'.__('Note successfully added').''; $sql = sprintf ("INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (%d,%d)", $id_inc, $id_nota); process_sql ($sql); process_sql ($upd_sql); //Update tincidencia } else { echo '

'.__('Error adding note').'

'; } } // Delete note if (isset ($_GET["id_nota"])) { $id_nota = get_parameter_get ("id_nota"); $note_user = give_note_author ($id_nota); if (((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($note_user == $config["id_user"])) OR ($id_creator == $config["id_user"]) ) { // Only admins (manage incident) or owners can modify // incidents, including their notes. note authors are // able to delete their own notes $sql = sprintf ("DELETE FROM tnota WHERE id_nota = %d",$id_nota); $result = process_sql ($sql); //Result is 0 or false if the note wasn't deleted, therefore check with empty if (!empty ($result)) { $sql = sprintf ("DELETE FROM tnota_inc WHERE id_nota = %d",$id_nota); $result = process_sql ($sql); } if (!empty ($result)) { process_sql ($upd_sql); //Update tincidencia echo '

'.__('Note successfully deleted').'

'; } else { echo '

'.__('Error deleting note').'

'; } } } // Delete file if (((give_acl ($config["id_user"], $id_grupo, "IM")==1) OR ($id_creator == $config["id_user"])) AND isset ($_GET["delete_file"])) { $file_id = get_parameter_get ("delete_file"); $sql = sprintf ("SELECT filename FROM tattachment WHERE id_attachment = %d",$file_id); $filename = get_db_sql ($sql); if (!empty ($filename)) { $sql = sprintf ("DELETE FROM tattachment WHERE id_attachment = %d",$file_id); $result = process_sql ($sql); } else { echo '

'.__('Could not find file in database').'

'; $result = false; } if (!empty ($result)) { unlink ($config["attachment_store"]."/pand".$file_id."_".$filename); process_sql ($upd_sql); //Update tincidencia echo '

'.__('File successfully deleted from database').'

'; } else { echo '

'; } } // Upload file if ((give_acl ($config["id_user"], $id_grupo, "IW") == 1) AND isset ($_GET["upload_file"]) AND ($_FILES['userfile']['name'] != "")) { //if file if (isset ($_POST["file_description"])) { $description = get_parameter_post ("file_description"); } else { $description = __("No description available"); } // Insert into database $filename = safe_input ($_FILES['userfile']['name']); $filesize = safe_input ($_FILES['userfile']['size']); //The following is if you have clamavlib installed //(php5-clamavlib) and enabled in php.ini //http://www.howtoforge.com/scan_viruses_with_php_clamavlib if(extension_loaded ('clamav')) { cl_setlimits (5, 1000, 200, 0, 10485760); $malware = cl_scanfile ($_FILES['file']['tmp_name']); if ($malware) { $error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version(); die ($error); //On malware, we die because it's not good to handle it } } $sql = sprintf ("INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size) VALUES (%d, '%s', '%s', '%s', %d)", $id_inc, $config["id_user"],$filename,$description,$filesize); $id_attachment = process_sql ($sql,"insert_id"); // Copy file to directory and change name if ($id_attachment !== false) { $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename; $result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo); } else { echo '

'.__('File could not be saved due to database error').'

'; $result = false; } if ($result !== false) { unlink ($_FILES['userfile']['tmp_name']); process_sql ($upd_sql); //Update tincidencia echo '

'.__('File uploaded').'

'; } else { echo '

'.__('File could not be saved. Contact the Pandora Administrator for more information').'

'; process_sql ("DELETE FROM tattachment WHERE id_attachment = ".$id_attachment); } } } // else Not given id // Create incident from event... read event data elseif (isset ($_GET["insert_form"])) { $titulo = ""; $descripcion = ""; $origen = ""; $prioridad = 0; $id_grupo = 0; $estado = 0; $texto = ""; $usuario = $config["id_user"]; $id_creator = $config["id_user"]; if (isset($_GET["from_event"])) { $event = get_parameter_get ("from_event"); $titulo = return_event_description ($event); $descripcion = ""; $origen = "Pandora FMS event"; unset ($event); } $prioridad = 0; $id_grupo = 0; } else { audit_db ($config['id_user'],$REMOTE_ADDR, "HACK","Trying to get to incident details in an unusual way"); no_permission (); } // ******************************************************************************************************** // ******************************************************************************************************** // Show the form // ******************************************************************************************************** //This is for the pretty slide down attachment form echo ''; echo ""; if (isset ($id_inc)) { //If $id_inc is set (when $_GET["id"] is set, not $_GET["insert_form"] echo '
'; echo ''; echo '

'.__('Incident management').' > '.__('Incident details').' #'.$id_inc.'

'; } else { echo ''; echo '

'.__('Incident management').' > '.__('Create incident').'

'; } echo ''; echo ''; echo ''; echo ''; echo ''; echo '
'.__('Incident').''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_input_text ("titulo", $titulo,'', 70); } else { print_input_text_extended ("titulo", $titulo, "", "", 70, "", false, "", "readonly"); } echo '
'.__('Opened at').''.date ($config['date_format'],strtotime ($inicio)).''.__('Updated at').''.date ($config['date_format'],strtotime ($actualizacion)).'
'.__('Owner').''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135"); } else { print_select (list_users (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135", true); } echo ''.__('Status').''; $fields = array (); $fields[0] = __('Open and Active'); $fields[2] = __('Not valid'); $fields[3] = __('Out of date'); $fields[13] = __('Closed'); if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135'); } else { print_select ($fields, "estado_form", $estado, '', '', '', false, false, false, 'w135', true); } echo '
'.__('Source').''; $fields = array (); $return = get_db_all_rows_sql ("SELECT origen FROM torigen ORDER BY origen"); if ($return === false) $return[0] = $estado; //Something must be displayed foreach ($return as $row) { $fields[$row["origen"]] = $row["origen"]; } // Only owner could change source or user with Incident management privileges if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select ($fields, "origen_form", $estado, '', '', '', false, false, false, 'w135'); } else { print_select ($fields, "origen_form", $estado, '', '', '', false, false, false, 'w135', true); } echo ''.__('Group').''; // Group combo if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, false, 'w135'); } else { print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, true, 'w135', true); } echo '
'.__('Priority').''; $fields = array(); $fields[0] = __('Informative'); $fields[1] = __('Low'); $fields[2] = __('Medium'); $fields[3] = __('Serious'); $fields[4] = __('Very serious'); $fields[10] = __('Maintenance'); if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135'); } else { print_select ($fields, "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135', true); } echo ''.__('Creator').''; if (empty ($id_creator)) { echo 'SYSTEM'; } else { echo $id_creator.' ('.dame_nombre_real ($id_creator).')'; } echo '
'; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;"'); } else { print_textarea ("descripcion", 15, 80, safe_input ($texto), 'style="height:200px;" disabled'); } echo '
'; // Only if user is the used who opened incident or (s)he is admin if (isset ($id_inc) AND (give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"'); } elseif (give_acl ($config["id_user"], $id_grupo, "IW")) { print_submit_button (__('Create'), "accion", false, 'class="sub wand"'); } else { print_submit_button (__('Submit'), "accion", true, 'class="sub upd"'); } echo "
"; if (isset ($id_inc)) { echo '
'; print_submit_button (__('Add note'), "note_control", false, 'class="sub next"'); echo '
'; echo '
'; echo '
'; // ******************************************************************** // Notes // ******************************************************************** if (isset ($id_inc)) { $sql = sprintf ("SELECT tnota.* FROM tnota, tnota_inc WHERE tnota_inc.id_incidencia = '%d' AND tnota.id_nota = tnota_inc.id_nota",$id_inc); $result = get_db_all_rows_sql ($sql); } else { $result = array (); } if (empty ($result)) { $result = array (); } else { echo "

".__('Notes attached to incident').'

'; } echo ''; foreach ($result as $row) { echo ''; echo ''; echo ''; } echo '
'.__('Author').': '.dame_nombre_real ($row["id_usuario"]).' ('.date ($config['date_format'],strtotime ($row["timestamp"])).')
'; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) { echo ''; } echo ''.safe_input ($row["nota"]).'
'; } // ************************************************************ // Files attached to this incident // ************************************************************ // Attach head if there's attach for this incident if (isset ($id_inc)) { $result = get_db_all_rows_field_filter ("tattachment", "id_incidencia", $id_inc, "filename"); } else { $result = array (); } if (empty ($result)) { $result = array (); } else { echo "

".__('Attached files')."

"; } $table->cellpadding = 4; $table->cellspacing = 4; $table->class = "databox"; $table->width = 650; $table->head = array (); $table->data = array (); $table->head[0] = __('Filename'); $table->head[1] = __('Description'); $table->head[2] = __('Size'); $table->head[3] = __('Delete'); $table->align[2] = "center"; $table->align[3] = "center"; foreach ($result as $row) { $data[0] = '  '.$row["filename"].''; $data[1] = $row["description"]; $data[2] = $row["size"]." KB"; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { $data[3] = ''; } else { $data[3] = ''; } array_push ($table->data, $data); } if (!empty ($table->data)) { print_table ($table); } unset ($table); // ************************************************************ // Upload control // ************************************************************ // Upload control if ((give_acl($config["id_user"], $id_grupo, "IW")==1) AND (isset ($id_inc))) { echo '
'; print_submit_button (__('Add attachment'), "attachment", false, 'class="sub next"'); echo '
'; echo '
'; echo '
'.__('Filename').'
'.__('Description').'
'; } ?>