2007-02-05 Sancho Lerena <slerena@artica.es>

* include/functions_db.php: Added function to get
	info for events (return_event_description().
	
	* include/languages/language_en.php: More new strings.
	
	* include/functions.php: Pagination improved !. not finished yet.
	
	* pandora_console/index.php: Added some credits to main page.
	
	* operation/incidents/incident.php: Improved incident
	visualization. Fixed some render bugs in last raul's commit :->
	
	* operation/incidents/incident_detail.php: Now incidents could be
	"reported" using event button for submit incident.
	
	* operation/events/events.php: Pagination is now using LIMIT SQL
	syntax, and pagination works fine. Several issues fixed, and added
	function to report incident from here.
	
	* images/ok.gif, cancel.gif: Changed icon.

	* images/control_start_blue.png: Added.

	* images/page_lightning.png: Added.
	
	* images/control_rewind_blue.png: Added.
	
	* images/control_end_blue.png: Added.
	
	* images/control_fastforward_blue.png: Added.
	


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@372 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,36 @@
+2007-02-05  Sancho Lerena  <slerena@artica.es>
+
+	* include/functions_db.php: Added function to get
+	info for events (return_event_description().
+	
+	* include/languages/language_en.php: More new strings.
+	
+	* include/functions.php: Pagination improved !. not finished yet.
+	
+	* pandora_console/index.php: Added some credits to main page.
+	
+	* operation/incidents/incident.php: Improved incident
+	visualization. Fixed some render bugs in last raul's commit :->
+	
+	* operation/incidents/incident_detail.php: Now incidents could be
+	"reported" using event button for submit incident.
+	
+	* operation/events/events.php: Pagination is now using LIMIT SQL
+	syntax, and pagination works fine. Several issues fixed, and added
+	function to report incident from here.
+	
+	* images/ok.gif, cancel.gif: Changed icon.
+
+	* images/control_start_blue.png: Added.
+
+	* images/page_lightning.png: Added.
+	
+	* images/control_rewind_blue.png: Added.
+	
+	* images/control_end_blue.png: Added.
+	
+	* images/control_fastforward_blue.png: Added.
+
 2007-02-02 Manuel Arostegui <marostegui@artica.es>
 
 	* pandora_console.spec: Fixed small weird bug submitted to my email.

pandora_console/include/config.php

@@ -33,7 +33,7 @@ $attachment_store="/var/www/pandora_console";	//This is directory where placed "
 $config_fontpath = "../reporting/FreeSans.ttf";	// Change this to your font folder, if needed.
 
 // Do not display any ERROR
-error_reporting(0);
+error_reporting(E_ALL);
 
 // Uncomment next  to Display all errors, warnings and notices
 // error_reporting(E_ALL);

pandora_console/include/functions.php

@@ -398,11 +398,13 @@ function pagination ($count, $url, $offset ) {
 	   " http://pandora/index.php?sec=godmode&sec2=godmode/admin_access_logs "
 	   
 	*/
-	$block_limit = 10; // Visualize only $block_limit blocks 
+	$block_limit = 15; // Visualize only $block_limit blocks
 	if ($count > $block_size){
 		// If exists more registers than I can put in a page, calculate index markers
 		$index_counter = ceil($count/$block_size); // Number of blocks of block_size with data
-		$index_page = ceil($offset/$block_size); // block to begin to show data
+		$index_page = ceil($offset/$block_size)-(ceil($block_limit/2)); // block to begin to show data;
+		if ($index_page < 0)
+			$index_page = 0;
 
 		// This calculate index_limit, block limit for this search.
 		if (($index_page + $block_limit) > $index_counter)
@@ -425,43 +427,56 @@ function pagination ($count, $url, $offset ) {
 		else
 			$inicio_pag = 0;
 
-		// This shows first "<" in query, only if there
-		if (($index_page > 0) and ($paginacion_maxima ==1)){
-			$index_page_prev= ($index_page-1)*$block_size;
-			echo '<a href="'.$url.'&offset='.$index_page_prev.'">&lt;</a> ';
+		echo "<div>";
+		// Show GOTO FIRST button
+		echo '<a href="'.$url.'&offset=0">';
+		echo "<img src='images/control_start_blue.png'>";
+		echo "</a>";
+		echo "&nbsp;";
+		// Show PREVIOUS button
+		if ($index_page > 0){
+			$index_page_prev= ($index_page-$block_limit)*$block_size;
+			if ($index_page_prev < 0)
+				$index_page_prev = 0;
+			echo '<a href="'.$url.'&offset='.$index_page_prev.'"><img src="images/control_rewind_blue.png"></a> ';
 		}
 
 		// Draw blocks markers
-		echo "<div>";
-		for ($i = $inicio_pag; $i <= $index_limit; $i++) {
+		for ($i = $inicio_pag; $i < $index_limit; $i++) {
 			$inicio_bloque = ($i * $block_size);
 			$final_bloque = $inicio_bloque + $block_size;
 			if ($final_bloque > $count){ // if upper limit is beyond max, this shouldnt be possible !
 				$final_bloque = ($i-1)*$block_size + $count-(($i-1) * $block_size);
 			}
-			if (isset($filter_item))
-				echo '<a href="'.$url.'&offset='.$inicio_bloque.'">';
-			else
+			echo "<span>";
 			echo '<a href="'.$url.'&offset='.$inicio_bloque.'">';
 			$inicio_bloque_fake = $inicio_bloque + 1;
-			// Show ">" marker if paginacion maxima limit reached and last block is shown.
-			if (($i==$inicio_pag + $block_limit) AND ($paginacion_maxima ==1)){
-				echo "&gt;</a> ";
+			// Show NEXT PAGE
+			if (($i >= $inicio_pag + $block_limit) AND ($paginacion_maxima == 1)){
+				echo "<img src='images/control_fastforward_blue.png'></a> ";
 				$i = $index_counter;
 			}
 			else {	// Calculate last block (doesnt end with round data, it must be shown if not round to block limit)
 				if ($inicio_bloque == $offset)
-					echo '<b>[ '.$inicio_bloque_fake.'-'.$final_bloque.' ]</b>';
+					echo "<b>[ $i ]</b>";
 				else
-					echo '[ '.$inicio_bloque_fake.'-'.$final_bloque.' ]';
+					echo "[ $i ]";
 				echo '</a> ';
 			}
+			echo "</span>";
 		}
-		echo "</div>";
 		// if exists more registers than i can put in a page (defined by $block_size config parameter)
 		// get offset for index calculation
 
 	}
+	// Draw "last" block link
+	if (($count - $block_size) > 0){
+		echo '&nbsp;<a href="'.$url.'&offset='.($count - $block_size).'">';
+		echo "<img src='images/control_end_blue.png'>";
+		echo "</a>";
+	}
+	// End div and layout
+	echo "</div>";
 }
 
 ?>

pandora_console/include/functions_db.php

@@ -164,6 +164,20 @@ function dame_agente_modulo_id($id_agente, $id_tipomodulo, $nombre){
 	return $pro;
 }
 
+// --------------------------------------------------------------- 
+// Returns event description given it's id
+// --------------------------------------------------------------- 
+
+function return_event_description ($id_event){
+	require("config.php");
+	$query1="SELECT evento FROM tevento WHERE id_evento = $id_event";
+	$resq1=mysql_query($query1);
+	if ($rowdup=mysql_fetch_array($resq1))
+		$pro=$rowdup[0];
+	else
+		$pro = "";
+	return $pro;
+}
 
 // --------------------------------------------------------------- 
 // Return ID_Group from an event given as id_event

pandora_console/include/languages/language_en.php

@@ -600,7 +600,7 @@ $lang_label["no_incidents"]="No incident matches your search filter";
 $lang_label["no_agent_alert"]=" so there are no alerts";
 
 $lang_label["wrote"]=" wrote";
-$lang_label["no_snmp_agent"]="There are no SNMP agents";
+$lang_label["no_snmp_agent"]="There are no SNMP traps in database";
 $lang_label["no_snmp_alert"]="There are no SNMP alerts";
 $lang_label["no_agent_def"]="There are no defined agents";
 
@@ -651,6 +651,8 @@ $lang_label["background_image"]="Background image";
 $lang_label["help"]="Help";
 $lang_label["no_monitors_g"]="This group doesn't have any monitor";
 
+// New strings for 1.3 version
+
 // 15 dev, new for 1.3 dev
 $lang_label["reporting"]="Reporting";
 $lang_label["agent_general_reporting"]="Agent overview";
@@ -658,7 +660,8 @@ $lang_label["agent_general_reporting"]="Agent overview";
 // 5 Jan 2007
 $lang_label["active_console"]="Active console";
 
-
+$lang_label["validate_event_failed"]="Event validation failed";
+// 
 global $lang_label; 
 global $help_label;
 ?>

pandora_console/index.php

@@ -17,6 +17,12 @@
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
+// Pandora FMS 1.x uses icons from famfamfam, licensed under CC Atr. 2.5
+// Silk icon set 1.3
+// (cc) Mark James, http://www.famfamfam.com/lab/icons/silk/
+
+// Pandora FMS 1.x uses Pear Image::Graph code
+
 session_start(); 
 include "include/config.php";
 include "include/languages/language_".$language_code.".php";

pandora_console/operation/events/events.php

@@ -52,9 +52,17 @@
 // Load global vars
 require("include/config.php");
 
-if (comprueba_login() == 0) {
+if (comprueba_login() != 0) {
+ 	audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer");
+	no_permission();
+}
+
 $accion = "";
- 	if (give_acl($id_user, 0, "AR")==1) {
+if (give_acl($id_user, 0, "AR")!=1) {
+	audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer");
+	no_permission();
+}
+	
 // OPERATIONS
 // Delete Event (only incident management access).
 if (isset($_GET["delete"])){
@@ -79,9 +87,13 @@ if (comprueba_login() == 0) {
 	// Look for event_id following parameters: id_group.
 	$id_group = gime_idgroup_from_idevent($id_evento);
 	if (give_acl($id_user, $id_group, "IW") ==1){
-			$sql2="UPDATE tevento SET estado=1, id_user = '".$id_user."' WHERE id_evento = ".$id_evento;
+		$sql2="UPDATE tevento SET estado = 1, id_usuario = '".$id_user."' WHERE id_evento = ".$id_evento;
 		$result2=mysql_query($sql2);
-			if ($result2) { echo "<h3 class='suc'>".$lang_label["validate_event_ok"]."</h3>";}
+		if ($result2) {
+			echo "<h3 class='suc'>".$lang_label["validate_event_ok"]."</h3>";
+		} else {
+			echo "<h3 class='error'>".$lang_label["validate_event_failed"]."</h3>";
+		}
 
 	} else {
 		audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to checkout event ID".$id_evento);
@@ -124,21 +136,33 @@ if (comprueba_login() == 0) {
 	}
 }
 
+// ***********************************************************************
+// Main code form / page
+// ***********************************************************************
+
+
+// Get data
+
+$offset=0;
+if (isset($_GET["offset"]))
+	$offset=$_GET["offset"];
+
+$ev_group = -1;
+if (isset($_POST["ev_group"]))
+	$ev_group = $_POST["ev_group"];
+
+$event="All";
+if (isset($_POST["event"]))
+	$event = entrada_limpia($_POST["event"]);
+
 echo "<h2>".$lang_label["events"]."</h2>";
 echo "<h3>".$lang_label["event_main_view"]."<a href='help/".$help_code."/chap5.php#5' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
 echo "<table cellpadding='3' cellspacing='3'><tr>";
 
-	if (isset($_POST["ev_group"])) {
-		$ev_group = $_POST["ev_group"];
-	} else {
-		$ev_group = -1;
-	}
 echo "<form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60'>";
-
 echo "<td>".$lang_label["group"]."</td>";
 echo "<td>";
 echo "<select name='ev_group' onChange='javascript:this.form.submit();' class='w130'>";
-
 if ( $ev_group > 1 ){
 	echo "<option value='".$ev_group."'>".dame_nombre_grupo($ev_group);
 }
@@ -158,71 +182,46 @@ if (comprueba_login() == 0) {
 echo "<tr><td valign='middle'>".$lang_label["events"]."</td>";
 echo "<td><form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60'>";
 echo "<select name='event' onChange='javascript:this.form.submit();' class='w155'>";
-
-	// Prepare index for pagination
-	$event_list[]="";
-	if (isset($_POST["event"])){
-		$event = entrada_limpia($_POST["event"]);
-		if ($event=="All")
-		{
-			if (isset($ev_group) && ($ev_group > 1)) {
-				$sql2="SELECT * FROM tevento WHERE id_grupo = '$ev_group' ORDER BY timestamp DESC";
-			} else {
-				$sql2="SELECT * FROM tevento ORDER BY timestamp DESC";
-			}
-		} else {
-			if (isset($ev_group) && ($ev_group > 1)) {
-				$sql2="SELECT * FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group' ORDER BY timestamp DESC";
-			} else {
-				$sql2="SELECT * FROM tevento WHERE evento = '$event' ORDER BY timestamp DESC";
-				}
-			echo "<option value='".$event."'>".$event."</option>";
-		}
-	} else {
-		$sql2="SELECT * FROM tevento ORDER BY timestamp DESC";
-	}
 echo "<option value='All'>".$lang_label["all"]."</option>";
-	$result2=mysql_query($sql2);
-	if (mysql_num_rows($result2)){
-		while ($row2=mysql_fetch_array($result2)){ // Jump offset records
 
-			$id_grupo = $row2["id_grupo"];
-				if (give_acl($id_user, $id_grupo, "IR") == 1) // Only incident read access to view data !
-					$event_list[]=$row2["id_evento"];
-		}
-		if (isset($_GET["offset"]))
-			$offset=$_GET["offset"];
+// Fill event type combo (DISTINCT!)
+if (isset($ev_group) && ($ev_group > 1))
+	$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group' DESC LIMIT $offset, $block_size";
 else
-			$offset=0;
-	
-		$offset_counter=0;
-	if (isset($ev_group) && ($ev_group > 1)) {
-		$sql="SELECT DISTINCT evento FROM tevento WHERE id_grupo = '$ev_group'";
-	} else {
-		$sql="SELECT DISTINCT evento FROM tevento";
-	}
+	$sql="SELECT DISTINCT evento FROM tevento DESC LIMIT $offset, $block_size";
 $result=mysql_query($sql);
-	while ($row=mysql_fetch_array($result)){
+// Make query for distinct (to fill combo)
+while ($row=mysql_fetch_array($result))
 	echo "<option value='".$row["evento"]."'>".$row["evento"]."</option>";
-	}
 echo "</select>";
 echo "</form>";
 echo "<td valign='middle'>";
-	echo "<noscript>
-	<input type='submit' class='sub' value='".$lang_label["show"]."'>
-	</noscript>";
+echo "<noscript><input type='submit' class='sub' value='".$lang_label["show"]."'></noscript>";
 echo "</td></tr>";
 echo "</table>";
 echo "<br>";
 	
-	//pagination
-	$total_eventos = count($event_list);
-	pagination($total_eventos, "index.php?sec=eventos&sec2=operation/events/events", $offset);
-	if (isset($_GET["offset"])){
-		$offset=entrada_limpia($_GET["offset"]);
+// How many events do I have in total ?
+if ($event=="All"){
+	if (isset($ev_group) && ($ev_group > 1)) {
+		$sql3="SELECT COUNT(id_evento) FROM tevento WHERE id_grupo = '$ev_group' ";
 	} else {
-		$offset=0;
+		$sql3="SELECT COUNT(id_evento) FROM tevento";
 	}
+} else {
+	if (isset($ev_group) && ($ev_group > 1)) {
+		$sql3="SELECT COUNT(id_evento) FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group'";
+	} else {
+		$sql3="SELECT COUNT(id_evento) FROM tevento WHERE evento = '$event' ";
+	}
+}
+$result3=mysql_query($sql3);
+$row3=mysql_fetch_array($result3);
+$total_events = $row3[0];
+// Show pagination header
+pagination($total_events, "index.php?sec=eventos&sec2=operation/events/events", $offset);
+	
+// Show data.
 	
 echo "<br>";
 echo "<table cellpadding='3' cellspacing='3' width='775'>";
@@ -233,46 +232,34 @@ if (comprueba_login() == 0) {
 echo "<th>".$lang_label["group"]."</th>";
 echo "<th>".$lang_label["id_user"]."</th>";
 echo "<th class='w130'>".$lang_label["timestamp"]."</th>";
-	echo "<th>".$lang_label["action"]."</th>";
+echo "<th width='62'>".$lang_label["action"]."</th>";
 echo "<th class='p10'>";
 echo "<label for='checkbox' class='p21'>".$lang_label["all"]." </label>";
 echo '<input type="checkbox" class="chk" name="allbox" onclick="CheckAll();"></th>';
 echo "<form name='eventtable' method='POST' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&offset=".$offset."'>";
 $color = 1;
 $id_evento = 0;
-	if ($offset !=0)
-		$offset_limit = $offset +1;
-	else
-		$offset_limit = $offset;
-	// Skip offset records
-	for ($a=$offset_limit;$a < ($block_size + $offset + 1);$a++){
-		if (isset($event_list[$a])) {
-			$id_evento = $event_list[$a]; 
-			if ($id_evento != ""){
-				if (isset($_POST["event"])) {
-					$event = entrada_limpia($_POST["event"]);
+
+// Prepare index for pagination. Prepare queries
 if ($event=="All"){
 	if (isset($ev_group) && ($ev_group > 1)) {
-							$sql="SELECT * FROM tevento WHERE id_evento = '$id_evento' AND id_grupo = '$ev_group'";
+		$sql2="SELECT * FROM tevento WHERE id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size";
 	} else {
-							$sql="SELECT * FROM tevento WHERE id_evento = '$id_evento'";
+		$sql2="SELECT * FROM tevento ORDER BY timestamp DESC LIMIT $offset, $block_size";
 	}
-						
 } else {
 	if (isset($ev_group) && ($ev_group > 1)) {
-							$sql="SELECT * FROM tevento WHERE evento= '$event' AND id_evento = '$id_evento' AND id_grupo = '$ev_group'";
+		$sql2="SELECT * FROM tevento WHERE evento = '$event' AND id_grupo = '$ev_group' ORDER BY timestamp DESC LIMIT $offset, $block_size";
 	} else {
-							$sql="SELECT * FROM tevento WHERE evento= '$event' AND id_evento = '$id_evento'";
+		$sql2="SELECT * FROM tevento WHERE evento = '$event' ORDER BY timestamp DESC LIMIT $offset, $block_size";
 	}
 }
-					
-					
-				} else {
-					$sql="SELECT * FROM tevento WHERE id_evento = $id_evento";
-				}
-				$result=mysql_query($sql);
-				$row=mysql_fetch_array($result);
-				$id_group = $row["id_grupo"];
+// Make query for data (all data, not only distinct).
+$result2=mysql_query($sql2);
+while ($row2=mysql_fetch_array($result2)){
+	$id_grupo = $row2["id_grupo"];
+	if (give_acl($id_user, $id_grupo, "IR") == 1){ // Only incident read access to view data !
+		$id_group = $row2["id_grupo"];
 		if ($color == 1){
 			$tdcolor = "datos";
 			$color = 0;
@@ -281,38 +268,41 @@ if (comprueba_login() == 0) {
 			$tdcolor = "datos2";
 			$color = 1;
 		}
-				//if (give_acl($id_user, $id_group, "IR") == 1){ // Only incident read access to view data
-				$offset_counter++;
+		
 		echo "<tr><td class='$tdcolor' align='center'>";
-				if ($row["estado"] == 0)
+		if ($row2["estado"] == 0)
 			echo "<img src='images/dot_red.gif'>";
 		else
 			echo "<img src='images/dot_green.gif'>";
-				echo "<td class='$tdcolor'>".$row["evento"];
-				if ($row["id_agente"] > 0){
-						echo "<td class='$tdcolor'><a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row["id_agente"]."'><b>".dame_nombre_agente($row["id_agente"])."</b></a>";
-						echo "<td class='$tdcolor'><img src='images/g_".show_icon_group($id_group).".gif'> ( ".dame_grupo($id_group)." )</td>";
+		echo "<td class='$tdcolor'>".$row2["evento"];
+		if ($row2["id_agente"] > 0){
+				echo "<td class='$tdcolor'><a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."'><b>".dame_nombre_agente($row2["id_agente"])."</b></a>";
+				echo "<td class='$tdcolor'><img src='images/g_".show_icon_group($id_group).".gif'></td>";
 				echo "<td class='$tdcolor'>";
 			} else { // for SNMP generated alerts
 				echo "<td class='$tdcolor' colspan='2'>".$lang_label["alert"]." /  SNMP";
-						echo "<td class='$tdcolor'>";
+				echo "<td class='$tdcolor' width='95'>";
 			}
-					if ($row["estado"] <> 0)
-						echo "<a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row["id_usuario"])."</span></a>".substr($row["id_usuario"],0,8)."</a>";
-					echo "<td class='$tdcolor'>".$row["timestamp"];
-					echo "<td class='$tdcolor' align='center'>";
+			if ($row2["estado"] <> 0)
+				echo "<a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row2["id_usuario"])."</span></a>".substr($row2["id_usuario"],0,8)."</a>";
+			echo "<td class='$tdcolor'>".$row2["timestamp"];
+			echo "<td class='$tdcolor' align='right'>";
 
-					if (($row["estado"] == 0) and (give_acl($id_user,$id_group,"IW") ==1))
-						echo "<a href='index.php?sec=eventos&sec2=operation/events/events&check=".$row["id_evento"]."'><img src='images/ok.gif' border='0'></a>";
+			if (($row2["estado"] == 0) and (give_acl($id_user,$id_group,"IW") ==1))
+				echo "<a href='index.php?sec=eventos&sec2=operation/events/events&offset=".$offset."&check=".$row2["id_evento"]."'><img src='images/ok.gif' border='0'></a>";
 			if (give_acl($id_user,$id_group,"IM") ==1)
-						echo "<a href='index.php?sec=eventos&sec2=operation/events/events&delete=".$row["id_evento"]."&refr=60&offset=".$offset."'><img src='images/cancel.gif' border=0></a>";
+				echo "<a href='index.php?sec=eventos&sec2=operation/events/events&delete=".$row2["id_evento"]."&refr=60&offset=".$offset."'><img src='images/cancel.gif' border=0></a> ";
+				
+			if (give_acl($id_user,$id_group,"IW") == 1)
+				echo "<a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form&from_event=".$row2["id_evento"]."'><img src='images/page_lightning.png' border=0></a>";
+				
 			echo "<td class='$tdcolor' align='center'>";
-					echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' value='".$row["id_evento"]."'>";
+			echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."' value='".$row2["id_evento"]."'>";
 			echo "</td></tr>";
 		//}
 	}
 }
-	}
+	
 echo "<tr><td colspan='8'><div class='raya'></div></td></tr>";
 echo "<tr><td colspan='8' align='right'>";
 
@@ -321,13 +311,9 @@ if (comprueba_login() == 0) {
 	echo "<input class='sub' type='submit' name='deletebt' value='".$lang_label["delete"]."'>";
 }
 echo "</form></table>";
-	}
-	else {echo "</select></form></td></tr></table><br><div class='nf'>".$lang_label["no_event"]."</div>";}
-	}
-	else {
-		audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access event viewer");
-		require ("general/noaccess.php");
-	}
-}
+
+	/* else {echo "</select></form></td></tr></table><br><div class='nf'>".$lang_label["no_event"]."</div>";}
+	} */
+
 
 ?>

pandora_console/operation/incidents/incident.php

@@ -18,13 +18,21 @@
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 // Load global vars
+
 require("include/config.php");
-
-if (comprueba_login() == 0) {
-	
-$accion = "";
+if (comprueba_login() != 0) {
+	audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access incident viewer");
+	require ("general/noaccess.php");
+	exit;
+}
 $id_usuario =$_SESSION["id_usuario"];
-if ((give_acl($id_user, 0, "IR")==1) OR (give_acl($id_user, 0, "IM")==1) or (dame_admin($id_user)==1)) { 
+$accion = "";
+if (give_acl($id_usuario, 0, "IR")!=1) {
+	audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access incident viewer");
+	require ("general/noaccess.php");
+	exit;
+}
+
 if (isset($_GET["quick_delete"])){
 	$id_inc = $_GET["quick_delete"];
 	$sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc;
@@ -109,14 +117,13 @@ if ((give_acl($id_user, 0, "IR")==1) OR (give_acl($id_user, 0, "IM")==1) or (dam
 						$sql1 =$sql1.' AND id_grupo='.$_POST["grupo"];
 		}
 	}
+
+
 $sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC";
 $sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1;
 $sql1=$sql0;
 echo "<h2>".$lang_label["incident_manag"]."</h2>";
 echo "<h3>".$lang_label["manage_incidents"]."<a href='help/".$help_code."/chap4.php#4' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
-?>
-
-<?php
 if (isset($_POST['operacion'])){
 	echo "<h3>".$lang_label["incident_view_filter"]." - ".$_POST['operacion']."</h3>";
 }
@@ -196,15 +203,10 @@ if (isset($_POST['operacion'])){
 echo '<option value="3">'.$lang_label["serious"];
 echo '<option value="4">'.$lang_label["very_serious"];
 echo '<option value="10">'.$lang_label["maintenance"];
-?>
-</select>
-</td>
-<td valign="middle"><noscript><input type="submit" class="sub" value="<?php echo $lang_label["show"] ?>" border="0"></noscript>
-</td>
-
-<tr><td>
-<select name="grupo" onChange="javascript:this.form.submit();" class="w155">
-<?php 
+echo "</select></td><td valign='middle¡><noscript>";
+echo "<input type='submit' class='sub' value='".$lang_label["show"]."' border='0'></noscript>";
+echo "</td>";
+echo '<tr><td><select name="grupo" onChange="javascript:this.form.submit();" class="w155">';
 
 if (isset($_GET["grupo"])){
 echo "<option value=".$_GET["grupo"].">";
@@ -219,23 +221,20 @@ if (isset($_POST['operacion'])){
 while ($row2=mysql_fetch_array($result2)){
 	echo "<option value=".$row2["id_grupo"].">".$row2["nombre"];
 }
-?>
-</select>
-</td>
-<td valign="middle"><noscript><input type="submit" class="sub" value="<?php echo $lang_label["show"] ?>" border="0"></noscript>
-</td>
 
-<?php
+echo "</select></td><td valign='middle'><noscript><input type='submit' class='sub' value='".$lang_label["show"]."' border='0'></noscript></td>";
+
 // Pass search parameters for possible future filter searching by user
 if (isset($_GET["usuario"]))
 	echo "<input type='hidden' name='usuario' value='".$_GET["usuario"]."'>";
 if (isset($_GET["texto"]))
 	echo "<input type='hidden' name='texto' value='".$_GET["texto"]."'>";
-?>
 
+echo "
 	</table>
 	</form>
-<?php
+	<br><br>
+	<table>";
 
 // Offset adjustment
 if (isset($_GET["offset"]))
@@ -248,11 +247,12 @@ if (isset($_POST['operacion'])){
 $result2=mysql_query($sql1);
 
 if (!mysql_num_rows($result2)) {
-	echo '<div class="nf">'.$lang_label["no_incidents"].'</div><br><table>';}
-	else {
+	echo '<div class="nf">'.$lang_label["no_incidents"].'</div><br></table>';
+} else {
 	while ($row2=mysql_fetch_array($result2)){ // Jump offset records
 		$id_group = $row2["id_grupo"];
-		if (give_acl($id_usuario, $id_group, "IR") ==1){ // Only incident read access to view data !
+		if (give_acl($id_usuario, $id_group, "IR") ==1){
+		// Only incident read access to view data !
 			$incident_list[]=$row2["id_incidencia"];
 		}
 	}
@@ -279,6 +279,7 @@ if (isset($_POST['operacion'])){
 	pagination ($total_incidentes, $url, $offset);
 	echo '<br>';
 	// Show headers
+	
 	echo "<table cellpadding='3' cellspacing='3' width='770'>";
 	echo "<tr>";
 	echo "<th width='43'>ID";
@@ -376,15 +377,18 @@ if (isset($_POST['operacion'])){
 				echo "<td class='$tdcolor'>".$row["origen"];
 				echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row["id_usuario"]."'><a href='#' class='tip'>&nbsp;<span>".dame_nombre_real($row["id_usuario"])."</span></a>".substr($row["id_usuario"], 0, 8)."</a></td>";
 				$id_author_inc = $row["id_usuario"];
-				if ((give_acl($id_usuario, $id_group, "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){ // Only incident owners or incident manager from this group can delete incidents	
+				if ((give_acl($id_usuario, $id_group, "IM") ==1) OR
+				($_SESSION["id_usuario"] == $id_author_inc) ){
+				// Only incident owners or incident manager
+				// from this group can delete incidents
 					echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row["id_incidencia"]."' onClick='if (!confirm(\' ".$lang_label["are_you_sure"]."\')) return false;'><img src='images/cancel.gif' border='0'></a></td>";
 				}
 			} // if ACL is correct
 		}
 	}
-
 	echo "<tr><td colspan='9'><div class='raya'></div>"	;
 }
+
 if (give_acl($_SESSION["id_usuario"], 0, "IW")==1) {
 	echo "<tr><td align='right' colspan='9'>";
 	echo "<form method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form'>";
@@ -392,10 +396,4 @@ echo "<tr><td colspan='9'><div class='raya'></div>"	;
 }
 echo "</td></tr></table>";
 
-	}
-	else {
-		require ("general/noaccess.php");
-		audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Incident section");
-	}
-}
 ?>

pandora_console/operation/incidents/incident_detail.php

@@ -20,9 +20,29 @@
 // Load global vars
 require("include/config.php");
 
-if (comprueba_login() == 0) {
+if (comprueba_login() != 0) {
+ 	audit_db("Noauth",$REMOTE_ADDR, "No authenticated acces","Trying to access event viewer");
+	require ("general/noaccess.php");
+	exit;
+}
+
+if (isset($_GET["id_grupo"]))
+	$id_grupo = $_GET["id_grupo"];
+else
+	$id_grupo = 0;
+
+$id_user=$_SESSION['id_usuario'];
+if (give_acl($id_user, $id_grupo, "IR") != 1){
+ 	// Doesn't have access to this page
+	audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access to incident ".$id_inc." '".$titulo."'");
+	include ("general/noaccess.php");
+	exit;
+}
+
 $id_grupo = "";
 $creacion_incidente = "";
+
+// EDITION MODE
 if (isset($_GET["id"])){
 	$creacion_incidente = 0;
 	$id_inc = $_GET["id"];
@@ -45,8 +65,6 @@ $creacion_incidente = "";
 	$id_creator = $row["id_creator"];
 	$grupo = dame_nombre_grupo($id_grupo);
 
-		// Has access to this page ???
-		if (give_acl($iduser_temp, $id_grupo, "IR")==1){
 	// Note add
 	if (isset($_GET["insertar_nota"])){
 
@@ -69,7 +87,6 @@ $creacion_incidente = "";
 
 		$sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc;
 		$res4 = mysql_query($sql4);
-				
 	}
 
 	// Modify incident
@@ -173,7 +190,6 @@ $creacion_incidente = "";
 			}
 		}
 	}
-		}
 } else { // Not given id
 	// Insert data !
 	if (isset($_POST["accion"]) and ($_POST["accion"] == $lang_label["create"])) {
@@ -196,11 +212,19 @@ $creacion_incidente = "";
 			$id_inc=mysql_insert_id();
 		} else
 			no_permission();
-		} elseif (isset($_GET["insert_form"])){ // Create from to insert
+	 // INSERT FORM.
+	} elseif (isset($_GET["insert_form"])){ 
 		$iduser_temp=$_SESSION['id_usuario'];
+		$titulo = "";
+		if (isset($_GET["from_event"])){
+			$titulo = return_event_description($_GET["from_event"]);
+			$descripcion = "";
+			$origen = "Pandora FMS event";
+		} else {
 			$titulo = "";
 			$descripcion = "";
 			$origen = "";
+		}
 		$prioridad = 0;
 		$id_grupo = 0;
 		$grupo = dame_nombre_grupo(1);
@@ -212,12 +236,12 @@ $creacion_incidente = "";
 		$id_creator = $iduser_temp;
 		$creacion_incidente = 1;
 	} else {
+		audit_db($id_user,$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way");
 		no_permission();
+		
 	}
 }
 
-	// Has access to this page ???
-	if (give_acl($iduser_temp, $id_grupo, "IR")==1){
 // ********************************************************************************************************
 // ********************************************************************************************************
 // Show the form
@@ -228,7 +252,9 @@ $creacion_incidente = "";
 else
 	echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail'>";
 
-		if (isset($id_inc)) {echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";}
+if (isset($id_inc)) {
+	echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";
+}
 echo "<h2>".$lang_label["incident_manag"]."</h2>";
 if (isset($id_inc)) {
 	echo "<h3>".$lang_label["rev_incident"]." # ".$id_inc." <a href='help/".$help_code."/chap4.php#42' target='_help' class='help'>&nbsp;<span>".$lang_label["help"]."</span></a></h3>";
@@ -245,7 +271,7 @@ $creacion_incidente = "";
 echo '<td class="datos2"><b>'.$lang_label["updated_at"].'</b>';
 echo "<td class='datos2'><i>".$actualizacion."</i>";
 echo '<tr><td class="datos"><b>'.$lang_label["in_openedby"].'</b><td class="datos">';
-		if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
+if ((give_acl($id_user, $id_grupo, "IM")==1) OR ($usuario == $id_user)) {
 	echo "<select name='usuario' class='w200'>";
 	echo "<option value='".$usuario."'>".$usuario." - ".dame_nombre_real($usuario);
 	$sql1='SELECT * FROM tusuario ORDER BY id_usuario';
@@ -286,6 +312,7 @@ $creacion_incidente = "";
 echo '<option value="13">'.$lang_label["in_state_13"];
 echo '</select>';
 
+// Only owner could change source or user with Incident management privileges
 if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp))
 	echo '<tr><td class="datos2"><b>'.$lang_label["source"].'</b><td class="datos2"><select name="origen" class="w135">';
 else
@@ -356,12 +383,11 @@ $creacion_incidente = "";
 	if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){
 		echo '<input type="submit" class="sub" name="accion" value="'.$lang_label["in_modinc"].'" border="0">';
 	}
-		}
-		else
+} else {
 	if (give_acl($iduser_temp, $id_grupo, "IW")) {
 		echo '<input type="submit" class="sub" name="accion" value="'.$lang_label["create"].'" border="0">';
 	}
-		
+}
 echo "</form>";
 
 if ($creacion_incidente == 0){
@@ -459,12 +485,5 @@ $creacion_incidente = "";
 	}
 	echo "</form></table>";
 } // create mode
-	}
-	else { // Doesn't have access to this page
-		audit_db($id_usuario,$REMOTE_ADDR, "ACL Violation","Trying to access to incident ".$id_inc." '".$titulo."'");
-		include ("general/noaccess.php");
-	}
-	
-} // fin pagina - end page
 
 ?>