tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2008-09-19 Evi Vanoost <vanooste@rcbi.rochester.edu> 

* include/styles/pandora.css: Removed some duplicate entries while 
        hunting down a specific tag

        * include/functions_html.php: Added class to print_select () and 
        removed the default 'select' display in case of empty

        * include/functions_db.php: Added comment to list_group so coders are 
        reminded to use the html functions instead. Fixed dame_nombre_real
        because a user_id is not an int. Added function list_users similar to
        list_group. Needed to fill input boxes with user selections.

        * include/functions.php: Adhered pagination to correcter HTML style
        removed single quotes and closed open tags

        * operation/incidents/incident_statistics.php: Correcter HTML

        * operation/incidents/incident_search.php: Style changes. Use new 
        functions for html objects

        * operation/incidents/incident_note.php: Inherited into 
        incident_detail.php

        * operation/incident_detail.php: Rewritten for style and security.
        Uses all the functions for html and sql. Added a bunch of security
        checks and made it look a little more consistent. Added virus scanner
        integration with the clamav library for PHP4 or PHP5 (autodetect)

        * operation/incident.php: Rewritten for style and security. Uses all 
        the functions for html and sql.

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1103 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-09-19 16:08:59 +00:00
parent cf874f2ed8
commit ecaa0f02bb
10 changed files with 711 additions and 887 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
pandora_console/ChangeLog
View File

@ -1,3 +1,35 @@
2008-09-19 Evi Vanoost <vanooste@rcbi.rochester.edu>
* include/styles/pandora.css: Removed some duplicate entries while
hunting down a specific tag
* include/functions_html.php: Added class to print_select () and
removed the default 'select' display in case of empty
* include/functions_db.php: Added comment to list_group so coders are
reminded to use the html functions instead. Fixed dame_nombre_real
because a user_id is not an int. Added function list_users similar to
list_group. Needed to fill input boxes with user selections.
* include/functions.php: Adhered pagination to correcter HTML style
removed single quotes and closed open tags
* operation/incidents/incident_statistics.php: Correcter HTML
* operation/incidents/incident_search.php: Style changes. Use new
functions for html objects
* operation/incidents/incident_note.php: Inherited into
incident_detail.php
* operation/incident_detail.php: Rewritten for style and security.
Uses all the functions for html and sql. Added a bunch of security
checks and made it look a little more consistent. Added virus scanner
integration with the clamav library for PHP4 or PHP5 (autodetect)
* operation/incident.php: Rewritten for style and security. Uses all
the functions for html and sql.
2008-09-19 Ramon Novoa <rnovoa@artica.es>
* godmode/agentes/module_manager_editor_network.php,

14
pandora_console/include/functions.php
View File

@ -324,16 +324,13 @@ function pagination ($count, $url, $offset) {
echo "<div>";
// Show GOTO FIRST button
echo '<a href="'.$url.'&offset=0">';
echo "<img src='images/control_start_blue.png' class='bot'>";
echo "</a>";
echo "&nbsp;";
echo '<a href="'.$url.'&offset=0"><img src="images/control_start_blue.png" class="bot" /></a>&nbsp;';
// Show PREVIOUS button
if ($index_page > 0){
$index_page_prev= ($index_page-(floor($block_limit/2)))*$config["block_size"];
if ($index_page_prev < 0)
$index_page_prev = 0;
echo '<a href="'.$url.'&offset='.$index_page_prev.'"><img src="images/control_rewind_blue.png" class="bot"></a>';
echo '<a href="'.$url.'&offset='.$index_page_prev.'"><img src="images/control_rewind_blue.png" class="bot" /></a>';
}
echo "&nbsp;";echo "&nbsp;";
// Draw blocks markers
@ -364,8 +361,7 @@ function pagination ($count, $url, $offset) {
$prox_bloque = ($i+ceil($block_limit/2))*$config["block_size"];
if ($prox_bloque > $count)
$prox_bloque = ($count -1) - $config["block_size"];
echo '<a href="'.$url.'&offset='.$prox_bloque.'">';
echo "<img class='bot' src='images/control_fastforward_blue.png'></a> ";
echo '<a href="'.$url.'&offset='.$prox_bloque.'"><img class="bot" src="images/control_fastforward_blue.png" /></a>';
$i = $index_counter;
}
// if exists more registers than i can put in a page (defined by $block_size config parameter)
@ -374,9 +370,7 @@ function pagination ($count, $url, $offset) {
// as painted in last block (last integer block).
if (($count - $config["block_size"]) > 0){
$myoffset = floor(($count-1)/ $config["block_size"])* $config["block_size"];
echo '<a href="'.$url.'&offset='.$myoffset.'">';
echo "<img class='bot' src='images/control_end_blue.png'>";
echo "</a>";
echo '<a href="'.$url.'&offset='.$myoffset.'"><img class="bot" src="images/control_end_blue.png" /></a>';
}
// End div and layout
echo "</div>";

34
pandora_console/include/functions_db.php
View File

@ -492,7 +492,7 @@ function dame_id_tipo_modulo_agentemodulo ($id_agente_modulo) {
* @return Real name of given user.
*/
function dame_nombre_real ($id_user) {
return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', (int) $id_user);
return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', $id_user);
}
/**
@ -987,6 +987,9 @@ function give_agentmodule_flag ($id_agent_module) {
/**
* Prints a list of <options> HTML tags with the groups the user has
* reading privileges.
*
* DEPRECATED: Use get_user_groups () in combination with print_select ()
* instead
*
* @param id_user User id
* @param show_all Flag to show all the groups or not. True by default.
@ -1032,6 +1035,35 @@ function list_group2 ($id_user) {
return ($mis_grupos);
}
/**
* Get a list of all users in an array [username] => real name
*
* @param order by (id_usuario, nombre_real or fecha_registro)
*
* @return An array of users
*/
function list_users ($order = "nombre_real") {
switch ($order) {
case "id_usuario":
case "fecha_registro":
case "nombre_real":
break;
default:
$order = "nombre_real";
}
$output = array();
$result = get_db_all_rows_sql ("SELECT id_usuario, nombre_real FROM tusuario ORDER BY ".$order);
if ($result !== false) {
foreach ($result as $row) {
$output[$row["id_usuario"]] = $row["nombre_real"];
}
}
return $output;
}
/**
* Get all the groups a user has reading privileges.
*

34
pandora_console/include/functions_html.php
View File

@ -33,41 +33,51 @@
* @param bool $multiple Set the input to allow multiple selections (optional, single selection by default).
* @param bool $sort Whether to sort the options or not (optional, unsorted by default).
*/
function print_select ($fields, $name, $selected = '', $script = '', $nothing = 'select', $nothing_value = '0', $return = false, $multiple = false, $sort = true) {
function print_select ($fields, $name, $selected = '', $script = '', $nothing = '', $nothing_value = '0', $return = false, $multiple = false, $sort = true, $class = '', $disabled = false) {
$output = "\n";
$attributes = ($script) ? 'onchange="'. $script .'"' : '';
if ($multiple){
$attributes .= ' multiple="yes" size=10 ';
$attributes = "";
if (!empty ($script)) {
$attributes .= ' onchange="'.$script.'"';
}
if (!empty ($multiple)) {
$attributes .= ' multiple="yes" size="10"';
}
if (!empty ($class)) {
$attributes .= ' class="'.$class.'"';
}
if (!empty ($disabled)) {
$attributes .= ' disabled';
}
$output .= '<select id="'.$name.'" name="'.$name.'" '.$attributes.">\n";
$output .= '<select id="'.$name.'" name="'.$name.'"'.$attributes.'>';
if ($nothing != '') {
$output .= ' <option value="'.$nothing_value.'"';
$output .= '<option value="'.$nothing_value.'"';
if ($nothing_value == $selected) {
$output .= " selected";
}
$output .= '>'.lang_string ($nothing)."</option>\n";
$output .= '>'.$nothing."</option>"; //You should pass a translated string already
}
if (!empty ($fields)) {
if ($sort)
if ($sort !== false) {
asort ($fields);
}
foreach ($fields as $value => $label) {
$output .= ' <option value="'. $value .'"';
$output .= '<option value="'.$value.'"';
if ($value == $selected) {
$output .= ' selected';
}
if ($label === '') {
$output .= '>'. $value ."</option>\n";
$output .= '>'.$value."</option>";
} else {
$output .= '>'. $label ."</option>\n";
$output .= '>'.$label."</option>";
}
}
}
$output .= "</select>\n";
$output .= "</select>";
if ($return)
return $output;

8
pandora_console/include/styles/pandora.css
View File

@ -33,21 +33,15 @@ body {
}
input, textarea {
border: 1px solid #ddd;
font: verdana, sans-serif;
font-size: 8pt;
}
textarea {
padding: 5px;
height: 100px;
font-family: verdana, sans-serif;
font-size: 8pt;
}
textarea.conf_editor {
padding: 5px;
width: 650;
height: 350;
font-family: verdana, sans-serif;
font-size: 8pt;
}
input {
padding: 2px 3px 4px 3px;
@ -63,8 +57,6 @@ input.button {
select {
padding: 0px;
border:1px solid #ddd;
font-family: verdana, sans-serif;
font-size: 8pt;
}
checkbox {
padding: 4px;

641
pandora_console/operation/incidents/incident.php
View File

@ -18,7 +18,6 @@
$accion = "";
require ("include/config.php");
check_login ();
@ -32,444 +31,324 @@ if (! give_acl ($config['id_user'], 0, "IR")) {
// Take input parameters
// Offset adjustment
if (isset($_GET["offset"]))
$offset=$_GET["offset"];
else
$offset=0;
if (isset($_GET["offset"])) {
$offset = get_parameter_get ("offset");
} else {
$offset = 0;
}
// Delete incident
if (isset($_GET["quick_delete"])){
$id_inc = $_GET["quick_delete"];
$sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc;
$result2=mysql_query($sql2);
$row2=mysql_fetch_array($result2);
if ($row2) {
$id_author_inc = $row2["id_usuario"];
if (give_acl ($config['id_user'], $row2["id_grupo"], "IM") || $config["id_user"] == $id_author_inc) {
borrar_incidencia($id_inc);
echo "<h3 class='suc'>".__('Incident successfully deleted')."</h3>";
audit_db($id_author_inc,$REMOTE_ADDR,"Incident deleted","User ".$config['id_user']." deleted incident #".$id_inc);
$id_inc = get_parameter_get ("quick_delete");
$sql = "SELECT id_usuario, id_grupo FROM tincidencia WHERE id_incidencia=".$id_inc;
$result = get_db_row_sql ($sql);
$usuario = give_incident_author ($id_inc);
if ($result !== false) {
if (give_acl ($config['id_user'], $result["id_grupo"], "IM") || $config["id_user"] == $result["id_usuario"]) {
borrar_incidencia ($id_inc);
echo '<h3 class="suc">'.__('Incident successfully deleted').'</h3>';
audit_db ($usuario,$REMOTE_ADDR,"Incident deleted","User ".$config['id_user']." deleted incident #".$id_inc);
} else {
audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident");
echo "<h3 class='error'>".__('There was a problem deleting incident')."</h3>";
no_permission();
audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." tried to delete incident");
echo '<h3 class="error">'.__('There was a problem deleting incident').'</h3>';
no_permission ();
}
}
}
// UPDATE incident
if ((isset($_GET["action"])) AND ($_GET["action"]=="update")){
$id_inc = $_POST["id_inc"];
$grupo = entrada_limpia($_POST['grupo_form']);
$usuario= entrada_limpia($_POST["usuario_form"]);
if ((isset ($_GET["action"])) AND ($_GET["action"] == "update")) {
$id_inc = get_parameter_post ("id_inc");
$usuario = give_incident_author ($id_inc);
$grupo = get_parameter_post ("grupo_form");
if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage incident) or owners can modify incidents
$id_author_inc = give_incident_author($id_inc);
$titulo = entrada_limpia($_POST["titulo"]);
$descripcion = entrada_limpia($_POST['descripcion']);
$origen = entrada_limpia($_POST['origen_form']);
$prioridad = entrada_limpia($_POST['prioridad_form']);
$estado = entrada_limpia($_POST["estado_form"]);
$ahora=date("Y/m/d H:i:s");
$sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc;
$result=mysql_query($sql);
audit_db($id_author_inc,$REMOTE_ADDR,"Incident updated","User ".$config['id_user']." deleted updated #".$id_inc);
if ($result)
echo "<h3 class='suc'>".__('Incident successfully updated')."</h3>";
else
echo "<h3 class='suc'>".__('There was a problem updating incident')."</h3>";
$titulo = get_parameter_post ("titulo");
$descripcion = get_parameter_post ("descripcion");
$origen = get_parameter_post ("origen_form");
$prioridad = get_parameter_post ("prioridad_form");
$estado = get_parameter_post ("estado_form");
$ahora = date ("Y/m/d H:i:s");
$sql = sprintf ("UPDATE tincidencia SET actualizacion = '%s', titulo = '%s', origen = '%s', estado = %d, id_grupo = %d, id_usuario = '%s', prioridad = %d, descripcion = '%s' WHERE id_incidencia = %d",
$ahora, $titulo, $origen, $estado, $grupo, $usuario, $prioridad, $descripcion, $id_inc);
$result = process_sql ($sql);
if ($result !== false) {
audit_db($usuario,$REMOTE_ADDR,"Incident updated","User ".$config['id_user']." updated incident #".$id_inc);
echo '<h3 class="suc">'.__('Incident successfully updated').'</h3>';
} else {
echo '<h3 class="error">'.__('There was a problem updating the incident').'</h3>';
}
} else {
audit_db($config['id_user'],$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident");
echo "<h3 class='error'>".__('There was a problem updating incident')."</h3>";
audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$config['id_user']." try to update incident");
no_permission();
}
}
// INSERT incident
if ((isset($_GET["action"])) AND ($_GET["action"]=="insert")){
$grupo = entrada_limpia($_POST['grupo_form']);
$usuario= entrada_limpia($_POST["usuario_form"]);
if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage
if ((isset ($_GET["action"])) AND ($_GET["action"] == "insert")) {
$grupo = get_parameter_post ("grupo_form");
if (give_acl ($config['id_user'], $grupo, "IM")) {
// Read input variables
$titulo = entrada_limpia($_POST['titulo']);
$inicio = date("Y/m/d H:i:s");
$descripcion = entrada_limpia($_POST['descripcion']);
$texto = $descripcion; // to view in textarea after insert
$origen = entrada_limpia($_POST['origen_form']);
$prioridad = entrada_limpia($_POST['prioridad_form']);
$actualizacion = $inicio;
$titulo = get_parameter_post ("titulo");
$descripcion = get_parameter_post ("descripcion");
$origen = get_parameter_post ("origen_form");
$prioridad = get_parameter_post ("prioridad_form");
$id_creator = $config['id_user'];
$estado = entrada_limpia($_POST["estado_form"]);
$sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') ";
if (mysql_query($sql)){
echo "<h3 class='suc'>".__('Incident successfully created')."</h3>";
$id_inc=mysql_insert_id();
audit_db($usuario,$REMOTE_ADDR,"Incident created","User ".$config['id_user']." created incident #".$id_inc);
$estado = get_parameter_post ("estado_form");
$sql = sprintf ("INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo,id_creator) VALUES
(NOW(), NOW(), '%s', '%s', '%s', '%s', %d, %d, '%s')".$titulo,$descripcion,$config["id_user"],$origen,$estado,$prioridad,$grupo,$config["id_user"]);
$id_inc = process_sql ($sql, "insert_id");
if ($id_inc === false) {
echo '<h3 class="error">'.__('Error creating incident').'</h3>';
} else {
audit_db ($config["id_user"], $REMOTE_ADDR, "Incident created", "User ".$config["id_user"]." created incident #".$id_inc);
}
} else {
audit_db($config['id_user'],$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to create incident");
no_permission();
audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to create incident");
no_permission ();
}
}
// Search
$busqueda="";
if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){
if (isset($_POST["texto"])){
$texto_form = $_POST["texto"];
$_GET["texto"]=$texto_form; // Update GET vars if data comes from POST
} else // GET
$texto_form = $_GET["texto"];
$filter = "";
$busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )";
}
$texto = (string) get_parameter ("texto", "");
if ($texto != "")
$filter .= sprintf (" AND (titulo LIKE '%%%s%%' OR descripcion LIKE '%%%s%%')", $texto, $texto);
if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){
if (isset($_POST["usuario"])){
$usuario_form = $_POST["usuario"];
$_GET["usuario"]=$usuario_form;
} else // GET
$usuario_form=$_GET["usuario"];
$usuario = (string) get_parameter ("usuario", "All");
if ($usuario != "All")
$filter .= sprintf (" AND id_usuario = '%s'", $usuario);
if ($usuario_form != ""){
if (isset($_GET["texto"]))
$busqueda = $busqueda." and ";
$busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' ";
$estado = (int) get_parameter ("estado", -1);
if ($estado != -1) //-1 = All
$filter .= sprintf (" AND estado = %d", $estado);
$grupo = (int) get_parameter ("grupo", 1);
if ($grupo != 1) {
$filter .= sprintf (" AND id_grupo = %d", $grupo);
if (give_acl ($config['id_user'], $grupo, "IM") == 0) {
audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to read incidents from group without access");
no_permission ();
}
}
// Filter
if ($busqueda != "")
$sql1= "WHERE ".$busqueda;
else
$sql1="";
$prioridad = (int) get_parameter ("prioridad", -1);
if ($prioridad != -1) //-1 = All
$filter .= sprintf (" AND prioridad = %d", $prioridad);
if (isset($_GET["estado"]) and (!isset($_POST["estado"])))
$_POST["estado"]=$_GET["estado"];
if (isset($_GET["grupo"]) and (!isset($_POST["grupo"])))
$_POST["grupo"]=$_GET["grupo"];
if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"])))
$_POST["prioridad"]=$_GET["prioridad"];
$offset = (int) get_parameter ("offset", 0);
$groups = get_user_groups ($config["id_user"]);
if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) {
if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){
$_GET["estado"] = $_POST["estado"];
if ($sql1 == "")
$sql1='WHERE estado='.$_POST["estado"];
else
$sql1 =$sql1.' AND estado='.$_POST["estado"];
}
//Select incidencts where the user has access to ($groups from
//get_user_groups), array_keys for the id, implode to pass to SQL
$sql = "SELECT * FROM tincidencia WHERE
id_grupo IN (".implode (",",array_keys ($groups)).")".$filter."
ORDER BY actualizacion DESC LIMIT ".$offset.",".$config["block_size"];
if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) {
$_GET["prioridad"]=$_POST["prioridad"];
if ($sql1 == "")
$sql1='WHERE prioridad='.$_POST["prioridad"];
else
$sql1 =$sql1.' and prioridad='.$_POST["prioridad"];
}
if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) {
$_GET["grupo"] = $_POST["grupo"];
if ($sql1 == "")
$sql1='WHERE id_grupo='.$_POST["grupo"];
else
$sql1 =$sql1.' AND id_grupo='.$_POST["grupo"];
}
}
$sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC";
$sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1;
$sql1=$sql0;
$sql1=$sql1." LIMIT $offset, ".$config["block_size"];
echo "<h2>".__('Incident management')." &gt; ";
echo __('Manage incidents')."</h2>";
if (isset($_POST['operacion'])){
echo __('Viewing incidents')." - ".$_POST['operacion']."</h2>";
$result = get_db_all_rows_sql ($sql);
if (empty ($result)) {
$result = array ();
$count = 0;
} else {
$count = count ($result);
}
?>
<form name='visualizacion' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident'>
<table class="databox" cellpadding="4" cellspacing="4">
<tr>
echo '<h2>'.__('Incident management').' &gt; '.__('Manage incidents').'</h2>
<form name="visualizacion" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident">
<table class="databox" cellpadding="4" cellspacing="4" width="700px"><tr>
<td valign="middle">
<h3><?php echo __('Filter'); ?></h3>
<select name="estado" onChange="javascript:this.form.submit();" class="w155">
<?php
// Tipo de estado (Type)
// 0 - Abierta / Sin notas (Open without notes)
// 1 - Abierta / Notas aniadidas (Open with notes)
// 2 - Descartada (Not valid)
// 3 - Caducada (out of date)
// 13 - Cerrada (closed)
<h3>'.__('Filter').'</h3>';
if ((isset($_GET["estado"])) OR (isset($_GET["estado"]))){
if (isset($_GET["estado"]))
$estado = $_GET["estado"];
if (isset($_POST["estado"]))
$estado = $_POST["estado"];
echo "<option value='".$estado."'>";
switch ($estado){
case -1: echo __('All incidents')."</option>"; break;
case 0: echo __('Active incidents')."</option>"; break;
case 13: echo __('Closed incidents')."</option>"; break;
case 2: echo __('Rejected incidents')."</option>"; break;
case 3: echo __('Expired incidents')."</option>"; break;
}
}
$fields = array(); //Reset empty array
$fields[-1] = __('All incidents');
$fields[0] = __('Active incidents');
$fields[2] = __('Rejected incidents');
$fields[3] = __('Expired incidents');
$fields[13] = __('Closed incidents');
echo "<option value='-1'>".__('All incidents')."</option>";
echo "<option value='0'>".__('Active incidents')."</option>";
echo "<option value='13'>".__('Closed incidents')."</option>";
echo "<option value='2'>".__('Rejected incidents')."</option>";
echo "<option value='3'>".__('Expired incidents')."</option>";
?>
</select>
</td>
<td valign="middle">
<noscript><input type="submit" class="sub" value="<?php echo __('Show') ?>" border="0"></noscript>
</td>
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;">
<h3><?php echo __('Status') ?></h3>
<img src='images/dot_red.png'> - <?php echo __('Active incidents') ?><br>
<img src='images/dot_yellow.png'> - <?php echo __('Active incidents, with comments') ?><br>
<img src='images/dot_blue.png'> - <?php echo __('Rejected incidents') ?><br>
<img src='images/dot_green.png'> - <?php echo __('Closed incidents') ?><br>
<img src='images/dot_white.png'> - <?php echo __('Expired incidents') ?></td>
print_select ($fields, "estado", $estado, 'javascript:this.form.submit();', '', '', false, false, false, 'w155');
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;">
<h3><?php echo __('Priority') ?></h3>
<img src='images/dot_red.png'><img src='images/dot_red.png'><img src='images/dot_red.png'> - <?php echo __('Very Serious') ?><br>
<img src='images/dot_yellow.png'><img src='images/dot_red.png'><img src='images/dot_red.png'> - <?php echo __('Serious') ?><br>
<img src='images/dot_yellow.png'><img src='images/dot_yellow.png'><img src='images/dot_red.png'> - <?php echo __('Medium') ?><br>
<img src='images/dot_green.png'><img src='images/dot_yellow.png'><img src='images/dot_yellow.png'> - <?php echo __('Low') ?><br>
<img src='images/dot_green.png'><img src='images/dot_green.png'><img src='images/dot_yellow.png'> - <?php echo __('Informative') ?><br>
<img src='images/dot_green.png'><img src='images/dot_green.png'><img src='images/dot_green.png'> - <?php echo __('Maintenance') ?><br>
<tr><td>
<select name="prioridad" onChange="javascript:this.form.submit();" class="w155">
<?php
//Legend
echo '</td><td valign="middle"><noscript>';
print_submit_button (__('Show'), 'submit-estado', false, 'class="sub" border="0"');
echo '</noscript></td>
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Status').'</h3>
<img src="images/dot_red.png" /> - '.__('Active incidents').'<br />
<img src="images/dot_yellow.png" /> - '.__('Active incidents, with comments').'<br />
<img src="images/dot_blue.png" /> - '.__('Rejected incidents').'<br />
<img src="images/dot_green.png" /> - '.__('Closed incidents').'<br />
<img src="images/dot_white.png" /> - '.__('Expired incidents').'</td>
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Priority').'</h3>
<img src="images/dot_red.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" /> - '.__('Very Serious').'<br />
<img src="images/dot_yellow.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" /> - '.__('Serious').'<br />
<img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /><img src="images/dot_red.png" /> - '.__('Medium').'<br />
<img src="images/dot_green.png" /><img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /> - '.__('Low').'<br />
<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_yellow.png" /> - '.__('Informative').'<br />
<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_green.png" /> - '.__('Maintenance').'<br />
</td></tr>
<tr><td>';
if ((isset($_GET["prioridad"])) OR (isset($_GET["prioridad"]))){
if (isset($_GET["prioridad"]))
$prioridad = $_GET["prioridad"];
if (isset($_POST["prioridad"]))
$prioridad = $_POST["prioridad"];
echo "<option value=".$prioridad.">";
switch ($prioridad){
case -1:
echo __('All')." ".__('Priority');
break;
case 0:
echo __('Informative');
break;
case 1:
echo __('Low');
break;
case 2:
echo __('Medium');
break;
case 3:
echo __('Serious');
break;
case 4:
echo __('Very Serious');
break;
case 10:
echo __('Maintenance');
break;
}
}
echo "<option value='-1'>".__('All')." ".__('Priority')."</option>"; // al priorities (default)
echo '<option value="0">'.__('Informative')."</option>";
echo '<option value="1">'.__('Low')."</option>";
echo '<option value="2">'.__('Medium')."</option>";
echo '<option value="3">'.__('Serious')."</option>";
echo '<option value="4">'.__('Very Serious')."</option>";
echo '<option value="10">'.__('Maintenance')."</option>";
echo "</select></td>
<td valign='middle>
<noscript>
<input type='submit' class='sub' value='".__('Show')."' border='0'>
</noscript>";
echo "</td>";
echo '<tr><td><select name="grupo" onChange="javascript:this.form.submit();" class="w155">';
$fields = array(); //Reset empty array
$fields[-1] = __('All priorities');
$fields[0] = __('Informative');
$fields[1] = __('Low');
$fields[2] = __('Medium');
$fields[3] = __('Serious');
$fields[4] = __('Very Serious');
$fields[10] = __('Maintenance');
if ((isset($_GET["grupo"])) OR (isset($_GET["grupo"]))){
if (isset($_GET["grupo"]))
$grupo = $_GET["grupo"];
if (isset($_POST["grupo"]))
$grupo = $_POST["grupo"];
echo "<option value=".$grupo.">";
if ($grupo == -1) {
echo __('All')." ".__('groups'); // all groups (default)
} else {
echo dame_nombre_grupo($grupo);
}
echo "</option>";
}
echo "<option value='-1'>".__('All')." ".__('groups')."</option>"; // all groups (default)
$sql2="SELECT * FROM tgrupo";
$result2=mysql_query($sql2);
while ($row2=mysql_fetch_array($result2)){
echo "<option value=".$row2["id_grupo"].">".$row2["nombre"]."</option>";
}
print_select ($fields, "prioridad", $prioridad, 'javascript:this.form.submit();', '','',false,false,false,'w155');
echo "</select></td>
<td valign='middle'>
<noscript><input type='submit' class='sub' value='".__('Show')."' border='0'></noscript>
</td>";
echo '</td><td valign="middle"><noscript>';
print_submit_button (__('Show'), 'submit-prioridad', false, 'class="sub" border="0"');
echo '</noscript></td></tr><tr><td>';
print_select ($groups, "grupo", $grupo, 'javascript:this.form.submit();','','',false,false,false,'w155');
echo '</td><td valign="middle"><noscript>';
print_submit_button (__('Show'), 'submit-grupo', false, 'class="sub" border="0"');
echo '</noscript>';
// Pass search parameters for possible future filter searching by user
if (isset($_GET["usuario"]))
echo "<input type='hidden' name='usuario' value='".$_GET["usuario"]."'>";
if (isset($_GET["texto"]))
echo "<input type='hidden' name='texto' value='".$_GET["texto"]."'>";
print_input_hidden ("usuario", $usuario);
print_input_hidden ("texto", $texto);
echo "
</table>
</form>
<br><br>
<table>";
echo "</td></tr></table></form>";
$offset_counter=0;
// Prepare index for pagination
$incident_list[]="";
$result2=mysql_query($sql1);
$result2_count=mysql_query($sql1_count);
$row2_count = mysql_fetch_array($result2_count);
if ($row2_count[0] <= 0 ) {
echo '<div class="nf">'.__('No incident matches your search filter').'</div><br></table>';
echo "<table>";
echo "<tr><td>";
echo "<form method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form'>";
echo "<input type='submit' class='sub next' name='crt' value='".__('Create incident')."'></form>";
echo "</td></tr></table>";
if ($count < 1) {
echo '<div class="nf">'.__('No incidents match your search filter').'</div><br />';
} else {
// TOTAL incidents
$total_incidentes = $row2_count[0];
$url = "index.php?sec=incidencias&sec2=operation/incidents/incident";
// add form filter values for group, priority, state, and search fields: user and text
if (isset($_GET["grupo"]))
$url = $url."&grupo=".$_GET["grupo"];
if (isset($_GET["prioridad"]))
$url = $url."&prioridad=".$_GET["prioridad"];
if (isset($_GET["estado"]))
$url = $url."&estado=".$_GET["estado"];
if (isset($_GET["usuario"]))
$url = $url."&usuario=".$_GET["usuario"];
if (isset($_GET["texto"]))
$url = $url."&texto=".$_GET["texto"];
if (isset($_GET["offset"] ))
$url = $url."&offset=".$_GET["offset"];
if ($grupo != -1)
$url .= "&grupo=".$grupo;
if ($prioridad != -1)
$url .= "&prioridad=".$prioridad;
if ($estado != -1)
$url .= "&estado=".$estado;
if ($usuario != '')
$url .= "&usuario=".$usuario;
if ($texto != '')
$url .= "&texto=".$texto;
// Show pagination
pagination ($total_incidentes, $url, $offset);
echo '<br>';
// Show headers
pagination ($count, $url, $offset);
echo '<br />';
echo "<table cellpadding='4' cellspacing='4' width='750' class='databox'>";
echo "<tr>";
echo "<th width='43'>ID</th>";
echo "<th>".__('Status')."</th>";
echo "<th >".__('Incident')."</th>";
echo "<th >".__('Priority')."</th>";
echo "<th>".__('Group')."</th>";
echo "<th>".__('Updated at')."</th>";
echo "<th>".__('Source')."</th>";
echo "<th width='50'>".__('Owner')."</th>";
echo "<th>".__('Delete')."</th>";
$color = 1;
// Show headers
$table->width = 750;
$table->class = "databox";
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->head = array ();
$table->data = array ();
$table->size = array ();
$table->align = array ();
while ($row2=mysql_fetch_array($result2)){
$id_group = $row2["id_grupo"];
if (give_acl ($config['id_user'], $id_group, "IR")) {
if ($color == 1){
$tdcolor = "datos";
$color = 0;
}
else {
$tdcolor = "datos2";
$color = 1;
}
$note_number = dame_numero_notas($row2["id_incidencia"]);
echo "<tr>";
echo "<td class='$tdcolor' align='center'>
<a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".$row2["id_incidencia"]."</a>";
$table->head[0] = __('ID');
$table->head[1] = __('Status');
$table->head[2] = __('Incident');
$table->head[3] = __('Priority');
$table->head[4] = __('Group');
$table->head[5] = __('Updated');
$table->head[6] = __('Source');
$table->head[7] = __('Owner');
$table->head[8] = __('Delete');
$table->size[0] = 43;
$table->size[7] = 50;
$table->align[1] = "center";
$table->align[3] = "center";
$table->align[4] = "center";
$table->align[8] = "center";
foreach ($result as $row) {
$data = array();
// Check for attachments in this incident
$result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row2["id_incidencia"]);
mysql_fetch_array($result3);
if (mysql_affected_rows() > 0)
echo '&nbsp;&nbsp;<img src="images/file.png" align="middle">';
// Tipo de estado (Type)
// 0 - Abierta / Sin notas (Open, no notes)
// 1 - Abierta / Notas anyadidas (Open with notes)
// 2 - Descartada (not valid)
// 3 - Caducada (out of date)
// 13 - Cerrada (closed)
// Verify if the status changes
if (($row2["estado"] == 0) && ($note_number >0 )){
$row2["estado"] = 1;
}
echo "</td><td class='$tdcolor' align='center'>";
switch ($row2["estado"]) {
case 0: echo "<img src='images/dot_red.png'>";
break;
case 1: echo "<img src='images/dot_yellow.png'>";
break;
case 2: echo "<img src='images/dot_blue.png'>";
break;
case 3: echo "<img src='images/dot_white.png'>";
break;
case 13: echo "<img src='images/dot_green.png'>";
break;
}
echo "</td><td class='$tdcolor'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$row2["id_incidencia"]."'>".substr(salida_limpia($row2["titulo"]),0,45);
echo "<td class='$tdcolor' align='center'>";
switch ( $row2["prioridad"] ){
case 0: echo "<img src='images/dot_green.png'>"."<img src='images/dot_green.png'>"."<img src='images/dot_yellow.png'>"; break;
case 1: echo "<img src='images/dot_green.png'>"."<img src='images/dot_yellow.png'>"."<img src='images/dot_yellow.png'>"; break;
case 2: echo "<img src='images/dot_yellow.png'>"."<img src='images/dot_yellow.png'>"."<img src='images/dot_red.png'>"; break;
case 3: echo "<img src='images/dot_yellow.png'>"."<img src='images/dot_red.png'>"."<img src='images/dot_red.png'>"; break;
case 4: echo "<img src='images/dot_red.png'>"."<img src='images/dot_red.png'>"."<img src='images/dot_red.png'>"; break;
case 10: echo "<img src='images/dot_green.png'>"."<img src='images/dot_green.png'>"."<img src='images/dot_green.png'>"; break;
}
/*
case 0: echo __('Informative'); break;
case 1: echo __('Low'); break;
case 2: echo __('Medium'); break;
case 3: echo __('Serious'); break;
case 4: echo __('Very Serious'); break;
case 10: echo __('Maintenance'); break;
*/
echo "<td class='$tdcolor' align='center'>";
$id_grupo = $row2["id_grupo"];
echo '<img src="images/groups_small/'.show_icon_group($id_grupo).'.png" title="'.dame_grupo($id_grupo).'">';
echo "<td class='$tdcolor'>".human_time_comparation($row2["actualizacion"]);
echo "<td class='$tdcolor'>".$row2["origen"];
echo "<td class='$tdcolor'><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'>".$row2["id_usuario"]."</td>";
$id_author_inc = $row2["id_usuario"];
if (give_acl ($config['id_user'], $id_group, "IM") || $config["id_user"] == $id_author_inc) {
// Only incident owners or incident manager
// from this group can delete incidents
echo "<td class='$tdcolor' align='center'><a href='index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete=".$row2["id_incidencia"]."' onClick='if (!confirm(\' ".__('Are you sure?')."\')) return false;'><img src='images/cross.png' border='0'></a></td>";
}
$data[0] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$row["id_incidencia"].'">'.$row["id_incidencia"].'</a>';
$attnum = get_db_value ('COUNT(*)', 'tattachment', 'id_incidencia', $row["id_incidencia"]);
$notenum = dame_numero_notas ($row["id_incidencia"]);
if ($attnum > 0)
$data[0] .= '&nbsp;&nbsp;<img src="images/file.png" align="middle" />';
if ($notenum > 0 && $row["estado"] == 0)
$row["estado"] = 1;
switch ($row["estado"]) {
case 0:
$data[1] = '<img src="images/dot_red.png" />';
break;
case 1:
$data[1] = '<img src="images/dot_yellow.png" />';
break;
case 2:
$data[1] = '<img src="images/dot_blue.png" />';
break;
case 3:
$data[1] = '<img src="images/dot_white.png">';
break;
case 13:
$data[1] = '<img src="images/dot_green.png">';
break;
}
$data[2] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$row["id_incidencia"].'">'.safe_input (substr ($row["titulo"],0,45)).'</a>';
switch ($row["prioridad"]) {
case 4:
$data[3] = '<img src="images/dot_red.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" />';
break;
case 3:
$data[3] = '<img src="images/dot_yellow.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" />';
break;
case 2:
$data[3] = '<img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /><img src="images/dot_red.png" />';
break;
case 1:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" />';
break;
case 0:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_yellow.png" />';
break;
case 10:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_green.png" />';
break;
}
$data[4] = '<img src="images/groups_small/'.show_icon_group ($row["id_grupo"]).'.png" title="'.dame_grupo ($row["id_grupo"]).'" />';
$data[5] = human_time_comparation ($row["actualizacion"]);
$data[6] = $row["origen"];
$data[7] = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$row["id_usuario"].'">'.$row["id_usuario"].'</a>';
if (give_acl ($config["id_user"], $row["id_grupo"], "IM") || $config["id_user"] == $row["id_usuario"]) {
$data[8] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete='.$row["id_incidencia"].'" onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;"><img src="images/cross.png" border="0"></a>';
} else {
$data[8] = '';
}
array_push ($table->data, $data);
}
echo "</tr></table>";
if (give_acl ($config["id_user"], 0, "IW")) {
echo "<table width='750px'>";
echo "<tr><td align='right'>";
echo "<form method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form'>";
echo "<input type='submit' class='sub next' name='crt' value='".__('Create incident')."'></form>";
}
echo "</td></tr></table>";
print_table ($table);
unset ($table);
}
if (give_acl ($config["id_user"], 0, "IW")) {
echo '<div style="text-align:right; width:750px"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form">';
print_submit_button (__('Create incident'), 'crt', false, 'class="sub next"');
echo '</form></div>';
}
?>

691
pandora_console/operation/incidents/incident_detail.php
View File

@ -18,45 +18,25 @@
// Load global vars
?>
<script language="javascript">
/* Function to hide/unhide a specific Div id */
function toggleDiv (divid){
if (document.getElementById(divid).style.display == 'none'){
document.getElementById(divid).style.display = 'block';
} else {
document.getElementById(divid).style.display = 'none';
}
}
</script>
<?php
require("include/config.php");
check_login ();
$id_grupo = get_parameter ('id_grupo');
if (! give_acl ($config['id_user'], $id_grupo, "IR")) {
if (! give_acl ($config["id_user"], 0, "IR")) {
// Doesn't have access to this page
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation",
"Trying to access to incident ".$id_inc." '".$titulo."'");
audit_db ($config["id_user"], $REMOTE_ADDR, "ACL Violation", "Trying to access incident details");
include ("general/noaccess.php");
exit;
}
$id_grupo = "";
$creacion_incidente = "";
// EDITION MODE
if (isset ($_GET["id"])) {
$creacion_incidente = 0;
$id_inc = $_GET["id"];
$iduser_temp=$_SESSION['id_usuario'];
$id_inc = get_parameter_get ("id");
// Obtain group of this incident
$sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc;
$result=mysql_query($sql1);
$row=mysql_fetch_array($result);
$row = get_db_row ("tincidencia","id_incidencia",$id_inc);
// Get values
$titulo = $row["titulo"];
$texto = $row["descripcion"];
@ -66,123 +46,144 @@ if (isset ($_GET["id"])) {
$prioridad = $row["prioridad"];
$origen = $row["origen"];
$usuario = $row["id_usuario"];
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"];
$id_creator = $row["id_creator"];
$grupo = dame_nombre_grupo($id_grupo);
$upd_sql = sprintf ("UPDATE tincidencia SET actualizacion = NOW(), id_usuario = '%s' WHERE id_incidencia = %d", $usuario, $id_inc);
// Note add - everybody that can read incidents, can add notes
if (isset ($_GET["insertar_nota"])) {
$nota = get_parameter_post ("nota");
// Note add
if (isset($_GET["insertar_nota"])){
$id_inc = entrada_limpia($_POST["id_inc"]);
$timestamp = entrada_limpia($_POST["timestamp"]);
$nota = entrada_limpia($_POST["nota"]);
$sql = sprintf ("INSERT INTO tnota (id_usuario, timestamp, nota) VALUES ('%s',NOW(),'%s')",$config["id_user"],$nota);
$id_nota = process_sql ($sql, "insert_id");
$sql1 = "INSERT INTO tnota (id_usuario,timestamp,nota)
VALUES ('".$config['id_user']."','".$timestamp."','".$nota."')";
$res1=mysql_query($sql1);
if ($res1) { echo "<h3 class='suc'>".__('Note successfully added')."</h3>"; }
$sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$config['id_user']."' AND timestamp = '".$timestamp."'";
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$id_nota = $row2["id_nota"];
$sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")";
$res3=mysql_query($sql3);
$sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc;
$res4 = mysql_query($sql4);
if ($id_nota !== false) {
echo '<h3 class="suc">'.__('Note successfully added').'</h3>';
$sql = sprintf ("INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (%d,%d)", $id_inc, $id_nota);
process_sql ($sql);
process_sql ($upd_sql); //Update tincidencia
} else {
echo '<h3 class="error">'.__('Error adding note').'</h3>';
}
}
// Delete note
if (isset($_GET["id_nota"])){
$note_user = give_note_author ($_GET["id_nota"]);
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes
// But note authors was able to delete this own notes
$id_nota = $_GET["id_nota"];
$id_nota_inc = $_GET["id_nota_inc"];
$query ="DELETE FROM tnota WHERE id_nota = ".$id_nota;
$query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc;
//echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2;
mysql_query($query);
mysql_query($query2);
if (mysql_query($query)) {
echo "<h3 class='suc'>".__('Note successfully deleted');
if (isset ($_GET["id_nota"])) {
$id_nota = get_parameter_get ("id_nota");
$note_user = give_note_author ($id_nota);
if (((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($note_user == $config["id_user"])) OR ($id_creator == $config["id_user"]) ) {
// Only admins (manage incident) or owners can modify
// incidents, including their notes. note authors are
// able to delete their own notes
$sql = sprintf ("DELETE FROM tnota WHERE id_nota = %d",$id_nota);
$result = process_sql ($sql); //Result is 0 or false if the note wasn't deleted, therefore check with empty
if (!empty ($result)) {
$sql = sprintf ("DELETE FROM tnota_inc WHERE id_nota = %d",$id_nota);
$result = process_sql ($sql);
}
if (!empty ($result)) {
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('Note successfully deleted').'</h3>';
} else {
echo '<h3 class="error">'.__('Error deleting note').'<h3>';
}
}
}
// Delete file
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){
$file_id = $_GET["delete_file"];
$sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$filename = $row2["filename"];
$sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
unlink ($config["attachment_store"]."/pand".$file_id."_".$filename);
if (((give_acl ($config["id_user"], $id_grupo, "IM")==1) OR ($id_creator == $config["id_user"])) AND isset ($_GET["delete_file"])) {
$file_id = get_parameter_get ("delete_file");
$sql = sprintf ("SELECT filename FROM tattachment WHERE id_attachment = %d",$file_id);
$filename = get_db_sql ($sql);
if (!empty ($filename)) {
$sql = sprintf ("DELETE FROM tattachment WHERE id_attachment = %d",$file_id);
$result = process_sql ($sql);
} else {
echo '<h3 class="error">'.__('Could not find file in database').'</h3>';
$result = false;
}
if (!empty ($result)) {
unlink ($config["attachment_store"]."/pand".$file_id."_".$filename);
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('File successfully deleted from database').'</h3>';
} else {
echo '<h3 class="error"'.__('Unable to delete file').'</h3>';
}
}
// Upload file
if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) {
if (( $_FILES['userfile']['name'] != "" )){ //if file
$tipo = $_FILES['userfile']['type'];
if (isset($_POST["file_description"]))
$description = $_POST["file_description"];
else
$description = "No description available";
// Insert into database
$filename= $_FILES['userfile']['name'];
$filesize = $_FILES['userfile']['size'];
if ((give_acl ($config["id_user"], $id_grupo, "IW") == 1) AND isset ($_GET["upload_file"]) AND ($_FILES['userfile']['name'] != "")) { //if file
if (isset ($_POST["file_description"])) {
$description = get_parameter_post ("file_description");
} else {
$description = __("No description available");
}
// Insert into database
$filename = safe_input ($_FILES['userfile']['name']);
$filesize = safe_input ($_FILES['userfile']['size']);
$sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") ";
mysql_query($sql);
$id_attachment=mysql_insert_id();
// Copy file to directory and change name
$nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename;
if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){
echo "<h3 class=error>".__('File cannot be saved. Please contact Pandora administrator about this error <br>')."</h3>";
$sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
mysql_query($sql);
} else {
// Delete temporal file
unlink ($_FILES['userfile']['tmp_name']);
//The following is if you have clamavlib installed
//(php5-clamavlib) and enabled in php.ini
//http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if(extension_loaded ('clamav')) {
cl_setlimits (5, 1000, 200, 0, 10485760);
$malware = cl_scanfile ($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'<br>ClamAV version: '.clam_get_version();
die ($error); //On malware, we die because it's not good to handle it
}
}
$sql = sprintf ("INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size)
VALUES (%d, '%s', '%s', '%s', %d)", $id_inc, $config["id_user"],$filename,$description,$filesize);
$id_attachment = process_sql ($sql,"insert_id");
// Copy file to directory and change name
if ($id_attachment !== false) {
$nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename;
$result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo);
} else {
echo '<h3 class="error">'.__('File could not be saved due to database error').'</h3>';
$result = false;
}
if ($result !== false) {
unlink ($_FILES['userfile']['tmp_name']);
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('File uploaded').'</h3>';
} else {
echo '<h3 class="error">'.__('File could not be saved. Contact the Pandora Administrator for more information').'</h3>';
process_sql ("DELETE FROM tattachment WHERE id_attachment = ".$id_attachment);
}
}
} // else Not given id
// Create incident from event... read event data
elseif (isset($_GET["insert_form"])){
$iduser_temp=$_SESSION['id_usuario'];
$titulo = "";
if (isset($_GET["from_event"])){
$titulo = return_event_description($_GET["from_event"]);
$descripcion = "";
$origen = "Pandora FMS event";
} else {
$titulo = "";
$descripcion = "";
$origen = "";
}
$prioridad = 0;
$id_grupo = 0;
$grupo = dame_nombre_grupo(1);
$usuario= $_SESSION["id_usuario"];
$estado = 0;
$actualizacion=date("Y/m/d H:i:s");
$inicio = $actualizacion;
$id_creator = $iduser_temp;
$creacion_incidente = 1;
elseif (isset ($_GET["insert_form"])) {
$titulo = "";
$descripcion = "";
$origen = "";
$prioridad = 0;
$id_grupo = 0;
$estado = 0;
$texto = "";
$usuario = $config["id_user"];
$id_creator = $config["id_user"];
if (isset($_GET["from_event"])) {
$event = get_parameter_get ("from_event");
$titulo = return_event_description ($event);
$descripcion = "";
$origen = "Pandora FMS event";
unset ($event);
}
$prioridad = 0;
$id_grupo = 0;
} else {
audit_db($config['id_user'],$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way");
no_permission();
audit_db ($config['id_user'],$REMOTE_ADDR, "HACK","Trying to get to incident details in an unusual way");
no_permission ();
}
@ -192,295 +193,241 @@ elseif (isset($_GET["insert_form"])){
// Show the form
// ********************************************************************************************************
if ($creacion_incidente == 0)
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident&action=update'>";
else
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident&action=insert'>";
//This is for the pretty slide down attachment form
echo '<script type="text/javascript" src="include/javascript/jquery.js"></script>';
echo "<script type=\"text/javascript\">
$(document).ready(function() {
$('#file_control').hide();
$('#add_note').hide();
$('input#submit-attachment').click(function() {
$('#submit-attachment').fadeOut('fast');
$('#file_control').slideDown('slow');
return false;
});
$('input#submit-note_control').click(function() {
$('#submit-note_control').fadeOut('fast');
$('#add_note').slideDown('slow');
return false;
});
});</script>";
if (isset($id_inc)) {
echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";
}
echo "<h2>".__('Incident management')." &gt; ";
if (isset($id_inc)) {
echo __('Review of incident')." # ".$id_inc;
if (isset ($id_inc)) { //If $id_inc is set (when $_GET["id"] is set, not $_GET["insert_form"]
echo '<form name="accion_form" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident&action=update">';
echo '<input type="hidden" name="id_inc" value="'.$id_inc.'">';
echo '<h2>'.__('Incident management').' &gt; '.__('Incident details').' #'.$id_inc.'</h2>';
} else {
echo __('Create incident');
echo '<form name="accion_form" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident&action=insert">';
echo '<h2>'.__('Incident management').' &gt; '.__('Create incident').'</h2>';
}
echo "</h2>";
echo '<table cellpadding="4" cellspacing="4" class="databox" width="600">';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<tr><td class="datos"><b>'.__('Incident').'</b></td>
<td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'">';
echo '<table cellpadding="4" cellspacing="4" class="databox" width="650px">';
echo '<tr><td class="datos"><b>'.__('Incident').'</b></td><td colspan="3" class="datos">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_input_text ("titulo", $titulo,'', 70);
} else {
echo '<tr><td class="datos"><b>'.__('Incident').'</b><td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'" readonly>';
}
echo '<tr><td class="datos2"><b>'.__('Opened at').'</b>';
echo "<td class='datos2' <i>".$inicio."</i>";
echo '<td class="datos2"><b>'.__('Updated at').'</b>';
echo "<td class='datos2'><i>".$actualizacion."</i>";
echo '<tr><td class="datos"><b>'.__('Owner').'</b><td class="datos">';
if ((give_acl($config['id_user'], $id_grupo, "IM")==1) OR ($usuario == $config['id_user'])) {
echo "<select name='usuario_form' width='200px'>";
echo "<option value='".$usuario."'>".$usuario." - ".dame_nombre_real($usuario)."</option>";
$sql1='SELECT * FROM tusuario ORDER BY id_usuario';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["id_usuario"]."'>".$row2["id_usuario"]." - ".$row2["nombre_real"]."</option>";
}
echo "</select>";
print_input_text_extended ("titulo", $titulo, "", "", 70, "", false, "", "readonly");
}
else {
echo "<input type=hidden name='usuario_form2' value='".$usuario."'>";
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
}
// Tipo de estado
// 0 - Abierta / Sin notas - Open, without notes
// 1 - Abierta / Notas aniadidas - Open, with notes
// 2 - Descartada / Not valid
// 3 - Caducada / Outdated
// 13 - Cerrada / Closed
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<td class="datos"><b>'.__('Status').'</b>
<td class="datos">
<select name="estado_form" class="w135">';
echo '</td></tr>';
echo '<tr><td class="datos2"><b>'.__('Opened at').'</b></td><td class="datos2"><i>'.date ($config['date_format'],strtotime ($inicio)).'</i></td>';
echo '<td class="datos2"><b>'.__('Updated at').'</b><td class="datos2"><i>'.date ($config['date_format'],strtotime ($actualizacion)).'</i></td></tr>';
echo '<tr><td class="datos"><b>'.__('Owner').'</b></td><td class="datos">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135");
} else {
echo '<td class="datos"><b>'.__('Status').'</b>
<td class="datos">
<select disabled name="estado_form" class="w135">';
print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135", true);
}
echo '</td><td class="datos"><b>'.__('Status').'</b></td><td class="datos">';
switch ( $estado ){
case 0: echo '<option value="0">'.__('Open and Active'); break;
//case 1: echo '<option value="2">'.__('Open with notes'); break;
case 2: echo '<option value="2">'.__('Not valid'); break;
case 3: echo '<option value="3">'.__('Out of date'); break;
case 13: echo '<option value="13">'.__('Closed'); break;
$fields = array ();
$fields[0] = __('Open and Active');
$fields[2] = __('Not valid');
$fields[3] = __('Out of date');
$fields[13] = __('Closed');
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135');
} else {
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135', true);
}
echo '</td></tr>';
echo '<option value="0">'.__('Open and Active');
//echo '<option value="1">'.__('Open with notes');
echo '<option value="2">'.__('Not valid');
echo '<option value="3">'.__('Out of date');
echo '<option value="13">'.__('Closed');
echo '</select></td>';
echo '<tr><td class="datos2"><b>'.__('Source').'</b></td><td class="datos2">';
$fields = array ();
$return = get_db_all_rows_sql ("SELECT origen FROM torigen ORDER BY origen");
if ($return === false)
$return[0] = $estado; //Something must be displayed
foreach ($return as $row) {
$fields[$row["origen"]] = $row["origen"];
}
// Only owner could change source or user with Incident management privileges
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<tr><td class="datos2"><b>'.__('Source').'</b></td>
<td class="datos2">
<select name="origen_form" class="w135">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135');
} else {
echo '<tr><td class="datos2"><b>'.__('Source').'</b></td>
<td class="datos2">
<select disabled name="origen_form" class="w135">';
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135', true);
}
// Fill combobox with source (origen)
if ($origen != "")
echo "<option value='".$origen."'>".$origen;
$sql1='SELECT * FROM torigen ORDER BY origen';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["origen"]."'>".$row2["origen"]."</option>";
}
echo "</select></td>";
echo '</td><td class="datos2"><b>'.__('Group').'</b></td><td class="datos2">';
// Group combo
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<td class="datos2"><b>'.__('Group').'</b></td>
<td class="datos2">
<select name="grupo_form" class="w135">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, false, 'w135');
} else {
echo '<td class="datos2"><b>'.__('Group').'</b></td>
<td class="datos2">
<select disabled name="grupo_form" class="w135">';
}
if ($id_grupo != 0)
echo "<option value='".$id_grupo."'>".$grupo;
$sql1='SELECT * FROM tgrupo ORDER BY nombre';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
if (give_acl($iduser_temp, $row["id_grupo"], "IR")==1)
echo "<option value='".$row["id_grupo"]."'>".$row["nombre"]."</option>";
print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, true, 'w135', true);
}
echo '</select></td></tr><tr>';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<td class="datos"><b>'.__('Priority').'</b></td>
<td class="datos"><select name="prioridad_form" class="w135">';
echo '</td></tr><tr><td class="datos"><b>'.__('Priority').'</b></td><td class="datos">';
$fields = array();
$fields[0] = __('Informative');
$fields[1] = __('Low');
$fields[2] = __('Medium');
$fields[3] = __('Serious');
$fields[4] = __('Very serious');
$fields[10] = __('Maintenance');
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135');
} else {
echo '<td class="datos"><b>'.__('Priority').'</b></td>
<td class="datos"><select disabled name="prioridad_form" class="w135">';
print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135', true);
}
switch ( $prioridad ){
case 0: echo '<option value="0">'.__('Informative').'</option>'; break;
case 1: echo '<option value="1">'.__('Low').'</option>'; break;
case 2: echo '<option value="2">'.__('Medium').'</option>'; break;
case 3: echo '<option value="3">'.__('Serious').'</option>'; break;
case 4: echo '<option value="4">'.__('Very Serious').'</option>'; break;
case 10: echo '<option value="10">'.__('Maintenance').'</option>'; break;
}
echo '<option value="0">'.__('Informative').'</option>';
echo '<option value="1">'.__('Low').'</option>';
echo '<option value="2">'.__('Medium').'</option>';
echo '<option value="3">'.__('Serious').'</option>';
echo '<option value="4">'.__('Very Serious').'</option>';
echo '<option value="10">'.__('Maintenance').'</option>';
echo "<td class='datos'><b>Creator</b>
<td class='datos'>".$id_creator." ( <i>".dame_nombre_real($id_creator)." </i>)";
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '</select>
<tr><td class="datos2" colspan="4">
<textarea name="descripcion" rows="15" cols="85" style="height: 300px;">';
echo '</td><td class="datos"><b>'.__('Creator').'</b></td><td class="datos">';
if (empty ($id_creator)) {
echo 'SYSTEM';
} else {
echo '</select>
<tr><td class="datos2" colspan="4">
<textarea readonly name="descripcion" rows="15" cols="85" style="height: 300px;">';
echo $id_creator.' (<i>'.dame_nombre_real ($id_creator).'</i>)';
}
if (isset($texto)) {
echo $texto;
}
echo "</textarea></td></tr>";
echo '</table><table width="650px">';
echo "<tr><td align='right'>";
echo '</td></tr><tr><td class="datos2" colspan="4">';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;"');
} else {
print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;" disabled');
}
echo '</td></tr></table><div style="width: 600px; text-align:right;">';
// Only if user is the used who opened incident or (s)he is admin
$iduser_temp=$_SESSION['id_usuario'];
if ($creacion_incidente == 0){
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){
echo '<input type="submit" class="sub upd" name="accion" value="'.__('Update incident').'" border="0">';
}
if (isset ($id_inc) AND (give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"');
} elseif (give_acl ($config["id_user"], $id_grupo, "IW")) {
print_submit_button (__('Create'), "accion", false, 'class="sub wand"');
} else {
if (give_acl($iduser_temp, $id_grupo, "IW")) {
echo '<input type="submit" class="sub wand" name="accion" value="'.__('Create').'" border="0">';
}
print_submit_button (__('Submit'), "accion", true, 'class="sub upd"');
}
echo "</form>";
echo "</div></form>";
echo '<div>';
print_submit_button (__('Add note'), "note_control", false, 'class="sub next"');
echo '</div><div>';
echo '<form id="add_note" name="nota" method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insertar_nota=1&id='.$id_inc.'">';
echo '<table cellpadding="4" cellspacing="4" class="databox" width="600px">
<tr><td class="datos2"><textarea name="nota" rows="5" cols="70" style="height: 100px;"></textarea></td>
<td valign="bottom"><input name="addnote" type="submit" class="sub wand" value="'.__('Add').'"></td></tr>
</table></form></div><div>';
if ($creacion_incidente == 0){
echo "<tr><td align='right'>";
echo '
<form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_note&id_inc='.$id_inc.'">
<input type="hidden" name="nota" value="add">
<input align=right name="addnote" type="submit" class="sub next" value="'.__('Add note').'">
</form>';
// ********************************************************************
// Notes
// ********************************************************************
if (isset ($id_inc)) {
$sql = sprintf ("SELECT tnota.* FROM tnota, tnota_inc WHERE tnota_inc.id_incidencia = '%d' AND tnota.id_nota = tnota_inc.id_nota",$id_inc);
$result = get_db_all_rows_sql ($sql);
} else {
$result = array ();
}
echo "</tr></table><br>";
if ($creacion_incidente == 0){
if (empty ($result)) {
$result = array ();
} else {
echo "<h3>".__('Notes attached to incident').'<h3>';
}
// ********************************************************************
// Notes
// ********************************************************************
$cabecera=0;
$sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc;
$res4=mysql_query($sql4);
while ($row2=mysql_fetch_array($res4)){
if ($cabecera == 0) { // Show head only one time
echo "<h3>".__('Notes attached to incident')."</h3>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='650'>";
echo "<tr><td>";
$cabecera = 1;
}
$sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC';
$res3=mysql_query($sql3);
while ($row3=mysql_fetch_array($res3)){
$timestamp = $row3["timestamp"];
$nota = $row3["nota"];
$id_usuario_nota = $row3["id_usuario"];
// Show data
echo '<tr><td rowspan="3" class="top"><img src="images/page_white_text.png"></td><td class="datos" width=40><b>'.__('Author').': </b><td class="datos">';
$usuario = $id_usuario_nota;
$nombre_real = dame_nombre_real ($usuario);
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
// Delete comment, only for admins
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
$myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"];
echo '<td rowspan="3" class="top" width="60" align="center"><a href="'.$myurl.'"><img src="images/cross.png" align="middle" border="0"></a>';
}
echo '<tr><td class="datos"><b>'.__('Date').': </b><td class="datos"><i>'.$timestamp.'</i></td></tr>';
echo '<tr><td colspan="2" class="datos"> ';
echo '<table border="0" cellpadding="4" cellspacing="4" style="width: 580px">';
echo '<tr><td class="datos2" align="justify">';
echo salida_limpia ($nota);
echo "</td></tr>";
echo '</table>';
}
echo '<table cellpadding="4" cellspacing="4" class="databox" width="600px">';
foreach ($result as $row) {
echo '<tr><td><img src="images/page_white_text.png" border="0"></td>';
echo '<td>'.__('Author').': <a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$row["id_usuario"].'">'.dame_nombre_real ($row["id_usuario"]).'</a> ('.date ($config['date_format'],strtotime ($row["timestamp"])).')</td></tr>';
echo '<tr><td>';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) {
echo '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&id_nota='.$row["id_nota"].'"><img src="images/cross.png" border="0"></a>';
}
if ($cabecera == 1){
echo "</table>"; // note table
echo '</td><td>'.safe_input ($row["nota"]).'</td></tr>';
}
echo '</table>';
// ************************************************************
// Files attached to this incident
// ************************************************************
// Attach head if there's attach for this incident
if (isset ($id_inc)) {
$result = get_db_all_rows_field_filter ("tattachment", "id_incidencia", $id_inc, "filename");
} else {
$result = array ();
}
if (empty ($result)) {
$result = array ();
} else {
echo "<h3>".__('Attached files')."</h3>";
}
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = "databox";
$table->width = 650;
$table->head = array ();
$table->data = array ();
$table->head[0] = __('Filename');
$table->head[1] = __('Description');
$table->head[2] = __('Size');
$table->head[3] = __('Delete');
$table->align[2] = "center";
$table->align[3] = "center";
foreach ($result as $row) {
$data[0] = '<img src="images/disk.png" border="0" align="top" />&nbsp;&nbsp;<a target="_new" href="attachment/pand'.$row["id_attachment"].'_'.$row["filename"].'"><b>'.$row["filename"].'</b></a>';
$data[1] = $row["description"];
$data[2] = $row["size"]." KB";
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
$data[3] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/cross.png" border=0 /></a>';
} else {
$data[3] = '';
}
echo "</form></table>";
array_push ($table->data, $data);
}
// ************************************************************
// Files attached to this incident
// ************************************************************
if (!empty ($table->data)) {
print_table ($table);
}
unset ($table);
// Attach head if there's attach for this incident
$att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc);
// ************************************************************
// Upload control
// ************************************************************
if (mysql_num_rows($att_fil)){
echo "<h3>".__('Attached files')."</h3>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='650'>";
echo "<tr>
<th class=datos>".__('Filename')."</th>
<th class=datos>".__('Description')."</th>
<th class=datos>".__('Size')."</th>
<th class=datos>".__('Delete')."</th></tr>";
while ($row=mysql_fetch_array($att_fil)){
echo "<tr><td class=datos><img src='images/disk.png' border=0 align='top'> &nbsp;&nbsp;<a target='_new' href='attachment/pand".$row["id_attachment"]."_".$row["filename"]."'><b>".$row["filename"]."</b></a>";
echo "<td class=datos>".$row["description"];
echo "<td class=datos>".$row["size"];
if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment
echo '<td class=datos align="center"><a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/cross.png" border=0>';
}
}
echo "</td></tr></table>";
}
// ************************************************************
// Upload control
// ************************************************************
// Upload control
if (give_acl($iduser_temp, $id_grupo, "IW")==1){
echo "<h3>".__('Attach file');
?>
<A HREF="javascript:;" onmousedown="toggleDiv('file_control');">
<?PHP
echo "<img src='images/disk.png'>";
echo "</a></h3>";
echo "<div id='file_control' style='display:none'>";
echo '<table cellpadding="4" cellspacing="3" class="databox" width="400">
<tr>
<td class="datos">'.__('Filename').'</td>
<td class="datos"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">
<input type="file" name="userfile" value="userfile" class="sub" size="40">
</td></tr>
<tr><td class="datos2">'.__('Description').'</td>
<td class="datos2" colspan="3">
<input type="text" name="file_description" size="47">
</td></tr>
</table>
<table width="400px">
<tr><td style="text-align: right;">
<input type="submit" name="upload" value="'.__('Upload').'" class="sub wand">
</td></tr></table><br>';
echo "</div>";
}
} // create mode
// Upload control
if (give_acl($config["id_user"], $id_grupo, "IW")==1){
echo '<div>';
print_submit_button (__('Add attachment'), "attachment", false, 'class="sub next"');
echo '</div>';
echo '<div><form method="post" id="file_control" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">';
echo '<table cellpadding="4" cellspacing="3" class="databox" width="400">
<tr><td class="datos">'.__('Filename').'</td><td class="datos"><input type="file" name="userfile" value="userfile" class="sub" size="40" /></td></tr>
<tr><td class="datos2">'.__('Description').'</td><td class="datos2" colspan="3"><input type="text" name="file_description" size="47"></td></tr>
<tr><td rowspan="2" style="text-align: right;"> <input type="submit" name="upload" value="'.__('Upload').'" class="sub wand"></td></tr>
</table></form></div>';
}
?>

45
pandora_console/operation/incidents/incident_note.php
View File

@ -1,45 +0,0 @@
<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2008 Artica Soluciones Tecnologicas, http://www.artica.es
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
require("include/config.php");
if (comprueba_login() == 0) {
$id_inc = $_GET["id_inc"];
$now=date("Y/m/d H:i:s");
// Create Note
echo "<h2>".__('Incident management')." &gt; ";
echo __('Add note to incident')." #".$id_inc."</h2>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='550px'>
<form name='nota' method='post' action='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insertar_nota=1&id=".$id_inc."'>";
echo "<tr><td class='datos'><b>".__('Date')."</b>";
echo "<td class='datos'>".$now."</td>";
echo "<input type='hidden' name='timestamp' value='".$now."'>";
echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";
echo '<tr><td colspan="3" class="datos2"><textarea name="nota" rows="20" cols="80" style="height: 300px;">';
echo '</textarea>';
echo '</td></tr>';
echo '</table><table width="550">';
echo '<tr><td align="right">
<input name="addnote" type="submit" class="sub wand" value="'.__('Add').'">';
echo '</table>';
} // end page

64
pandora_console/operation/incidents/incident_search.php
View File

@ -20,42 +20,32 @@
// Load global vars
require("include/config.php");
if (comprueba_login() == 0) {
check_login ();
echo "<h2>".__('Incident management')." &gt; ";
echo __('Please select a search criterion')."</h2>";
echo "<div style='width:645'>";
echo "<div style='float:right;'><img src='images/pulpo_lupa.png' class='bot' align='left'></div>";
?>
<div style='float:left;'>
<table width="500" cellpadding="4" cellspacing="4" class='databox'>
<form name="busqueda" method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident">
<tr>
<td class="datos"><?php echo __('user') ?>
<td class="datos">
<select name="usuario" class="w120">
<option value=""><?php echo __('All') ?></option>
<?php
$sql1='SELECT * FROM tusuario ORDER BY id_usuario';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
echo "<option>".$row["id_usuario"]."</option>";
}
?>
</select>
<tr><td class="datos2"><?php echo __('Free text for search (*)') ?>
<td class="datos2"><input type="text" size="45" name="texto"></tr>
<tr><td class="datos" colspan="2"><i><?php echo __('(*) The text search will look for all words entered as substring, in index title or description of each incident') ?></i></td></tr>
</table>
<table width="500">
<tr><td align="right" colspan="3">
<?php echo "<input name='uptbutton' type='submit' class='sub search' value='".__('Search')."'>"; ?>
</form>
</table>
</div>
</div>
<?php
} // end page
if (give_acl ($config['id_user'], 0, "IR") != 1) {
audit_db($config['id_user'],$REMOTE_ADDR, "ACL Violation","Trying to access incident search");
require ("general/noaccess.php");
exit;
}
echo "<h2>".__('Incident management')." &gt; ".__('Please select a search criterion')."</h2>";
echo '<div style="width:650px;"><div style="float:right;"><img src="images/pulpo_lupa.png" class="bot" align="left"></div>
<div style="float:left;"><form name="busqueda" method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident">
<table width="500px" cellpadding="4" cellspacing="4" class="databox">
<tr><td class="datos">'.__('Created by:').'</td><td class="datos">';
print_select (list_users (), "usuario", "All", '', __('All'), "All", false, false, false, "w120");
echo '</td></tr><tr><td class="datos2">'.__('Search text').': (*)</td>
<td class="datos2">';
print_input_text ('texto', '', '', 45);
echo '</td></tr><tr>
<td class="datos" colspan="2"><i>'.__('(*) The text search will look for all words entered as a substring in the title and description of each incident').'
</i></td></tr><tr><td align="right" colspan="2">';
print_submit_button (__('Search'), 'uptbutton', false, 'class="sub search"');
echo '</td></tr></table></form></div></div>';
?>

35
pandora_console/operation/incidents/incident_statistics.php
View File

@ -22,30 +22,23 @@ require("include/config.php");
check_login ();
if (! give_acl ($config['id_user'], 0, "IR")==1) {
if (! give_acl ($config['id_user'], 0, "IR") == 1) {
require ("general/noaccess.php");
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access Incident section");
return;
}
echo "<h2>".__('Incident management')." &gt; ";
echo __('Statistics')."</h2>";
echo "<h2>".__('Incident management')." &gt; ".__('Statistics')."</h2>";
echo "<table width = 90%>";
echo "<tr><td valign='top'>";
echo '<h3>'.__('Incidents by status').'</h3>';
echo '<img src="reporting/fgraph.php?tipo=estado_incidente" border=0>';
echo "<td valign='top'>";
echo '<h3>'.__('Incidents by priority').'</h3>';
echo '<img src="reporting/fgraph.php?tipo=prioridad_incidente" border=0>';
echo "<tr><td>";
echo '<h3>'.__('Incidents by group').'</h3>';
echo '<img src="reporting/fgraph.php?tipo=group_incident" border=0>';
echo "<td>";
echo '<h3>'.__('Incidents by user').'</h3>';
echo '<img src="reporting/fgraph.php?tipo=user_incident" border=0>';
echo "<tr><td>";
echo '<h3>'.__('Incidents by source').'</h3>';
echo '<img src="reporting/fgraph.php?tipo=source_incident" border=0>';
echo "<td>";
echo "</table>";
echo '<table width="90%">
<tr><td valign="top"><h3>'.__('Incidents by status').'</h3>
<img src="reporting/fgraph.php?tipo=estado_incidente" border="0"></td>
<td valign="top"><h3>'.__('Incidents by priority').'</h3>
<img src="reporting/fgraph.php?tipo=prioridad_incidente" border="0"></td></tr>
<tr><td><h3>'.__('Incidents by group').'</h3>
<img src="reporting/fgraph.php?tipo=group_incident" border="0"></td>
<td><h3>'.__('Incidents by user').'</h3>
<img src="reporting/fgraph.php?tipo=user_incident" border="0"></td></tr>
<tr><td><h3>'.__('Incidents by source').'</h3>
<img src="reporting/fgraph.php?tipo=source_incident" border="0"></td></tr>
</table>';
?>