>'.$lang_label["author"].': </b><td class="datos">';
$usuario = $id_usuario_nota;
$nombre_real = dame_nombre_real($usuario);
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
// Delete comment, only for admins
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
$myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"];
echo '<td rowspan="3" class="top" width="60" align="center"><a href="'.$myurl.'"><img src="images/delete.gif" align="middle" border="0"> '.$lang_label["delete"].'</a>';
}
echo '<tr><td class="datos"><b>'.$lang_label["date"].': </b><td class="datos"><i>'.$timestamp.'</i></td></tr>';
echo '<tr><td colspan="2" class="datos"> ';
echo '<table border="0" cellpadding="5" cellspacing="5" style="width: 450px"><tr><td class="f9" align="justify">';
echo salida_limpia($nota);
echo '</table>';
echo '<tr><td colspan="3"><div class="sep"></div></td></tr>';
}
}
if ($cabecera == 1){
echo "</table>"; // note table
}
echo "</form></table>";
} // create mode
echo "<tr><td colspan='4'><div class='raya'></div></td></tr></table></table><br>";
}
else { // Doesn't have access to this page
audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access to incident ".$id_inc." '".$titulo."'");
include ("general/noaccess.php");
// ********************************************************************
// Notes
// ********************************************************************
$cabecera=0;
$sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc;
$res4=mysql_query($sql4);
while ($row2=mysql_fetch_array($res4)){
if ($cabecera == 0) { // Show head only one time
echo "<table cellpadding='3' cellspacing='3' border='0' class='w550'>";
echo "<tr><td>";
echo "<h3>".$lang_label["in_notas_t1"]."</h3>";
echo "<table cellpadding='3' cellspacing='3' border='0'>";
echo "<tr><td>";
$cabecera = 1;
}
$sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC';
$res3=mysql_query($sql3);
while ($row3=mysql_fetch_array($res3)){
$timestamp = $row3["timestamp"];
$nota = $row3["nota"];
$id_usuario_nota = $row3["id_usuario"];
// Show data
echo '<tr><td rowspan="3" class="top"><img src="images/nota.gif"></td><td class="datos" width=40><b>'.$lang_label["author"].': </b><td class="datos">';
$usuario = $id_usuario_nota;
$nombre_real = dame_nombre_real($usuario);
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
// Delete comment, only for admins
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
$myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"];
echo '<td rowspan="3" class="top" width="60" align="center"><a href="'.$myurl.'"><img src="images/delete.gif" align="middle" border="0"> '.$lang_label["delete"].'</a>';
}
echo '<tr><td class="datos"><b>'.$lang_label["date"].': </b><td class="datos"><i>'.$timestamp.'</i></td></tr>';
echo '<tr><td colspan="2" class="datos"> ';
echo '<table border="0" cellpadding="5" cellspacing="5" style="width: 450px"><tr><td class="f9" align="justify">';
echo salida_limpia($nota);
echo '</table>';
echo '<tr><td colspan="3"><div class="sep"></div></td></tr>';
}
}
} // fin pagina - end page
if ($cabecera == 1){
echo "</table>"; // note table
}
echo "</form></table>";
} // create mode
?>