From 2b497cb9539b7e4c45c0bafe9be5bd25aae2a1e2 Mon Sep 17 00:00:00 2001 From: slerena Date: Mon, 5 Feb 2007 17:45:14 +0000 Subject: [PATCH] 2007-02-05 Sancho Lerena * include/functions_db.php: Added function to get info for events (return_event_description(). * include/languages/language_en.php: More new strings. * include/functions.php: Pagination improved !. not finished yet. * pandora_console/index.php: Added some credits to main page. * operation/incidents/incident.php: Improved incident visualization. Fixed some render bugs in last raul's commit :-> * operation/incidents/incident_detail.php: Now incidents could be "reported" using event button for submit incident. * operation/events/events.php: Pagination is now using LIMIT SQL syntax, and pagination works fine. Several issues fixed, and added function to report incident from here. * images/ok.gif, cancel.gif: Changed icon. * images/control_start_blue.png: Added. * images/page_lightning.png: Added. * images/control_rewind_blue.png: Added. * images/control_end_blue.png: Added. * images/control_fastforward_blue.png: Added. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@372 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 33 + pandora_console/images/cancel.gif | Bin 517 -> 596 bytes pandora_console/images/control_end_blue.png | Bin 0 -> 737 bytes .../images/control_fastforward_blue.png | Bin 0 -> 736 bytes .../images/control_rewind_blue.png | Bin 0 -> 745 bytes pandora_console/images/control_start_blue.png | Bin 0 -> 720 bytes pandora_console/images/ok.gif | Bin 295 -> 795 bytes pandora_console/images/page_lightning.png | Bin 0 -> 839 bytes pandora_console/include/config.php | 2 +- pandora_console/include/functions.php | 51 +- pandora_console/include/functions_db.php | 14 + .../include/languages/language_en.php | 7 +- pandora_console/index.php | 6 + pandora_console/operation/events/events.php | 520 +++++------ .../operation/incidents/incident.php | 400 ++++---- .../operation/incidents/incident_detail.php | 873 +++++++++--------- 16 files changed, 990 insertions(+), 916 deletions(-) create mode 100644 pandora_console/images/control_end_blue.png create mode 100644 pandora_console/images/control_fastforward_blue.png create mode 100644 pandora_console/images/control_rewind_blue.png create mode 100644 pandora_console/images/control_start_blue.png create mode 100644 pandora_console/images/page_lightning.png diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 2f8957a493..21938116ce 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,36 @@ +2007-02-05 Sancho Lerena + + * include/functions_db.php: Added function to get + info for events (return_event_description(). + + * include/languages/language_en.php: More new strings. + + * include/functions.php: Pagination improved !. not finished yet. + + * pandora_console/index.php: Added some credits to main page. + + * operation/incidents/incident.php: Improved incident + visualization. Fixed some render bugs in last raul's commit :-> + + * operation/incidents/incident_detail.php: Now incidents could be + "reported" using event button for submit incident. + + * operation/events/events.php: Pagination is now using LIMIT SQL + syntax, and pagination works fine. Several issues fixed, and added + function to report incident from here. + + * images/ok.gif, cancel.gif: Changed icon. + + * images/control_start_blue.png: Added. + + * images/page_lightning.png: Added. + + * images/control_rewind_blue.png: Added. + + * images/control_end_blue.png: Added. + + * images/control_fastforward_blue.png: Added. + 2007-02-02 Manuel Arostegui * pandora_console.spec: Fixed small weird bug submitted to my email. diff --git a/pandora_console/images/cancel.gif b/pandora_console/images/cancel.gif index 68ebde7e90e01e5d47c89cbe8744a9d147d83c5e..ff55c19aa00f6590f334f9437dcc55fef0d89dcb 100644 GIT binary patch literal 596 zcmV-a0;~OrP)LlTS-jQ5eR5XLQCW%Rkqk z!fq%}~UU)cgc;4sbdH)zm{7)2eKgL8Dqc;3$L}%&UXOgRo-3oX%0TPlh-oqdG z4*xyt{a8O!b^}xnm)leAt4w?;s43 zbC4t`3@KFJqk|YTK1N}5c&K4a6#z*Hq&KhSr(a0h+tSgIRI4eOnNd+)M$ zvJdXc&QIwGB&pLxNf72vO?GDDwImdT9U;@{C*8NhtE#IL+aBx*xkh~ zETkgEVhU?%&Cla^c2Jv_Yohn5U*{l008plYoWr;zzXx&-B?*KfU2AJ6m1QlaSfseV z4kIHe=dTvLLw)BdEH9^?;}|KyNzQZ1ZA>?9EWES7o)Pr{p#_ z6;Dp883bzd_p3QRF1N9v=97nNzI?3uwLmr4mxO8G!m%+?VRSe!k8Yz+U+_N;It_CU z26`#nxsKiWO0rk`J}6xQIsyOv(cHGTvBmQBL-lM{9T00003>viHYC=N}2q-x6KEq_}-b_4u6Xe!4jGTv7UuWVg?0o}bda zUS$VeD#^T6n0BT-_hw=K`yBr>)V!C-u4Cs$$;M zC%scuZ5Dl zTcD@2e}J8uf{>Skx1*)0jtZ}4y}PZwjft$FL92_AxiY_AYrU1WmIRM*tFEdvA2&M- jTfLdOjEJNZCle!wqMU$ei#RI-v%Z+dHbXAsMh0sDml!K~ diff --git a/pandora_console/images/control_end_blue.png b/pandora_console/images/control_end_blue.png new file mode 100644 index 0000000000000000000000000000000000000000..72079357614b4254b163a5cac766093d1f99bbe7 GIT binary patch literal 737 zcmV<70v`Q|P)za-4I45g$8m^55K?|L?r+odSTVNnJ96LXt|7TGI4L>d~Fz z&-h8>1xd<>>vgSt=Y;X^$Jv9(As-4y`R%SPp?5wYYBW2LD^|g`7v>f>k`%^{A!C3N&EeR0q1EmI9?j zT<^fuCti3LD9UEdoCoe2BcvKUvD7KhHa~-21gL%Aj#%s&OGVR_$6iSuSoaqp%eN%J z76DWmU8pyEP^yWrwDz7wF9N262N52Jg#ie_jHv7Leqfv#&`?`&#}Fpfom5)T>7B!> zWsOHK0qlpu1b_k9E1Iu8-65F`u4B0T$PKrdAs|z3NmX=VY5BDbP=DEtvNfR%4Y5Zu z5VMpOD@qkb3GkT!aIm-Gn* z`85iZ>7zVE#RF?u>-GjXzTT2IfyTsX6XN-%yiPPHr0n_^E8Hzpe7MH(L!#e?D90zS zP^g}fN@{04Qcb!flJ%iEo~?q;Y!zl{=dXt}`IHwd0cyqO;QYY^WD0dM6YM#f=E3C+ z!2-R=&FDY;{gfv^)4f+|?c7Tj^US!+(gqX%T+i_HIx{<~voklC*uOv1|9t14Z-oeY T_TF$F*h9sL-j zNpc$weSXQZ6Gag%5kOy9HfA1@g zVA*&|VjFHeVhIV!`DzQM7F-a@NRTNvNlYYp4z%6NAQuJno^MeOJ!7dzy8e(=;etr6 z4q2h83Vb36o=G4!6u79$u)6u4LoN!;_)kItHmh9g5CP1HxVh+sSiS*Mlqx_uVfwL~ z+}p|}Y*;r1{g* z9DE4_W&SW~qUN5hWN@-RUJ#q3Ngxr&iJp;+4aEd;HM{A>I)B?7>yL4`Nc6h^we^ve z3YC6fwXTqAQWr8=Cd?emR={YnNptkhuSFVP{Q?6Lt^ zqF4A?)Arx1JpP&Pyh<4sUhXnam)AJ@xmkE-VuVGbg_|=vm|INb-=FD!zVlDxJ_uiv SXLQ>D0000yhD literal 0 HcmV?d00001 diff --git a/pandora_console/images/control_rewind_blue.png b/pandora_console/images/control_rewind_blue.png new file mode 100644 index 0000000000000000000000000000000000000000..15d1584bdbb2c26a9fc4c8269aa54615a58a4657 GIT binary patch literal 745 zcmV1hlor z)=Ec^h7>5J3?Bj(D6|X+0|UcQj&m*_Qg!D|-c07sd7pF6opXl(U}#WhWg0W$d_xV%ATb~UcS*dC+@kfS*m{?64KBH-eM78JQAu#&2c z7TM!?0X98;&a@msh@1ehFDx4~_smCS0rm@Z$dv@5Y^ec>Jl}_`uDh5!i#cpZh5&_) z{y|~cgJzZ1d%`?CxkdJIg%by0u(~PqB0%Zdj?maMmYO=M!=;B#0>~5_5YO>&?w*4H z@LRbi!eNPrxg`gUUIeK8JG(3%R{o~|7so$K+8_qZe0Iz($pKd%d&oOhA&AGYXkKE` zO8~w=kN^smCS05H!-WT*2mpbXAJK6B{s*`+;U?8|s%XO8{Hs1d`DH6am$(L0coEX9 z)c+Ho)WS9-4?6~g4NrO@c2FaKCYmmR!DQ~YpfIn+s8pr^?KThtmU&}3Kr*7R^y^Rk z5Xsb_*=oc3w-9KI@B4=+yK6a8uQ@#oTkf1PnlL+NjAm=Zh)+xqld|idFEF=^(avw| z4U*w)Kx6;tnV0ZXQD@SHtHr7{`Y12 bpX>Y!%!CO%>C8GV00000NkvXXu0mjfJYGkQ literal 0 HcmV?d00001 diff --git a/pandora_console/images/control_start_blue.png b/pandora_console/images/control_start_blue.png new file mode 100644 index 0000000000000000000000000000000000000000..6f11fcb086b1bfa51bc5070ca45fac0a988c624c GIT binary patch literal 720 zcmV;>0x$iEP)ITpohD^Ctgf=H~o==W*|y0)VM;-LQd9lR=YF)677| z!Jh8V_;KSkP5LJrlF9S+j0qkk+2iPm7~x{#{$ZSbvzK9J-4zqYVC)27V7~717pTZd znit9v$VwYJS3ROyLxp^?0)a!0U)oMn7(0Xv0eUoZ@gH)t)d5_J+J%bT22oSJ)g^nf zqQZVCEIYOm2+rB;rB+cID%~N1o%g50=A<=fWgC_GFUb) z%s4&22M=t~3G+RMgR^pz#KbcfK)ZtsdJ$j@d{400GnQJeAz+sPu#&f$`6hKh0J%~V zq(%oWs|qZyzh}{lfSK@dRK#JSxg@DDP3^*cD+kP0j(npKkSQvp3bk_uYtD5My##O+ z;RpcDs9R5c#9;NFP5{z^GN_^r%PX%(0OOZ~7+aNFP*XZk{E2|i#E`vI`YjCrsfz|V zndEsDXoqvug2CxaF}ZvhdOaY6!{9q~KO+jO!o5Vk0qt%NcD}`cvVR;6QTNzYGWq-= zUX+?7V0e7VLW2m6_>T!vT6W8eRsOC$*+0hNMWWwDsLfA)S*X-WV71;M{bCzLlS^onXB38?@6QEeG-)n` zWaf{O3~d%syp|e-HL0HpYzByR4Og zP|vrD7!a93IA^RKy14C5`q_Q;>;-$T_w7eQ#}7(`s_1X>xM`0FlK}T5EhJ^9e58{H9n5dlLJnhZg|- zKd$c#jUI_N^hRE7TE%GL8b&Ne1P@R^rK%v_vWZ*S1cT#4IfR~xgW0!=k8&w!CHeD zgAzfBV|&MkyzRfwft4SVeKf^}*WRHVvU>qg3d86t)r|zj3|1^#{cRlR{s<)=J34o= zF}ejShKs*_OYq<>4K*!D$we1zEQKNB98QF#6-$Y?ZlbQbo=@I9LgS)ltQgLuj`3?@ zf+bZ;P&m+kyWjy}2xjLBL>IU7Wd0$iQlC@Qk7-=gj5y)UPe-}^dlCgi>X%WN&7*|i z=?}C!KbpQmq^6xJf%{K#oJbtzmp^XtRq_~<_fsfQc%o>p>)_JFWpJEd0E8tsIF?K0 zCbHLAAAOfi)v-D~9gu{?|XK zUArvK^usBF2U9o^{KiiFy5-zR|G?MZT`GE2YER~PF#H?mYxiav zYMQ}8p*X|$$;*u2PUn@U4rNXRFGl$vE&tSyVcjka11@x}SWrsM0O!yQWxfplyG$>m ZzW}f<$ZZlSVjeGHkuI-P$!(P*>zX5LRjTY-Ch1~Q9H8JFrn8xY^izpQq!bOcA>j1%2ovxtqslD=|?zfB@tt z1~!)i^9wvgw7O2*Uphghtk--`OVDy$j diff --git a/pandora_console/images/page_lightning.png b/pandora_console/images/page_lightning.png new file mode 100644 index 0000000000000000000000000000000000000000..7e568703d6432c530224e443771a04fc1e2e59c6 GIT binary patch literal 839 zcmV-N1GxN&P)73{`^;G#xwAtHz%LU)4b zqTRU=ve1RNa3QT=ZM7C`iJ~QFQ*9t7<~pX$d^7W%^M8FFCkcQj-~0ZRTBCB(J0^iD z-~e!d9LR`f3#|=(>$bPvx_D-~2jC%pJ=n_e_OK zeJ_2b-KdDDh@@UlzBSMC;EPygH_MwjWBnPGQegihBV73D?-x9PlHL9A=(Vg=8^d<4 z<9r=UkxuIm)*CO=9e###7PztDxUv}e?$0)rQicmYhV`pQ%S!g@;K(?TVfhM#E?bM| z=B0gfb6h@a8bf5FVT-SV~6}?X}9lK@@Yynoty&1zdZP@?RfODsl=2XzzU% zS8gIN43How+9%bK2S@Xbc`O>`z5`%^;pXGy8^4f>9^3!Sp@|O&)m;dOa3q6d;4P-l zca|=H_{G&m?D_+&-}r{u-J$5T=(X4R&)q|O^gN8cgv;s#@5sEPT5_Z)oFo9Ac>l+I zc4ng5zHpps|9)<_Rw>5bKzE(M1j)dFWI_%OH$BJSz0?T+02W0)_a>#vFqb!*d|5wB zzBUN|M&ty51O@=i?kiDrjQ{{}e|^rU?OS|RdxxP1p5mAw36cX72#`R6UsoeCQFI~! z0ATITp!vfeYyQ?Dr=^5BAshfEa0nB~JG?nUa2Aur006MC*<9`)86SPS(W^`H2n+xi ztOWohsFfVfVWrI7PSKW}BmkyPoj(-|J?ES|BGd-}fIxr{00@ANnO*ZR`#)pee4I5T Rmm>fG002ovPDHLkV1i|Hc$okI literal 0 HcmV?d00001 diff --git a/pandora_console/include/config.php b/pandora_console/include/config.php index 619cf4215c..d9dc01ebce 100644 --- a/pandora_console/include/config.php +++ b/pandora_console/include/config.php @@ -33,7 +33,7 @@ $attachment_store="/var/www/pandora_console"; //This is directory where placed " $config_fontpath = "../reporting/FreeSans.ttf"; // Change this to your font folder, if needed. // Do not display any ERROR -error_reporting(0); +error_reporting(E_ALL); // Uncomment next to Display all errors, warnings and notices // error_reporting(E_ALL); diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index e57e32ecfc..7253ce86fa 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -398,11 +398,13 @@ function pagination ($count, $url, $offset ) { " http://pandora/index.php?sec=godmode&sec2=godmode/admin_access_logs " */ - $block_limit = 10; // Visualize only $block_limit blocks + $block_limit = 15; // Visualize only $block_limit blocks if ($count > $block_size){ // If exists more registers than I can put in a page, calculate index markers $index_counter = ceil($count/$block_size); // Number of blocks of block_size with data - $index_page = ceil($offset/$block_size); // block to begin to show data + $index_page = ceil($offset/$block_size)-(ceil($block_limit/2)); // block to begin to show data; + if ($index_page < 0) + $index_page = 0; // This calculate index_limit, block limit for this search. if (($index_page + $block_limit) > $index_counter) @@ -425,43 +427,56 @@ function pagination ($count, $url, $offset ) { else $inicio_pag = 0; - // This shows first "<" in query, only if there - if (($index_page > 0) and ($paginacion_maxima ==1)){ - $index_page_prev= ($index_page-1)*$block_size; - echo '< '; + echo "
"; + // Show GOTO FIRST button + echo ''; + echo ""; + echo ""; + echo " "; + // Show PREVIOUS button + if ($index_page > 0){ + $index_page_prev= ($index_page-$block_limit)*$block_size; + if ($index_page_prev < 0) + $index_page_prev = 0; + echo ' '; } // Draw blocks markers - echo "
"; - for ($i = $inicio_pag; $i <= $index_limit; $i++) { + for ($i = $inicio_pag; $i < $index_limit; $i++) { $inicio_bloque = ($i * $block_size); $final_bloque = $inicio_bloque + $block_size; if ($final_bloque > $count){ // if upper limit is beyond max, this shouldnt be possible ! $final_bloque = ($i-1)*$block_size + $count-(($i-1) * $block_size); } - if (isset($filter_item)) - echo ''; - else - echo ''; + echo ""; + echo ''; $inicio_bloque_fake = $inicio_bloque + 1; - // Show ">" marker if paginacion maxima limit reached and last block is shown. - if (($i==$inicio_pag + $block_limit) AND ($paginacion_maxima ==1)){ - echo "> "; + // Show NEXT PAGE + if (($i >= $inicio_pag + $block_limit) AND ($paginacion_maxima == 1)){ + echo " "; $i = $index_counter; } else { // Calculate last block (doesnt end with round data, it must be shown if not round to block limit) if ($inicio_bloque == $offset) - echo '[ '.$inicio_bloque_fake.'-'.$final_bloque.' ]'; + echo "[ $i ]"; else - echo '[ '.$inicio_bloque_fake.'-'.$final_bloque.' ]'; + echo "[ $i ]"; echo ' '; } + echo ""; } - echo "
"; // if exists more registers than i can put in a page (defined by $block_size config parameter) // get offset for index calculation } + // Draw "last" block link + if (($count - $block_size) > 0){ + echo ' '; + echo ""; + echo ""; + } + // End div and layout + echo "
"; } ?> diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index c4ee99bf9d..cf7278a369 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -164,6 +164,20 @@ function dame_agente_modulo_id($id_agente, $id_tipomodulo, $nombre){ return $pro; } +// --------------------------------------------------------------- +// Returns event description given it's id +// --------------------------------------------------------------- + +function return_event_description ($id_event){ + require("config.php"); + $query1="SELECT evento FROM tevento WHERE id_evento = $id_event"; + $resq1=mysql_query($query1); + if ($rowdup=mysql_fetch_array($resq1)) + $pro=$rowdup[0]; + else + $pro = ""; + return $pro; +} // --------------------------------------------------------------- // Return ID_Group from an event given as id_event diff --git a/pandora_console/include/languages/language_en.php b/pandora_console/include/languages/language_en.php index 5fba6a7d55..4059f3187e 100644 --- a/pandora_console/include/languages/language_en.php +++ b/pandora_console/include/languages/language_en.php @@ -600,7 +600,7 @@ $lang_label["no_incidents"]="No incident matches your search filter"; $lang_label["no_agent_alert"]=" so there are no alerts"; $lang_label["wrote"]=" wrote"; -$lang_label["no_snmp_agent"]="There are no SNMP agents"; +$lang_label["no_snmp_agent"]="There are no SNMP traps in database"; $lang_label["no_snmp_alert"]="There are no SNMP alerts"; $lang_label["no_agent_def"]="There are no defined agents"; @@ -651,6 +651,8 @@ $lang_label["background_image"]="Background image"; $lang_label["help"]="Help"; $lang_label["no_monitors_g"]="This group doesn't have any monitor"; +// New strings for 1.3 version + // 15 dev, new for 1.3 dev $lang_label["reporting"]="Reporting"; $lang_label["agent_general_reporting"]="Agent overview"; @@ -658,7 +660,8 @@ $lang_label["agent_general_reporting"]="Agent overview"; // 5 Jan 2007 $lang_label["active_console"]="Active console"; - +$lang_label["validate_event_failed"]="Event validation failed"; +// global $lang_label; global $help_label; ?> \ No newline at end of file diff --git a/pandora_console/index.php b/pandora_console/index.php index f411cc6191..8f19eb815e 100644 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -17,6 +17,12 @@ // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +// Pandora FMS 1.x uses icons from famfamfam, licensed under CC Atr. 2.5 +// Silk icon set 1.3 +// (cc) Mark James, http://www.famfamfam.com/lab/icons/silk/ + +// Pandora FMS 1.x uses Pear Image::Graph code + session_start(); include "include/config.php"; include "include/languages/language_".$language_code.".php"; diff --git a/pandora_console/operation/events/events.php b/pandora_console/operation/events/events.php index e3ce882002..7fc50fceef 100644 --- a/pandora_console/operation/events/events.php +++ b/pandora_console/operation/events/events.php @@ -52,282 +52,268 @@ // Load global vars require("include/config.php"); -if (comprueba_login() == 0) { - $accion = ""; - if (give_acl($id_user, 0, "AR")==1) { - // OPERATIONS - // Delete Event (only incident management access). - if (isset($_GET["delete"])){ - $id_evento = $_GET["delete"]; - // Look for event_id following parameters: id_group. - $id_group = gime_idgroup_from_idevent($id_evento); - if (give_acl($id_user, $id_group, "IM") ==1){ - $sql2="DELETE FROM tevento WHERE id_evento =".$id_evento; - $result2=mysql_query($sql2); - if ($result) { - echo "

".$lang_label["delete_event_ok"]."

"; - } - } else { - audit_db($id_user,$REMOTE_ADDR, "ACL Violation", - "Trying to delete event ID".$id_evento); - } - } - - // Check Event (only incident write access). - if (isset($_GET["check"])){ - $id_evento = $_GET["check"]; - // Look for event_id following parameters: id_group. - $id_group = gime_idgroup_from_idevent($id_evento); - if (give_acl($id_user, $id_group, "IW") ==1){ - $sql2="UPDATE tevento SET estado=1, id_user = '".$id_user."' WHERE id_evento = ".$id_evento; - $result2=mysql_query($sql2); - if ($result2) { echo "

".$lang_label["validate_event_ok"]."

";} +if (comprueba_login() != 0) { + audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer"); + no_permission(); +} - } else { - audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento); +$accion = ""; +if (give_acl($id_user, 0, "AR")!=1) { + audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer"); + no_permission(); +} + +// OPERATIONS +// Delete Event (only incident management access). +if (isset($_GET["delete"])){ + $id_evento = $_GET["delete"]; + // Look for event_id following parameters: id_group. + $id_group = gime_idgroup_from_idevent($id_evento); + if (give_acl($id_user, $id_group, "IM") ==1){ + $sql2="DELETE FROM tevento WHERE id_evento =".$id_evento; + $result2=mysql_query($sql2); + if ($result) { + echo "

".$lang_label["delete_event_ok"]."

"; } - } - - // Mass-process DELETE - if (isset($_POST["deletebt"])){ - $count=0; - while ($count <= $block_size){ - if (isset($_POST["eventid".$count])){ - $event_id = $_POST["eventid".$count]; - // Look for event_id following parameters: id_group. - $id_group = gime_idgroup_from_idevent($event_id); - if (give_acl($id_user, $id_group, "IM") ==1){ - mysql_query("DELETE FROM tevento WHERE id_evento =".$event_id); - } else { - audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to delete event ID".$id_evento); - } - } - $count++; - } - } - - // Mass-process UPDATE - if (isset($_POST["updatebt"])){ - $count=0; - while ($count <= $block_size){ - if (isset($_POST["eventid".$count])){ - $id_evento = $_POST["eventid".$count]; - $id_group = gime_idgroup_from_idevent($id_evento); - if (give_acl($id_user, $id_group, "IW") ==1){ - $sql2="UPDATE tevento SET estado=1, id_user = '".$id_user."' WHERE estado = 0 AND id_evento = ".$id_evento; - $result2=mysql_query($sql2); - } else { - audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento); - } - } - $count++; - } - } - - echo "

".$lang_label["events"]."

"; - echo "

".$lang_label["event_main_view"]." ".$lang_label["help"]."

"; - echo ""; - - if (isset($_POST["ev_group"])) { - $ev_group = $_POST["ev_group"]; } else { - $ev_group = -1; + audit_db($id_user,$REMOTE_ADDR, "ACL Violation", + "Trying to delete event ID".$id_evento); } - echo ""; +} + +// Check Event (only incident write access). +if (isset($_GET["check"])){ + $id_evento = $_GET["check"]; + // Look for event_id following parameters: id_group. + $id_group = gime_idgroup_from_idevent($id_evento); + if (give_acl($id_user, $id_group, "IW") ==1){ + $sql2="UPDATE tevento SET estado = 1, id_usuario = '".$id_user."' WHERE id_evento = ".$id_evento; + $result2=mysql_query($sql2); + if ($result2) { + echo "

".$lang_label["validate_event_ok"]."

"; + } else { + echo "

".$lang_label["validate_event_failed"]."

"; + } - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo "
".$lang_label["group"].""; - echo ""; - echo ""; - echo " - ".$lang_label["validated_event"]; - echo "
"; - echo " - ".$lang_label["not_validated_event"]; - echo "		"; - echo " - ".$lang_label["validate_event"]; - echo "
"; - echo " - ".$lang_label["delete_event"]; - echo "
".$lang_label["events"].""; - echo ""; - echo ""; - echo ""; - echo ""; - echo "
"; - echo "
"; - - //pagination - $total_eventos = count($event_list); - pagination($total_eventos, "index.php?sec=eventos&sec2=operation/events/events", $offset); - if (isset($_GET["offset"])){ - $offset=entrada_limpia($_GET["offset"]); - } else { - $offset=0; - } - - echo "
"; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo "'; - echo ""; - $color = 1; - $id_evento = 0; - if ($offset !=0) - $offset_limit = $offset +1; - else - $offset_limit = $offset; - // Skip offset records - for ($a=$offset_limit;$a < ($block_size + $offset + 1);$a++){ - if (isset($event_list[$a])) { - $id_evento = $event_list[$a]; - if ($id_evento != ""){ - if (isset($_POST["event"])) { - $event = entrada_limpia($_POST["event"]); - if ($event=="All") { - if (isset($ev_group) && ($ev_group > 1)) { - $sql="SELECT * FROM tevento WHERE id_evento = '$id_evento' AND id_grupo = '$ev_group'"; - } else { - $sql="SELECT * FROM tevento WHERE id_evento = '$id_evento'"; - } - - } else { - if (isset($ev_group) && ($ev_group > 1)) { - $sql="SELECT * FROM tevento WHERE evento= '$event' AND id_evento = '$id_evento' AND id_grupo = '$ev_group'"; - } else { - $sql="SELECT * FROM tevento WHERE evento= '$event' AND id_evento = '$id_evento'"; - } - } - - - } else { - $sql="SELECT * FROM tevento WHERE id_evento = $id_evento"; - } - $result=mysql_query($sql); - $row=mysql_fetch_array($result); - $id_group = $row["id_grupo"]; - if ($color == 1){ - $tdcolor = "datos"; - $color = 0; - } - else { - $tdcolor = "datos2"; - $color = 1; - } - //if (give_acl($id_user, $id_group, "IR") == 1){ // Only incident read access to view data - $offset_counter++; - echo ""; - echo ""; - //} + audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to delete event ID".$id_evento); } } - } - echo ""; - echo "
".$lang_label["status"]."".$lang_label["event_name"]."".$lang_label["agent_name"]."".$lang_label["group"]."".$lang_label["id_user"]."".$lang_label["timestamp"]."".$lang_label["action"].""; - echo ""; - echo '
"; - if ($row["estado"] == 0) - echo ""; - else - echo ""; - echo "".$row["evento"]; - if ($row["id_agente"] > 0){ - echo "".dame_nombre_agente($row["id_agente"]).""; - echo " ( ".dame_grupo($id_group)." )"; - } else { // for SNMP generated alerts - echo "".$lang_label["alert"]." / SNMP"; - echo ""; - } - if ($row["estado"] <> 0) - echo " ".dame_nombre_real($row["id_usuario"])."".substr($row["id_usuario"],0,8).""; - echo "".$row["timestamp"]; - echo ""; - - if (($row["estado"] == 0) and (give_acl($id_user,$id_group,"IW") ==1)) - echo ""; - if (give_acl($id_user,$id_group,"IM") ==1) - echo ""; - echo ""; - echo ""; - echo "
"; - - echo " "; - if (give_acl($id_user, 0,"IM") ==1){ - echo ""; - } - echo "
"; - } - else {echo "
".$lang_label["no_event"]."
";} - } - else { - audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer"); - require ("general/noaccess.php"); + $count++; } } +// Mass-process UPDATE +if (isset($_POST["updatebt"])){ + $count=0; + while ($count <= $block_size){ + if (isset($_POST["eventid".$count])){ + $id_evento = $_POST["eventid".$count]; + $id_group = gime_idgroup_from_idevent($id_evento); + if (give_acl($id_user, $id_group, "IW") ==1){ + $sql2="UPDATE tevento SET estado=1, id_user = '".$id_user."' WHERE estado = 0 AND id_evento = ".$id_evento; + $result2=mysql_query($sql2); + } else { + audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento); + } + } + $count++; + } +} + +// *********************************************************************** +// Main code form / page +// *********************************************************************** + + +// Get data + +$offset=0; +if (isset($_GET["offset"])) + $offset=$_GET["offset"]; + +$ev_group = -1; +if (isset($_POST["ev_group"])) + $ev_group = $_POST["ev_group"]; + +$event="All"; +if (isset($_POST["event"])) + $event = entrada_limpia($_POST["event"]); + +echo "

".$lang_label["events"]."

"; +echo "

".$lang_label["event_main_view"]." ".$lang_label["help"]."

"; +echo ""; + +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo "
".$lang_label["group"].""; +echo ""; +echo ""; +echo " - ".$lang_label["validated_event"]; +echo "
"; +echo " - ".$lang_label["not_validated_event"]; +echo "		"; +echo " - ".$lang_label["validate_event"]; +echo "
"; +echo " - ".$lang_label["delete_event"]; +echo "
".$lang_label["events"].""; +echo ""; +echo ""; +echo ""; +echo ""; +echo "
"; +echo "
"; + +// How many events do I have in total ? +if ($event=="All"){ + if (isset($ev_group) && ($ev_group > 1)) { + $sql3="SELECT COUNT(id_evento) FROM tevento WHERE id_grupo = '$ev_group' "; + } else { + $sql3="SELECT COUNT(id_evento) FROM tevento"; + } +} else { + if (isset($ev_group) && ($ev_group > 1)) { + $sql3="SELECT COUNT(id_evento) FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group'"; + } else { + $sql3="SELECT COUNT(id_evento) FROM tevento WHERE evento = '$event' "; + } +} +$result3=mysql_query($sql3); +$row3=mysql_fetch_array($result3); +$total_events = $row3[0]; +// Show pagination header +pagination($total_events, "index.php?sec=eventos&sec2=operation/events/events", $offset); + +// Show data. + +echo "
"; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo ""; +echo "'; +echo ""; +$color = 1; +$id_evento = 0; + +// Prepare index for pagination. Prepare queries +if ($event=="All"){ + if (isset($ev_group) && ($ev_group > 1)) { + $sql2="SELECT * FROM tevento WHERE id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size"; + } else { + $sql2="SELECT * FROM tevento ORDER BY timestamp DESC LIMIT $offset, $block_size"; + } +} else { + if (isset($ev_group) && ($ev_group > 1)) { + $sql2="SELECT * FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size"; + } else { + $sql2="SELECT * FROM tevento WHERE evento = '$event' ORDER BY timestamp DESC LIMIT $offset, $block_size"; + } +} +// Make query for data (all data, not only distinct). +$result2=mysql_query($sql2); +while ($row2=mysql_fetch_array($result2)){ + $id_grupo = $row2["id_grupo"]; + if (give_acl($id_user, $id_grupo, "IR") == 1){ // Only incident read access to view data ! + $id_group = $row2["id_grupo"]; + if ($color == 1){ + $tdcolor = "datos"; + $color = 0; + } + else { + $tdcolor = "datos2"; + $color = 1; + } + + echo ""; + echo ""; + //} + } +} + +echo ""; +echo "
".$lang_label["status"]."".$lang_label["event_name"]."".$lang_label["agent_name"]."".$lang_label["group"]."".$lang_label["id_user"]."".$lang_label["timestamp"]."".$lang_label["action"].""; +echo ""; +echo '
"; + if ($row2["estado"] == 0) + echo ""; + else + echo ""; + echo "".$row2["evento"]; + if ($row2["id_agente"] > 0){ + echo "".dame_nombre_agente($row2["id_agente"]).""; + echo ""; + } else { // for SNMP generated alerts + echo "".$lang_label["alert"]." / SNMP"; + echo ""; + } + if ($row2["estado"] <> 0) + echo " ".dame_nombre_real($row2["id_usuario"])."".substr($row2["id_usuario"],0,8).""; + echo "".$row2["timestamp"]; + echo ""; + + if (($row2["estado"] == 0) and (give_acl($id_user,$id_group,"IW") ==1)) + echo ""; + if (give_acl($id_user,$id_group,"IM") ==1) + echo " "; + + if (give_acl($id_user,$id_group,"IW") == 1) + echo ""; + + echo ""; + echo ""; + echo "
"; + +echo " "; +if (give_acl($id_user, 0,"IM") ==1){ + echo ""; +} +echo "
"; + + /* else {echo "
".$lang_label["no_event"]."
";} + } */ + + ?> \ No newline at end of file diff --git a/pandora_console/operation/incidents/incident.php b/pandora_console/operation/incidents/incident.php index 5966688853..69146859f4 100644 --- a/pandora_console/operation/incidents/incident.php +++ b/pandora_console/operation/incidents/incident.php @@ -18,108 +18,115 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // Load global vars + require("include/config.php"); - -if (comprueba_login() == 0) { - -$accion = ""; +if (comprueba_login() != 0) { + audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access incident viewer"); + require ("general/noaccess.php"); + exit; +} $id_usuario =$_SESSION["id_usuario"]; -if ((give_acl($id_user, 0, "IR")==1) OR (give_acl($id_user, 0, "IM")==1) or (dame_admin($id_user)==1)) { - if (isset($_GET["quick_delete"])){ - $id_inc = $_GET["quick_delete"]; - $sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc; - $result2=mysql_query($sql2); - $row2=mysql_fetch_array($result2); - if ($row2) { - $id_author_inc = $row2["id_usuario"]; - if ((give_acl($id_usuario, $row2["id_grupo"], "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){ - borrar_incidencia($id_inc); - echo "

".$lang_label["del_incid_ok"]."

"; - } - else { - audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident"); - echo "

".$lang_label["del_incid_no"]."

"; - no_permission(); +$accion = ""; +if (give_acl($id_usuario, 0, "IR")!=1) { + audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access incident viewer"); + require ("general/noaccess.php"); + exit; +} + +if (isset($_GET["quick_delete"])){ + $id_inc = $_GET["quick_delete"]; + $sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc; + $result2=mysql_query($sql2); + $row2=mysql_fetch_array($result2); + if ($row2) { + $id_author_inc = $row2["id_usuario"]; + if ((give_acl($id_usuario, $row2["id_grupo"], "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){ + borrar_incidencia($id_inc); + echo "

".$lang_label["del_incid_ok"]."

"; } + else { + audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident"); + echo "

".$lang_label["del_incid_no"]."

"; + no_permission(); } } - - // Search - $busqueda=""; - if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){ - if (isset($_POST["texto"])){ - $texto_form = $_POST["texto"]; - $_GET["texto"]=$texto_form; // Update GET vars if data comes from POST - } else // GET - $texto_form = $_GET["texto"]; +} - $busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )"; - } +// Search +$busqueda=""; +if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){ + if (isset($_POST["texto"])){ + $texto_form = $_POST["texto"]; + $_GET["texto"]=$texto_form; // Update GET vars if data comes from POST + } else // GET + $texto_form = $_GET["texto"]; - if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){ - if (isset($_POST["usuario"])){ - $usuario_form = $_POST["usuario"]; - $_GET["usuario"]=$usuario_form; - } else // GET - $usuario_form=$_GET["usuario"]; - - if ($usuario_form != ""){ - if (isset($_GET["texto"])) - $busqueda = $busqueda." and "; - $busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' "; - } + $busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )"; +} + +if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){ + if (isset($_POST["usuario"])){ + $usuario_form = $_POST["usuario"]; + $_GET["usuario"]=$usuario_form; + } else // GET + $usuario_form=$_GET["usuario"]; + + if ($usuario_form != ""){ + if (isset($_GET["texto"])) + $busqueda = $busqueda." and "; + $busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' "; } - - // Filter - if ($busqueda != "") - $sql1= "WHERE ".$busqueda; - else - $sql1=""; +} - if (isset($_GET["estado"]) and (!isset($_POST["estado"]))) - $_POST["estado"]=$_GET["estado"]; - if (isset($_GET["grupo"]) and (!isset($_POST["grupo"]))) - $_POST["grupo"]=$_GET["grupo"]; - if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"]))) - $_POST["prioridad"]=$_GET["prioridad"]; +// Filter +if ($busqueda != "") + $sql1= "WHERE ".$busqueda; +else + $sql1=""; + +if (isset($_GET["estado"]) and (!isset($_POST["estado"]))) + $_POST["estado"]=$_GET["estado"]; +if (isset($_GET["grupo"]) and (!isset($_POST["grupo"]))) + $_POST["grupo"]=$_GET["grupo"]; +if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"]))) + $_POST["prioridad"]=$_GET["prioridad"]; - if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) { - if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){ - $_GET["estado"] = $_POST["estado"]; +if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) { + if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){ + $_GET["estado"] = $_POST["estado"]; + if ($sql1 == "") + $sql1='WHERE estado='.$_POST["estado"]; + else + $sql1 =$sql1.' AND estado='.$_POST["estado"]; + } + + if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) { + $_GET["prioridad"]=$_POST["prioridad"]; if ($sql1 == "") - $sql1='WHERE estado='.$_POST["estado"]; + $sql1='WHERE prioridad='.$_POST["prioridad"]; else - $sql1 =$sql1.' AND estado='.$_POST["estado"]; - } + $sql1 =$sql1.' and prioridad='.$_POST["prioridad"]; + } - if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) { - $_GET["prioridad"]=$_POST["prioridad"]; - if ($sql1 == "") - $sql1='WHERE prioridad='.$_POST["prioridad"]; - else - $sql1 =$sql1.' and prioridad='.$_POST["prioridad"]; - } + if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) { + $_GET["grupo"] = $_POST["grupo"]; + if ($sql1 == "") + $sql1='WHERE id_grupo='.$_POST["grupo"]; + else + $sql1 =$sql1.' AND id_grupo='.$_POST["grupo"]; + } + } - if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) { - $_GET["grupo"] = $_POST["grupo"]; - if ($sql1 == "") - $sql1='WHERE id_grupo='.$_POST["grupo"]; - else - $sql1 =$sql1.' AND id_grupo='.$_POST["grupo"]; - } - } - $sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC"; - $sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1; - $sql1=$sql0; - echo "

".$lang_label["incident_manag"]."

"; - echo "

".$lang_label["manage_incidents"]." ".$lang_label["help"]."

"; -?> -".$lang_label["incident_manag"].""; +echo "

".$lang_label["manage_incidents"]." ".$lang_label["help"]."

"; if (isset($_POST['operacion'])){ echo "

".$lang_label["incident_view_filter"]." - ".$_POST['operacion']."

"; -} +} ?>
@@ -129,22 +136,22 @@ if (isset($_POST['operacion'])){

- - - - -

- -
- -
- -
- -
- - + + + + + +

+ -
+ -
+ -
+ -
+ - - -

- -
- -
- -
- -
- -
- -
- - "; switch ($_GET["prioridad"]){ case -1: echo $lang_label["all"]." ".$lang_label["priority"]; break; @@ -188,79 +195,72 @@ if (isset($_POST['operacion'])){ case 4: echo $lang_label["very_serious"]; break; case 10: echo $lang_label["maintenance"]; break; } - } - echo "
- + +

+ "; - // Offset adjustment - if (isset($_GET["offset"])) - $offset=$_GET["offset"]; - else - $offset=0; - $offset_counter=0; - // Prepare index for pagination - $incident_list[]=""; - $result2=mysql_query($sql1); - - if (!mysql_num_rows($result2)) { - echo '
'.$lang_label["no_incidents"].'

';} - else { +// Offset adjustment +if (isset($_GET["offset"])) + $offset=$_GET["offset"]; +else + $offset=0; +$offset_counter=0; +// Prepare index for pagination +$incident_list[]=""; +$result2=mysql_query($sql1); + +if (!mysql_num_rows($result2)) { + echo '
'.$lang_label["no_incidents"].'

'; +} else { while ($row2=mysql_fetch_array($result2)){ // Jump offset records - $id_group = $row2["id_grupo"]; - if (give_acl($id_usuario, $id_group, "IR") ==1){ // Only incident read access to view data ! + $id_group = $row2["id_grupo"]; + if (give_acl($id_usuario, $id_group, "IR") ==1){ + // Only incident read access to view data ! $incident_list[]=$row2["id_incidencia"]; } - } + } // Fill array with data // TOTAL incidents $total_incidentes = sizeof($incident_list); - + $url = "index.php?sec=incidencias&sec2=operation/incidents/incident"; // add form filter values for group, priority, state, and search fields: user and text @@ -275,10 +275,11 @@ if (isset($_POST['operacion'])){ if (isset($_GET["texto"])) $url = $url."&texto=".$_GET["texto"]; - // Show pagination + // Show pagination pagination ($total_incidentes, $url, $offset); echo '
'; // Show headers + echo ""; echo ""; echo ""; echo ""; $id_author_inc = $row["id_usuario"]; - if ((give_acl($id_usuario, $id_group, "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){ // Only incident owners or incident manager from this group can delete incidents + if ((give_acl($id_usuario, $id_group, "IM") ==1) OR + ($_SESSION["id_usuario"] == $id_author_inc) ){ + // Only incident owners or incident manager + // from this group can delete incidents echo ""; } } // if ACL is correct } } - -echo "
ID"; @@ -299,7 +300,7 @@ if (isset($_POST['operacion'])){ $offset_begin = $offset; for ($a=$offset_begin; $a < ($offset + $block_size +1);$a++){ - if (isset($incident_list[$a])){ + if (isset($incident_list[$a])){ $id_incidente = $incident_list[$a]; } else { $id_incidente =""; @@ -323,19 +324,19 @@ if (isset($_POST['operacion'])){ echo "
".$row["id_incidencia"].""; - // Check for attachments in this incident + // Check for attachments in this incident $result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row["id_incidencia"]); mysql_fetch_array($result3); if (mysql_affected_rows() > 0) echo '  '; - + // Tipo de estado (Type) // 0 - Abierta / Sin notas (Open, no notes) // 1 - Abierta / Notas anyadidas (Open with notes) // 2 - Descartada (not valid) // 3 - Caducada (out of date) // 13 - Cerrada (closed) - + // Verify if the status changes if (($row["estado"] == 0) && ($note_number >0 )){ $row["estado"] = 1; @@ -356,12 +357,12 @@ if (isset($_POST['operacion'])){ echo "".substr(salida_limpia($row["titulo"]),0,27); echo ""; switch ( $row["prioridad"] ){ - case 0: echo ""."".""; break; - case 1: echo ""."".""; break; - case 2: echo ""."".""; break; - case 3: echo ""."".""; break; - case 4: echo ""."".""; break; - case 10: echo ""."".""; break; + case 0: echo ""."".""; break; + case 1: echo ""."".""; break; + case 2: echo ""."".""; break; + case 3: echo ""."".""; break; + case 4: echo ""."".""; break; + case 10: echo ""."".""; break; } /* case 0: echo $lang_label["informative"]; break; @@ -376,26 +377,23 @@ if (isset($_POST['operacion'])){ echo "".$row["origen"]; echo " ".dame_nombre_real($row["id_usuario"])."".substr($row["id_usuario"], 0, 8)."
" ; + echo "
" ; +} + +if (give_acl($_SESSION["id_usuario"], 0, "IW")==1) { + echo "
"; + echo "
"; + echo "
"; } - if (give_acl($_SESSION["id_usuario"], 0, "IW")==1) { - echo "
"; - echo "
"; - echo "
"; - } echo "
"; - } - else { - require ("general/noaccess.php"); - audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Incident section"); - } -} ?> \ No newline at end of file diff --git a/pandora_console/operation/incidents/incident_detail.php b/pandora_console/operation/incidents/incident_detail.php index 1f7b6da675..810d27fb83 100644 --- a/pandora_console/operation/incidents/incident_detail.php +++ b/pandora_console/operation/incidents/incident_detail.php @@ -20,451 +20,470 @@ // Load global vars require("include/config.php"); -if (comprueba_login() == 0) { +if (comprueba_login() != 0) { + audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer"); + require ("general/noaccess.php"); + exit; +} + +if (isset($_GET["id_grupo"])) + $id_grupo = $_GET["id_grupo"]; +else + $id_grupo = 0; + +$id_user=$_SESSION['id_usuario']; +if (give_acl($id_user, $id_grupo, "IR") != 1){ + // Doesn't have access to this page + audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access to incident ".$id_inc." '".$titulo."'"); + include ("general/noaccess.php"); + exit; +} + $id_grupo = ""; $creacion_incidente = ""; - if (isset($_GET["id"])){ - $creacion_incidente = 0; - $id_inc = $_GET["id"]; - $iduser_temp=$_SESSION['id_usuario']; - // Obtain group of this incident - $sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc; - $result=mysql_query($sql1); - $row=mysql_fetch_array($result); - // Get values - $titulo = $row["titulo"]; - $texto = $row["descripcion"]; - $inicio = $row["inicio"]; - $actualizacion = $row["actualizacion"]; - $estado = $row["estado"]; - $prioridad = $row["prioridad"]; - $origen = $row["origen"]; - $usuario = $row["id_usuario"]; - $nombre_real = dame_nombre_real($usuario); - $id_grupo = $row["id_grupo"]; - $id_creator = $row["id_creator"]; - $grupo = dame_nombre_grupo($id_grupo); - - // Has access to this page ??? - if (give_acl($iduser_temp, $id_grupo, "IR")==1){ - // Note add - if (isset($_GET["insertar_nota"])){ - - $id_inc = entrada_limpia($_POST["id_inc"]); - $timestamp = entrada_limpia($_POST["timestamp"]); - $nota = entrada_limpia($_POST["nota"]); - $id_usuario=$_SESSION["id_usuario"]; - - $sql1 = "INSERT INTO tnota (id_usuario,timestamp,nota) VALUES ('".$id_usuario."','".$timestamp."','".$nota."')"; - $res1=mysql_query($sql1); - if ($res1) { echo "

".$lang_label["create_note_ok"]."

"; } - - $sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$id_usuario."' AND timestamp = '".$timestamp."'"; - $res2=mysql_query($sql2); - $row2=mysql_fetch_array($res2); - $id_nota = $row2["id_nota"]; - - $sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")"; - $res3=mysql_query($sql3); - - $sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc; - $res4 = mysql_query($sql4); - - } - - // Modify incident - if (isset($_POST["accion"])){ - $id_inc = $_POST["id_inc"]; - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { // Only admins (manage incident) or owners can modify incidents - // Edicion !! - if ($_POST["accion"] == $lang_label["in_modinc"]){ // Modify Incident - $id_author_inc = give_incident_author($id_inc); - $titulo = entrada_limpia($_POST["titulo"]); - $descripcion = entrada_limpia($_POST['descripcion']); - $origen = entrada_limpia($_POST['origen']); - $prioridad = entrada_limpia($_POST['prioridad']); - $grupo = entrada_limpia($_POST['grupo']); - $usuario= entrada_limpia($_POST["usuario"]); - $estado = entrada_limpia($_POST["estado"]); - $ahora=date("Y/m/d H:i:s"); - $sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc; - $result=mysql_query($sql); - if ($result) echo "

".$lang_label["upd_incid_ok"]."

"; - // Re-read data for correct presentation - // Obtain group of this incident - $sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc; - $result=mysql_query($sql1); - $row=mysql_fetch_array($result); - // Get values - $titulo = $row["titulo"]; - $texto = $row["descripcion"]; - $inicio = $row["inicio"]; - $actualizacion = $row["actualizacion"]; - $estado = $row["estado"]; - $prioridad = $row["prioridad"]; - $origen = $row["origen"]; - $usuario = $row["id_usuario"]; - $nombre_real = dame_nombre_real($usuario); - $id_grupo = $row["id_grupo"]; - $grupo = dame_nombre_grupo($id_grupo); - } - } else { - audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident"); - echo "

".$lang_label["upd_incid_no"]."

"; - no_permission(); - } - } - - // Delete note - if (isset($_GET["id_nota"])){ - $note_user = give_note_author ($_GET["id_nota"]); - if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes - // But note authors was able to delete this own notes - $id_nota = $_GET["id_nota"]; - $id_nota_inc = $_GET["id_nota_inc"]; - $query ="DELETE FROM tnota WHERE id_nota = ".$id_nota; - $query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc; - //echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2; - mysql_query($query); - mysql_query($query2); - if (mysql_query($query)) echo "

".$lang_label["del_note_ok"]; - } - } - // Delete file - if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){ - $file_id = $_GET["delete_file"]; - $sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id; - $res2=mysql_query($sql2); - $row2=mysql_fetch_array($res2); - $filename = $row2["filename"]; - $sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id; - $res2=mysql_query($sql2); - unlink ($attachment_store."attachment/pand".$file_id."_".$filename); - } - - // Upload file - if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) { - if (( $_FILES['userfile']['name'] != "" ) && ($userfile != "none")){ //if file - $tipo = $_FILES['userfile']['type']; - if (isset($_POST["file_description"])) - $description = $_POST["file_description"]; - else - $description = "No description available"; - // Insert into database - $filename= $_FILES['userfile']['name']; - $filesize = $_FILES['userfile']['size']; - - $sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") "; +// EDITION MODE +if (isset($_GET["id"])){ + $creacion_incidente = 0; + $id_inc = $_GET["id"]; + $iduser_temp=$_SESSION['id_usuario']; + // Obtain group of this incident + $sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc; + $result=mysql_query($sql1); + $row=mysql_fetch_array($result); + // Get values + $titulo = $row["titulo"]; + $texto = $row["descripcion"]; + $inicio = $row["inicio"]; + $actualizacion = $row["actualizacion"]; + $estado = $row["estado"]; + $prioridad = $row["prioridad"]; + $origen = $row["origen"]; + $usuario = $row["id_usuario"]; + $nombre_real = dame_nombre_real($usuario); + $id_grupo = $row["id_grupo"]; + $id_creator = $row["id_creator"]; + $grupo = dame_nombre_grupo($id_grupo); - mysql_query($sql); - $id_attachment=mysql_insert_id(); - - // Copy file to directory and change name - $nombre_archivo = $attachment_store."attachment/pand".$id_attachment."_".$filename; + // Note add + if (isset($_GET["insertar_nota"])){ - if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){ - echo "

".$lang_label["attach_error"]."

"; - $sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment; - mysql_query($sql); - } else { - // Delete temporal file - unlink ($_FILES['userfile']['tmp_name']); - } - } + $id_inc = entrada_limpia($_POST["id_inc"]); + $timestamp = entrada_limpia($_POST["timestamp"]); + $nota = entrada_limpia($_POST["nota"]); + $id_usuario=$_SESSION["id_usuario"]; + + $sql1 = "INSERT INTO tnota (id_usuario,timestamp,nota) VALUES ('".$id_usuario."','".$timestamp."','".$nota."')"; + $res1=mysql_query($sql1); + if ($res1) { echo "

".$lang_label["create_note_ok"]."

"; } + + $sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$id_usuario."' AND timestamp = '".$timestamp."'"; + $res2=mysql_query($sql2); + $row2=mysql_fetch_array($res2); + $id_nota = $row2["id_nota"]; + + $sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")"; + $res3=mysql_query($sql3); + + $sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc; + $res4 = mysql_query($sql4); + } + + // Modify incident + if (isset($_POST["accion"])){ + $id_inc = $_POST["id_inc"]; + if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { // Only admins (manage incident) or owners can modify incidents + // Edicion !! + if ($_POST["accion"] == $lang_label["in_modinc"]){ // Modify Incident + $id_author_inc = give_incident_author($id_inc); + $titulo = entrada_limpia($_POST["titulo"]); + $descripcion = entrada_limpia($_POST['descripcion']); + $origen = entrada_limpia($_POST['origen']); + $prioridad = entrada_limpia($_POST['prioridad']); + $grupo = entrada_limpia($_POST['grupo']); + $usuario= entrada_limpia($_POST["usuario"]); + $estado = entrada_limpia($_POST["estado"]); + $ahora=date("Y/m/d H:i:s"); + $sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc; + $result=mysql_query($sql); + if ($result) echo "

".$lang_label["upd_incid_ok"]."

"; + // Re-read data for correct presentation + // Obtain group of this incident + $sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc; + $result=mysql_query($sql1); + $row=mysql_fetch_array($result); + // Get values + $titulo = $row["titulo"]; + $texto = $row["descripcion"]; + $inicio = $row["inicio"]; + $actualizacion = $row["actualizacion"]; + $estado = $row["estado"]; + $prioridad = $row["prioridad"]; + $origen = $row["origen"]; + $usuario = $row["id_usuario"]; + $nombre_real = dame_nombre_real($usuario); + $id_grupo = $row["id_grupo"]; + $grupo = dame_nombre_grupo($id_grupo); } - } - } else { // Not given id - // Insert data ! - if (isset($_POST["accion"]) and ($_POST["accion"] == $lang_label["create"])) { - $iduser_temp=$_SESSION['id_usuario']; - // Read input variables - $titulo = entrada_limpia($_POST['titulo']); - $inicio = date("Y/m/d H:i:s"); - $descripcion = entrada_limpia($_POST['descripcion']); - $texto = $descripcion; // to view in textarea after insert - $origen = entrada_limpia($_POST['origen']); - $prioridad = entrada_limpia($_POST['prioridad']); - $grupo = entrada_limpia($_POST['grupo']); - $usuario= entrada_limpia($_SESSION["id_usuario"]); - $actualizacion = $inicio; - $id_creator = $iduser_temp; - $estado = 0; // if the indicent is new, state (estado) is 0 - $sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') "; - if (give_acl($iduser_temp, $grupo, "IW")==1){ - if (mysql_query($sql)) echo "

".$lang_label["create_incid_ok"]."

"; - $id_inc=mysql_insert_id(); - } else - no_permission(); - } elseif (isset($_GET["insert_form"])){ // Create from to insert - $iduser_temp=$_SESSION['id_usuario']; - $titulo = ""; - $descripcion = ""; - $origen = ""; - $prioridad = 0; - $id_grupo = 0; - $grupo = dame_nombre_grupo(1); - - $usuario= $_SESSION["id_usuario"]; - $estado = 0; - $actualizacion=date("Y/m/d H:i:s"); - $inicio = $actualizacion; - $id_creator = $iduser_temp; - $creacion_incidente = 1; } else { + audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident"); + echo "

".$lang_label["upd_incid_no"]."

"; no_permission(); } } - - // Has access to this page ??? - if (give_acl($iduser_temp, $id_grupo, "IR")==1){ - // ******************************************************************************************************** - // ******************************************************************************************************** - // Show the form - // ******************************************************************************************************** - - if ($creacion_incidente == 0) - echo "
"; - else - echo ""; - - if (isset($id_inc)) {echo "";} - echo "

".$lang_label["incident_manag"]."

"; - if (isset($id_inc)) { - echo "

".$lang_label["rev_incident"]." # ".$id_inc."  ".$lang_label["help"]."

"; - } else { - echo "

".$lang_label["create_incident"]." ".$lang_label["help"]."

"; + + // Delete note + if (isset($_GET["id_nota"])){ + $note_user = give_note_author ($_GET["id_nota"]); + if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes + // But note authors was able to delete this own notes + $id_nota = $_GET["id_nota"]; + $id_nota_inc = $_GET["id_nota_inc"]; + $query ="DELETE FROM tnota WHERE id_nota = ".$id_nota; + $query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc; + //echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2; + mysql_query($query); + mysql_query($query2); + if (mysql_query($query)) echo "

".$lang_label["del_note_ok"]; } - echo ''; - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) - echo ''; - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) - echo ''; - echo "
'.$lang_label["incident"].''; - else - echo '
'.$lang_label["incident"].''; - echo '
'.$lang_label["in_openedwhen"].''; - echo "".$inicio.""; - echo ''.$lang_label["updated_at"].''; - echo "".$actualizacion.""; - echo '
'.$lang_label["in_openedby"].''; - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - echo ""; } - else { - echo ""; - echo $usuario." - (".$nombre_real.")"; - } - // Tipo de estado - // 0 - Abierta / Sin notas - Open, without notes - // 1 - Abierta / Notas aniadidas - Open, with notes - // 2 - Descartada / Not valid - // 3 - Caducada / Outdated - // 13 - Cerrada / Closed - - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) - echo ''.$lang_label["status"].''.$lang_label["status"].''; - - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) - echo '
'.$lang_label["source"].'
'.$lang_label["source"].'"; - - // Group combo - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) - echo ''.$lang_label["group"].''.$lang_label["group"].'
'.$lang_label["priority"].''.$lang_label["priority"].'Creator".$id_creator." ( ".dame_nombre_real($id_creator)." )"; - - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) - echo '
"; - - echo '
"; - // Only if user is the used who opened incident or (s)he is admin - + } +} else { // Not given id + // Insert data ! + if (isset($_POST["accion"]) and ($_POST["accion"] == $lang_label["create"])) { $iduser_temp=$_SESSION['id_usuario']; - - if ($creacion_incidente == 0){ - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){ - echo ''; - } + // Read input variables + $titulo = entrada_limpia($_POST['titulo']); + $inicio = date("Y/m/d H:i:s"); + $descripcion = entrada_limpia($_POST['descripcion']); + $texto = $descripcion; // to view in textarea after insert + $origen = entrada_limpia($_POST['origen']); + $prioridad = entrada_limpia($_POST['prioridad']); + $grupo = entrada_limpia($_POST['grupo']); + $usuario= entrada_limpia($_SESSION["id_usuario"]); + $actualizacion = $inicio; + $id_creator = $iduser_temp; + $estado = 0; // if the indicent is new, state (estado) is 0 + $sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') "; + if (give_acl($iduser_temp, $grupo, "IW")==1){ + if (mysql_query($sql)) echo "

".$lang_label["create_incid_ok"]."

"; + $id_inc=mysql_insert_id(); + } else + no_permission(); + // INSERT FORM. + } elseif (isset($_GET["insert_form"])){ + $iduser_temp=$_SESSION['id_usuario']; + $titulo = ""; + if (isset($_GET["from_event"])){ + $titulo = return_event_description($_GET["from_event"]); + $descripcion = ""; + $origen = "Pandora FMS event"; + } else { + $titulo = ""; + $descripcion = ""; + $origen = ""; } - else - if (give_acl($iduser_temp, $id_grupo, "IW")) { - echo ''; + $prioridad = 0; + $id_grupo = 0; + $grupo = dame_nombre_grupo(1); + + $usuario= $_SESSION["id_usuario"]; + $estado = 0; + $actualizacion=date("Y/m/d H:i:s"); + $inicio = $actualizacion; + $id_creator = $iduser_temp; + $creacion_incidente = 1; + } else { + audit_db($id_user,$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way"); + no_permission(); + + } +} + +// ******************************************************************************************************** +// ******************************************************************************************************** +// Show the form +// ******************************************************************************************************** + +if ($creacion_incidente == 0) + echo ""; +else + echo ""; + +if (isset($id_inc)) { + echo ""; +} +echo "

".$lang_label["incident_manag"]."

"; +if (isset($id_inc)) { + echo "

".$lang_label["rev_incident"]." # ".$id_inc."  ".$lang_label["help"]."

"; +} else { + echo "

".$lang_label["create_incident"]." ".$lang_label["help"]."

"; +} +echo ''; +if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) + echo ''; +if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) + echo ''; +echo "
'.$lang_label["incident"].''; +else + echo '
'.$lang_label["incident"].''; +echo '
'.$lang_label["in_openedwhen"].''; +echo "".$inicio.""; +echo ''.$lang_label["updated_at"].''; +echo "".$actualizacion.""; +echo '
'.$lang_label["in_openedby"].''; +if ((give_acl($id_user, $id_grupo, "IM")==1) OR ($usuario == $id_user)) { + echo ""; +} +else { + echo ""; + echo $usuario." - (".$nombre_real.")"; +} +// Tipo de estado +// 0 - Abierta / Sin notas - Open, without notes +// 1 - Abierta / Notas aniadidas - Open, with notes +// 2 - Descartada / Not valid +// 3 - Caducada / Outdated +// 13 - Cerrada / Closed + +if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) + echo ''.$lang_label["status"].''.$lang_label["status"].''; + +// Only owner could change source or user with Incident management privileges +if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) + echo '
'.$lang_label["source"].'
'.$lang_label["source"].'"; + +// Group combo +if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) + echo ''.$lang_label["group"].''.$lang_label["group"].'
'.$lang_label["priority"].''.$lang_label["priority"].'Creator".$id_creator." ( ".dame_nombre_real($id_creator)." )"; + +if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) + echo '
"; + +echo '
"; +// Only if user is the used who opened incident or (s)he is admin + +$iduser_temp=$_SESSION['id_usuario']; + +if ($creacion_incidente == 0){ + if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){ + echo ''; + } +} else { + if (give_acl($iduser_temp, $id_grupo, "IW")) { + echo ''; + } +} +echo ""; + +if ($creacion_incidente == 0){ + echo "
"; + echo '
'; +} +echo "

"; + +if ($creacion_incidente == 0){ +// Upload control + if (give_acl($iduser_temp, $id_grupo, "IW")==1){ + echo ""; + echo "'; + echo '
".$lang_label["attachfile"].""; + echo "
"; + echo ''.$lang_label["filename"].'
'; + echo ''; + echo '
'.$lang_label["description"].''; + echo '
'; + echo '

'; + } + // ************************************************************ + // Files attached to this incident + // ************************************************************ + + // Attach head if there's attach for this incident + $att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc); + + if (mysql_num_rows($att_fil)) + { + echo ""; + echo "
"; + echo "

".$lang_label["attached_files"]."

"; + echo "
"; + echo "
".$lang_label["filename"]; + echo "".$lang_label["description"]; + echo "".$lang_label["size"]; + echo "".$lang_label["delete"]; + + while ($row=mysql_fetch_array($att_fil)){ + echo "
".$row["filename"].""; + echo "".$row["description"]; + echo "".$row["size"]; + + if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment + echo ''; } - - echo ""; - - if ($creacion_incidente == 0){ - echo "
"; - echo '
'; + } - echo "

"; - - if ($creacion_incidente == 0){ - // Upload control - if (give_acl($iduser_temp, $id_grupo, "IW")==1){ - echo ""; - echo "'; - echo '
".$lang_label["attachfile"].""; - echo "
"; - echo ''.$lang_label["filename"].'
'; - echo ''; - echo '
'.$lang_label["description"].''; - echo '
'; - echo '

'; - } - // ************************************************************ - // Files attached to this incident - // ************************************************************ - - // Attach head if there's attach for this incident - $att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc); - - if (mysql_num_rows($att_fil)) - { - echo ""; - echo "
"; - echo "

".$lang_label["attached_files"]."

"; - echo "
"; - echo "
".$lang_label["filename"]; - echo "".$lang_label["description"]; - echo "".$lang_label["size"]; - echo "".$lang_label["delete"]; - - while ($row=mysql_fetch_array($att_fil)){ - echo "
".$row["filename"].""; - echo "".$row["description"]; - echo "".$row["size"]; - - if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment - echo ''; - } - - } - echo "

"; - } - // ******************************************************************** - // Notes - // ******************************************************************** - $cabecera=0; - $sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc; - $res4=mysql_query($sql4); - while ($row2=mysql_fetch_array($res4)){ - if ($cabecera == 0) { // Show head only one time - echo ""; - echo "
"; - echo "

".$lang_label["in_notas_t1"]."

"; - echo ""; - echo "'; - echo ''; - } - } - if ($cabecera == 1){ - echo "
"; - $cabecera = 1; - } - - $sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC'; - $res3=mysql_query($sql3); - while ($row3=mysql_fetch_array($res3)){ - $timestamp = $row3["timestamp"]; - $nota = $row3["nota"]; - $id_usuario_nota = $row3["id_usuario"]; - // Show data - echo '
'.$lang_label["author"].': '; - $usuario = $id_usuario_nota; - $nombre_real = dame_nombre_real($usuario); - echo $usuario." - (".$nombre_real.")"; - - // Delete comment, only for admins - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - $myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"]; - echo ' '.$lang_label["delete"].''; - } - echo '
'.$lang_label["date"].': '.$timestamp.'
'; - echo '
'; - echo salida_limpia($nota); - echo '
'; - echo '
"; // note table - } - echo "
"; - } // create mode + echo "

"; } - else { // Doesn't have access to this page - audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access to incident ".$id_inc." '".$titulo."'"); - include ("general/noaccess.php"); + // ******************************************************************** + // Notes + // ******************************************************************** + $cabecera=0; + $sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc; + $res4=mysql_query($sql4); + while ($row2=mysql_fetch_array($res4)){ + if ($cabecera == 0) { // Show head only one time + echo ""; + echo "
"; + echo "

".$lang_label["in_notas_t1"]."

"; + echo ""; + echo "'; + echo ''; + } } - -} // fin pagina - end page + if ($cabecera == 1){ + echo "
"; + $cabecera = 1; + } + + $sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC'; + $res3=mysql_query($sql3); + while ($row3=mysql_fetch_array($res3)){ + $timestamp = $row3["timestamp"]; + $nota = $row3["nota"]; + $id_usuario_nota = $row3["id_usuario"]; + // Show data + echo '
'.$lang_label["author"].': '; + $usuario = $id_usuario_nota; + $nombre_real = dame_nombre_real($usuario); + echo $usuario." - (".$nombre_real.")"; + + // Delete comment, only for admins + if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { + $myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"]; + echo ' '.$lang_label["delete"].''; + } + echo '
'.$lang_label["date"].': '.$timestamp.'
'; + echo '
'; + echo salida_limpia($nota); + echo '
'; + echo '
"; // note table + } + echo "
"; +} // create mode ?>