tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-31 01:35:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

2008-09-19 Evi Vanoost <vanooste@rcbi.rochester.edu>

Browse Source 
* include/styles/pandora.css: Removed some duplicate entries while 
        hunting down a specific tag

        * include/functions_html.php: Added class to print_select () and 
        removed the default 'select' display in case of empty

        * include/functions_db.php: Added comment to list_group so coders are 
        reminded to use the html functions instead. Fixed dame_nombre_real
        because a user_id is not an int. Added function list_users similar to
        list_group. Needed to fill input boxes with user selections.

        * include/functions.php: Adhered pagination to correcter HTML style
        removed single quotes and closed open tags

        * operation/incidents/incident_statistics.php: Correcter HTML

        * operation/incidents/incident_search.php: Style changes. Use new 
        functions for html objects

        * operation/incidents/incident_note.php: Inherited into 
        incident_detail.php

        * operation/incident_detail.php: Rewritten for style and security.
        Uses all the functions for html and sql. Added a bunch of security
        checks and made it look a little more consistent. Added virus scanner
        integration with the clamav library for PHP4 or PHP5 (autodetect)

        * operation/incident.php: Rewritten for style and security. Uses all 
        the functions for html and sql.

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1103 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-09-19 16:08:59 +00:00
parent 6ade5177c9
commit 6516651aa9
10 changed files with 711 additions and 887 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pandora_console/ChangeLog
View File

@ -1,3 +1,35 @@
2008-09-19 Evi Vanoost <vanooste@rcbi.rochester.edu>
* include/styles/pandora.css: Removed some duplicate entries while
hunting down a specific tag
* include/functions_html.php: Added class to print_select () and
removed the default 'select' display in case of empty
* include/functions_db.php: Added comment to list_group so coders are
reminded to use the html functions instead. Fixed dame_nombre_real
because a user_id is not an int. Added function list_users similar to
list_group. Needed to fill input boxes with user selections.
* include/functions.php: Adhered pagination to correcter HTML style
removed single quotes and closed open tags
* operation/incidents/incident_statistics.php: Correcter HTML
* operation/incidents/incident_search.php: Style changes. Use new
functions for html objects
* operation/incidents/incident_note.php: Inherited into
incident_detail.php
* operation/incident_detail.php: Rewritten for style and security.
Uses all the functions for html and sql. Added a bunch of security
checks and made it look a little more consistent. Added virus scanner
integration with the clamav library for PHP4 or PHP5 (autodetect)
* operation/incident.php: Rewritten for style and security. Uses all
the functions for html and sql.
2008-09-19 Ramon Novoa <rnovoa@artica.es> 2008-09-19 Ramon Novoa <rnovoa@artica.es>
* godmode/agentes/module_manager_editor_network.php, * godmode/agentes/module_manager_editor_network.php,

14
pandora_console/include/functions.php
View File

@ -324,16 +324,13 @@ function pagination ($count, $url, $offset) {
echo "<div>"; echo "<div>";
// Show GOTO FIRST button // Show GOTO FIRST button
echo '<a href="'.$url.'&offset=0">'; echo '<a href="'.$url.'&offset=0"><img src="images/control_start_blue.png" class="bot" /></a>&nbsp;';
echo "<img src='images/control_start_blue.png' class='bot'>";
echo "</a>";
echo "&nbsp;";
// Show PREVIOUS button // Show PREVIOUS button
if ($index_page > 0){ if ($index_page > 0){
$index_page_prev= ($index_page-(floor($block_limit/2)))*$config["block_size"]; $index_page_prev= ($index_page-(floor($block_limit/2)))*$config["block_size"];
if ($index_page_prev < 0) if ($index_page_prev < 0)
$index_page_prev = 0; $index_page_prev = 0;
echo '<a href="'.$url.'&offset='.$index_page_prev.'"><img src="images/control_rewind_blue.png" class="bot"></a>'; echo '<a href="'.$url.'&offset='.$index_page_prev.'"><img src="images/control_rewind_blue.png" class="bot" /></a>';
} }
echo "&nbsp;";echo "&nbsp;"; echo "&nbsp;";echo "&nbsp;";
// Draw blocks markers // Draw blocks markers
@ -364,8 +361,7 @@ function pagination ($count, $url, $offset) {
$prox_bloque = ($i+ceil($block_limit/2))*$config["block_size"]; $prox_bloque = ($i+ceil($block_limit/2))*$config["block_size"];
if ($prox_bloque > $count) if ($prox_bloque > $count)
$prox_bloque = ($count -1) - $config["block_size"]; $prox_bloque = ($count -1) - $config["block_size"];
echo '<a href="'.$url.'&offset='.$prox_bloque.'">'; echo '<a href="'.$url.'&offset='.$prox_bloque.'"><img class="bot" src="images/control_fastforward_blue.png" /></a>';
echo "<img class='bot' src='images/control_fastforward_blue.png'></a> ";
$i = $index_counter; $i = $index_counter;
} }
// if exists more registers than i can put in a page (defined by $block_size config parameter) // if exists more registers than i can put in a page (defined by $block_size config parameter)
@ -374,9 +370,7 @@ function pagination ($count, $url, $offset) {
// as painted in last block (last integer block). // as painted in last block (last integer block).
if (($count - $config["block_size"]) > 0){ if (($count - $config["block_size"]) > 0){
$myoffset = floor(($count-1)/ $config["block_size"])* $config["block_size"]; $myoffset = floor(($count-1)/ $config["block_size"])* $config["block_size"];
echo '<a href="'.$url.'&offset='.$myoffset.'">'; echo '<a href="'.$url.'&offset='.$myoffset.'"><img class="bot" src="images/control_end_blue.png" /></a>';
echo "<img class='bot' src='images/control_end_blue.png'>";
echo "</a>";
} }
// End div and layout // End div and layout
echo "</div>"; echo "</div>";

34
pandora_console/include/functions_db.php
View File

@ -492,7 +492,7 @@ function dame_id_tipo_modulo_agentemodulo ($id_agente_modulo) {
* @return Real name of given user. * @return Real name of given user.
*/ */
function dame_nombre_real ($id_user) { function dame_nombre_real ($id_user) {
return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', (int) $id_user); return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', $id_user);
} }
/** /**
@ -988,6 +988,9 @@ function give_agentmodule_flag ($id_agent_module) {
* Prints a list of <options> HTML tags with the groups the user has * Prints a list of <options> HTML tags with the groups the user has
* reading privileges. * reading privileges.
* *
* DEPRECATED: Use get_user_groups () in combination with print_select ()
* instead
*
* @param id_user User id * @param id_user User id
* @param show_all Flag to show all the groups or not. True by default. * @param show_all Flag to show all the groups or not. True by default.
* *
@ -1032,6 +1035,35 @@ function list_group2 ($id_user) {
return ($mis_grupos); return ($mis_grupos);
} }
/**
* Get a list of all users in an array [username] => real name
*
* @param order by (id_usuario, nombre_real or fecha_registro)
*
* @return An array of users
*/
function list_users ($order = "nombre_real") {
switch ($order) {
case "id_usuario":
case "fecha_registro":
case "nombre_real":
break;
default:
$order = "nombre_real";
}
$output = array();
$result = get_db_all_rows_sql ("SELECT id_usuario, nombre_real FROM tusuario ORDER BY ".$order);
if ($result !== false) {
foreach ($result as $row) {
$output[$row["id_usuario"]] = $row["nombre_real"];
}
}
return $output;
}
/** /**
* Get all the groups a user has reading privileges. * Get all the groups a user has reading privileges.
* *

34
pandora_console/include/functions_html.php
View File

@ -33,41 +33,51 @@
* @param bool $multiple Set the input to allow multiple selections (optional, single selection by default). * @param bool $multiple Set the input to allow multiple selections (optional, single selection by default).
* @param bool $sort Whether to sort the options or not (optional, unsorted by default). * @param bool $sort Whether to sort the options or not (optional, unsorted by default).
*/ */
function print_select ($fields, $name, $selected = '', $script = '', $nothing = 'select', $nothing_value = '0', $return = false, $multiple = false, $sort = true) { function print_select ($fields, $name, $selected = '', $script = '', $nothing = '', $nothing_value = '0', $return = false, $multiple = false, $sort = true, $class = '', $disabled = false) {
$output = "\n"; $output = "\n";
$attributes = ($script) ? 'onchange="'. $script .'"' : ''; $attributes = "";
if ($multiple){ if (!empty ($script)) {
$attributes .= ' multiple="yes" size=10 '; $attributes .= ' onchange="'.$script.'"';
}
if (!empty ($multiple)) {
$attributes .= ' multiple="yes" size="10"';
}
if (!empty ($class)) {
$attributes .= ' class="'.$class.'"';
}
if (!empty ($disabled)) {
$attributes .= ' disabled';
} }
$output .= '<select id="'.$name.'" name="'.$name.'" '.$attributes.">\n"; $output .= '<select id="'.$name.'" name="'.$name.'"'.$attributes.'>';
if ($nothing != '') { if ($nothing != '') {
$output .= ' <option value="'.$nothing_value.'"'; $output .= '<option value="'.$nothing_value.'"';
if ($nothing_value == $selected) { if ($nothing_value == $selected) {
$output .= " selected"; $output .= " selected";
} }
$output .= '>'.lang_string ($nothing)."</option>\n"; $output .= '>'.$nothing."</option>"; //You should pass a translated string already
} }
if (!empty ($fields)) { if (!empty ($fields)) {
if ($sort) if ($sort !== false) {
asort ($fields); asort ($fields);
}
foreach ($fields as $value => $label) { foreach ($fields as $value => $label) {
$output .= ' <option value="'. $value .'"'; $output .= '<option value="'.$value.'"';
if ($value == $selected) { if ($value == $selected) {
$output .= ' selected'; $output .= ' selected';
} }
if ($label === '') { if ($label === '') {
$output .= '>'. $value ."</option>\n"; $output .= '>'.$value."</option>";
} else { } else {
$output .= '>'. $label ."</option>\n"; $output .= '>'.$label."</option>";
} }
} }
} }
$output .= "</select>\n"; $output .= "</select>";
if ($return) if ($return)
return $output; return $output;

8
pandora_console/include/styles/pandora.css
View File

@ -33,21 +33,15 @@ body {
} }
input, textarea { input, textarea {
border: 1px solid #ddd; border: 1px solid #ddd;
font: verdana, sans-serif;
font-size: 8pt;
} }
textarea { textarea {
padding: 5px; padding: 5px;
height: 100px; height: 100px;
font-family: verdana, sans-serif;
font-size: 8pt;
} }
textarea.conf_editor { textarea.conf_editor {
padding: 5px; padding: 5px;
width: 650; width: 650;
height: 350; height: 350;
font-family: verdana, sans-serif;
font-size: 8pt;
} }
input { input {
padding: 2px 3px 4px 3px; padding: 2px 3px 4px 3px;
@ -63,8 +57,6 @@ input.button {
select { select {
padding: 0px; padding: 0px;
border:1px solid #ddd; border:1px solid #ddd;
font-family: verdana, sans-serif;
font-size: 8pt;
} }
checkbox { checkbox {
padding: 4px; padding: 4px;

619
pandora_console/operation/incidents/incident.php
View File

@ -18,7 +18,6 @@
$accion = "";
require ("include/config.php"); require ("include/config.php");
check_login (); check_login ();
@ -32,444 +31,324 @@ if (! give_acl ($config['id_user'], 0, "IR")) {
// Take input parameters // Take input parameters
// Offset adjustment // Offset adjustment
if (isset($_GET["offset"])) if (isset($_GET["offset"])) {
$offset=$_GET["offset"]; $offset = get_parameter_get ("offset");
else } else {
$offset=0; $offset = 0;
}
// Delete incident // Delete incident
if (isset($_GET["quick_delete"])){ if (isset($_GET["quick_delete"])){
$id_inc = $_GET["quick_delete"]; $id_inc = get_parameter_get ("quick_delete");
$sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc; $sql = "SELECT id_usuario, id_grupo FROM tincidencia WHERE id_incidencia=".$id_inc;
$result2=mysql_query($sql2); $result = get_db_row_sql ($sql);
$row2=mysql_fetch_array($result2); $usuario = give_incident_author ($id_inc);
if ($row2) {
$id_author_inc = $row2["id_usuario"]; if ($result !== false) {
if (give_acl ($config['id_user'], $row2["id_grupo"], "IM") || $config["id_user"] == $id_author_inc) { if (give_acl ($config['id_user'], $result["id_grupo"], "IM") || $config["id_user"] == $result["id_usuario"]) {
borrar_incidencia($id_inc); borrar_incidencia ($id_inc);
echo "<h3 class='suc'>".__('Incident successfully deleted')."</h3>"; echo '<h3 class="suc">'.__('Incident successfully deleted').'</h3>';
audit_db($id_author_inc,$REMOTE_ADDR,"Incident deleted","User ".$config['id_user']." deleted incident #".$id_inc); audit_db ($usuario,$REMOTE_ADDR,"Incident deleted","User ".$config['id_user']." deleted incident #".$id_inc);
} else { } else {
audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident"); audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." tried to delete incident");
echo "<h3 class='error'>".__('There was a problem deleting incident')."</h3>"; echo '<h3 class="error">'.__('There was a problem deleting incident').'</h3>';
no_permission(); no_permission ();
} }
} }
} }
// UPDATE incident // UPDATE incident
if ((isset($_GET["action"])) AND ($_GET["action"]=="update")){ if ((isset ($_GET["action"])) AND ($_GET["action"] == "update")) {
$id_inc = $_POST["id_inc"]; $id_inc = get_parameter_post ("id_inc");
$grupo = entrada_limpia($_POST['grupo_form']); $usuario = give_incident_author ($id_inc);
$usuario= entrada_limpia($_POST["usuario_form"]); $grupo = get_parameter_post ("grupo_form");
if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage incident) or owners can modify incidents if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage incident) or owners can modify incidents
$id_author_inc = give_incident_author($id_inc); $titulo = get_parameter_post ("titulo");
$titulo = entrada_limpia($_POST["titulo"]); $descripcion = get_parameter_post ("descripcion");
$descripcion = entrada_limpia($_POST['descripcion']); $origen = get_parameter_post ("origen_form");
$origen = entrada_limpia($_POST['origen_form']); $prioridad = get_parameter_post ("prioridad_form");
$prioridad = entrada_limpia($_POST['prioridad_form']); $estado = get_parameter_post ("estado_form");
$estado = entrada_limpia($_POST["estado_form"]); $ahora = date ("Y/m/d H:i:s");
$ahora=date("Y/m/d H:i:s");
$sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc; $sql = sprintf ("UPDATE tincidencia SET actualizacion = '%s', titulo = '%s', origen = '%s', estado = %d, id_grupo = %d, id_usuario = '%s', prioridad = %d, descripcion = '%s' WHERE id_incidencia = %d",
$result=mysql_query($sql); $ahora, $titulo, $origen, $estado, $grupo, $usuario, $prioridad, $descripcion, $id_inc);
audit_db($id_author_inc,$REMOTE_ADDR,"Incident updated","User ".$config['id_user']." deleted updated #".$id_inc); $result = process_sql ($sql);
if ($result)
echo "<h3 class='suc'>".__('Incident successfully updated')."</h3>"; if ($result !== false) {
else audit_db($usuario,$REMOTE_ADDR,"Incident updated","User ".$config['id_user']." updated incident #".$id_inc);
echo "<h3 class='suc'>".__('There was a problem updating incident')."</h3>"; echo '<h3 class="suc">'.__('Incident successfully updated').'</h3>';
} else { } else {
audit_db($config['id_user'],$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident"); echo '<h3 class="error">'.__('There was a problem updating the incident').'</h3>';
echo "<h3 class='error'>".__('There was a problem updating incident')."</h3>"; }
} else {
audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$config['id_user']." try to update incident");
no_permission(); no_permission();
} }
} }
// INSERT incident // INSERT incident
if ((isset($_GET["action"])) AND ($_GET["action"]=="insert")){ if ((isset ($_GET["action"])) AND ($_GET["action"] == "insert")) {
$grupo = entrada_limpia($_POST['grupo_form']); $grupo = get_parameter_post ("grupo_form");
$usuario= entrada_limpia($_POST["usuario_form"]); if (give_acl ($config['id_user'], $grupo, "IM")) {
if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage
// Read input variables // Read input variables
$titulo = entrada_limpia($_POST['titulo']); $titulo = get_parameter_post ("titulo");
$inicio = date("Y/m/d H:i:s"); $descripcion = get_parameter_post ("descripcion");
$descripcion = entrada_limpia($_POST['descripcion']); $origen = get_parameter_post ("origen_form");
$texto = $descripcion; // to view in textarea after insert $prioridad = get_parameter_post ("prioridad_form");
$origen = entrada_limpia($_POST['origen_form']);
$prioridad = entrada_limpia($_POST['prioridad_form']);
$actualizacion = $inicio;
$id_creator = $config['id_user']; $id_creator = $config['id_user'];
$estado = entrada_limpia($_POST["estado_form"]); $estado = get_parameter_post ("estado_form");
$sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') "; $sql = sprintf ("INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo,id_creator) VALUES
if (mysql_query($sql)){ (NOW(), NOW(), '%s', '%s', '%s', '%s', %d, %d, '%s')".$titulo,$descripcion,$config["id_user"],$origen,$estado,$prioridad,$grupo,$config["id_user"]);
echo "<h3 class='suc'>".__('Incident successfully created')."</h3>"; $id_inc = process_sql ($sql, "insert_id");
$id_inc=mysql_insert_id();
audit_db($usuario,$REMOTE_ADDR,"Incident created","User ".$config['id_user']." created incident #".$id_inc); if ($id_inc === false) {
echo '<h3 class="error">'.__('Error creating incident').'</h3>';
} else {
audit_db ($config["id_user"], $REMOTE_ADDR, "Incident created", "User ".$config["id_user"]." created incident #".$id_inc);
} }
} else { } else {
audit_db($config['id_user'],$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to create incident"); audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to create incident");
no_permission(); no_permission ();
} }
} }
// Search // Search
$busqueda=""; $filter = "";
if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){
if (isset($_POST["texto"])){
$texto_form = $_POST["texto"];
$_GET["texto"]=$texto_form; // Update GET vars if data comes from POST
} else // GET
$texto_form = $_GET["texto"];
$busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )"; $texto = (string) get_parameter ("texto", "");
} if ($texto != "")
$filter .= sprintf (" AND (titulo LIKE '%%%s%%' OR descripcion LIKE '%%%s%%')", $texto, $texto);
if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){ $usuario = (string) get_parameter ("usuario", "All");
if (isset($_POST["usuario"])){ if ($usuario != "All")
$usuario_form = $_POST["usuario"]; $filter .= sprintf (" AND id_usuario = '%s'", $usuario);
$_GET["usuario"]=$usuario_form;
} else // GET
$usuario_form=$_GET["usuario"];
if ($usuario_form != ""){ $estado = (int) get_parameter ("estado", -1);
if (isset($_GET["texto"])) if ($estado != -1) //-1 = All
$busqueda = $busqueda." and "; $filter .= sprintf (" AND estado = %d", $estado);
$busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' ";
$grupo = (int) get_parameter ("grupo", 1);
if ($grupo != 1) {
$filter .= sprintf (" AND id_grupo = %d", $grupo);
if (give_acl ($config['id_user'], $grupo, "IM") == 0) {
audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to read incidents from group without access");
no_permission ();
} }
} }
// Filter $prioridad = (int) get_parameter ("prioridad", -1);
if ($busqueda != "") if ($prioridad != -1) //-1 = All
$sql1= "WHERE ".$busqueda; $filter .= sprintf (" AND prioridad = %d", $prioridad);
else
$sql1="";
if (isset($_GET["estado"]) and (!isset($_POST["estado"]))) $offset = (int) get_parameter ("offset", 0);
$_POST["estado"]=$_GET["estado"]; $groups = get_user_groups ($config["id_user"]);
if (isset($_GET["grupo"]) and (!isset($_POST["grupo"])))
$_POST["grupo"]=$_GET["grupo"];
if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"])))
$_POST["prioridad"]=$_GET["prioridad"];
if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) { //Select incidencts where the user has access to ($groups from
if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){ //get_user_groups), array_keys for the id, implode to pass to SQL
$_GET["estado"] = $_POST["estado"]; $sql = "SELECT * FROM tincidencia WHERE
if ($sql1 == "") id_grupo IN (".implode (",",array_keys ($groups)).")".$filter."
$sql1='WHERE estado='.$_POST["estado"]; ORDER BY actualizacion DESC LIMIT ".$offset.",".$config["block_size"];
else
$sql1 =$sql1.' AND estado='.$_POST["estado"];
}
if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) { $result = get_db_all_rows_sql ($sql);
$_GET["prioridad"]=$_POST["prioridad"]; if (empty ($result)) {
if ($sql1 == "") $result = array ();
$sql1='WHERE prioridad='.$_POST["prioridad"]; $count = 0;
else } else {
$sql1 =$sql1.' and prioridad='.$_POST["prioridad"]; $count = count ($result);
}
if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) {
$_GET["grupo"] = $_POST["grupo"];
if ($sql1 == "")
$sql1='WHERE id_grupo='.$_POST["grupo"];
else
$sql1 =$sql1.' AND id_grupo='.$_POST["grupo"];
}
}
$sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC";
$sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1;
$sql1=$sql0;
$sql1=$sql1." LIMIT $offset, ".$config["block_size"];
echo "<h2>".__('Incident management')." &gt; ";
echo __('Manage incidents')."</h2>";
if (isset($_POST['operacion'])){
echo __('Viewing incidents')." - ".$_POST['operacion']."</h2>";
} }
?> echo '<h2>'.__('Incident management').' &gt; '.__('Manage incidents').'</h2>
<form name='visualizacion' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident'> <form name="visualizacion" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident">
<table class="databox" cellpadding="4" cellspacing="4"> <table class="databox" cellpadding="4" cellspacing="4" width="700px"><tr>
<tr>
<td valign="middle"> <td valign="middle">
<h3><?php echo __('Filter'); ?></h3> <h3>'.__('Filter').'</h3>';
<select name="estado" onChange="javascript:this.form.submit();" class="w155">
<?php
// Tipo de estado (Type)
// 0 - Abierta / Sin notas (Open without notes)
// 1 - Abierta / Notas aniadidas (Open with notes)
// 2 - Descartada (Not valid)
// 3 - Caducada (out of date)
// 13 - Cerrada (closed)
if ((isset($_GET["estado"])) OR (isset($_GET["estado"]))){ $fields = array(); //Reset empty array
if (isset($_GET["estado"])) $fields[-1] = __('All incidents');
$estado = $_GET["estado"]; $fields[0] = __('Active incidents');
if (isset($_POST["estado"])) $fields[2] = __('Rejected incidents');
$estado = $_POST["estado"]; $fields[3] = __('Expired incidents');
echo "<option value='".$estado."'>"; $fields[13] = __('Closed incidents');
switch ($estado){
case -1: echo __('All incidents')."</option>"; break;
case 0: echo __('Active incidents')."</option>"; break;
case 13: echo __('Closed incidents')."</option>"; break;
case 2: echo __('Rejected incidents')."</option>"; break;
case 3: echo __('Expired incidents')."</option>"; break;
}
}
echo "<option value='-1'>".__('All incidents')."</option>"; print_select ($fields, "estado", $estado, 'javascript:this.form.submit();', '', '', false, false, false, 'w155');
echo "<option value='0'>".__('Active incidents')."</option>";
echo "<option value='13'>".__('Closed incidents')."</option>";
echo "<option value='2'>".__('Rejected incidents')."</option>";
echo "<option value='3'>".__('Expired incidents')."</option>";
?>
</select>
</td>
<td valign="middle">
<noscript><input type="submit" class="sub" value="<?php echo __('Show') ?>" border="0"></noscript>
</td>
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;">
<h3><?php echo __('Status') ?></h3>
<img src='images/dot_red.png'> - <?php echo __('Active incidents') ?><br>
<img src='images/dot_yellow.png'> - <?php echo __('Active incidents, with comments') ?><br>
<img src='images/dot_blue.png'> - <?php echo __('Rejected incidents') ?><br>
<img src='images/dot_green.png'> - <?php echo __('Closed incidents') ?><br>
<img src='images/dot_white.png'> - <?php echo __('Expired incidents') ?></td>
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"> //Legend
<h3><?php echo __('Priority') ?></h3> echo '</td><td valign="middle"><noscript>';
<img src='images/dot_red.png'><img src='images/dot_red.png'><img src='images/dot_red.png'> - <?php echo __('Very Serious') ?><br> print_submit_button (__('Show'), 'submit-estado', false, 'class="sub" border="0"');
<img src='images/dot_yellow.png'><img src='images/dot_red.png'><img src='images/dot_red.png'> - <?php echo __('Serious') ?><br> echo '</noscript></td>
<img src='images/dot_yellow.png'><img src='images/dot_yellow.png'><img src='images/dot_red.png'> - <?php echo __('Medium') ?><br> <td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Status').'</h3>
<img src='images/dot_green.png'><img src='images/dot_yellow.png'><img src='images/dot_yellow.png'> - <?php echo __('Low') ?><br> <img src="images/dot_red.png" /> - '.__('Active incidents').'<br />
<img src='images/dot_green.png'><img src='images/dot_green.png'><img src='images/dot_yellow.png'> - <?php echo __('Informative') ?><br> <img src="images/dot_yellow.png" /> - '.__('Active incidents, with comments').'<br />
<img src='images/dot_green.png'><img src='images/dot_green.png'><img src='images/dot_green.png'> - <?php echo __('Maintenance') ?><br> <img src="images/dot_blue.png" /> - '.__('Rejected incidents').'<br />
<tr><td> <img src="images/dot_green.png" /> - '.__('Closed incidents').'<br />
<select name="prioridad" onChange="javascript:this.form.submit();" class="w155"> <img src="images/dot_white.png" /> - '.__('Expired incidents').'</td>
<?php <td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Priority').'</h3>
<img src="images/dot_red.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" /> - '.__('Very Serious').'<br />
<img src="images/dot_yellow.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" /> - '.__('Serious').'<br />
<img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /><img src="images/dot_red.png" /> - '.__('Medium').'<br />
<img src="images/dot_green.png" /><img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /> - '.__('Low').'<br />
<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_yellow.png" /> - '.__('Informative').'<br />
<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_green.png" /> - '.__('Maintenance').'<br />
</td></tr>
<tr><td>';
if ((isset($_GET["prioridad"])) OR (isset($_GET["prioridad"]))){ $fields = array(); //Reset empty array
if (isset($_GET["prioridad"])) $fields[-1] = __('All priorities');
$prioridad = $_GET["prioridad"]; $fields[0] = __('Informative');
if (isset($_POST["prioridad"])) $fields[1] = __('Low');
$prioridad = $_POST["prioridad"]; $fields[2] = __('Medium');
echo "<option value=".$prioridad.">"; $fields[3] = __('Serious');
switch ($prioridad){ $fields[4] = __('Very Serious');
case -1: $fields[10] = __('Maintenance');
echo __('All')." ".__('Priority');
break;
case 0:
echo __('Informative');
break;
case 1:
echo __('Low');
break;
case 2:
echo __('Medium');
break;
case 3:
echo __('Serious');
break;
case 4:
echo __('Very Serious');
break;
case 10:
echo __('Maintenance');
break;
}
}
echo "<option value='-1'>".__('All')." ".__('Priority')."</option>"; // al priorities (default)
echo '<option value="0">'.__('Informative')."</option>";
echo '<option value="1">'.__('Low')."</option>";
echo '<option value="2">'.__('Medium')."</option>";
echo '<option value="3">'.__('Serious')."</option>";
echo '<option value="4">'.__('Very Serious')."</option>";
echo '<option value="10">'.__('Maintenance')."</option>";
echo "</select></td>
<td valign='middle>
<noscript>
<input type='submit' class='sub' value='".__('Show')."' border='0'>
</noscript>";
echo "</td>";
echo '<tr><td><select name="grupo" onChange="javascript:this.form.submit();" class="w155">';
if ((isset($_GET["grupo"])) OR (isset($_GET["grupo"]))){ print_select ($fields, "prioridad", $prioridad, 'javascript:this.form.submit();', '','',false,false,false,'w155');
if (isset($_GET["grupo"]))
$grupo = $_GET["grupo"];
if (isset($_POST["grupo"]))
$grupo = $_POST["grupo"];
echo "<option value=".$grupo.">";
if ($grupo == -1) {
echo __('All')." ".__('groups'); // all groups (default)
} else {
echo dame_nombre_grupo($grupo);
}
echo "</option>";
}
echo "<option value='-1'>".__('All')." ".__('groups')."</option>"; // all groups (default)
$sql2="SELECT * FROM tgrupo";
$result2=mysql_query($sql2);
while ($row2=mysql_fetch_array($result2)){
echo "<option value=".$row2["id_grupo"].">".$row2["nombre"]."</option>";
}
echo "</select></td> echo '</td><td valign="middle"><noscript>';
<td valign='middle'> print_submit_button (__('Show'), 'submit-prioridad', false, 'class="sub" border="0"');
<noscript><input type='submit' class='sub' value='".__('Show')."' border='0'></noscript> echo '</noscript></td></tr><tr><td>';
</td>";
print_select ($groups, "grupo", $grupo, 'javascript:this.form.submit();','','',false,false,false,'w155');
echo '</td><td valign="middle"><noscript>';
print_submit_button (__('Show'), 'submit-grupo', false, 'class="sub" border="0"');
echo '</noscript>';
// Pass search parameters for possible future filter searching by user // Pass search parameters for possible future filter searching by user
if (isset($_GET["usuario"])) print_input_hidden ("usuario", $usuario);
echo "<input type='hidden' name='usuario' value='".$_GET["usuario"]."'>"; print_input_hidden ("texto", $texto);
if (isset($_GET["texto"]))
echo "<input type='hidden' name='texto' value='".$_GET["texto"]."'>";
echo " echo "</td></tr></table></form>";
</table>
</form>
<br><br>
<table>";
$offset_counter=0; if ($count < 1) {
// Prepare index for pagination echo '<div class="nf">'.__('No incidents match your search filter').'</div><br />';
$incident_list[]="";
$result2=mysql_query($sql1);
$result2_count=mysql_query($sql1_count);
$row2_count = mysql_fetch_array($result2_count);
if ($row2_count[0] <= 0 ) {
echo '<div class="nf">'.__('No incident matches your search filter').'</div><br></table>';
echo "<table>";
echo "<tr><td>";
echo "<form method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form'>";
echo "<input type='submit' class='sub next' name='crt' value='".__('Create incident')."'></form>";
echo "</td></tr></table>";
} else { } else {
// TOTAL incidents // TOTAL incidents
$total_incidentes = $row2_count[0];
$url = "index.php?sec=incidencias&sec2=operation/incidents/incident"; $url = "index.php?sec=incidencias&sec2=operation/incidents/incident";
// add form filter values for group, priority, state, and search fields: user and text // add form filter values for group, priority, state, and search fields: user and text
if (isset($_GET["grupo"])) if ($grupo != -1)
$url = $url."&grupo=".$_GET["grupo"]; $url .= "&grupo=".$grupo;
if (isset($_GET["prioridad"])) if ($prioridad != -1)
$url = $url."&prioridad=".$_GET["prioridad"]; $url .= "&prioridad=".$prioridad;
if (isset($_GET["estado"])) if ($estado != -1)
$url = $url."&estado=".$_GET["estado"]; $url .= "&estado=".$estado;
if (isset($_GET["usuario"])) if ($usuario != '')
$url = $url."&usuario=".$_GET["usuario"]; $url .= "&usuario=".$usuario;
if (isset($_GET["texto"])) if ($texto != '')
$url = $url."&texto=".$_GET["texto"]; $url .= "&texto=".$texto;
if (isset($_GET["offset"] ))
$url = $url."&offset=".$_GET["offset"];
// Show pagination // Show pagination
pagination ($total_incidentes, $url, $offset); pagination ($count, $url, $offset);
echo '<br>'; echo '<br />';
// Show headers // Show headers
$table->width = 750;
$table->class = "databox";
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->head = array ();
$table->data = array ();
$table->size = array ();
$table->align = array ();
echo "<table cellpadding='4' cellspacing='4' width='750' class='databox'>"; $table->head[0] = __('ID');
echo "<tr>"; $table->head[1] = __('Status');
echo "<th width='43'>ID</th>"; $table->head[2] = __('Incident');
echo "<th>".__('Status')."</th>"; $table->head[3] = __('Priority');
echo "<th >".__('Incident')."</th>"; $table->head[4] = __('Group');
echo "<th >".__('Priority')."</th>"; $table->head[5] = __('Updated');
echo "<th>".__('Group')."</th>"; $table->head[6] = __('Source');
echo "<th>".__('Updated at')."</th>"; $table->head[7] = __('Owner');
echo "<th>".__('Source')."</th>"; $table->head[8] = __('Delete');
echo "<th width='50'>".__('Owner')."</th>";
echo "<th>".__('Delete')."</th>";
$color = 1;
while ($row2=mysql_fetch_array($result2)){ $table->size[0] = 43;
$id_group = $row2["id_grupo"]; $table->size[7] = 50;
if (give_acl ($config['id_user'], $id_group, "IR")) {
if ($color == 1){
$tdcolor = "datos";
$color = 0;
}
else {
$tdcolor = "datos2";
$color = 1;
}
$note_number = dame_numero_notas($row2["id_incidencia"]);
echo "<tr>";
echo "<td class='$tdcolor' align='center'>
<a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".$row2["id_incidencia"]."</a>";
// Check for attachments in this incident $table->align[1] = "center";
$result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row2["id_incidencia"]); $table->align[3] = "center";
mysql_fetch_array($result3); $table->align[4] = "center";
if (mysql_affected_rows() > 0) $table->align[8] = "center";
echo '&nbsp;&nbsp;<img src="images/file.png" align="middle">';
// Tipo de estado (Type) foreach ($result as $row) {
// 0 - Abierta / Sin notas (Open, no notes) $data = array();
// 1 - Abierta / Notas anyadidas (Open with notes)
// 2 - Descartada (not valid)
// 3 - Caducada (out of date)
// 13 - Cerrada (closed)
// Verify if the status changes $data[0] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$row["id_incidencia"].'">'.$row["id_incidencia"].'</a>';
if (($row2["estado"] == 0) && ($note_number >0 )){ $attnum = get_db_value ('COUNT(*)', 'tattachment', 'id_incidencia', $row["id_incidencia"]);
$row2["estado"] = 1; $notenum = dame_numero_notas ($row["id_incidencia"]);
}
echo "</td><td class='$tdcolor' align='center'>"; if ($attnum > 0)
switch ($row2["estado"]) { $data[0] .= '&nbsp;&nbsp;<img src="images/file.png" align="middle" />';
case 0: echo "<img src='images/dot_red.png'>";
if ($notenum > 0 && $row["estado"] == 0)
$row["estado"] = 1;
switch ($row["estado"]) {
case 0:
$data[1] = '<img src="images/dot_red.png" />';
break; break;
case 1: echo "<img src='images/dot_yellow.png'>"; case 1:
$data[1] = '<img src="images/dot_yellow.png" />';
break; break;
case 2: echo "<img src='images/dot_blue.png'>"; case 2:
$data[1] = '<img src="images/dot_blue.png" />';
break; break;
case 3: echo "<img src='images/dot_white.png'>"; case 3:
$data[1] = '<img src="images/dot_white.png">';
break; break;
case 13: echo "<img src='images/dot_green.png'>"; case 13:
$data[1] = '<img src="images/dot_green.png">';
break; break;
} }
echo "</td><td class='$tdcolor'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".substr(salida_limpia($row2["titulo"]),0,45);
echo "<td class='$tdcolor' align='center'>";
switch ( $row2["prioridad"] ){
case 0: echo "<img src='images/dot_green.png'>"."<img src='images/dot_green.png'>"."<img src='images/dot_yellow.png'>"; break;
case 1: echo "<img src='images/dot_green.png'>"."<img src='images/dot_yellow.png'>"."<img src='images/dot_yellow.png'>"; break;
case 2: echo "<img src='images/dot_yellow.png'>"."<img src='images/dot_yellow.png'>"."<img src='images/dot_red.png'>"; break;
case 3: echo "<img src='images/dot_yellow.png'>"."<img src='images/dot_red.png'>"."<img src='images/dot_red.png'>"; break;
case 4: echo "<img src='images/dot_red.png'>"."<img src='images/dot_red.png'>"."<img src='images/dot_red.png'>"; break;
case 10: echo "<img src='images/dot_green.png'>"."<img src='images/dot_green.png'>"."<img src='images/dot_green.png'>"; break;
}
/*
case 0: echo __('Informative'); break;
case 1: echo __('Low'); break;
case 2: echo __('Medium'); break;
case 3: echo __('Serious'); break;
case 4: echo __('Very Serious'); break;
case 10: echo __('Maintenance'); break;
*/
echo "<td class='$tdcolor' align='center'>";
$id_grupo = $row2["id_grupo"];
echo '<img src="images/groups_small/'.show_icon_group($id_grupo).'.png" title="'.dame_grupo($id_grupo).'">';
$data[2] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$row["id_incidencia"].'">'.safe_input (substr ($row["titulo"],0,45)).'</a>';
echo "<td class='$tdcolor'>".human_time_comparation($row2["actualizacion"]); switch ($row["prioridad"]) {
echo "<td class='$tdcolor'>".$row2["origen"]; case 4:
echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'>".$row2["id_usuario"]."</td>"; $data[3] = '<img src="images/dot_red.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" />';
$id_author_inc = $row2["id_usuario"]; break;
if (give_acl ($config['id_user'], $id_group, "IM") || $config["id_user"] == $id_author_inc) { case 3:
// Only incident owners or incident manager $data[3] = '<img src="images/dot_yellow.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" />';
// from this group can delete incidents break;
echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row2["id_incidencia"]."' onClick='if (!confirm(\' ".__('Are you sure?')."\')) return false;'><img src='images/cross.png' border='0'></a></td>"; case 2:
$data[3] = '<img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /><img src="images/dot_red.png" />';
break;
case 1:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" />';
break;
case 0:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_yellow.png" />';
break;
case 10:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_green.png" />';
break;
} }
}
}
echo "</tr></table>";
if (give_acl ($config["id_user"], 0, "IW")) {
echo "<table width='750px'>";
echo "<tr><td align='right'>";
echo "<form method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form'>";
echo "<input type='submit' class='sub next' name='crt' value='".__('Create incident')."'></form>";
}
echo "</td></tr></table>";
$data[4] = '<img src="images/groups_small/'.show_icon_group ($row["id_grupo"]).'.png" title="'.dame_grupo ($row["id_grupo"]).'" />';
$data[5] = human_time_comparation ($row["actualizacion"]);
$data[6] = $row["origen"];
$data[7] = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$row["id_usuario"].'">'.$row["id_usuario"].'</a>';
if (give_acl ($config["id_user"], $row["id_grupo"], "IM") || $config["id_user"] == $row["id_usuario"]) {
$data[8] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete='.$row["id_incidencia"].'" onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;"><img src="images/cross.png" border="0"></a>';
} else {
$data[8] = '';
}
array_push ($table->data, $data);
}
print_table ($table);
unset ($table);
} }
if (give_acl ($config["id_user"], 0, "IW")) {
echo '<div style="text-align:right; width:750px"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form">';
print_submit_button (__('Create incident'), 'crt', false, 'class="sub next"');
echo '</form></div>';
}
?> ?>

649
pandora_console/operation/incidents/incident_detail.php
View File

@ -18,45 +18,25 @@
// Load global vars // Load global vars
?>
<script language="javascript">
/* Function to hide/unhide a specific Div id */
function toggleDiv (divid){
if (document.getElementById(divid).style.display == 'none'){
document.getElementById(divid).style.display = 'block';
} else {
document.getElementById(divid).style.display = 'none';
}
}
</script>
<?php
require("include/config.php"); require("include/config.php");
check_login (); check_login ();
$id_grupo = get_parameter ('id_grupo'); if (! give_acl ($config["id_user"], 0, "IR")) {
if (! give_acl ($config['id_user'], $id_grupo, "IR")) {
// Doesn't have access to this page // Doesn't have access to this page
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", audit_db ($config["id_user"], $REMOTE_ADDR, "ACL Violation", "Trying to access incident details");
"Trying to access to incident ".$id_inc." '".$titulo."'");
include ("general/noaccess.php"); include ("general/noaccess.php");
exit; exit;
} }
$id_grupo = "";
$creacion_incidente = "";
// EDITION MODE // EDITION MODE
if (isset ($_GET["id"])) { if (isset ($_GET["id"])) {
$creacion_incidente = 0; $id_inc = get_parameter_get ("id");
$id_inc = $_GET["id"];
$iduser_temp=$_SESSION['id_usuario'];
// Obtain group of this incident // Obtain group of this incident
$sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc; $row = get_db_row ("tincidencia","id_incidencia",$id_inc);
$result=mysql_query($sql1);
$row=mysql_fetch_array($result);
// Get values // Get values
$titulo = $row["titulo"]; $titulo = $row["titulo"];
$texto = $row["descripcion"]; $texto = $row["descripcion"];
@ -66,123 +46,144 @@ if (isset ($_GET["id"])) {
$prioridad = $row["prioridad"]; $prioridad = $row["prioridad"];
$origen = $row["origen"]; $origen = $row["origen"];
$usuario = $row["id_usuario"]; $usuario = $row["id_usuario"];
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"]; $id_grupo = $row["id_grupo"];
$id_creator = $row["id_creator"]; $id_creator = $row["id_creator"];
$grupo = dame_nombre_grupo($id_grupo); $upd_sql = sprintf ("UPDATE tincidencia SET actualizacion = NOW(), id_usuario = '%s' WHERE id_incidencia = %d", $usuario, $id_inc);
// Note add - everybody that can read incidents, can add notes
if (isset ($_GET["insertar_nota"])) {
$nota = get_parameter_post ("nota");
// Note add $sql = sprintf ("INSERT INTO tnota (id_usuario, timestamp, nota) VALUES ('%s',NOW(),'%s')",$config["id_user"],$nota);
if (isset($_GET["insertar_nota"])){ $id_nota = process_sql ($sql, "insert_id");
$id_inc = entrada_limpia($_POST["id_inc"]);
$timestamp = entrada_limpia($_POST["timestamp"]);
$nota = entrada_limpia($_POST["nota"]);
$sql1 = "INSERT INTO tnota (id_usuario,timestamp,nota) if ($id_nota !== false) {
VALUES ('".$config['id_user']."','".$timestamp."','".$nota."')"; echo '<h3 class="suc">'.__('Note successfully added').'</h3>';
$res1=mysql_query($sql1); $sql = sprintf ("INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (%d,%d)", $id_inc, $id_nota);
if ($res1) { echo "<h3 class='suc'>".__('Note successfully added')."</h3>"; } process_sql ($sql);
process_sql ($upd_sql); //Update tincidencia
$sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$config['id_user']."' AND timestamp = '".$timestamp."'"; } else {
$res2=mysql_query($sql2); echo '<h3 class="error">'.__('Error adding note').'</h3>';
$row2=mysql_fetch_array($res2); }
$id_nota = $row2["id_nota"];
$sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")";
$res3=mysql_query($sql3);
$sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc;
$res4 = mysql_query($sql4);
} }
// Delete note // Delete note
if (isset($_GET["id_nota"])){ if (isset ($_GET["id_nota"])) {
$note_user = give_note_author ($_GET["id_nota"]); $id_nota = get_parameter_get ("id_nota");
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes $note_user = give_note_author ($id_nota);
// But note authors was able to delete this own notes if (((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($note_user == $config["id_user"])) OR ($id_creator == $config["id_user"]) ) {
$id_nota = $_GET["id_nota"]; // Only admins (manage incident) or owners can modify
$id_nota_inc = $_GET["id_nota_inc"]; // incidents, including their notes. note authors are
$query ="DELETE FROM tnota WHERE id_nota = ".$id_nota; // able to delete their own notes
$query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc; $sql = sprintf ("DELETE FROM tnota WHERE id_nota = %d",$id_nota);
//echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2; $result = process_sql ($sql); //Result is 0 or false if the note wasn't deleted, therefore check with empty
mysql_query($query);
mysql_query($query2); if (!empty ($result)) {
if (mysql_query($query)) { $sql = sprintf ("DELETE FROM tnota_inc WHERE id_nota = %d",$id_nota);
echo "<h3 class='suc'>".__('Note successfully deleted'); $result = process_sql ($sql);
}
if (!empty ($result)) {
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('Note successfully deleted').'</h3>';
} else {
echo '<h3 class="error">'.__('Error deleting note').'<h3>';
} }
} }
} }
// Delete file // Delete file
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){ if (((give_acl ($config["id_user"], $id_grupo, "IM")==1) OR ($id_creator == $config["id_user"])) AND isset ($_GET["delete_file"])) {
$file_id = $_GET["delete_file"]; $file_id = get_parameter_get ("delete_file");
$sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id; $sql = sprintf ("SELECT filename FROM tattachment WHERE id_attachment = %d",$file_id);
$res2=mysql_query($sql2); $filename = get_db_sql ($sql);
$row2=mysql_fetch_array($res2); if (!empty ($filename)) {
$filename = $row2["filename"]; $sql = sprintf ("DELETE FROM tattachment WHERE id_attachment = %d",$file_id);
$sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id; $result = process_sql ($sql);
$res2=mysql_query($sql2); } else {
echo '<h3 class="error">'.__('Could not find file in database').'</h3>';
$result = false;
}
if (!empty ($result)) {
unlink ($config["attachment_store"]."/pand".$file_id."_".$filename); unlink ($config["attachment_store"]."/pand".$file_id."_".$filename);
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('File successfully deleted from database').'</h3>';
} else {
echo '<h3 class="error"'.__('Unable to delete file').'</h3>';
}
} }
// Upload file // Upload file
if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) { if ((give_acl ($config["id_user"], $id_grupo, "IW") == 1) AND isset ($_GET["upload_file"]) AND ($_FILES['userfile']['name'] != "")) { //if file
if (( $_FILES['userfile']['name'] != "" )){ //if file if (isset ($_POST["file_description"])) {
$tipo = $_FILES['userfile']['type']; $description = get_parameter_post ("file_description");
if (isset($_POST["file_description"])) } else {
$description = $_POST["file_description"]; $description = __("No description available");
else }
$description = "No description available";
// Insert into database // Insert into database
$filename= $_FILES['userfile']['name']; $filename = safe_input ($_FILES['userfile']['name']);
$filesize = $_FILES['userfile']['size']; $filesize = safe_input ($_FILES['userfile']['size']);
$sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") "; //The following is if you have clamavlib installed
//(php5-clamavlib) and enabled in php.ini
//http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if(extension_loaded ('clamav')) {
cl_setlimits (5, 1000, 200, 0, 10485760);
$malware = cl_scanfile ($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'<br>ClamAV version: '.clam_get_version();
die ($error); //On malware, we die because it's not good to handle it
}
}
mysql_query($sql); $sql = sprintf ("INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size)
$id_attachment=mysql_insert_id(); VALUES (%d, '%s', '%s', '%s', %d)", $id_inc, $config["id_user"],$filename,$description,$filesize);
$id_attachment = process_sql ($sql,"insert_id");
// Copy file to directory and change name // Copy file to directory and change name
if ($id_attachment !== false) {
$nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename; $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename;
$result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo);
if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){
echo "<h3 class=error>".__('File cannot be saved. Please contact Pandora administrator about this error <br>')."</h3>";
$sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
mysql_query($sql);
} else { } else {
// Delete temporal file echo '<h3 class="error">'.__('File could not be saved due to database error').'</h3>';
unlink ($_FILES['userfile']['tmp_name']); $result = false;
} }
if ($result !== false) {
unlink ($_FILES['userfile']['tmp_name']);
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('File uploaded').'</h3>';
} else {
echo '<h3 class="error">'.__('File could not be saved. Contact the Pandora Administrator for more information').'</h3>';
process_sql ("DELETE FROM tattachment WHERE id_attachment = ".$id_attachment);
} }
} }
} // else Not given id } // else Not given id
// Create incident from event... read event data // Create incident from event... read event data
elseif (isset($_GET["insert_form"])){ elseif (isset ($_GET["insert_form"])) {
$iduser_temp=$_SESSION['id_usuario'];
$titulo = "";
if (isset($_GET["from_event"])){
$titulo = return_event_description($_GET["from_event"]);
$descripcion = "";
$origen = "Pandora FMS event";
} else {
$titulo = ""; $titulo = "";
$descripcion = ""; $descripcion = "";
$origen = ""; $origen = "";
$prioridad = 0;
$id_grupo = 0;
$estado = 0;
$texto = "";
$usuario = $config["id_user"];
$id_creator = $config["id_user"];
if (isset($_GET["from_event"])) {
$event = get_parameter_get ("from_event");
$titulo = return_event_description ($event);
$descripcion = "";
$origen = "Pandora FMS event";
unset ($event);
} }
$prioridad = 0; $prioridad = 0;
$id_grupo = 0; $id_grupo = 0;
$grupo = dame_nombre_grupo(1);
$usuario= $_SESSION["id_usuario"];
$estado = 0;
$actualizacion=date("Y/m/d H:i:s");
$inicio = $actualizacion;
$id_creator = $iduser_temp;
$creacion_incidente = 1;
} else { } else {
audit_db($config['id_user'],$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way"); audit_db ($config['id_user'],$REMOTE_ADDR, "HACK","Trying to get to incident details in an unusual way");
no_permission(); no_permission ();
} }
@ -192,295 +193,241 @@ elseif (isset($_GET["insert_form"])){
// Show the form // Show the form
// ******************************************************************************************************** // ********************************************************************************************************
if ($creacion_incidente == 0) //This is for the pretty slide down attachment form
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident&action=update'>"; echo '<script type="text/javascript" src="include/javascript/jquery.js"></script>';
else echo "<script type=\"text/javascript\">
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident&action=insert'>"; $(document).ready(function() {
$('#file_control').hide();
$('#add_note').hide();
$('input#submit-attachment').click(function() {
$('#submit-attachment').fadeOut('fast');
$('#file_control').slideDown('slow');
return false;
});
$('input#submit-note_control').click(function() {
$('#submit-note_control').fadeOut('fast');
$('#add_note').slideDown('slow');
return false;
});
});</script>";
if (isset($id_inc)) {
echo "<input type='hidden' name='id_inc' value='".$id_inc."'>"; if (isset ($id_inc)) { //If $id_inc is set (when $_GET["id"] is set, not $_GET["insert_form"]
} echo '<form name="accion_form" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident&action=update">';
echo "<h2>".__('Incident management')." &gt; "; echo '<input type="hidden" name="id_inc" value="'.$id_inc.'">';
if (isset($id_inc)) { echo '<h2>'.__('Incident management').' &gt; '.__('Incident details').' #'.$id_inc.'</h2>';
echo __('Review of incident')." # ".$id_inc;
} else { } else {
echo __('Create incident'); echo '<form name="accion_form" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident&action=insert">';
echo '<h2>'.__('Incident management').' &gt; '.__('Create incident').'</h2>';
} }
echo "</h2>";
echo '<table cellpadding="4" cellspacing="4" class="databox" width="600">'; echo '<table cellpadding="4" cellspacing="4" class="databox" width="650px">';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo '<tr><td class="datos"><b>'.__('Incident').'</b></td><td colspan="3" class="datos">';
echo '<tr><td class="datos"><b>'.__('Incident').'</b></td>
<td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'">'; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_input_text ("titulo", $titulo,'', 70);
} else { } else {
echo '<tr><td class="datos"><b>'.__('Incident').'</b><td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'" readonly>'; print_input_text_extended ("titulo", $titulo, "", "", 70, "", false, "", "readonly");
}
echo '<tr><td class="datos2"><b>'.__('Opened at').'</b>';
echo "<td class='datos2' <i>".$inicio."</i>";
echo '<td class="datos2"><b>'.__('Updated at').'</b>';
echo "<td class='datos2'><i>".$actualizacion."</i>";
echo '<tr><td class="datos"><b>'.__('Owner').'</b><td class="datos">';
if ((give_acl($config['id_user'], $id_grupo, "IM")==1) OR ($usuario == $config['id_user'])) {
echo "<select name='usuario_form' width='200px'>";
echo "<option value='".$usuario."'>".$usuario." - ".dame_nombre_real($usuario)."</option>";
$sql1='SELECT * FROM tusuario ORDER BY id_usuario';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["id_usuario"]."'>".$row2["id_usuario"]." - ".$row2["nombre_real"]."</option>";
}
echo "</select>";
} }
else {
echo "<input type=hidden name='usuario_form2' value='".$usuario."'>";
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
}
// Tipo de estado
// 0 - Abierta / Sin notas - Open, without notes
// 1 - Abierta / Notas aniadidas - Open, with notes
// 2 - Descartada / Not valid
// 3 - Caducada / Outdated
// 13 - Cerrada / Closed
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo '</td></tr>';
echo '<td class="datos"><b>'.__('Status').'</b>
<td class="datos"> echo '<tr><td class="datos2"><b>'.__('Opened at').'</b></td><td class="datos2"><i>'.date ($config['date_format'],strtotime ($inicio)).'</i></td>';
<select name="estado_form" class="w135">'; echo '<td class="datos2"><b>'.__('Updated at').'</b><td class="datos2"><i>'.date ($config['date_format'],strtotime ($actualizacion)).'</i></td></tr>';
echo '<tr><td class="datos"><b>'.__('Owner').'</b></td><td class="datos">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135");
} else { } else {
echo '<td class="datos"><b>'.__('Status').'</b> print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135", true);
<td class="datos">
<select disabled name="estado_form" class="w135">';
} }
echo '</td><td class="datos"><b>'.__('Status').'</b></td><td class="datos">';
switch ( $estado ){ $fields = array ();
case 0: echo '<option value="0">'.__('Open and Active'); break; $fields[0] = __('Open and Active');
//case 1: echo '<option value="2">'.__('Open with notes'); break; $fields[2] = __('Not valid');
case 2: echo '<option value="2">'.__('Not valid'); break; $fields[3] = __('Out of date');
case 3: echo '<option value="3">'.__('Out of date'); break; $fields[13] = __('Closed');
case 13: echo '<option value="13">'.__('Closed'); break;
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135');
} else {
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135', true);
} }
echo '</td></tr>';
echo '<option value="0">'.__('Open and Active'); echo '<tr><td class="datos2"><b>'.__('Source').'</b></td><td class="datos2">';
//echo '<option value="1">'.__('Open with notes');
echo '<option value="2">'.__('Not valid'); $fields = array ();
echo '<option value="3">'.__('Out of date'); $return = get_db_all_rows_sql ("SELECT origen FROM torigen ORDER BY origen");
echo '<option value="13">'.__('Closed'); if ($return === false)
echo '</select></td>'; $return[0] = $estado; //Something must be displayed
foreach ($return as $row) {
$fields[$row["origen"]] = $row["origen"];
}
// Only owner could change source or user with Incident management privileges // Only owner could change source or user with Incident management privileges
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
echo '<tr><td class="datos2"><b>'.__('Source').'</b></td> print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135');
<td class="datos2">
<select name="origen_form" class="w135">';
} else { } else {
echo '<tr><td class="datos2"><b>'.__('Source').'</b></td> print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135', true);
<td class="datos2">
<select disabled name="origen_form" class="w135">';
} }
// Fill combobox with source (origen) echo '</td><td class="datos2"><b>'.__('Group').'</b></td><td class="datos2">';
if ($origen != "")
echo "<option value='".$origen."'>".$origen;
$sql1='SELECT * FROM torigen ORDER BY origen';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["origen"]."'>".$row2["origen"]."</option>";
}
echo "</select></td>";
// Group combo // Group combo
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
echo '<td class="datos2"><b>'.__('Group').'</b></td> print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, false, 'w135');
<td class="datos2">
<select name="grupo_form" class="w135">';
} else { } else {
echo '<td class="datos2"><b>'.__('Group').'</b></td> print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, true, 'w135', true);
<td class="datos2">
<select disabled name="grupo_form" class="w135">';
}
if ($id_grupo != 0)
echo "<option value='".$id_grupo."'>".$grupo;
$sql1='SELECT * FROM tgrupo ORDER BY nombre';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
if (give_acl($iduser_temp, $row["id_grupo"], "IR")==1)
echo "<option value='".$row["id_grupo"]."'>".$row["nombre"]."</option>";
} }
echo '</select></td></tr><tr>'; echo '</td></tr><tr><td class="datos"><b>'.__('Priority').'</b></td><td class="datos">';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<td class="datos"><b>'.__('Priority').'</b></td> $fields = array();
<td class="datos"><select name="prioridad_form" class="w135">'; $fields[0] = __('Informative');
$fields[1] = __('Low');
$fields[2] = __('Medium');
$fields[3] = __('Serious');
$fields[4] = __('Very serious');
$fields[10] = __('Maintenance');
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135');
} else { } else {
echo '<td class="datos"><b>'.__('Priority').'</b></td> print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135', true);
<td class="datos"><select disabled name="prioridad_form" class="w135">';
} }
switch ( $prioridad ){ echo '</td><td class="datos"><b>'.__('Creator').'</b></td><td class="datos">';
case 0: echo '<option value="0">'.__('Informative').'</option>'; break; if (empty ($id_creator)) {
case 1: echo '<option value="1">'.__('Low').'</option>'; break; echo 'SYSTEM';
case 2: echo '<option value="2">'.__('Medium').'</option>'; break;
case 3: echo '<option value="3">'.__('Serious').'</option>'; break;
case 4: echo '<option value="4">'.__('Very Serious').'</option>'; break;
case 10: echo '<option value="10">'.__('Maintenance').'</option>'; break;
}
echo '<option value="0">'.__('Informative').'</option>';
echo '<option value="1">'.__('Low').'</option>';
echo '<option value="2">'.__('Medium').'</option>';
echo '<option value="3">'.__('Serious').'</option>';
echo '<option value="4">'.__('Very Serious').'</option>';
echo '<option value="10">'.__('Maintenance').'</option>';
echo "<td class='datos'><b>Creator</b>
<td class='datos'>".$id_creator." ( <i>".dame_nombre_real($id_creator)." </i>)";
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '</select>
<tr><td class="datos2" colspan="4">
<textarea name="descripcion" rows="15" cols="85" style="height: 300px;">';
} else { } else {
echo '</select> echo $id_creator.' (<i>'.dame_nombre_real ($id_creator).'</i>)';
<tr><td class="datos2" colspan="4">
<textarea readonly name="descripcion" rows="15" cols="85" style="height: 300px;">';
} }
if (isset($texto)) {
echo $texto;
}
echo "</textarea></td></tr>";
echo '</table><table width="650px">'; echo '</td></tr><tr><td class="datos2" colspan="4">';
echo "<tr><td align='right'>";
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;"');
} else {
print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;" disabled');
}
echo '</td></tr></table><div style="width: 600px; text-align:right;">';
// Only if user is the used who opened incident or (s)he is admin // Only if user is the used who opened incident or (s)he is admin
$iduser_temp=$_SESSION['id_usuario']; if (isset ($id_inc) AND (give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"');
if ($creacion_incidente == 0){ } elseif (give_acl ($config["id_user"], $id_grupo, "IW")) {
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){ print_submit_button (__('Create'), "accion", false, 'class="sub wand"');
echo '<input type="submit" class="sub upd" name="accion" value="'.__('Update incident').'" border="0">';
}
} else { } else {
if (give_acl($iduser_temp, $id_grupo, "IW")) { print_submit_button (__('Submit'), "accion", true, 'class="sub upd"');
echo '<input type="submit" class="sub wand" name="accion" value="'.__('Create').'" border="0">';
}
} }
echo "</form>"; echo "</div></form>";
echo '<div>';
print_submit_button (__('Add note'), "note_control", false, 'class="sub next"');
echo '</div><div>';
echo '<form id="add_note" name="nota" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insertar_nota=1&id='.$id_inc.'">';
echo '<table cellpadding="4" cellspacing="4" class="databox" width="600px">
<tr><td class="datos2"><textarea name="nota" rows="5" cols="70" style="height: 100px;"></textarea></td>
<td valign="bottom"><input name="addnote" type="submit" class="sub wand" value="'.__('Add').'"></td></tr>
</table></form></div><div>';
if ($creacion_incidente == 0){ // ********************************************************************
echo "<tr><td align='right'>"; // Notes
echo ' // ********************************************************************
<form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_note&id_inc='.$id_inc.'">
<input type="hidden" name="nota" value="add"> if (isset ($id_inc)) {
<input align=right name="addnote" type="submit" class="sub next" value="'.__('Add note').'"> $sql = sprintf ("SELECT tnota.* FROM tnota, tnota_inc WHERE tnota_inc.id_incidencia = '%d' AND tnota.id_nota = tnota_inc.id_nota",$id_inc);
</form>'; $result = get_db_all_rows_sql ($sql);
} else {
$result = array ();
} }
echo "</tr></table><br>";
if ($creacion_incidente == 0){ if (empty ($result)) {
$result = array ();
} else {
echo "<h3>".__('Notes attached to incident').'<h3>';
}
// ******************************************************************** echo '<table cellpadding="4" cellspacing="4" class="databox" width="600px">';
// Notes foreach ($result as $row) {
// ******************************************************************** echo '<tr><td><img src="images/page_white_text.png" border="0"></td>';
$cabecera=0; echo '<td>'.__('Author').': <a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$row["id_usuario"].'">'.dame_nombre_real ($row["id_usuario"]).'</a> ('.date ($config['date_format'],strtotime ($row["timestamp"])).')</td></tr>';
$sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc; echo '<tr><td>';
$res4=mysql_query($sql4); if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) {
while ($row2=mysql_fetch_array($res4)){ echo '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&id_nota='.$row["id_nota"].'"><img src="images/cross.png" border="0"></a>';
if ($cabecera == 0) { // Show head only one time
echo "<h3>".__('Notes attached to incident')."</h3>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='650'>";
echo "<tr><td>";
$cabecera = 1;
} }
echo '</td><td>'.safe_input ($row["nota"]).'</td></tr>';
}
echo '</table>';
$sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC';
$res3=mysql_query($sql3);
while ($row3=mysql_fetch_array($res3)){
$timestamp = $row3["timestamp"];
$nota = $row3["nota"];
$id_usuario_nota = $row3["id_usuario"];
// Show data
echo '<tr><td rowspan="3" class="top"><img src="images/page_white_text.png"></td><td class="datos" width=40><b>'.__('Author').': </b><td class="datos">';
$usuario = $id_usuario_nota;
$nombre_real = dame_nombre_real ($usuario);
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
// Delete comment, only for admins // ************************************************************
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { // Files attached to this incident
$myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"]; // ************************************************************
echo '<td rowspan="3" class="top" width="60" align="center"><a href="'.$myurl.'"><img src="images/cross.png" align="middle" border="0"></a>';
}
echo '<tr><td class="datos"><b>'.__('Date').': </b><td class="datos"><i>'.$timestamp.'</i></td></tr>';
echo '<tr><td colspan="2" class="datos"> ';
echo '<table border="0" cellpadding="4" cellspacing="4" style="width: 580px">';
echo '<tr><td class="datos2" align="justify">';
echo salida_limpia ($nota);
echo "</td></tr>";
echo '</table>';
}
}
if ($cabecera == 1){
echo "</table>"; // note table
}
echo "</form></table>";
// ************************************************************ // Attach head if there's attach for this incident
// Files attached to this incident if (isset ($id_inc)) {
// ************************************************************ $result = get_db_all_rows_field_filter ("tattachment", "id_incidencia", $id_inc, "filename");
} else {
$result = array ();
}
// Attach head if there's attach for this incident if (empty ($result)) {
$att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc); $result = array ();
} else {
if (mysql_num_rows($att_fil)){
echo "<h3>".__('Attached files')."</h3>"; echo "<h3>".__('Attached files')."</h3>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='650'>"; }
echo "<tr>
<th class=datos>".__('Filename')."</th>
<th class=datos>".__('Description')."</th>
<th class=datos>".__('Size')."</th>
<th class=datos>".__('Delete')."</th></tr>";
while ($row=mysql_fetch_array($att_fil)){ $table->cellpadding = 4;
echo "<tr><td class=datos><img src='images/disk.png' border=0 align='top'> &nbsp;&nbsp;<a target='_new' href='attachment/pand".$row["id_attachment"]."_".$row["filename"]."'><b>".$row["filename"]."</b></a>"; $table->cellspacing = 4;
echo "<td class=datos>".$row["description"]; $table->class = "databox";
echo "<td class=datos>".$row["size"]; $table->width = 650;
$table->head = array ();
$table->data = array ();
if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment $table->head[0] = __('Filename');
echo '<td class=datos align="center"><a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/cross.png" border=0>'; $table->head[1] = __('Description');
$table->head[2] = __('Size');
$table->head[3] = __('Delete');
$table->align[2] = "center";
$table->align[3] = "center";
foreach ($result as $row) {
$data[0] = '<img src="images/disk.png" border="0" align="top" />&nbsp;&nbsp;<a target="_new" href="attachment/pand'.$row["id_attachment"].'_'.$row["filename"].'"><b>'.$row["filename"].'</b></a>';
$data[1] = $row["description"];
$data[2] = $row["size"]." KB";
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
$data[3] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/cross.png" border=0 /></a>';
} else {
$data[3] = '';
} }
array_push ($table->data, $data);
}
} if (!empty ($table->data)) {
echo "</td></tr></table>"; print_table ($table);
} }
// ************************************************************ unset ($table);
// Upload control
// ************************************************************
// Upload control // ************************************************************
if (give_acl($iduser_temp, $id_grupo, "IW")==1){ // Upload control
echo "<h3>".__('Attach file'); // ************************************************************
?>
<A HREF="javascript:;" onmousedown="toggleDiv('file_control');">
<?PHP
echo "<img src='images/disk.png'>";
echo "</a></h3>";
echo "<div id='file_control' style='display:none'>";
// Upload control
if (give_acl($config["id_user"], $id_grupo, "IW")==1){
echo '<div>';
print_submit_button (__('Add attachment'), "attachment", false, 'class="sub next"');
echo '</div>';
echo '<div><form method="post" id="file_control" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">';
echo '<table cellpadding="4" cellspacing="3" class="databox" width="400"> echo '<table cellpadding="4" cellspacing="3" class="databox" width="400">
<tr> <tr><td class="datos">'.__('Filename').'</td><td class="datos"><input type="file" name="userfile" value="userfile" class="sub" size="40" /></td></tr>
<td class="datos">'.__('Filename').'</td> <tr><td class="datos2">'.__('Description').'</td><td class="datos2" colspan="3"><input type="text" name="file_description" size="47"></td></tr>
<td class="datos"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data"> <tr><td rowspan="2" style="text-align: right;"> <input type="submit" name="upload" value="'.__('Upload').'" class="sub wand"></td></tr>
<input type="file" name="userfile" value="userfile" class="sub" size="40"> </table></form></div>';
</td></tr>
<tr><td class="datos2">'.__('Description').'</td>
<td class="datos2" colspan="3">
<input type="text" name="file_description" size="47">
</td></tr>
</table>
<table width="400px">
<tr><td style="text-align: right;">
<input type="submit" name="upload" value="'.__('Upload').'" class="sub wand">
</td></tr></table><br>';
echo "</div>";
}
} // create mode
}
?> ?>

45
pandora_console/operation/incidents/incident_note.php
View File

@ -1,45 +0,0 @@
<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2008 Artica Soluciones Tecnologicas, http://www.artica.es
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
if (comprueba_login() == 0) {
$id_inc = $_GET["id_inc"];
$now=date("Y/m/d H:i:s");
// Create Note
echo "<h2>".__('Incident management')." &gt; ";
echo __('Add note to incident')." #".$id_inc."</h2>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='550px'>
<form name='nota' method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insertar_nota=1&id=".$id_inc."'>";
echo "<tr><td class='datos'><b>".__('Date')."</b>";
echo "<td class='datos'>".$now."</td>";
echo "<input type='hidden' name='timestamp' value='".$now."'>";
echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";
echo '<tr><td colspan="3" class="datos2"><textarea name="nota" rows="20" cols="80" style="height: 300px;">';
echo '</textarea>';
echo '</td></tr>';
echo '</table><table width="550">';
echo '<tr><td align="right">
<input name="addnote" type="submit" class="sub wand" value="'.__('Add').'">';
echo '</table>';
} // end page

64
pandora_console/operation/incidents/incident_search.php
View File

@ -20,42 +20,32 @@
// Load global vars // Load global vars
require("include/config.php"); require("include/config.php");
if (comprueba_login() == 0) { check_login ();
echo "<h2>".__('Incident management')." &gt; "; if (give_acl ($config['id_user'], 0, "IR") != 1) {
echo __('Please select a search criterion')."</h2>"; audit_db($config['id_user'],$REMOTE_ADDR, "ACL Violation","Trying to access incident search");
echo "<div style='width:645'>"; require ("general/noaccess.php");
echo "<div style='float:right;'><img src='images/pulpo_lupa.png' class='bot' align='left'></div>"; exit;
?> }
<div style='float:left;'>
<table width="500" cellpadding="4" cellspacing="4" class='databox'> echo "<h2>".__('Incident management')." &gt; ".__('Please select a search criterion')."</h2>";
<form name="busqueda" method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident"> echo '<div style="width:650px;"><div style="float:right;"><img src="images/pulpo_lupa.png" class="bot" align="left"></div>
<tr> <div style="float:left;"><form name="busqueda" method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident">
<td class="datos"><?php echo __('user') ?> <table width="500px" cellpadding="4" cellspacing="4" class="databox">
<td class="datos"> <tr><td class="datos">'.__('Created by:').'</td><td class="datos">';
<select name="usuario" class="w120">
<option value=""><?php echo __('All') ?></option> print_select (list_users (), "usuario", "All", '', __('All'), "All", false, false, false, "w120");
<?php
$sql1='SELECT * FROM tusuario ORDER BY id_usuario'; echo '</td></tr><tr><td class="datos2">'.__('Search text').': (*)</td>
$result=mysql_query($sql1); <td class="datos2">';
while ($row=mysql_fetch_array($result)){
echo "<option>".$row["id_usuario"]."</option>"; print_input_text ('texto', '', '', 45);
}
?> echo '</td></tr><tr>
</select> <td class="datos" colspan="2"><i>'.__('(*) The text search will look for all words entered as a substring in the title and description of each incident').'
<tr><td class="datos2"><?php echo __('Free text for search (*)') ?> </i></td></tr><tr><td align="right" colspan="2">';
<td class="datos2"><input type="text" size="45" name="texto"></tr>
<tr><td class="datos" colspan="2"><i><?php echo __('(*) The text search will look for all words entered as substring, in index title or description of each incident') ?></i></td></tr> print_submit_button (__('Search'), 'uptbutton', false, 'class="sub search"');
</table>
<table width="500"> echo '</td></tr></table></form></div></div>';
<tr><td align="right" colspan="3">
<?php echo "<input name='uptbutton' type='submit' class='sub search' value='".__('Search')."'>"; ?>
</form>
</table>
</div>
</div>
<?php
} // end page
?> ?>

35
pandora_console/operation/incidents/incident_statistics.php
View File

@ -22,30 +22,23 @@ require("include/config.php");
check_login (); check_login ();
if (! give_acl ($config['id_user'], 0, "IR")==1) { if (! give_acl ($config['id_user'], 0, "IR") == 1) {
require ("general/noaccess.php"); require ("general/noaccess.php");
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access Incident section"); audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access Incident section");
return; return;
} }
echo "<h2>".__('Incident management')." &gt; "; echo "<h2>".__('Incident management')." &gt; ".__('Statistics')."</h2>";
echo __('Statistics')."</h2>";
echo "<table width = 90%>"; echo '<table width="90%">
echo "<tr><td valign='top'>"; <tr><td valign="top"><h3>'.__('Incidents by status').'</h3>
echo '<h3>'.__('Incidents by status').'</h3>'; <img src="reporting/fgraph.php?tipo=estado_incidente" border="0"></td>
echo '<img src="reporting/fgraph.php?tipo=estado_incidente" border=0>'; <td valign="top"><h3>'.__('Incidents by priority').'</h3>
echo "<td valign='top'>"; <img src="reporting/fgraph.php?tipo=prioridad_incidente" border="0"></td></tr>
echo '<h3>'.__('Incidents by priority').'</h3>'; <tr><td><h3>'.__('Incidents by group').'</h3>
echo '<img src="reporting/fgraph.php?tipo=prioridad_incidente" border=0>'; <img src="reporting/fgraph.php?tipo=group_incident" border="0"></td>
echo "<tr><td>"; <td><h3>'.__('Incidents by user').'</h3>
echo '<h3>'.__('Incidents by group').'</h3>'; <img src="reporting/fgraph.php?tipo=user_incident" border="0"></td></tr>
echo '<img src="reporting/fgraph.php?tipo=group_incident" border=0>'; <tr><td><h3>'.__('Incidents by source').'</h3>
echo "<td>"; <img src="reporting/fgraph.php?tipo=source_incident" border="0"></td></tr>
echo '<h3>'.__('Incidents by user').'</h3>'; </table>';
echo '<img src="reporting/fgraph.php?tipo=user_incident" border=0>';
echo "<tr><td>";
echo '<h3>'.__('Incidents by source').'</h3>';
echo '<img src="reporting/fgraph.php?tipo=source_incident" border=0>';
echo "<td>";
echo "</table>";
?> ?>