From ecaa0f02bbc0c98703ac70c4815620da504849b1 Mon Sep 17 00:00:00 2001 From: guruevi Date: Fri, 19 Sep 2008 16:08:59 +0000 Subject: [PATCH] 2008-09-19 Evi Vanoost * include/styles/pandora.css: Removed some duplicate entries while hunting down a specific tag * include/functions_html.php: Added class to print_select () and removed the default 'select' display in case of empty * include/functions_db.php: Added comment to list_group so coders are reminded to use the html functions instead. Fixed dame_nombre_real because a user_id is not an int. Added function list_users similar to list_group. Needed to fill input boxes with user selections. * include/functions.php: Adhered pagination to correcter HTML style removed single quotes and closed open tags * operation/incidents/incident_statistics.php: Correcter HTML * operation/incidents/incident_search.php: Style changes. Use new functions for html objects * operation/incidents/incident_note.php: Inherited into incident_detail.php * operation/incident_detail.php: Rewritten for style and security. Uses all the functions for html and sql. Added a bunch of security checks and made it look a little more consistent. Added virus scanner integration with the clamav library for PHP4 or PHP5 (autodetect) * operation/incident.php: Rewritten for style and security. Uses all the functions for html and sql. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1103 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 32 + pandora_console/include/functions.php | 14 +- pandora_console/include/functions_db.php | 34 +- pandora_console/include/functions_html.php | 34 +- pandora_console/include/styles/pandora.css | 8 - .../operation/incidents/incident.php | 641 +++++++--------- .../operation/incidents/incident_detail.php | 691 ++++++++---------- .../operation/incidents/incident_note.php | 45 -- .../operation/incidents/incident_search.php | 64 +- .../incidents/incident_statistics.php | 35 +- 10 files changed, 711 insertions(+), 887 deletions(-) delete mode 100644 pandora_console/operation/incidents/incident_note.php diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 56f5f0f75d..0a38d47260 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,35 @@ +2008-09-19 Evi Vanoost + + * include/styles/pandora.css: Removed some duplicate entries while + hunting down a specific tag + + * include/functions_html.php: Added class to print_select () and + removed the default 'select' display in case of empty + + * include/functions_db.php: Added comment to list_group so coders are + reminded to use the html functions instead. Fixed dame_nombre_real + because a user_id is not an int. Added function list_users similar to + list_group. Needed to fill input boxes with user selections. + + * include/functions.php: Adhered pagination to correcter HTML style + removed single quotes and closed open tags + + * operation/incidents/incident_statistics.php: Correcter HTML + + * operation/incidents/incident_search.php: Style changes. Use new + functions for html objects + + * operation/incidents/incident_note.php: Inherited into + incident_detail.php + + * operation/incident_detail.php: Rewritten for style and security. + Uses all the functions for html and sql. Added a bunch of security + checks and made it look a little more consistent. Added virus scanner + integration with the clamav library for PHP4 or PHP5 (autodetect) + + * operation/incident.php: Rewritten for style and security. Uses all + the functions for html and sql. + 2008-09-19 Ramon Novoa * godmode/agentes/module_manager_editor_network.php, diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 47e1c5216f..b5c1227990 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -324,16 +324,13 @@ function pagination ($count, $url, $offset) { echo "
"; // Show GOTO FIRST button - echo ''; - echo ""; - echo ""; - echo " "; + echo ' '; // Show PREVIOUS button if ($index_page > 0){ $index_page_prev= ($index_page-(floor($block_limit/2)))*$config["block_size"]; if ($index_page_prev < 0) $index_page_prev = 0; - echo ''; + echo ''; } echo " ";echo " "; // Draw blocks markers @@ -364,8 +361,7 @@ function pagination ($count, $url, $offset) { $prox_bloque = ($i+ceil($block_limit/2))*$config["block_size"]; if ($prox_bloque > $count) $prox_bloque = ($count -1) - $config["block_size"]; - echo ''; - echo " "; + echo ''; $i = $index_counter; } // if exists more registers than i can put in a page (defined by $block_size config parameter) @@ -374,9 +370,7 @@ function pagination ($count, $url, $offset) { // as painted in last block (last integer block). if (($count - $config["block_size"]) > 0){ $myoffset = floor(($count-1)/ $config["block_size"])* $config["block_size"]; - echo ''; - echo ""; - echo ""; + echo ''; } // End div and layout echo "
"; diff --git a/pandora_console/include/functions_db.php b/pandora_console/include/functions_db.php index fec61f8430..1521fe32d3 100644 --- a/pandora_console/include/functions_db.php +++ b/pandora_console/include/functions_db.php @@ -492,7 +492,7 @@ function dame_id_tipo_modulo_agentemodulo ($id_agente_modulo) { * @return Real name of given user. */ function dame_nombre_real ($id_user) { - return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', (int) $id_user); + return (string) get_db_value ('nombre_real', 'tusuario', 'id_usuario', $id_user); } /** @@ -987,6 +987,9 @@ function give_agentmodule_flag ($id_agent_module) { /** * Prints a list of HTML tags with the groups the user has * reading privileges. + * + * DEPRECATED: Use get_user_groups () in combination with print_select () + * instead * * @param id_user User id * @param show_all Flag to show all the groups or not. True by default. @@ -1032,6 +1035,35 @@ function list_group2 ($id_user) { return ($mis_grupos); } +/** + * Get a list of all users in an array [username] => real name + * + * @param order by (id_usuario, nombre_real or fecha_registro) + * + * @return An array of users + */ +function list_users ($order = "nombre_real") { + switch ($order) { + case "id_usuario": + case "fecha_registro": + case "nombre_real": + break; + default: + $order = "nombre_real"; + } + + $output = array(); + + $result = get_db_all_rows_sql ("SELECT id_usuario, nombre_real FROM tusuario ORDER BY ".$order); + if ($result !== false) { + foreach ($result as $row) { + $output[$row["id_usuario"]] = $row["nombre_real"]; + } + } + + return $output; +} + /** * Get all the groups a user has reading privileges. * diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index 93f6299688..f04f95a44a 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -33,41 +33,51 @@ * @param bool $multiple Set the input to allow multiple selections (optional, single selection by default). * @param bool $sort Whether to sort the options or not (optional, unsorted by default). */ -function print_select ($fields, $name, $selected = '', $script = '', $nothing = 'select', $nothing_value = '0', $return = false, $multiple = false, $sort = true) { +function print_select ($fields, $name, $selected = '', $script = '', $nothing = '', $nothing_value = '0', $return = false, $multiple = false, $sort = true, $class = '', $disabled = false) { $output = "\n"; - $attributes = ($script) ? 'onchange="'. $script .'"' : ''; - if ($multiple){ - $attributes .= ' multiple="yes" size=10 '; + $attributes = ""; + if (!empty ($script)) { + $attributes .= ' onchange="'.$script.'"'; + } + if (!empty ($multiple)) { + $attributes .= ' multiple="yes" size="10"'; + } + if (!empty ($class)) { + $attributes .= ' class="'.$class.'"'; + } + if (!empty ($disabled)) { + $attributes .= ' disabled'; } - $output .= ''; if ($nothing != '') { - $output .= ' "; //You should pass a translated string already } if (!empty ($fields)) { - if ($sort) + if ($sort !== false) { asort ($fields); + } foreach ($fields as $value => $label) { - $output .= ' "; } else { - $output .= '>'. $label ."\n"; + $output .= '>'.$label.""; } } } - $output .= "\n"; + $output .= ""; if ($return) return $output; diff --git a/pandora_console/include/styles/pandora.css b/pandora_console/include/styles/pandora.css index fb224665a3..f534a0f8ee 100644 --- a/pandora_console/include/styles/pandora.css +++ b/pandora_console/include/styles/pandora.css @@ -33,21 +33,15 @@ body { } input, textarea { border: 1px solid #ddd; - font: verdana, sans-serif; - font-size: 8pt; } textarea { padding: 5px; height: 100px; - font-family: verdana, sans-serif; - font-size: 8pt; } textarea.conf_editor { padding: 5px; width: 650; height: 350; - font-family: verdana, sans-serif; - font-size: 8pt; } input { padding: 2px 3px 4px 3px; @@ -63,8 +57,6 @@ input.button { select { padding: 0px; border:1px solid #ddd; - font-family: verdana, sans-serif; - font-size: 8pt; } checkbox { padding: 4px; diff --git a/pandora_console/operation/incidents/incident.php b/pandora_console/operation/incidents/incident.php index bb34980c4e..a71c6c3b93 100644 --- a/pandora_console/operation/incidents/incident.php +++ b/pandora_console/operation/incidents/incident.php @@ -18,7 +18,6 @@ -$accion = ""; require ("include/config.php"); check_login (); @@ -32,444 +31,324 @@ if (! give_acl ($config['id_user'], 0, "IR")) { // Take input parameters // Offset adjustment -if (isset($_GET["offset"])) - $offset=$_GET["offset"]; -else - $offset=0; +if (isset($_GET["offset"])) { + $offset = get_parameter_get ("offset"); +} else { + $offset = 0; +} // Delete incident if (isset($_GET["quick_delete"])){ - $id_inc = $_GET["quick_delete"]; - $sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc; - $result2=mysql_query($sql2); - $row2=mysql_fetch_array($result2); - if ($row2) { - $id_author_inc = $row2["id_usuario"]; - if (give_acl ($config['id_user'], $row2["id_grupo"], "IM") || $config["id_user"] == $id_author_inc) { - borrar_incidencia($id_inc); - echo "

".__('Incident successfully deleted')."

"; - audit_db($id_author_inc,$REMOTE_ADDR,"Incident deleted","User ".$config['id_user']." deleted incident #".$id_inc); + $id_inc = get_parameter_get ("quick_delete"); + $sql = "SELECT id_usuario, id_grupo FROM tincidencia WHERE id_incidencia=".$id_inc; + $result = get_db_row_sql ($sql); + $usuario = give_incident_author ($id_inc); + + if ($result !== false) { + if (give_acl ($config['id_user'], $result["id_grupo"], "IM") || $config["id_user"] == $result["id_usuario"]) { + borrar_incidencia ($id_inc); + echo '

'.__('Incident successfully deleted').'

'; + audit_db ($usuario,$REMOTE_ADDR,"Incident deleted","User ".$config['id_user']." deleted incident #".$id_inc); } else { - audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident"); - echo "

".__('There was a problem deleting incident')."

"; - no_permission(); + audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." tried to delete incident"); + echo '

'.__('There was a problem deleting incident').'

'; + no_permission (); } } } // UPDATE incident -if ((isset($_GET["action"])) AND ($_GET["action"]=="update")){ - $id_inc = $_POST["id_inc"]; - $grupo = entrada_limpia($_POST['grupo_form']); - $usuario= entrada_limpia($_POST["usuario_form"]); +if ((isset ($_GET["action"])) AND ($_GET["action"] == "update")) { + $id_inc = get_parameter_post ("id_inc"); + $usuario = give_incident_author ($id_inc); + $grupo = get_parameter_post ("grupo_form"); + if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage incident) or owners can modify incidents - $id_author_inc = give_incident_author($id_inc); - $titulo = entrada_limpia($_POST["titulo"]); - $descripcion = entrada_limpia($_POST['descripcion']); - $origen = entrada_limpia($_POST['origen_form']); - $prioridad = entrada_limpia($_POST['prioridad_form']); - $estado = entrada_limpia($_POST["estado_form"]); - $ahora=date("Y/m/d H:i:s"); - $sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc; - $result=mysql_query($sql); - audit_db($id_author_inc,$REMOTE_ADDR,"Incident updated","User ".$config['id_user']." deleted updated #".$id_inc); - if ($result) - echo "

".__('Incident successfully updated')."

"; - else - echo "

".__('There was a problem updating incident')."

"; + $titulo = get_parameter_post ("titulo"); + $descripcion = get_parameter_post ("descripcion"); + $origen = get_parameter_post ("origen_form"); + $prioridad = get_parameter_post ("prioridad_form"); + $estado = get_parameter_post ("estado_form"); + $ahora = date ("Y/m/d H:i:s"); + + $sql = sprintf ("UPDATE tincidencia SET actualizacion = '%s', titulo = '%s', origen = '%s', estado = %d, id_grupo = %d, id_usuario = '%s', prioridad = %d, descripcion = '%s' WHERE id_incidencia = %d", + $ahora, $titulo, $origen, $estado, $grupo, $usuario, $prioridad, $descripcion, $id_inc); + $result = process_sql ($sql); + + if ($result !== false) { + audit_db($usuario,$REMOTE_ADDR,"Incident updated","User ".$config['id_user']." updated incident #".$id_inc); + echo '

'.__('Incident successfully updated').'

'; + } else { + echo '

'.__('There was a problem updating the incident').'

'; + } } else { - audit_db($config['id_user'],$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident"); - echo "

".__('There was a problem updating incident')."

"; + audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$config['id_user']." try to update incident"); no_permission(); } } + // INSERT incident -if ((isset($_GET["action"])) AND ($_GET["action"]=="insert")){ - $grupo = entrada_limpia($_POST['grupo_form']); - $usuario= entrada_limpia($_POST["usuario_form"]); - if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage +if ((isset ($_GET["action"])) AND ($_GET["action"] == "insert")) { + $grupo = get_parameter_post ("grupo_form"); + if (give_acl ($config['id_user'], $grupo, "IM")) { // Read input variables - $titulo = entrada_limpia($_POST['titulo']); - $inicio = date("Y/m/d H:i:s"); - $descripcion = entrada_limpia($_POST['descripcion']); - $texto = $descripcion; // to view in textarea after insert - $origen = entrada_limpia($_POST['origen_form']); - $prioridad = entrada_limpia($_POST['prioridad_form']); - $actualizacion = $inicio; + $titulo = get_parameter_post ("titulo"); + $descripcion = get_parameter_post ("descripcion"); + $origen = get_parameter_post ("origen_form"); + $prioridad = get_parameter_post ("prioridad_form"); $id_creator = $config['id_user']; - $estado = entrada_limpia($_POST["estado_form"]); - $sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') "; - if (mysql_query($sql)){ - echo "

".__('Incident successfully created')."

"; - $id_inc=mysql_insert_id(); - audit_db($usuario,$REMOTE_ADDR,"Incident created","User ".$config['id_user']." created incident #".$id_inc); + $estado = get_parameter_post ("estado_form"); + $sql = sprintf ("INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo,id_creator) VALUES + (NOW(), NOW(), '%s', '%s', '%s', '%s', %d, %d, '%s')".$titulo,$descripcion,$config["id_user"],$origen,$estado,$prioridad,$grupo,$config["id_user"]); + $id_inc = process_sql ($sql, "insert_id"); + + if ($id_inc === false) { + echo '

'.__('Error creating incident').'

'; + } else { + audit_db ($config["id_user"], $REMOTE_ADDR, "Incident created", "User ".$config["id_user"]." created incident #".$id_inc); } } else { - audit_db($config['id_user'],$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to create incident"); - no_permission(); + audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to create incident"); + no_permission (); } } // Search -$busqueda=""; -if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){ - if (isset($_POST["texto"])){ - $texto_form = $_POST["texto"]; - $_GET["texto"]=$texto_form; // Update GET vars if data comes from POST - } else // GET - $texto_form = $_GET["texto"]; +$filter = ""; - $busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )"; -} +$texto = (string) get_parameter ("texto", ""); +if ($texto != "") + $filter .= sprintf (" AND (titulo LIKE '%%%s%%' OR descripcion LIKE '%%%s%%')", $texto, $texto); -if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){ - if (isset($_POST["usuario"])){ - $usuario_form = $_POST["usuario"]; - $_GET["usuario"]=$usuario_form; - } else // GET - $usuario_form=$_GET["usuario"]; +$usuario = (string) get_parameter ("usuario", "All"); +if ($usuario != "All") + $filter .= sprintf (" AND id_usuario = '%s'", $usuario); - if ($usuario_form != ""){ - if (isset($_GET["texto"])) - $busqueda = $busqueda." and "; - $busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' "; +$estado = (int) get_parameter ("estado", -1); +if ($estado != -1) //-1 = All + $filter .= sprintf (" AND estado = %d", $estado); + +$grupo = (int) get_parameter ("grupo", 1); +if ($grupo != 1) { + $filter .= sprintf (" AND id_grupo = %d", $grupo); + if (give_acl ($config['id_user'], $grupo, "IM") == 0) { + audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to read incidents from group without access"); + no_permission (); } } -// Filter -if ($busqueda != "") - $sql1= "WHERE ".$busqueda; -else - $sql1=""; +$prioridad = (int) get_parameter ("prioridad", -1); +if ($prioridad != -1) //-1 = All + $filter .= sprintf (" AND prioridad = %d", $prioridad); -if (isset($_GET["estado"]) and (!isset($_POST["estado"]))) - $_POST["estado"]=$_GET["estado"]; -if (isset($_GET["grupo"]) and (!isset($_POST["grupo"]))) - $_POST["grupo"]=$_GET["grupo"]; -if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"]))) - $_POST["prioridad"]=$_GET["prioridad"]; +$offset = (int) get_parameter ("offset", 0); +$groups = get_user_groups ($config["id_user"]); -if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) { - if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){ - $_GET["estado"] = $_POST["estado"]; - if ($sql1 == "") - $sql1='WHERE estado='.$_POST["estado"]; - else - $sql1 =$sql1.' AND estado='.$_POST["estado"]; - } +//Select incidencts where the user has access to ($groups from +//get_user_groups), array_keys for the id, implode to pass to SQL +$sql = "SELECT * FROM tincidencia WHERE + id_grupo IN (".implode (",",array_keys ($groups)).")".$filter." + ORDER BY actualizacion DESC LIMIT ".$offset.",".$config["block_size"]; - if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) { - $_GET["prioridad"]=$_POST["prioridad"]; - if ($sql1 == "") - $sql1='WHERE prioridad='.$_POST["prioridad"]; - else - $sql1 =$sql1.' and prioridad='.$_POST["prioridad"]; - } - - if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) { - $_GET["grupo"] = $_POST["grupo"]; - if ($sql1 == "") - $sql1='WHERE id_grupo='.$_POST["grupo"]; - else - $sql1 =$sql1.' AND id_grupo='.$_POST["grupo"]; - } - } - -$sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC"; -$sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1; -$sql1=$sql0; -$sql1=$sql1." LIMIT $offset, ".$config["block_size"]; - -echo "

".__('Incident management')." > "; -echo __('Manage incidents')."

"; -if (isset($_POST['operacion'])){ - echo __('Viewing incidents')." - ".$_POST['operacion'].""; +$result = get_db_all_rows_sql ($sql); +if (empty ($result)) { + $result = array (); + $count = 0; +} else { + $count = count ($result); } -?> -
- - +echo '

'.__('Incident management').' > '.__('Manage incidents').'

+ +
- - +print_select ($fields, "estado", $estado, 'javascript:this.form.submit();', '', '', false, false, false, 'w155'); - + + + -"; -echo ' -"; +echo '
-

- - 		- - -

- -
- -
- -
- -
- - 		-

- -
- -
- -
- -
- -
- -
-
-

'.__('Status').'

+ - '.__('Active incidents').'
+ - '.__('Active incidents, with comments').'
+ - '.__('Rejected incidents').'
+ - '.__('Closed incidents').'
+ - '.__('Expired incidents').'

'.__('Priority').'

+ - '.__('Very Serious').'
+ - '.__('Serious').'
+ - '.__('Medium').'
+ - '.__('Low').'
+ - '.__('Informative').'
+ - '.__('Maintenance').'
+
'; -if ((isset($_GET["prioridad"])) OR (isset($_GET["prioridad"]))){ - if (isset($_GET["prioridad"])) - $prioridad = $_GET["prioridad"]; - if (isset($_POST["prioridad"])) - $prioridad = $_POST["prioridad"]; - echo ""; // al priorities (default) -echo '"; -echo '"; -echo '"; -echo '"; -echo '"; -echo '"; -echo " -"; -echo "
- -
'; + +print_select ($groups, "grupo", $grupo, 'javascript:this.form.submit();','','',false,false,false,'w155'); + +echo ''; // Pass search parameters for possible future filter searching by user -if (isset($_GET["usuario"])) - echo ""; -if (isset($_GET["texto"])) - echo ""; +print_input_hidden ("usuario", $usuario); +print_input_hidden ("texto", $texto); -echo " -
-
-

- "; +echo "
"; -$offset_counter=0; -// Prepare index for pagination -$incident_list[]=""; -$result2=mysql_query($sql1); -$result2_count=mysql_query($sql1_count); -$row2_count = mysql_fetch_array($result2_count); - -if ($row2_count[0] <= 0 ) { - echo '
'.__('No incident matches your search filter').'

'; - echo ""; - echo "
"; - echo "
"; - echo "
"; - echo "
"; +if ($count < 1) { + echo '
'.__('No incidents match your search filter').'

'; } else { // TOTAL incidents - $total_incidentes = $row2_count[0]; $url = "index.php?sec=incidencias&sec2=operation/incidents/incident"; // add form filter values for group, priority, state, and search fields: user and text - if (isset($_GET["grupo"])) - $url = $url."&grupo=".$_GET["grupo"]; - if (isset($_GET["prioridad"])) - $url = $url."&prioridad=".$_GET["prioridad"]; - if (isset($_GET["estado"])) - $url = $url."&estado=".$_GET["estado"]; - if (isset($_GET["usuario"])) - $url = $url."&usuario=".$_GET["usuario"]; - if (isset($_GET["texto"])) - $url = $url."&texto=".$_GET["texto"]; - if (isset($_GET["offset"] )) - $url = $url."&offset=".$_GET["offset"]; + if ($grupo != -1) + $url .= "&grupo=".$grupo; + if ($prioridad != -1) + $url .= "&prioridad=".$prioridad; + if ($estado != -1) + $url .= "&estado=".$estado; + if ($usuario != '') + $url .= "&usuario=".$usuario; + if ($texto != '') + $url .= "&texto=".$texto; // Show pagination - pagination ($total_incidentes, $url, $offset); - echo '
'; - // Show headers + pagination ($count, $url, $offset); + echo '
'; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - echo ""; - $color = 1; + // Show headers + $table->width = 750; + $table->class = "databox"; + $table->cellpadding = 4; + $table->cellspacing = 4; + $table->head = array (); + $table->data = array (); + $table->size = array (); + $table->align = array (); - while ($row2=mysql_fetch_array($result2)){ - $id_group = $row2["id_grupo"]; - if (give_acl ($config['id_user'], $id_group, "IR")) { - if ($color == 1){ - $tdcolor = "datos"; - $color = 0; - } - else { - $tdcolor = "datos2"; - $color = 1; - } - $note_number = dame_numero_notas($row2["id_incidencia"]); - echo ""; - echo ""; - $id_author_inc = $row2["id_usuario"]; - if (give_acl ($config['id_user'], $id_group, "IM") || $config["id_user"] == $id_author_inc) { - // Only incident owners or incident manager - // from this group can delete incidents - echo ""; - } + $data[0] = ''.$row["id_incidencia"].''; + $attnum = get_db_value ('COUNT(*)', 'tattachment', 'id_incidencia', $row["id_incidencia"]); + $notenum = dame_numero_notas ($row["id_incidencia"]); + + if ($attnum > 0) + $data[0] .= '  '; + + if ($notenum > 0 && $row["estado"] == 0) + $row["estado"] = 1; + + switch ($row["estado"]) { + case 0: + $data[1] = ''; + break; + case 1: + $data[1] = ''; + break; + case 2: + $data[1] = ''; + break; + case 3: + $data[1] = ''; + break; + case 13: + $data[1] = ''; + break; } + + $data[2] = ''.safe_input (substr ($row["titulo"],0,45)).''; + + switch ($row["prioridad"]) { + case 4: + $data[3] = ''; + break; + case 3: + $data[3] = ''; + break; + case 2: + $data[3] = ''; + break; + case 1: + $data[3] = ''; + break; + case 0: + $data[3] = ''; + break; + case 10: + $data[3] = ''; + break; + } + + $data[4] = ''; + + $data[5] = human_time_comparation ($row["actualizacion"]); + + $data[6] = $row["origen"]; + + $data[7] = ''.$row["id_usuario"].''; + + if (give_acl ($config["id_user"], $row["id_grupo"], "IM") || $config["id_user"] == $row["id_usuario"]) { + $data[8] = ''; + } else { + $data[8] = ''; + } + + array_push ($table->data, $data); } - echo "
ID".__('Status')."".__('Incident')."".__('Priority')."".__('Group')."".__('Updated at')."".__('Source')."".__('Owner')."".__('Delete')."
- ".$row2["id_incidencia"].""; + $table->head[0] = __('ID'); + $table->head[1] = __('Status'); + $table->head[2] = __('Incident'); + $table->head[3] = __('Priority'); + $table->head[4] = __('Group'); + $table->head[5] = __('Updated'); + $table->head[6] = __('Source'); + $table->head[7] = __('Owner'); + $table->head[8] = __('Delete'); + + $table->size[0] = 43; + $table->size[7] = 50; + + $table->align[1] = "center"; + $table->align[3] = "center"; + $table->align[4] = "center"; + $table->align[8] = "center"; + + foreach ($result as $row) { + $data = array(); - // Check for attachments in this incident - $result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row2["id_incidencia"]); - mysql_fetch_array($result3); - if (mysql_affected_rows() > 0) - echo '  '; - - // Tipo de estado (Type) - // 0 - Abierta / Sin notas (Open, no notes) - // 1 - Abierta / Notas anyadidas (Open with notes) - // 2 - Descartada (not valid) - // 3 - Caducada (out of date) - // 13 - Cerrada (closed) - - // Verify if the status changes - if (($row2["estado"] == 0) && ($note_number >0 )){ - $row2["estado"] = 1; - } - echo ""; - switch ($row2["estado"]) { - case 0: echo ""; - break; - case 1: echo ""; - break; - case 2: echo ""; - break; - case 3: echo ""; - break; - case 13: echo ""; - break; - } - echo "".substr(salida_limpia($row2["titulo"]),0,45); - echo ""; - switch ( $row2["prioridad"] ){ - case 0: echo ""."".""; break; - case 1: echo ""."".""; break; - case 2: echo ""."".""; break; - case 3: echo ""."".""; break; - case 4: echo ""."".""; break; - case 10: echo ""."".""; break; - } - /* - case 0: echo __('Informative'); break; - case 1: echo __('Low'); break; - case 2: echo __('Medium'); break; - case 3: echo __('Serious'); break; - case 4: echo __('Very Serious'); break; - case 10: echo __('Maintenance'); break; - */ - echo ""; - $id_grupo = $row2["id_grupo"]; - echo ''; - - - echo "".human_time_comparation($row2["actualizacion"]); - echo "".$row2["origen"]; - echo "".$row2["id_usuario"]."
"; - if (give_acl ($config["id_user"], 0, "IW")) { - echo ""; - echo "
"; - echo "
"; - echo "
"; -} - echo "
"; - + + print_table ($table); + unset ($table); } +if (give_acl ($config["id_user"], 0, "IW")) { + echo '
'; + print_submit_button (__('Create incident'), 'crt', false, 'class="sub next"'); + echo '
'; +} ?> diff --git a/pandora_console/operation/incidents/incident_detail.php b/pandora_console/operation/incidents/incident_detail.php index ff9855b7e9..943857f617 100644 --- a/pandora_console/operation/incidents/incident_detail.php +++ b/pandora_console/operation/incidents/incident_detail.php @@ -18,45 +18,25 @@ // Load global vars -?> - -".__('Note successfully added').""; } - - $sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$config['id_user']."' AND timestamp = '".$timestamp."'"; - $res2=mysql_query($sql2); - $row2=mysql_fetch_array($res2); - $id_nota = $row2["id_nota"]; - - $sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")"; - $res3=mysql_query($sql3); - - $sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc; - $res4 = mysql_query($sql4); + if ($id_nota !== false) { + echo '

'.__('Note successfully added').'

'; + $sql = sprintf ("INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (%d,%d)", $id_inc, $id_nota); + process_sql ($sql); + process_sql ($upd_sql); //Update tincidencia + } else { + echo '

'.__('Error adding note').'

'; + } } // Delete note - if (isset($_GET["id_nota"])){ - $note_user = give_note_author ($_GET["id_nota"]); - if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes - // But note authors was able to delete this own notes - $id_nota = $_GET["id_nota"]; - $id_nota_inc = $_GET["id_nota_inc"]; - $query ="DELETE FROM tnota WHERE id_nota = ".$id_nota; - $query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc; - //echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2; - mysql_query($query); - mysql_query($query2); - if (mysql_query($query)) { - echo "

".__('Note successfully deleted'); + if (isset ($_GET["id_nota"])) { + $id_nota = get_parameter_get ("id_nota"); + $note_user = give_note_author ($id_nota); + if (((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($note_user == $config["id_user"])) OR ($id_creator == $config["id_user"]) ) { + // Only admins (manage incident) or owners can modify + // incidents, including their notes. note authors are + // able to delete their own notes + $sql = sprintf ("DELETE FROM tnota WHERE id_nota = %d",$id_nota); + $result = process_sql ($sql); //Result is 0 or false if the note wasn't deleted, therefore check with empty + + if (!empty ($result)) { + $sql = sprintf ("DELETE FROM tnota_inc WHERE id_nota = %d",$id_nota); + $result = process_sql ($sql); + } + + if (!empty ($result)) { + process_sql ($upd_sql); //Update tincidencia + echo '

'.__('Note successfully deleted').'

'; + } else { + echo '

'.__('Error deleting note').'

'; } } } // Delete file - if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){ - $file_id = $_GET["delete_file"]; - $sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id; - $res2=mysql_query($sql2); - $row2=mysql_fetch_array($res2); - $filename = $row2["filename"]; - $sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id; - $res2=mysql_query($sql2); - unlink ($config["attachment_store"]."/pand".$file_id."_".$filename); + if (((give_acl ($config["id_user"], $id_grupo, "IM")==1) OR ($id_creator == $config["id_user"])) AND isset ($_GET["delete_file"])) { + $file_id = get_parameter_get ("delete_file"); + $sql = sprintf ("SELECT filename FROM tattachment WHERE id_attachment = %d",$file_id); + $filename = get_db_sql ($sql); + if (!empty ($filename)) { + $sql = sprintf ("DELETE FROM tattachment WHERE id_attachment = %d",$file_id); + $result = process_sql ($sql); + } else { + echo '

'.__('Could not find file in database').'

'; + $result = false; + } + + if (!empty ($result)) { + unlink ($config["attachment_store"]."/pand".$file_id."_".$filename); + process_sql ($upd_sql); //Update tincidencia + echo '

'.__('File successfully deleted from database').'

'; + } else { + echo '

'; + } } // Upload file - if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) { - if (( $_FILES['userfile']['name'] != "" )){ //if file - $tipo = $_FILES['userfile']['type']; - if (isset($_POST["file_description"])) - $description = $_POST["file_description"]; - else - $description = "No description available"; - // Insert into database - $filename= $_FILES['userfile']['name']; - $filesize = $_FILES['userfile']['size']; + if ((give_acl ($config["id_user"], $id_grupo, "IW") == 1) AND isset ($_GET["upload_file"]) AND ($_FILES['userfile']['name'] != "")) { //if file + if (isset ($_POST["file_description"])) { + $description = get_parameter_post ("file_description"); + } else { + $description = __("No description available"); + } + // Insert into database + $filename = safe_input ($_FILES['userfile']['name']); + $filesize = safe_input ($_FILES['userfile']['size']); - $sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") "; - - mysql_query($sql); - $id_attachment=mysql_insert_id(); - - // Copy file to directory and change name - $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename; - - if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){ - echo "

".__('File cannot be saved. Please contact Pandora administrator about this error
')."

"; - $sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment; - mysql_query($sql); - } else { - // Delete temporal file - unlink ($_FILES['userfile']['tmp_name']); + //The following is if you have clamavlib installed + //(php5-clamavlib) and enabled in php.ini + //http://www.howtoforge.com/scan_viruses_with_php_clamavlib + if(extension_loaded ('clamav')) { + cl_setlimits (5, 1000, 200, 0, 10485760); + $malware = cl_scanfile ($_FILES['file']['tmp_name']); + if ($malware) { + $error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version(); + die ($error); //On malware, we die because it's not good to handle it } } + + $sql = sprintf ("INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size) + VALUES (%d, '%s', '%s', '%s', %d)", $id_inc, $config["id_user"],$filename,$description,$filesize); + + $id_attachment = process_sql ($sql,"insert_id"); + + // Copy file to directory and change name + if ($id_attachment !== false) { + $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename; + $result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo); + } else { + echo '

'.__('File could not be saved due to database error').'

'; + $result = false; + } + + if ($result !== false) { + unlink ($_FILES['userfile']['tmp_name']); + process_sql ($upd_sql); //Update tincidencia + echo '

'.__('File uploaded').'

'; + } else { + echo '

'.__('File could not be saved. Contact the Pandora Administrator for more information').'

'; + process_sql ("DELETE FROM tattachment WHERE id_attachment = ".$id_attachment); + } } } // else Not given id // Create incident from event... read event data -elseif (isset($_GET["insert_form"])){ - - $iduser_temp=$_SESSION['id_usuario']; - $titulo = ""; - if (isset($_GET["from_event"])){ - $titulo = return_event_description($_GET["from_event"]); - $descripcion = ""; - $origen = "Pandora FMS event"; - } else { - $titulo = ""; - $descripcion = ""; - $origen = ""; - } - $prioridad = 0; - $id_grupo = 0; - $grupo = dame_nombre_grupo(1); - - $usuario= $_SESSION["id_usuario"]; - $estado = 0; - $actualizacion=date("Y/m/d H:i:s"); - $inicio = $actualizacion; - $id_creator = $iduser_temp; - $creacion_incidente = 1; +elseif (isset ($_GET["insert_form"])) { + $titulo = ""; + $descripcion = ""; + $origen = ""; + $prioridad = 0; + $id_grupo = 0; + $estado = 0; + $texto = ""; + $usuario = $config["id_user"]; + $id_creator = $config["id_user"]; + + if (isset($_GET["from_event"])) { + $event = get_parameter_get ("from_event"); + $titulo = return_event_description ($event); + $descripcion = ""; + $origen = "Pandora FMS event"; + unset ($event); + } + $prioridad = 0; + $id_grupo = 0; } else { - audit_db($config['id_user'],$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way"); - no_permission(); - + audit_db ($config['id_user'],$REMOTE_ADDR, "HACK","Trying to get to incident details in an unusual way"); + no_permission (); } @@ -192,295 +193,241 @@ elseif (isset($_GET["insert_form"])){ // Show the form // ******************************************************************************************************** -if ($creacion_incidente == 0) - echo "
"; -else - echo ""; +//This is for the pretty slide down attachment form +echo ''; +echo ""; -if (isset($id_inc)) { - echo ""; -} -echo "

".__('Incident management')." > "; -if (isset($id_inc)) { - echo __('Review of incident')." # ".$id_inc; + +if (isset ($id_inc)) { //If $id_inc is set (when $_GET["id"] is set, not $_GET["insert_form"] + echo ''; + echo ''; + echo '

'.__('Incident management').' > '.__('Incident details').' #'.$id_inc.'

'; } else { - echo __('Create incident'); + echo ''; + echo '

'.__('Incident management').' > '.__('Create incident').'

'; } -echo ""; -echo ''; -if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - echo ' -
'.__('Incident').''; + +echo ''; +echo ''; + +echo ''; +echo ''; + +echo ''; -echo ' - - "; +echo ' - - '; -if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - echo ' - - "; -echo '
'.__('Incident').''; + +if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { + print_input_text ("titulo", $titulo,'', 70); } else { - echo '
'.__('Incident').''; - } -echo '
'.__('Opened at').''; -echo "".$inicio.""; -echo ''.__('Updated at').''; -echo "".$actualizacion.""; -echo '
'.__('Owner').''; -if ((give_acl($config['id_user'], $id_grupo, "IM")==1) OR ($usuario == $config['id_user'])) { - echo ""; + print_input_text_extended ("titulo", $titulo, "", "", 70, "", false, "", "readonly"); } -else { - echo ""; - echo $usuario." - (".$nombre_real.")"; -} -// Tipo de estado -// 0 - Abierta / Sin notas - Open, without notes -// 1 - Abierta / Notas aniadidas - Open, with notes -// 2 - Descartada / Not valid -// 3 - Caducada / Outdated -// 13 - Cerrada / Closed -if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - echo ''.__('Status').' - -
'.__('Opened at').''.date ($config['date_format'],strtotime ($inicio)).''.__('Updated at').''.date ($config['date_format'],strtotime ($actualizacion)).'
'.__('Owner').''; + +if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { + print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135"); } else { - echo ''.__('Status').' - - '.__('Status').''; -switch ( $estado ){ - case 0: echo '
'.__('Source').''; + +$fields = array (); +$return = get_db_all_rows_sql ("SELECT origen FROM torigen ORDER BY origen"); +if ($return === false) + $return[0] = $estado; //Something must be displayed + +foreach ($return as $row) { + $fields[$row["origen"]] = $row["origen"]; +} // Only owner could change source or user with Incident management privileges -if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - echo '
'.__('Source').' -
'.__('Source').' - '.__('Group').''; // Group combo -if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - echo ''.__('Group').' - '.__('Group').' -
'.__('Priority').'
'.__('Priority').''; + +$fields = array(); +$fields[0] = __('Informative'); +$fields[1] = __('Low'); +$fields[2] = __('Medium'); +$fields[3] = __('Serious'); +$fields[4] = __('Very serious'); +$fields[10] = __('Maintenance'); + +if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { + print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135'); } else { - echo ''.__('Priority').'Creator -".$id_creator." ( ".dame_nombre_real($id_creator)." )"; - -if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - echo ' -
-
'; -echo "
"; +echo '
'; + +if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { + print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;"'); +} else { + print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;" disabled'); +} + +echo '
'; // Only if user is the used who opened incident or (s)he is admin -$iduser_temp=$_SESSION['id_usuario']; - -if ($creacion_incidente == 0){ - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){ - echo ''; - } +if (isset ($id_inc) AND (give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { + print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"'); +} elseif (give_acl ($config["id_user"], $id_grupo, "IW")) { + print_submit_button (__('Create'), "accion", false, 'class="sub wand"'); } else { - if (give_acl($iduser_temp, $id_grupo, "IW")) { - echo ''; - } + print_submit_button (__('Submit'), "accion", true, 'class="sub upd"'); } -echo ""; +echo "
"; +echo '
'; +print_submit_button (__('Add note'), "note_control", false, 'class="sub next"'); +echo '
'; +echo '
'; +echo ' + + +
'; -if ($creacion_incidente == 0){ - echo "
"; - echo ' -
- - -
'; +// ******************************************************************** +// Notes +// ******************************************************************** + +if (isset ($id_inc)) { + $sql = sprintf ("SELECT tnota.* FROM tnota, tnota_inc WHERE tnota_inc.id_incidencia = '%d' AND tnota.id_nota = tnota_inc.id_nota",$id_inc); + $result = get_db_all_rows_sql ($sql); +} else { + $result = array (); } -echo "

"; -if ($creacion_incidente == 0){ +if (empty ($result)) { + $result = array (); +} else { + echo "

".__('Notes attached to incident').'

'; +} - // ******************************************************************** - // Notes - // ******************************************************************** - $cabecera=0; - $sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc; - $res4=mysql_query($sql4); - while ($row2=mysql_fetch_array($res4)){ - if ($cabecera == 0) { // Show head only one time - echo "

".__('Notes attached to incident')."

"; - echo ""; - echo "'; - echo ''; +} +echo '
"; - $cabecera = 1; - } - - $sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC'; - $res3=mysql_query($sql3); - while ($row3=mysql_fetch_array($res3)){ - $timestamp = $row3["timestamp"]; - $nota = $row3["nota"]; - $id_usuario_nota = $row3["id_usuario"]; - // Show data - echo '
'.__('Author').': '; - $usuario = $id_usuario_nota; - $nombre_real = dame_nombre_real ($usuario); - echo $usuario." - (".$nombre_real.")"; - - // Delete comment, only for admins - if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { - $myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"]; - echo ''; - } - echo '
'.__('Date').': '.$timestamp.'
'; - echo ''; - echo '"; - echo '
'; - echo salida_limpia ($nota); - echo "
'; - } +echo ''; +foreach ($result as $row) { + echo ''; + echo ''; + echo '
'.__('Author').': '.dame_nombre_real ($row["id_usuario"]).' ('.date ($config['date_format'],strtotime ($row["timestamp"])).')
'; + if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) { + echo ''; } - if ($cabecera == 1){ - echo "
"; // note table + echo '		'.safe_input ($row["nota"]).'
'; + + +// ************************************************************ +// Files attached to this incident +// ************************************************************ + +// Attach head if there's attach for this incident +if (isset ($id_inc)) { + $result = get_db_all_rows_field_filter ("tattachment", "id_incidencia", $id_inc, "filename"); +} else { + $result = array (); +} + +if (empty ($result)) { + $result = array (); +} else { + echo "

".__('Attached files')."

"; +} + +$table->cellpadding = 4; +$table->cellspacing = 4; +$table->class = "databox"; +$table->width = 650; +$table->head = array (); +$table->data = array (); + +$table->head[0] = __('Filename'); +$table->head[1] = __('Description'); +$table->head[2] = __('Size'); +$table->head[3] = __('Delete'); + +$table->align[2] = "center"; +$table->align[3] = "center"; + +foreach ($result as $row) { + $data[0] = '  '.$row["filename"].''; + $data[1] = $row["description"]; + $data[2] = $row["size"]." KB"; + if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { + $data[3] = ''; + } else { + $data[3] = ''; } - echo ""; + array_push ($table->data, $data); +} - // ************************************************************ - // Files attached to this incident - // ************************************************************ +if (!empty ($table->data)) { + print_table ($table); +} +unset ($table); - // Attach head if there's attach for this incident - $att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc); +// ************************************************************ +// Upload control +// ************************************************************ - if (mysql_num_rows($att_fil)){ - echo "

".__('Attached files')."

"; - echo ""; - echo " - - - - "; - - while ($row=mysql_fetch_array($att_fil)){ - echo "
".__('Filename')."".__('Description')."".__('Size')."".__('Delete')."
  ".$row["filename"].""; - echo "".$row["description"]; - echo "".$row["size"]; - - if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment - echo ''; - } - - } - echo "
"; - } - // ************************************************************ - // Upload control - // ************************************************************ - - // Upload control - if (give_acl($iduser_temp, $id_grupo, "IW")==1){ - echo "

".__('Attach file'); - ?> - - "; - echo "

"; - echo ""; - } - - -} // create mode +// Upload control +if (give_acl($config["id_user"], $id_grupo, "IW")==1){ + echo '
'; + print_submit_button (__('Add attachment'), "attachment", false, 'class="sub next"'); + echo '
'; + echo '
'; + echo ' + + + +
'.__('Filename').'
'.__('Description').'
'; +} ?> diff --git a/pandora_console/operation/incidents/incident_note.php b/pandora_console/operation/incidents/incident_note.php deleted file mode 100644 index a5b472da0b..0000000000 --- a/pandora_console/operation/incidents/incident_note.php +++ /dev/null @@ -1,45 +0,0 @@ -".__('Incident management')." > "; - echo __('Add note to incident')." #".$id_inc.""; - echo " - "; - echo ""; - echo ""; - echo ""; - echo ''; - echo '
".__('Date').""; - echo "".$now."
'; - echo '
'; - echo '
- '; - echo '
'; - -} // end page diff --git a/pandora_console/operation/incidents/incident_search.php b/pandora_console/operation/incidents/incident_search.php index 0392fbad53..5c027c4d67 100644 --- a/pandora_console/operation/incidents/incident_search.php +++ b/pandora_console/operation/incidents/incident_search.php @@ -20,42 +20,32 @@ // Load global vars require("include/config.php"); -if (comprueba_login() == 0) { +check_login (); -echo "

".__('Incident management')." > "; -echo __('Please select a search criterion')."

"; -echo "
"; -echo "
"; -?> -
- - - - - -
- - -
-
- -
-"; ?> - - -
-
-
-".__('Incident management')." > ".__('Please select a search criterion').""; +echo '
+
+ + + +
'.__('Created by:').''; + +print_select (list_users (), "usuario", "All", '', __('All'), "All", false, false, false, "w120"); + +echo '
'.__('Search text').': (*)'; + +print_input_text ('texto', '', '', 45); + +echo '
'.__('(*) The text search will look for all words entered as a substring in the title and description of each incident').' +
'; + +print_submit_button (__('Search'), 'uptbutton', false, 'class="sub search"'); + +echo '
'; ?> diff --git a/pandora_console/operation/incidents/incident_statistics.php b/pandora_console/operation/incidents/incident_statistics.php index 8755c181dc..e17813a410 100644 --- a/pandora_console/operation/incidents/incident_statistics.php +++ b/pandora_console/operation/incidents/incident_statistics.php @@ -22,30 +22,23 @@ require("include/config.php"); check_login (); -if (! give_acl ($config['id_user'], 0, "IR")==1) { +if (! give_acl ($config['id_user'], 0, "IR") == 1) { require ("general/noaccess.php"); audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access Incident section"); return; } -echo "

".__('Incident management')." > "; -echo __('Statistics')."

"; +echo "

".__('Incident management')." > ".__('Statistics')."

"; -echo ""; -echo "
"; -echo '

'.__('Incidents by status').'

'; -echo ''; -echo "		"; -echo '

'.__('Incidents by priority').'

'; -echo ''; -echo "
"; -echo '

'.__('Incidents by group').'

'; -echo ''; -echo "		"; -echo '

'.__('Incidents by user').'

'; -echo ''; -echo "
"; -echo '

'.__('Incidents by source').'

'; -echo ''; -echo "		"; -echo "
"; +echo ' + + + + + +

'.__('Incidents by status').'

+

'.__('Incidents by priority').'

+

'.__('Incidents by group').'

+

'.__('Incidents by user').'

+

'.__('Incidents by source').'

+
'; ?>