".$lang_label["create_note_ok"].""; } $sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$id_usuario."' AND timestamp = '".$timestamp."'"; $res2=mysql_query($sql2); $row2=mysql_fetch_array($res2); $id_nota = $row2["id_nota"]; $sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")"; $res3=mysql_query($sql3); $sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc; $res4 = mysql_query($sql4); } // Modify incident if (isset($_POST["accion"])){ $id_inc = $_POST["id_inc"]; if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { // Only admins (manage incident) or owners can modify incidents // Edicion !! if ($_POST["accion"] == $lang_label["in_modinc"]){ // Modify Incident $id_author_inc = give_incident_author($id_inc); $titulo = entrada_limpia($_POST["titulo"]); $descripcion = entrada_limpia($_POST['descripcion']); $origen = entrada_limpia($_POST['origen']); $prioridad = entrada_limpia($_POST['prioridad']); $grupo = entrada_limpia($_POST['grupo']); $usuario= entrada_limpia($_POST["usuario"]); $estado = entrada_limpia($_POST["estado"]); $ahora=date("Y/m/d H:i:s"); $sql = "UPDATE tincidencia SET actualizacion = '".$ahora."', titulo = '".$titulo."', origen= '".$origen."', estado = '".$estado."', id_grupo = '".$grupo."', id_usuario = '".$usuario."', prioridad = '".$prioridad."', descripcion = '".$descripcion."' WHERE id_incidencia = ".$id_inc; $result=mysql_query($sql); if ($result) echo "

".$lang_label["upd_incid_ok"]."

"; // Re-read data for correct presentation // Obtain group of this incident $sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc; $result=mysql_query($sql1); $row=mysql_fetch_array($result); // Get values $titulo = $row["titulo"]; $texto = $row["descripcion"]; $inicio = $row["inicio"]; $actualizacion = $row["actualizacion"]; $estado = $row["estado"]; $prioridad = $row["prioridad"]; $origen = $row["origen"]; $usuario = $row["id_usuario"]; $nombre_real = dame_nombre_real($usuario); $id_grupo = $row["id_grupo"]; $grupo = dame_nombre_grupo($id_grupo); } } else { audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident"); echo "

".$lang_label["upd_incid_no"]."

"; no_permission(); } } // Delete note if (isset($_GET["id_nota"])){ $note_user = give_note_author ($_GET["id_nota"]); if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes // But note authors was able to delete this own notes $id_nota = $_GET["id_nota"]; $id_nota_inc = $_GET["id_nota_inc"]; $query ="DELETE FROM tnota WHERE id_nota = ".$id_nota; $query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc; //echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2; mysql_query($query); mysql_query($query2); if (mysql_query($query)) echo "

".$lang_label["del_note_ok"]; } } // Delete file if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){ $file_id = $_GET["delete_file"]; $sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id; $res2=mysql_query($sql2); $row2=mysql_fetch_array($res2); $filename = $row2["filename"]; $sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id; $res2=mysql_query($sql2); unlink ($attachment_store."attachment/pand".$file_id."_".$filename); } // Upload file if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) { if (( $_FILES['userfile']['name'] != "" ) && ($userfile != "none")){ //if file $tipo = $_FILES['userfile']['type']; if (isset($_POST["file_description"])) $description = $_POST["file_description"]; else $description = "No description available"; // Insert into database $filename= $_FILES['userfile']['name']; $filesize = $_FILES['userfile']['size']; $sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") "; mysql_query($sql); $id_attachment=mysql_insert_id(); // Copy file to directory and change name $nombre_archivo = $attachment_store."attachment/pand".$id_attachment."_".$filename; if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){ echo "

".$lang_label["attach_error"]."

"; $sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment; mysql_query($sql); } else { // Delete temporal file unlink ($_FILES['userfile']['tmp_name']); } } } } else { // Not given id // Insert data ! if (isset($_POST["accion"]) and ($_POST["accion"] == $lang_label["create"])) { $iduser_temp=$_SESSION['id_usuario']; // Read input variables $titulo = entrada_limpia($_POST['titulo']); $inicio = date("Y/m/d H:i:s"); $descripcion = entrada_limpia($_POST['descripcion']); $texto = $descripcion; // to view in textarea after insert $origen = entrada_limpia($_POST['origen']); $prioridad = entrada_limpia($_POST['prioridad']); $grupo = entrada_limpia($_POST['grupo']); $usuario= entrada_limpia($_SESSION["id_usuario"]); $actualizacion = $inicio; $id_creator = $iduser_temp; $estado = 0; // if the indicent is new, state (estado) is 0 $sql = " INSERT INTO tincidencia (inicio,actualizacion,titulo,descripcion,id_usuario,origen,estado,prioridad,id_grupo, id_creator) VALUES ('".$inicio."','".$actualizacion."','".$titulo."','".$descripcion."','".$usuario."','".$origen."','".$estado."','".$prioridad."','".$grupo."','".$id_creator."') "; if (give_acl($iduser_temp, $grupo, "IW")==1){ if (mysql_query($sql)) echo "

".$lang_label["create_incid_ok"]."

"; $id_inc=mysql_insert_id(); } else no_permission(); // INSERT FORM. } elseif (isset($_GET["insert_form"])){ $iduser_temp=$_SESSION['id_usuario']; $titulo = ""; if (isset($_GET["from_event"])){ $titulo = return_event_description($_GET["from_event"]); $descripcion = ""; $origen = "Pandora FMS event"; } else { $titulo = ""; $descripcion = ""; $origen = ""; } $prioridad = 0; $id_grupo = 0; $grupo = dame_nombre_grupo(1); $usuario= $_SESSION["id_usuario"]; $estado = 0; $actualizacion=date("Y/m/d H:i:s"); $inicio = $actualizacion; $id_creator = $iduser_temp; $creacion_incidente = 1; } else { audit_db($id_user,$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way"); no_permission(); } } // ******************************************************************************************************** // ******************************************************************************************************** // Show the form // ******************************************************************************************************** if ($creacion_incidente == 0) echo "

"; else echo ""; if (isset($id_inc)) { echo ""; } echo "

".$lang_label["incident_manag"]."

"; if (isset($id_inc)) { echo "

".$lang_label["rev_incident"]." # ".$id_inc." ".$lang_label["help"]."

"; } else { echo "

".$lang_label["create_incident"]." ".$lang_label["help"]."

"; } echo ''; if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) echo ''; if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) echo ''; echo "

	'.$lang_label["incident"].'	'; else echo '
	'.$lang_label["incident"].'	'; echo '
	'.$lang_label["in_openedwhen"].''; echo "	".$inicio.""; echo '	'.$lang_label["updated_at"].''; echo "	".$actualizacion.""; echo '
	'.$lang_label["in_openedby"].'	'; if ((give_acl($id_user, $id_grupo, "IM")==1) OR ($usuario == $id_user)) { echo ""; } else { echo ""; echo $usuario." - (".$nombre_real.")"; } // Tipo de estado // 0 - Abierta / Sin notas - Open, without notes // 1 - Abierta / Notas aniadidas - Open, with notes // 2 - Descartada / Not valid // 3 - Caducada / Outdated // 13 - Cerrada / Closed if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) echo '	'.$lang_label["status"].'		'.$lang_label["status"].'	'; // Only owner could change source or user with Incident management privileges if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) echo '
	'.$lang_label["source"].'
	'.$lang_label["source"].'	"; // Group combo if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) echo '	'.$lang_label["group"].'		'.$lang_label["group"].'
'.$lang_label["priority"].'		'.$lang_label["priority"].'		Creator	".$id_creator." ( ".dame_nombre_real($id_creator)." )"; if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) echo '
'; else echo '</select><tr><td class="datos2" colspan="4"><textarea readonly name="descripcion" rows="15" cols="85">'; if (isset($texto)) {echo $texto;} echo ""; echo '

"; // Only if user is the used who opened incident or (s)he is admin $iduser_temp=$_SESSION['id_usuario']; if ($creacion_incidente == 0){ if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){ echo ''; } } else { if (give_acl($iduser_temp, $id_grupo, "IW")) { echo ''; } } echo ""; if ($creacion_incidente == 0){ echo "
"; echo ' '; } echo "

"; if ($creacion_incidente == 0){ // Upload control if (give_acl($iduser_temp, $id_grupo, "IW")==1){ echo ""; echo "'; echo '

".$lang_label["attachfile"].""; echo "
"; echo '	'.$lang_label["filename"].'	'; echo ''; echo '
	'.$lang_label["description"].'	'; echo '

'; echo '

'; } // ************************************************************ // Files attached to this incident // ************************************************************ // Attach head if there's attach for this incident $att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc); if (mysql_num_rows($att_fil)) { echo ""; echo "

"; echo "

".$lang_label["attached_files"]."

"; echo "

".$lang_label["filename"]; echo "	".$lang_label["description"]; echo "	".$lang_label["size"]; echo "	".$lang_label["delete"]; while ($row=mysql_fetch_array($att_fil)){ echo "
".$row["filename"].""; echo "	".$row["description"]; echo "	".$row["size"]; if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment echo '	'; } } echo "

"; } // ******************************************************************** // Notes // ******************************************************************** $cabecera=0; $sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc; $res4=mysql_query($sql4); while ($row2=mysql_fetch_array($res4)){ if ($cabecera == 0) { // Show head only one time echo ""; echo "

"; echo "

".$lang_label["in_notas_t1"]."

"; echo ""; echo "'; echo ''; } } if ($cabecera == 1){ echo "

"; $cabecera = 1; } $sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC'; $res3=mysql_query($sql3); while ($row3=mysql_fetch_array($res3)){ $timestamp = $row3["timestamp"]; $nota = $row3["nota"]; $id_usuario_nota = $row3["id_usuario"]; // Show data echo '

'.$lang_label["author"].':

'; $usuario = $id_usuario_nota; $nombre_real = dame_nombre_real($usuario); echo $usuario." - (".$nombre_real.")"; // Delete comment, only for admins if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { $myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"]; echo '

'.$lang_label["delete"].''; } echo '

'.$lang_label["date"].':

'.$timestamp.'

'; echo '

'; echo salida_limpia($nota); echo '

'; echo '

"; // note table } echo "

"; } // create mode ?>