".$lang_label["create_note_ok"].""; }
$sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$id_usuario."' AND timestamp = '".$timestamp."'";
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$id_nota = $row2["id_nota"];
$sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")";
$res3=mysql_query($sql3);
$sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc;
$res4 = mysql_query($sql4);
}
// Delete note
if (isset($_GET["id_nota"])){
$note_user = give_note_author ($_GET["id_nota"]);
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes
// But note authors was able to delete this own notes
$id_nota = $_GET["id_nota"];
$id_nota_inc = $_GET["id_nota_inc"];
$query ="DELETE FROM tnota WHERE id_nota = ".$id_nota;
$query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc;
//echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2;
mysql_query($query);
mysql_query($query2);
if (mysql_query($query)) {
echo "
".$lang_label["del_note_ok"];
}
}
}
// Delete file
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){
$file_id = $_GET["delete_file"];
$sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$filename = $row2["filename"];
$sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
unlink ($attachment_store."attachment/pand".$file_id."_".$filename);
}
// Upload file
if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) {
if (( $_FILES['userfile']['name'] != "" ) && ($userfile != "none")){ //if file
$tipo = $_FILES['userfile']['type'];
if (isset($_POST["file_description"]))
$description = $_POST["file_description"];
else
$description = "No description available";
// Insert into database
$filename= $_FILES['userfile']['name'];
$filesize = $_FILES['userfile']['size'];
$sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") ";
mysql_query($sql);
$id_attachment=mysql_insert_id();
// Copy file to directory and change name
$nombre_archivo = $attachment_store."attachment/pand".$id_attachment."_".$filename;
if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){
echo "
".$lang_label["attach_error"]."
";
$sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
mysql_query($sql);
} else {
// Delete temporal file
unlink ($_FILES['userfile']['tmp_name']);
}
}
}
} // else Not given id
// Create incident from event... read event data
elseif (isset($_GET["insert_form"])){
$iduser_temp=$_SESSION['id_usuario'];
$titulo = "";
if (isset($_GET["from_event"])){
$titulo = return_event_description($_GET["from_event"]);
$descripcion = "";
$origen = "Pandora FMS event";
} else {
$titulo = "";
$descripcion = "";
$origen = "";
}
$prioridad = 0;
$id_grupo = 0;
$grupo = dame_nombre_grupo(1);
$usuario= $_SESSION["id_usuario"];
$estado = 0;
$actualizacion=date("Y/m/d H:i:s");
$inicio = $actualizacion;
$id_creator = $iduser_temp;
$creacion_incidente = 1;
} else {
audit_db($id_user,$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way");
no_permission();
}
// ********************************************************************************************************
// ********************************************************************************************************
// Show the form
// ********************************************************************************************************
if ($creacion_incidente == 0)
echo "