tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2008-12-10 Evi Vanoost <vanooste@rcbi.rochester.edu> 

* include/functions.php: format_for_graph is now much simpler and uses 
	format_numeric.
	
	* include/functions_db.php: give_note_author, give_incident_author, 
	dame_numero_notas, borrar_incidencia, event_insert and 
	return_event_description are now in their respective functions_*.php files
	but under a new name. Fixed delete_agent transaction error detection
	
	* include/functions_events.php: Added get_event_description and
	create_event (formerly return_event_description and event_insert)
	
	* include/functions_html.php: print_timestamp attributes should be default
	empty, not required. Added print_username for a consistent username print
	
	* operation/agentes/ver_agente.php: Function renaming (create_event)
	
	* operation/incidents/incident.php: Partial rewrite. Uses new functions. 
	Also added some of feature request #2264838
	
	* operation/incidents/incident_detail.php: Partial rewrite. Uses new 
	functions. Added some of feature request #2264838 functionality.
	
	* operation/incidents/incident_search.php, 
	operation/incidents/incident_statistics.php: Minor style update
	
	* pandoradb.sql: New tincidencia and tnota layout. No use for tnota_inc
	
	* include/functions_incidents.php: All incidents functions. Documentation
	will be online soon. Also includes an upgrade mechanism for SVN users. 
	Mechanism should be removed for a stable version and integrated into 
	install/upgrade tool.

	* lib/PandoraFMS/DB.pm: New table layout doesn't require timestamp anymore

git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1285 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-12-10 20:15:38 +00:00
parent 6495e149ee
commit ff37d1e362
11 changed files with 378 additions and 474 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
pandora_console/ChangeLog
View File

@ -1,3 +1,37 @@
2008-12-10 Evi Vanoost <vanooste@rcbi.rochester.edu>
* include/functions.php: format_for_graph is now much simpler and uses
format_numeric.
* include/functions_db.php: give_note_author, give_incident_author,
dame_numero_notas, borrar_incidencia, event_insert and
return_event_description are now in their respective functions_*.php files
but under a new name. Fixed delete_agent transaction error detection
* include/functions_events.php: Added get_event_description and
create_event (formerly return_event_description and event_insert)
* include/functions_html.php: print_timestamp attributes should be default
empty, not required. Added print_username for a consistent username print
* operation/agentes/ver_agente.php: Function renaming (create_event)
* operation/incidents/incident.php: Partial rewrite. Uses new functions.
Also added some of feature request #2264838
* operation/incidents/incident_detail.php: Partial rewrite. Uses new
functions. Added some of feature request #2264838 functionality.
* operation/incidents/incident_search.php,
operation/incidents/incident_statistics.php: Minor style update
* pandoradb.sql: New tincidencia and tnota layout. No use for tnota_inc
* include/functions_incidents.php: All incidents functions. Documentation
will be online soon. Also includes an upgrade mechanism for SVN users.
Mechanism should be removed for a stable version and integrated into
install/upgrade tool.
2008-12-03 Raul Mateos <raulofpandora@gmail.com>
* include/functions_db.php: Now if no event, table shows "no event" text.

28
pandora_console/include/functions.php
View File

@ -428,26 +428,16 @@ function format_numeric ($number, $decimals = 1) {
* @return A number rendered to be displayed gently on a graph.
*/
function format_for_graph ($number , $decimals = 1, $dec_point = ".", $thousands_sep = ",") {
if ($number > 1000000000) {
if (fmod ($number, 1000000000) > 0){
return number_format ($number / 1000000000, $decimals, $dec_point, $thousands_sep)." G";
}
}
if ($number > 1000000) {
if (fmod ($number, 1000000) > 0)
return number_format ($number / 1000000, $decimals, $dec_point, $thousands_sep)." M";
return number_format ($number / 1000000, 0, $dec_point, $thousands_sep)." M";
}
$shorts = array("","K","M","G","T","P");
$pos = 0;
while ($number>=1000) { //as long as the number can be divided by 1000
$pos++; //Position in array starting with 0
$number = $number/1000;
}
if ($number > 1000) {
if (fmod ($number, 1000) > 0)
return number_format ($number / 1000, $decimals, $dec_point, $thousands_sep )." K";
return number_format ($number / 1000, 0, $dec_point, $thousands_sep )." K";
}
/* If it has decimals */
if (fmod ($number, 1))
return number_format ($number, $decimals, $dec_point, $thousands_sep);
return number_format ($number, 0, $dec_point, $thousands_sep);
$number = $number . $shorts[$pos];
return format_numeric ($number, $decimals); //This will actually do the rounding and the decimals
}
/**

107
pandora_console/include/functions_db.php
View File

@ -397,28 +397,7 @@ function dame_agente_id ($agent_name) {
return (int) get_db_value ('id_agente', 'tagente', 'nombre', $agent_name);
}
/**
* Get user id of a note.
*
* @param id_note Note id.
*
* @return User id of the given note.
*/
function give_note_author ($id_note) {
return (int) get_db_value ('id_usuario', 'tnota', 'id_nota', (int) $id_note);
}
/**
* Get description of an event.
*
* @param id_event Event id.
*
* @return Description of the given event.
*/
function return_event_description ($id_event) {
return (string) get_db_value ('evento', 'tevento', 'id_evento', (int) $id_event);
}
/**
* DEPRECATED: Use get_agent_name instead
*
@ -803,17 +782,6 @@ function get_alert_last_fire_timestamp_in_period ($id_agent_module, $period, $da
return get_db_sql ($sql);
}
/**
* Get the author of an incident.
*
* @param id_incident Incident id.
*
* @return The author of an incident
*/
function give_incident_author ($id_incident) {
return (string) get_db_value ('id_usuario', 'tincidencia', 'id_incidencia', (int) $id_incident);
}
/**
* Get the server name.
*
@ -858,17 +826,6 @@ function dame_id_grupo ($id_agent) {
return (int) get_db_value ('id_grupo', 'tagente', 'id_agente', $id_agent);
}
/**
* Get the number of notes in a incident.
*
* @param id_incident Incident id
*
* @return The number of notes in given incident.
*/
function dame_numero_notas ($id_incident) {
return (int) get_db_value ('COUNT(*)', 'tnota_inc', 'id_incidencia', $id_incident);
}
/**
* Get the number of pandora data in the database.
*
@ -900,40 +857,6 @@ function dame_generic_string_data ($id) {
return (string) get_db_value ('datos', 'tagente_datos_string', 'id_tagente_datos_string', $id);
}
/**
* Delete an incident of the database.
*
* @param id_inc Incident id
*/
function borrar_incidencia ($id_inc) {
global $config;
$sql = sprintf ("DELETE FROM `tincidencia` WHERE `id_incidencia` = %d", $id_inc);
process_sql ($sql);
$sql = sprintf ("SELECT `id_nota` FROM `tnota_inc` WHERE `id_incidencia` = %d ", $id_inc);
$rows = get_db_all_rows_sql ($sql);
if ($rows){
foreach ($rows as $row) {
$sql = sprintf ("DELETE FROM `tnota` WHERE `id_nota` = %d",$row["id_nota"]);
process_sql ($sql);
}
$sql = "DELETE FROM `tnota_inc` WHERE `id_incidencia` = $id_inc";
process_sql ($sql);
}
// Delete attachments
$sql = sprintf ("SELECT `id_attachment`,`filename` FROM `tattachment` WHERE `id_incidencia` = %d", $id_inc);
$rows = get_db_all_rows_sql ($sql);
if (!empty ($rows)){
foreach ($rows as $row) {
// Unlink all attached files for this incident
unlink ($config["attachment_store"]."/pand".$row["id_attachment"]."_".$row["filename"]);
}
$sql = sprintf ("DELETE FROM `tattachment` WHERE `id_incidencia` = %d",$id_inc);
process_sql ($sql);
}
}
/**
* Get the operating system name.
*
@ -1037,32 +960,6 @@ function existe ($id_user) {
return true;
}
/**
* Insert a event in the event log system.
*
* @param event
* @param id_group
* @param id_agent
* @param status
* @param id_user
* @param event_type
* @param priority
* @param id_agent_module
* @param id_aam
*/
function event_insert ($event, $id_group, $id_agent, $status = 0,
$id_user = '', $event_type = "unknown", $priority = 0,
$id_agent_module = 0, $id_aam = 0) {
$sql = sprintf ('INSERT INTO tevento (id_agente, id_grupo, evento, timestamp,
estado, utimestamp, id_usuario, event_type, criticity,
id_agentmodule, id_alert_am)
VALUES (%d, %d, "%s", NOW(), %d, NOW(), "%s", "%s", %d, %d, %d)',
$id_agent, $id_group, $event, $status, $id_user, $event_type,
$priority, $id_agent_module, $id_aam);
process_sql ($sql);
}
/**
* Get the interval value of an agent module.
*
@ -2342,7 +2239,7 @@ function delete_agent ($id_agents) {
temp_sql_delete ("tagente", "id_agente", $id_agent);
}
if ($errors > 1) {
if ($errors > 0) {
process_sql ("ROLLBACK;");
process_sql ("SET AUTOCOMMIT = 1;");
return false;

37
pandora_console/include/functions_events.php
View File

@ -102,4 +102,41 @@ function process_event_validate ($id_event) {
function get_event_group ($id_event) {
return (int) get_db_value ('id_grupo', 'tevento', 'id_evento', (int) $id_event);
}
/**
* Get description of an event.
*
* @param id_event Event id.
*
* @return Description of the given event.
*/
function get_event_description ($id_event) {
return (string) get_db_value ('evento', 'tevento', 'id_evento', (int) $id_event);
}
/**
* Insert a event in the event log system.
*
* @param event
* @param id_group
* @param id_agent
* @param status
* @param id_user
* @param event_type
* @param priority
* @param id_agent_module
* @param id_aam
*
* @return event_id
*/
function create_event ($event, $id_group, $id_agent, $status = 0, $id_user = "", $event_type = "unknown", $priority = 0, $id_agent_module = 0, $id_aam = 0) {
$sql = sprintf ('INSERT INTO tevento (id_agente, id_grupo, evento, timestamp,
estado, utimestamp, id_usuario, event_type, criticity,
id_agentmodule, id_alert_am)
VALUES (%d, %d, "%s", NOW(), %d, NOW(), "%s", "%s", %d, %d, %d)',
$id_agent, $id_group, $event, $status, $id_user, $event_type,
$priority, $id_agent_module, $id_aam);
return (int) process_sql ($sql, "insert_id");
}
?>

19
pandora_console/include/functions_html.php
View File

@ -627,7 +627,7 @@ function print_error_message ($result, $good = '', $bad = '', $attributes = '',
* @param string $tag: If it should be in a different tag than span
* @param bool $return whether to output the string or return it
*/
function print_timestamp ($unixtime, $attributes, $tag = "span", $return = false) {
function print_timestamp ($unixtime, $attributes = "", $tag = "span", $return = false) {
global $config;
if (!is_numeric ($unixtime)) {
@ -660,4 +660,21 @@ function print_timestamp ($unixtime, $attributes, $tag = "span", $return = false
}
return $output;
}
/**
* Prints a username with real name, link to the user_edit page etc.
*
* @param username (string) The username
* @param return (bool) Whether to return or print
*
* @return (string) The full <a href string
*/
function print_username ($username, $return = false) {
$string = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$username.'">'.dame_nombre_real ($username).'</a>';
if ($return === false) {
echo $string;
}
return $string;
}
?>

6
pandora_console/operation/agentes/ver_agente.php
View File

@ -18,6 +18,8 @@
// Load global vars
require_once ("include/config.php");
require_once ("include/functions_events.php");
enterprise_include ('operation/agentes/ver_agente.php');
check_login ();
@ -154,10 +156,10 @@ if ($validate_alert != ""){
// Single alerts
if ($alert_row["id_agente_modulo"] != 0){
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $am_row["id_agente"], 1, $config["id_user"], "alert_manual_validation", 1, $alert_row["id_agente_modulo"], $validate_alert);
create_event ("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $am_row["id_agente"], 1, $config["id_user"], "alert_manual_validation", 1, $alert_row["id_agente_modulo"], $validate_alert);
// Combined alerts
} else {
event_insert("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $alert_row ["id_agent"], 1, $config["id_user"], "alert_manual_validation", 1, 0, $validate_alert);
create_event ("Manual validation of alert for '$alert_name'", $ag_row["id_grupo"], $alert_row ["id_agent"], 1, $config["id_user"], "alert_manual_validation", 1, 0, $validate_alert);
}
$sql='UPDATE talerta_agente_modulo SET times_fired = 0, internal_counter = 0 WHERE id_aam = '.$validate_alert;
$result=mysql_query($sql);

267
pandora_console/operation/incidents/incident.php
View File

@ -16,14 +16,13 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require ("include/config.php");
require_once ("include/config.php");
require_once ("include/functions_incidents.php");
check_login ();
if (! give_acl ($config['id_user'], 0, "IR")) {
audit_db($config['id_user'],$REMOTE_ADDR, "ACL Violation","Trying to access incident viewer");
audit_db($config['id_user'],$config["remote_addr"], "ACL Violation","Trying to access incident viewer");
require ("general/noaccess.php");
exit;
}
@ -37,78 +36,87 @@ if (isset($_GET["offset"])) {
$offset = 0;
}
// Delete incident
if (isset($_GET["quick_delete"])){
$id_inc = get_parameter_get ("quick_delete");
$sql = "SELECT id_usuario, id_grupo FROM tincidencia WHERE id_incidencia=".$id_inc;
$result = get_db_row_sql ($sql);
$usuario = give_incident_author ($id_inc);
if ($result !== false) {
if (give_acl ($config['id_user'], $result["id_grupo"], "IM") || $config["id_user"] == $result["id_usuario"]) {
borrar_incidencia ($id_inc);
echo '<h3 class="suc">'.__('Incident successfully deleted').'</h3>';
audit_db ($usuario,$REMOTE_ADDR,"Incident deleted","User ".$config['id_user']." deleted incident #".$id_inc);
} else {
audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." tried to delete incident");
echo '<h3 class="error">'.__('There was a problem deleting incident').'</h3>';
no_permission ();
}
}
}
// Check action. Try to get author and group
$action = get_parameter_get ("action");
// UPDATE incident
if ((isset ($_GET["action"])) AND ($_GET["action"] == "update")) {
$id_inc = get_parameter_post ("id_inc");
$usuario = give_incident_author ($id_inc);
$grupo = get_parameter_post ("grupo_form");
if ($action == "mass") {
$id_inc = get_parameter_post ("id_inc", array ());
$delete_btn = get_parameter_post ("delete_btn", -1);
$own_btn = get_parameter_post ("own_btn", -1);
if (give_acl ($config['id_user'], $grupo, "IM") || $usuario == $config['id_user']) { // Only admins (manage incident) or owners can modify incidents
$titulo = get_parameter_post ("titulo");
$descripcion = get_parameter_post ("descripcion");
$origen = get_parameter_post ("origen_form");
$prioridad = get_parameter_post ("prioridad_form");
$estado = get_parameter_post ("estado_form");
$ahora = date ("Y/m/d H:i:s");
$sql = sprintf ("UPDATE tincidencia SET actualizacion = '%s', titulo = '%s', origen = '%s', estado = %d, id_grupo = %d, id_usuario = '%s', prioridad = %d, descripcion = '%s' WHERE id_incidencia = %d",
$ahora, $titulo, $origen, $estado, $grupo, $usuario, $prioridad, $descripcion, $id_inc);
$result = process_sql ($sql);
if ($result !== false) {
audit_db($usuario,$REMOTE_ADDR,"Incident updated","User ".$config['id_user']." updated incident #".$id_inc);
echo '<h3 class="suc">'.__('Incident successfully updated').'</h3>';
} else {
echo '<h3 class="error">'.__('There was a problem updating the incident').'</h3>';
foreach ($id_inc as $incident) {
if (give_acl ($config['id_user'], get_incidents_group ($incident), "IM") || get_incidents_author ($incident) == $config["id_user"] || get_incidents_owner ($incident) == $config["id_user"]) {
continue;
}
} else {
audit_db ($usuario,$REMOTE_ADDR,"ACL Forbidden","User ".$config['id_user']." try to update incident");
no_permission();
audit_db ($config["id_user"],$config["remote_addr"],"ACL Forbidden","Mass-update or deletion of incident");
require ("general/noaccess.php");
exit;
}
if ($delete_btn != -1) {
$result = delete_incidents ($id_inc);
print_error_message ($result, __('Incident successfully deleted'), __('There was a problem deleting incident'));
}
if ($own_btn != -1) {
$result = process_incidents_chown ($id_inc, $config["id_user"]);
print_error_message ($result, __('Incident successfully owned'), __('There was a problem becoming owner of incident'));
}
}
// INSERT incident
if ((isset ($_GET["action"])) AND ($_GET["action"] == "insert")) {
} elseif ($action == "update") {
$id_inc = get_parameter ("id_inc", 0);
$author = get_incidents_author ($id_inc);
$owner = get_incidents_owner ($id_inc);
$grupo = get_incidents_group ($id_inc);
if ($author != $config["id_user"] && $owner != $config["id_user"] && !give_acl ($config['id_user'], $grupo, "IM")) { // Only admins (manage incident) or owners/creators can modify incidents
audit_db ($author, $config["remote_addr"], "ACL Forbidden", "Update incident #".$id_inc);
require ("general/noaccess.php");
exit;
}
$titulo = get_parameter_post ("titulo");
$descripcion = get_parameter_post ("descripcion");
$origen = get_parameter_post ("origen_form");
$prioridad = get_parameter_post ("prioridad_form", 0);
$estado = get_parameter_post ("estado_form", 0);
$grupo = get_parameter_post ("grupo_form", 1);
if (give_acl ($config['id_user'], $grupo, "IM")) {
// Read input variables
$titulo = get_parameter_post ("titulo");
$descripcion = get_parameter_post ("descripcion");
$origen = get_parameter_post ("origen_form");
$prioridad = get_parameter_post ("prioridad_form");
$id_creator = $config['id_user'];
$estado = get_parameter_post ("estado_form");
$sql = sprintf ("INSERT INTO tincidencia (inicio, actualizacion, titulo, descripcion, id_usuario, origen, estado, prioridad, id_grupo, id_creator) VALUES (NOW(), NOW(), '%s', '%s', '%s', '%s', %d, %d, '%s', '%s')", $titulo, $descripcion, $config["id_user"], $origen, $estado, $prioridad, $grupo, $config["id_user"]);
$id_inc = process_sql ($sql, "insert_id");
$usuario = get_parameter_post ("usuario_form", $config["id_user"]);
$sql = sprintf ("UPDATE tincidencia SET titulo = '%s', origen = '%s', estado = %d, id_grupo = %d, id_usuario = '%s', prioridad = %d, descripcion = '%s', id_lastupdate = '%s' WHERE id_incidencia = %d",
$titulo, $origen, $estado, $grupo, $usuario, $prioridad, $descripcion, $config["id_user"], $id_inc);
$result = process_sql ($sql);
if ($id_inc === false) {
echo '<h3 class="error">'.__('Error creating incident').'</h3>';
} else {
audit_db ($config["id_user"], $REMOTE_ADDR, "Incident created", "User ".$config["id_user"]." created incident #".$id_inc);
}
if ($result !== false) {
audit_db ($config["id_user"], $config["remote_addr"], "Incident updated","User ".$config['id_user']." updated incident #".$id_inc);
}
print_error_message ($result, __('Incident successfully updated'), __('There was a problem updating incident'));
} elseif ($action == "insert") {
//Create incident
$grupo = get_parameter_post ("grupo_form", 1);
if (!give_acl ($config['id_user'], $grupo, "IW")) {
audit_db ($config["id_user"], $config["remote_addr"], "ACL Forbidden", "User ".$config["id_user"]." tried to update incident");
require ("general/noaccess.php");
exit;
}
// Read input variables
$titulo = get_parameter_post ("titulo");
$descripcion = get_parameter_post ("descripcion");
$origen = get_parameter_post ("origen_form");
$prioridad = get_parameter_post ("prioridad_form");
$id_creator = $config['id_user'];
$estado = get_parameter_post ("estado_form");
$sql = sprintf ("INSERT INTO tincidencia (inicio, actualizacion, titulo, descripcion, id_usuario, origen, estado, prioridad, id_grupo, id_creator) VALUES
(NOW(), NOW(), '%s', '%s', '%s', '%s', %d, %d, '%s', '%s')", $titulo, $descripcion, $config["id_user"], $origen, $estado, $prioridad, $grupo, $config["id_user"]);
$id_inc = process_sql ($sql, "insert_id");
if ($id_inc === false) {
echo '<h3 class="error">'.__('Error creating incident').'</h3>';
} else {
audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to create incident");
no_permission ();
audit_db ($config["id_user"], $config["remote_addr"], "Incident created", "User ".$config["id_user"]." created incident #".$id_inc);
}
}
@ -131,7 +139,7 @@ $grupo = (int) get_parameter ("grupo", 1);
if ($grupo != 1) {
$filter .= sprintf (" AND id_grupo = %d", $grupo);
if (give_acl ($config['id_user'], $grupo, "IM") == 0) {
audit_db ($config["id_user"],$REMOTE_ADDR,"ACL Forbidden","User tried to read incidents from group without access");
audit_db ($config["id_user"],$config["remote_addr"],"ACL Forbidden","User tried to read incidents from group without access");
no_permission ();
}
}
@ -143,7 +151,6 @@ if ($prioridad != -1) //-1 = All
$offset = (int) get_parameter ("offset", 0);
$groups = get_user_groups ($config["id_user"], "IR");
//Select incidencts where the user has access to ($groups from
//get_user_groups), array_keys for the id, implode to pass to SQL
$sql = "SELECT * FROM tincidencia WHERE
@ -164,43 +171,31 @@ echo '<h2>'.__('Incident management').' &gt; '.__('Manage incidents').'</h2>
<td valign="middle">
<h3>'.__('Filter').'</h3>';
$fields = array(); //Reset empty array
$fields = get_incidents_status ();
$fields[-1] = __('All incidents');
$fields[0] = __('Active incidents');
$fields[2] = __('Rejected incidents');
$fields[3] = __('Expired incidents');
$fields[13] = __('Closed incidents');
print_select ($fields, "estado", $estado, 'javascript:this.form.submit();', '', '', false, false, false, 'w155');
//Legend
echo '</td><td valign="middle"><noscript>';
print_submit_button (__('Show'), 'submit-estado', false, 'class="sub" border="0"');
echo '</noscript></td>
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Status').'</h3>
<img src="images/dot_red.png" /> - '.__('Active incidents').'<br />
<img src="images/dot_yellow.png" /> - '.__('Active incidents, with comments').'<br />
<img src="images/dot_blue.png" /> - '.__('Rejected incidents').'<br />
<img src="images/dot_green.png" /> - '.__('Closed incidents').'<br />
<img src="images/dot_white.png" /> - '.__('Expired incidents').'</td>
<td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Priority').'</h3>
<img src="images/dot_red.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" /> - '.__('Very Serious').'<br />
<img src="images/dot_yellow.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" /> - '.__('Serious').'<br />
<img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /><img src="images/dot_red.png" /> - '.__('Medium').'<br />
<img src="images/dot_green.png" /><img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /> - '.__('Low').'<br />
<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_yellow.png" /> - '.__('Informative').'<br />
<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_green.png" /> - '.__('Maintenance').'<br />
</td></tr>
<tr><td>';
$fields = array(); //Reset empty array
echo '</noscript></td><td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Status').'</h3>';
foreach (get_incidents_status () as $id => $str) {
print_incidents_status_img ($id);
echo ' - ' . $str . '<br />';
}
echo '</td><td rowspan="5" class="f9" style="padding-left: 30px; vertical-align: top;"><h3>'.__('Priority').'</h3>';
foreach (get_incidents_priorities () as $id => $str) {
print_incidents_priority_img ($id);
echo ' - ' . $str . '<br />';
}
echo '</td></tr><tr><td>';
$fields = get_incidents_priorities ();
$fields[-1] = __('All priorities');
$fields[0] = __('Informative');
$fields[1] = __('Low');
$fields[2] = __('Medium');
$fields[3] = __('Serious');
$fields[4] = __('Very Serious');
$fields[10] = __('Maintenance');
print_select ($fields, "prioridad", $prioridad, 'javascript:this.form.submit();', '','',false,false,false,'w155');
@ -262,7 +257,7 @@ if ($count < 1) {
$table->head[5] = __('Updated');
$table->head[6] = __('Source');
$table->head[7] = __('Owner');
$table->head[8] = __('Delete');
$table->head[8] = 'X';
$table->size[0] = 43;
$table->size[7] = 50;
@ -276,66 +271,27 @@ if ($count < 1) {
$data = array();
$data[0] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$row["id_incidencia"].'">'.$row["id_incidencia"].'</a>';
$attnum = get_db_value ('COUNT(*)', 'tattachment', 'id_incidencia', $row["id_incidencia"]);
$notenum = dame_numero_notas ($row["id_incidencia"]);
$attach = get_incidents_attach ($row["id_incidencia"]);
if ($attnum > 0)
if (!empty ($attach))
$data[0] .= '&nbsp;&nbsp;<img src="images/file.png" align="middle" />';
if ($notenum > 0 && $row["estado"] == 0)
$row["estado"] = 1;
switch ($row["estado"]) {
case 0:
$data[1] = '<img src="images/dot_red.png" />';
break;
case 1:
$data[1] = '<img src="images/dot_yellow.png" />';
break;
case 2:
$data[1] = '<img src="images/dot_blue.png" />';
break;
case 3:
$data[1] = '<img src="images/dot_white.png">';
break;
case 13:
$data[1] = '<img src="images/dot_green.png">';
break;
}
$data[1] = print_incidents_status_img ($row["estado"], true);
$data[2] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$row["id_incidencia"].'">'.safe_input (substr ($row["titulo"],0,45)).'</a>';
switch ($row["prioridad"]) {
case 4:
$data[3] = '<img src="images/dot_red.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" />';
break;
case 3:
$data[3] = '<img src="images/dot_yellow.png" /><img src="images/dot_red.png" /><img src="images/dot_red.png" />';
break;
case 2:
$data[3] = '<img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" /><img src="images/dot_red.png" />';
break;
case 1:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_yellow.png" /><img src="images/dot_yellow.png" />';
break;
case 0:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_yellow.png" />';
break;
case 10:
$data[3] = '<img src="images/dot_green.png" /><img src="images/dot_green.png" /><img src="images/dot_green.png" />';
break;
}
$data[3] = print_incidents_priority_img ($row["prioridad"], true);
$data[4] = '<img src="images/groups_small/'.show_icon_group ($row["id_grupo"]).'.png" title="'.dame_grupo ($row["id_grupo"]).'" />';
$data[5] = human_time_comparation ($row["actualizacion"]);
$data[5] = print_timestamp ($row["actualizacion"], "", "span", true);
$data[6] = $row["origen"];
$data[7] = '<a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$row["id_usuario"].'">'.$row["id_usuario"].'</a>';
$data[7] = print_username ($row["id_usuario"], true);
if (give_acl ($config["id_user"], $row["id_grupo"], "IM") || $config["id_user"] == $row["id_usuario"]) {
$data[8] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident&quick_delete='.$row["id_incidencia"].'" onClick="if (!confirm(\''.__('Are you sure?').'\')) return false;"><img src="images/cross.png" border="0"></a>';
if (give_acl ($config["id_user"], $row["id_grupo"], "IM") || $config["id_user"] == $row["id_usuario"] || $config["id_user"] == $row["id_creator"]) {
$data[8] = print_checkbox ("id_inc[]", $row["id_incidencia"], false, true);
} else {
$data[8] = '';
}
@ -343,13 +299,24 @@ if ($count < 1) {
array_push ($table->data, $data);
}
echo '<form method="post" action="'.$url.'&action=mass" style="margin-bottom: 0px;">';
print_table ($table);
if (give_acl ($config["id_user"], 0, "IM")) {
echo '<div style="text-align:right; float:right; padding-right: 30px;">';
print_submit_button (__('Delete incidents'), 'delete_btn', false, 'class="sub delete"');
print_submit_button (__('Become owner'), 'own_btn', false, 'class="sub upd"');
echo '</div>';
}
echo '</form>';
unset ($table);
}
if (give_acl ($config["id_user"], 0, "IW")) {
echo '<div style="text-align:right; width:750px"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form">';
echo '<div style="text-align:right; float:right; padding-right: 30px;">';
echo '<form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form=1">';
print_submit_button (__('Create incident'), 'crt', false, 'class="sub next"');
echo '</form></div>';
echo '</form>';
echo '</div>';
}
echo '<div style="clear:both">&nbsp;</div>';
?>

313
pandora_console/operation/incidents/incident_detail.php
View File

@ -19,23 +19,25 @@
// Load global vars
require("include/config.php");
require_once ("include/config.php");
require_once ("include/functions_incidents.php");
require_once ("include/functions_events.php"); //To get events group information
check_login ();
if (! give_acl ($config["id_user"], 0, "IR")) {
// Doesn't have access to this page
audit_db ($config["id_user"], $REMOTE_ADDR, "ACL Violation", "Trying to access incident details");
include ("general/noaccess.php");
audit_db ($config["id_user"], $config["remote_addr"], "ACL Violation", "Trying to access incident details");
require ("general/noaccess.php");
exit;
}
$inicio = date('Y-m-d H:i:s');
$actualizacion = date('Y-m-d H:i:s');
$inicio = time (); //Just inits the variable
$actualizacion = time ();
// EDITION MODE
if (isset ($_GET["id"])) {
$id_inc = get_parameter_get ("id");
$id_inc = get_parameter_get ("id", 0);
// Obtain group of this incident
$row = get_db_row ("tincidencia","id_incidencia",$id_inc);
@ -43,86 +45,65 @@ if (isset ($_GET["id"])) {
// Get values
$titulo = $row["titulo"];
$texto = $row["descripcion"];
$inicio = $row["inicio"];
$actualizacion = $row["actualizacion"];
$inicio = strtotime ($row["inicio"]);
$actualizacion = strtotime ($row["actualizacion"]);
$estado = $row["estado"];
$prioridad = $row["prioridad"];
$origen = $row["origen"];
$usuario = $row["id_usuario"];
$usuario = $row["id_usuario"]; //owner
$id_grupo = $row["id_grupo"];
$id_creator = $row["id_creator"];
$upd_sql = sprintf ("UPDATE tincidencia SET actualizacion = NOW(), id_usuario = '%s' WHERE id_incidencia = %d", $usuario, $id_inc);
$id_creator = $row["id_creator"]; //creator
$id_lastupdate = $row["id_lastupdate"]; //last updater
// Note add - everybody that can read incidents, can add notes
if (isset ($_GET["insertar_nota"])) {
$nota = get_parameter_post ("nota");
$sql = sprintf ("INSERT INTO tnota (id_usuario, timestamp, nota) VALUES ('%s',NOW(),'%s')",$config["id_user"],$nota);
$sql = sprintf ("INSERT INTO tnota (id_usuario, id_incident, nota) VALUES ('%s', %d, '%s')",$config["id_user"],$id_inc, $nota);
$id_nota = process_sql ($sql, "insert_id");
if ($id_nota !== false) {
echo '<h3 class="suc">'.__('Note successfully added').'</h3>';
$sql = sprintf ("INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (%d,%d)", $id_inc, $id_nota);
process_sql ($sql);
process_sql ($upd_sql); //Update tincidencia
} else {
echo '<h3 class="error">'.__('Error adding note').'</h3>';
process_incidents_touch ($id_inc);
}
print_error_message ($id_nota, __('Note successfully added'), __('Error adding note'));
}
// Delete note
if (isset ($_GET["id_nota"])) {
$id_nota = get_parameter_get ("id_nota");
$note_user = give_note_author ($id_nota);
if (((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($note_user == $config["id_user"])) OR ($id_creator == $config["id_user"]) ) {
if (isset ($_POST["delete_nota"])) {
$id_nota = get_parameter_post ("delete_nota", 0);
$note_user = get_incidents_notes_author ($id_nota);
if (((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($note_user == $config["id_user"])) OR ($id_owner == $config["id_user"])) {
// Only admins (manage incident) or owners can modify
// incidents, including their notes. note authors are
// incidents notes. note authors are
// able to delete their own notes
$sql = sprintf ("DELETE FROM tnota WHERE id_nota = %d",$id_nota);
$result = process_sql ($sql); //Result is 0 or false if the note wasn't deleted, therefore check with empty
$result = delete_incidents_note ($id_nota);
if (!empty ($result)) {
$sql = sprintf ("DELETE FROM tnota_inc WHERE id_nota = %d",$id_nota);
$result = process_sql ($sql);
}
if (!empty ($result)) {
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('Note successfully deleted').'</h3>';
} else {
echo '<h3 class="error">'.__('Error deleting note').'<h3>';
process_incidents_touch ($id_inc);
}
print_error_message ($id_nota, __('Note successfully deleted'), __('Error deleting note'));
}
}
// Delete file
if (((give_acl ($config["id_user"], $id_grupo, "IM")==1) OR ($id_creator == $config["id_user"])) AND isset ($_GET["delete_file"])) {
$file_id = get_parameter_get ("delete_file");
$sql = sprintf ("SELECT filename FROM tattachment WHERE id_attachment = %d",$file_id);
$filename = get_db_sql ($sql);
if (!empty ($filename)) {
$sql = sprintf ("DELETE FROM tattachment WHERE id_attachment = %d",$file_id);
$result = process_sql ($sql);
} else {
echo '<h3 class="error">'.__('Could not find file in database').'</h3>';
$result = false;
}
if (((give_acl ($config["id_user"], $id_grupo, "IM")==1) OR ($id_owner == $config["id_user"])) AND isset ($_POST["delete_file"])) {
$file_id = (int) get_parameter_post ("delete_file", 0);
$filename = get_db_value ("filename", "tattachment", "id_attachment", $file_id);
$sql = sprintf ("DELETE FROM tattachment WHERE id_attachment = %d",$file_id);
$result = process_sql ($sql);
if (!empty ($result)) {
unlink ($config["attachment_store"]."/pand".$file_id."_".$filename);
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('File successfully deleted from database').'</h3>';
} else {
echo '<h3 class="error"'.__('Unable to delete file').'</h3>';
process_incidents_touch ($id_inc);
}
print_error_message ($result, __('File successfully deleted from database'), __('Unable to delete file'));
}
// Upload file
if ((give_acl ($config["id_user"], $id_grupo, "IW") == 1) AND isset ($_GET["upload_file"]) AND ($_FILES['userfile']['name'] != "")) { //if file
if (isset ($_POST["file_description"])) {
$description = get_parameter_post ("file_description");
} else {
$description = __("No description available");
}
if ((give_acl ($config["id_user"], $id_grupo, "IW") == 1) AND isset ($_GET["upload_file"]) AND ($_FILES['userfile']['name'] != "")) {
$description = get_parameter_post ("file_description", __('No description available'));
// Insert into database
$filename = safe_input ($_FILES['userfile']['name']);
$filesize = safe_input ($_FILES['userfile']['size']);
@ -130,7 +111,7 @@ if (isset ($_GET["id"])) {
//The following is if you have clamavlib installed
//(php5-clamavlib) and enabled in php.ini
//http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if(extension_loaded ('clamav')) {
if (extension_loaded ('clamav')) {
cl_setlimits (5, 1000, 200, 0, 10485760);
$malware = cl_scanfile ($_FILES['file']['tmp_name']);
if ($malware) {
@ -155,12 +136,12 @@ if (isset ($_GET["id"])) {
if ($result !== false) {
unlink ($_FILES['userfile']['tmp_name']);
process_sql ($upd_sql); //Update tincidencia
echo '<h3 class="suc">'.__('File uploaded').'</h3>';
process_incidents_touch ($id_inc);
} else {
echo '<h3 class="error">'.__('File could not be saved. Contact the Pandora Administrator for more information').'</h3>';
process_sql ("DELETE FROM tattachment WHERE id_attachment = ".$id_attachment);
}
print_error_message ($result, __('File uploaded'), __('File could not be saved. Contact the Pandora Administrator for more information'));
}
} // else Not given id
// Create incident from event... read event data
@ -175,18 +156,19 @@ elseif (isset ($_GET["insert_form"])) {
$usuario = $config["id_user"];
$id_creator = $config["id_user"];
if (isset($_GET["from_event"])) {
if (isset ($_GET["from_event"])) {
$event = get_parameter_get ("from_event");
$titulo = return_event_description ($event);
$descripcion = "";
$titulo = get_event_description ($event);
$id_grupo = get_event_group ($event);
$origen = "Pandora FMS event";
unset ($event);
}
$prioridad = 0;
$id_grupo = 0;
} else {
audit_db ($config['id_user'],$REMOTE_ADDR, "HACK","Trying to get to incident details in an unusual way");
no_permission ();
audit_db ($config['id_user'],$config["remote_addr"], "HACK","Trying to get to incident details in an unusual way");
require ("general/noaccess.php");
exit;
}
@ -235,8 +217,8 @@ if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $confi
echo '</td></tr>';
echo '<tr><td class="datos2"><b>'.__('Opened at').'</b></td><td class="datos2"><i>'.date ($config['date_format'],strtotime ($inicio)).'</i></td>';
echo '<td class="datos2"><b>'.__('Updated at').'</b><td class="datos2"><i>'.date ($config['date_format'],strtotime ($actualizacion)).'</i></td></tr>';
echo '<tr><td class="datos2"><b>'.__('Opened at').'</b></td><td class="datos2"><i>'.date ($config['date_format'], $inicio).'</i></td>';
echo '<td class="datos2"><b>'.__('Updated at').'</b><td class="datos2"><i>'.date ($config['date_format'], $actualizacion).'</i></td></tr>';
echo '<tr><td class="datos"><b>'.__('Owner').'</b></td><td class="datos">';
@ -247,16 +229,10 @@ if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $confi
}
echo '</td><td class="datos"><b>'.__('Status').'</b></td><td class="datos">';
$fields = array ();
$fields[0] = __('Open and Active');
$fields[2] = __('Not valid');
$fields[3] = __('Out of date');
$fields[13] = __('Closed');
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135');
print_select (get_incidents_status (), "estado_form", $estado, '', '', '', false, false, false, 'w135');
} else {
print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135', true);
print_select (get_incidents_status (), "estado_form", $estado, '', '', '', false, false, false, 'w135', true);
}
echo '</td></tr>';
@ -288,18 +264,10 @@ if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $confi
echo '</td></tr><tr><td class="datos"><b>'.__('Priority').'</b></td><td class="datos">';
$fields = array();
$fields[0] = __('Informative');
$fields[1] = __('Low');
$fields[2] = __('Medium');
$fields[3] = __('Serious');
$fields[4] = __('Very serious');
$fields[10] = __('Maintenance');
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135');
print_select (get_incidents_priorities (), "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135');
} else {
print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135', true);
print_select (get_incidents_priorities (), "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135', true);
}
echo '</td><td class="datos"><b>'.__('Creator').'</b></td><td class="datos">';
@ -319,8 +287,7 @@ if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $confi
echo '</td></tr></table><div style="width: 600px; text-align:right;">';
// Only if user is the used who opened incident or (s)he is admin
if (isset ($id_inc) AND (give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
if (isset ($id_inc) AND ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"]))) {
print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"');
} elseif (give_acl ($config["id_user"], $id_grupo, "IW")) {
print_submit_button (__('Create'), "accion", false, 'class="sub wand"');
@ -329,7 +296,12 @@ if (isset ($id_inc) AND (give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR
}
echo "</div></form>";
//If we're actually working on an incident
if (isset ($id_inc)) {
// ********************************************************************
// Notes
// ********************************************************************
echo '<div>';
print_submit_button (__('Add note'), "note_control", false, 'class="sub next"');
echo '</div><div>';
@ -339,101 +311,96 @@ if (isset ($id_inc)) {
<td valign="bottom"><input name="addnote" type="submit" class="sub wand" value="'.__('Add').'"></td></tr>
</table></form></div><div>';
// ********************************************************************
// Notes
// ********************************************************************
if (isset ($id_inc)) {
$sql = sprintf ("SELECT tnota.* FROM tnota, tnota_inc WHERE tnota_inc.id_incidencia = '%d' AND tnota.id_nota = tnota_inc.id_nota",$id_inc);
$result = get_db_all_rows_sql ($sql);
} else {
$result = array ();
}
if (empty ($result)) {
$result = array ();
} else {
echo "<h3>".__('Notes attached to incident').'<h3>';
}
echo '<table cellpadding="4" cellspacing="4" class="databox" width="600px">';
$result = get_incidents_notes ($id_inc);
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = "databox";
$table->width = 600;
$table->data = array ();
$table->head = array ();
foreach ($result as $row) {
echo '<tr><td><img src="images/page_white_text.png" border="0"></td>';
echo '<td>'.__('Author').': <a href="index.php?sec=usuario&sec2=operation/users/user_edit&ver='.$row["id_usuario"].'">'.dame_nombre_real ($row["id_usuario"]).'</a> ('.date ($config['date_format'],strtotime ($row["timestamp"])).')</td></tr>';
echo '<tr><td>';
$data = array ();
$data[0] = '<img src="images/page_white_text.png" border="0" />';
$data[1] = __('Author').': '.print_username ($row["id_usuario"], true).' ('.print_timestamp ($row["timestamp"], "", "span", true).')';
array_push ($table->data, $data);
$data = array ();
$data[0] = '';
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) {
echo '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&id_nota='.$row["id_nota"].'"><img src="images/cross.png" border="0"></a>';
$data[0] .= print_input_image ("delete_nota", "images/cross.png", $row["id_nota"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true);
}
echo '</td><td>'.safe_input ($row["nota"]).'</td></tr>';
$data[1] = safe_input ($row["nota"]);
array_push ($table->data, $data);
}
echo '</table>';
}
// ************************************************************
// Files attached to this incident
// ************************************************************
// Attach head if there's attach for this incident
if (isset ($id_inc)) {
$result = get_db_all_rows_field_filter ("tattachment", "id_incidencia", $id_inc, "filename");
} else {
$result = array ();
}
if (empty ($result)) {
$result = array ();
} else {
echo "<h3>".__('Attached files')."</h3>";
}
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = "databox";
$table->width = 650;
$table->head = array ();
$table->data = array ();
$table->head[0] = __('Filename');
$table->head[1] = __('Description');
$table->head[2] = __('Size');
$table->head[3] = __('Delete');
$table->align[2] = "center";
$table->align[3] = "center";
foreach ($result as $row) {
$data[0] = '<img src="images/disk.png" border="0" align="top" />&nbsp;&nbsp;<a target="_new" href="attachment/pand'.$row["id_attachment"].'_'.$row["filename"].'"><b>'.$row["filename"].'</b></a>';
$data[1] = $row["description"];
$data[2] = $row["size"]." KB";
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
$data[3] = '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/cross.png" border=0 /></a>';
} else {
$data[3] = '';
if (!empty ($table->data)) {
echo "<h3>".__('Notes attached to incident').'<h3>';
echo '<form method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'">';
print_table ($table);
echo '</form>';
}
array_push ($table->data, $data);
}
unset ($table);
if (!empty ($table->data)) {
print_table ($table);
}
unset ($table);
// ************************************************************
// Files attached to this incident
// ************************************************************
// ************************************************************
// Upload control
// ************************************************************
$result = get_incidents_attach ($id_inc);
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = "databox";
$table->width = 650;
$table->head = array ();
$table->data = array ();
$table->head[0] = __('Filename');
$table->head[1] = __('Description');
$table->head[2] = __('Size');
$table->head[3] = __('Delete');
$table->align[2] = "center";
$table->align[3] = "center";
foreach ($result as $row) {
$data[0] = '<img src="images/disk.png" border="0" align="top" />&nbsp;&nbsp;<a target="_new" href="attachment/pand'.$row["id_attachment"].'_'.$row["filename"].'"><b>'.$row["filename"].'</b></a>';
$data[1] = $row["description"];
$data[2] = format_for_graph ($row["size"])."B";
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
$data[3] = print_input_image ("delete_file", "images/cross.png", $row["id_attachment"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true);
} else {
$data[3] = '';
}
array_push ($table->data, $data);
}
if (!empty ($table->data)) {
echo "<h3>".__('Attached files')."</h3>";
echo '<form method="POST" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'">';
print_table ($table);
echo '</form>';
}
unset ($table);
// ************************************************************
// Upload control
// ************************************************************
// Upload control
if ((give_acl($config["id_user"], $id_grupo, "IW")==1) AND (isset ($id_inc))) {
echo '<div>';
print_submit_button (__('Add attachment'), "attachment", false, 'class="sub next"');
echo '</div>';
echo '<div><form method="post" id="file_control" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">';
echo '<table cellpadding="4" cellspacing="3" class="databox" width="400">
<tr><td class="datos">'.__('Filename').'</td><td class="datos"><input type="file" name="userfile" value="userfile" class="sub" size="40" /></td></tr>
<tr><td class="datos2">'.__('Description').'</td><td class="datos2" colspan="3"><input type="text" name="file_description" size="47"></td></tr>
<tr><td rowspan="2" style="text-align: right;"> <input type="submit" name="upload" value="'.__('Upload').'" class="sub wand"></td></tr>
</table></form></div>';
// Upload control
if ((give_acl($config["id_user"], $id_grupo, "IW")==1)) {
echo '<div>';
print_submit_button (__('Add attachment'), "attachment", false, 'class="sub next"');
echo '</div>';
echo '<div><form method="post" id="file_control" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">';
echo '<table cellpadding="4" cellspacing="3" class="databox" width="400">
<tr><td class="datos">'.__('Filename').'</td><td class="datos"><input type="file" name="userfile" value="userfile" class="sub" size="40" /></td></tr>
<tr><td class="datos2">'.__('Description').'</td><td class="datos2" colspan="3"><input type="text" name="file_description" size="47"></td></tr>
<tr><td rowspan="2" style="text-align: right;"> <input type="submit" name="upload" value="'.__('Upload').'" class="sub wand"></td></tr>
</table></form></div>';
}
}
?>

4
pandora_console/operation/incidents/incident_search.php
View File

@ -18,12 +18,12 @@
// Load global vars
require("include/config.php");
require_once ("include/config.php");
check_login ();
if (give_acl ($config['id_user'], 0, "IR") != 1) {
audit_db($config['id_user'],$REMOTE_ADDR, "ACL Violation","Trying to access incident search");
audit_db($config['id_user'],$config["remote_addr"], "ACL Violation","Trying to access incident search");
require ("general/noaccess.php");
exit;
}

6
pandora_console/operation/incidents/incident_statistics.php
View File

@ -18,14 +18,14 @@
// Load global vars
require("include/config.php");
require_once ("include/config.php");
check_login ();
if (! give_acl ($config['id_user'], 0, "IR") == 1) {
audit_db ($config['id_user'], $config["remote_addr"], "ACL Violation", "Trying to access Incident section");
require ("general/noaccess.php");
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access Incident section");
return;
exit;
}
echo "<h2>".__('Incident management')." &gt; ".__('Statistics')."</h2>";

31
pandora_console/pandoradb.sql
View File

@ -318,9 +318,8 @@ CREATE TABLE IF NOT EXISTS `tgrupo` (
PRIMARY KEY (`id_grupo`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `tincidencia` (
`id_incidencia` bigint(20) unsigned NOT NULL auto_increment,
`id_incidencia` bigint(6) unsigned zerofill NOT NULL auto_increment,
`inicio` datetime NOT NULL default '0000-00-00 00:00:00',
`cierre` datetime NOT NULL default '0000-00-00 00:00:00',
`titulo` varchar(100) NOT NULL default '',
@ -330,14 +329,16 @@ CREATE TABLE IF NOT EXISTS `tincidencia` (
`estado` int(10) NOT NULL default '0',
`prioridad` int(10) NOT NULL default '0',
`id_grupo` mediumint(4) unsigned NOT NULL default '0',
`actualizacion` datetime NOT NULL default '0000-00-00 00:00:00',
`actualizacion` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
`id_creator` varchar(60) default NULL,
`id_lastupdate` varchar(60) default NULL,
`id_agente_modulo` bigint(100) NOT NULL,
`notify_email` tinyint(3) unsigned NOT NULL default '0',
PRIMARY KEY (`id_incidencia`),
KEY `incident_index_1` (`id_usuario`,`id_incidencia`)
KEY `incident_index_1` (`id_usuario`,`id_incidencia`),
KEY `id_agente_modulo` (`id_agente_modulo`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS`tlanguage` (
`id_language` varchar(6) NOT NULL default '',
`name` varchar(100) NOT NULL default '',
@ -418,23 +419,15 @@ CREATE TABLE IF NOT EXISTS `tnetwork_profile_component` (
KEY `id_np` (`id_np`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `tnota` (
`id_nota` mediumint(8) unsigned NOT NULL auto_increment,
`id_nota` bigint(6) unsigned zerofill NOT NULL auto_increment,
`id_incident` bigint(6) unsigned zerofill NOT NULL,
`id_usuario` varchar(100) NOT NULL default '0',
`timestamp` tinyblob NOT NULL,
`timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP,
`nota` mediumtext NOT NULL,
PRIMARY KEY (`id_nota`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `tnota_inc` (
`id_nota_inc` mediumint(8) unsigned NOT NULL auto_increment,
`id_incidencia` mediumint(9) NOT NULL default '0',
`id_nota` mediumint(9) NOT NULL default '0',
PRIMARY KEY (`id_nota_inc`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
PRIMARY KEY (`id_nota`),
KEY `id_incident` (`id_incident`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `torigen` (
`origen` varchar(100) NOT NULL default ''