, 2003-2006 // Raul Mateos , 2005-2006 // Load global vars require("include/config.php"); //require("include/functions.php"); //require("include/functions_db.php"); if (comprueba_login() == 0) { $accion = ""; $id_usuario =$_SESSION["id_usuario"]; if ((give_acl($id_user, 0, "IR")==1) OR (give_acl($id_user, 0, "IM")==1) or (dame_admin($id_user)==1)) { if (isset($_GET["quick_delete"])){ $id_inc = $_GET["quick_delete"]; $sql2="SELECT * FROM tincidencia WHERE id_incidencia=".$id_inc; $result2=mysql_query($sql2); $row2=mysql_fetch_array($result2); if ($row2) { $id_author_inc = $row2["id_usuario"]; if ((give_acl($id_usuario, $row2["id_grupo"], "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){ borrar_incidencia($id_inc); echo "

".$lang_label["del_incid_ok"]."

"; } else { audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to delete incident"); echo "

".$lang_label["del_incid_no"]."

"; no_permission(); } } } /* Pending to delete code // Delete incidents (Actions) if (isset($_POST["accion"])){ $id_inc = $_POST["id_inc"]; if ($_POST["accion"] == $lang_label["in_delinc"]){ // Delete Incident $id_author_inc = give_incident_author($id_inc); if (($_SESSION["id_usuario"] == $id_author_inc) OR dame_admin($_SESSION["id_usuario"])) { borrar_incidencia($id_inc); } else { audit_db($id_author_inc,$REMOTE_ADDR,"ACL Forbidden","User ".$_SESSION["id_usuario"]." try to update incident"); echo "

".$lang_label["del_incid_no"]."

"; no_permission(); } } } */ /* EXPLANATION FOR THiS PAGE: Due to this form get data from other forms, variables are mixed in GET and POST inputs. Combo data originally comes from POST inputs. All data from posts are translated below to GET INPUT, all posterior data process are using GET because filter data are dynamically written to links to pass filter data between pages */ // Search $busqueda=""; if (isset($_POST["texto"]) OR (isset($_GET["texto"]))){ if (isset($_POST["texto"])){ $texto_form = $_POST["texto"]; $_GET["texto"]=$texto_form; // Update GET vars if data comes from POST } else // GET $texto_form = $_GET["texto"]; $busqueda = "( titulo LIKE '%".$texto_form."%' OR descripcion LIKE '%".$texto_form."%' )"; } if (isset($_POST["usuario"]) OR (isset($_GET["usuario"]))){ if (isset($_POST["usuario"])){ $usuario_form = $_POST["usuario"]; $_GET["usuario"]=$usuario_form; } else // GET $usuario_form=$_GET["usuario"]; if ($usuario_form != ""){ if (isset($_GET["texto"])) $busqueda = $busqueda." and "; $busqueda= $busqueda." id_usuario = '".$_GET["usuario"]."' "; } } // Filter if ($busqueda != "") $sql1= "WHERE ".$busqueda; else $sql1=""; if (isset($_GET["estado"]) and (!isset($_POST["estado"]))) $_POST["estado"]=$_GET["estado"]; if (isset($_GET["grupo"]) and (!isset($_POST["grupo"]))) $_POST["grupo"]=$_GET["grupo"]; if (isset($_GET["prioridad"]) and (!isset($_POST["prioridad"]))) $_POST["prioridad"]=$_GET["prioridad"]; if (isset($_POST['estado']) OR (isset($_POST['grupo'])) OR (isset($_POST['prioridad']) ) ) { if ((isset($_POST["estado"])) AND ($_POST["estado"] != -1)){ $_GET["estado"] = $_POST["estado"]; if ($sql1 == "") $sql1='WHERE estado='.$_POST["estado"]; else $sql1 =$sql1.' AND estado='.$_POST["estado"]; } if ((isset($_POST["prioridad"])) AND ($_POST["prioridad"] != -1)) { $_GET["prioridad"]=$_POST["prioridad"]; if ($sql1 == "") $sql1='WHERE prioridad='.$_POST["prioridad"]; else $sql1 =$sql1.' and prioridad='.$_POST["prioridad"]; } if ((isset($_POST["grupo"])) AND ($_POST["grupo"] != -1)) { $_GET["grupo"] = $_POST["grupo"]; if ($sql1 == "") $sql1='WHERE id_grupo='.$_POST["grupo"]; else $sql1 =$sql1.' AND id_grupo='.$_POST["grupo"]; } } $sql0="SELECT * FROM tincidencia ".$sql1." ORDER BY actualizacion DESC"; $sql1_count="SELECT COUNT(id_incidencia) FROM tincidencia ".$sql1; $sql1=$sql0; echo "

".$lang_label["incident_manag"]."

"; echo "

".$lang_label["manage_incidents"]."

"; ?> ".$lang_label["incident_view_filter"]." - ".$_POST['operacion'].""; } ?>

"; if (isset($_GET["texto"])) echo ""; ?>

		- - - - -	- - - - - -

'.$lang_label["no_incidents"].'
';} else { while ($row2=mysql_fetch_array($result2)){ // Jump offset records $id_group = $row2["id_grupo"]; if (give_acl($id_usuario, $id_group, "IR") ==1){ // Only incident read access to view data ! $incident_list[]=$row2["id_incidencia"]; } } // Fill array with data // TOTAL incidents $total_incidentes = sizeof($incident_list); $url = "index.php?sec=incidencias&sec2=operation/incidents/incident"; // add form filter values for group, priority, state, and search fields: user and text if (isset($_GET["grupo"])) $url = $url."&grupo=".$_GET["grupo"]; if (isset($_GET["prioridad"])) $url = $url."&prioridad=".$_GET["prioridad"]; if (isset($_GET["estado"])) $url = $url."&estado=".$_GET["estado"]; if (isset($_GET["usuario"])) $url = $url."&usuario=".$_GET["usuario"]; if (isset($_GET["texto"])) $url = $url."&texto=".$_GET["texto"]; // Show pagination pagination ($total_incidentes, $url, $offset); echo '
'; // Show headers echo "

"; echo ""; echo ""; echo ""; $id_author_inc = $row["id_usuario"]; if ((give_acl($id_usuario, $id_group, "IM") ==1) OR ($_SESSION["id_usuario"] == $id_author_inc) ){ // Only incident owners or incident manager from this group can delete incidents echo ""; } } // if ACL is correct } } echo "

ID"; echo "	".$lang_label["status"]; echo "	".$lang_label["incident"]; echo "	".$lang_label["priority"]; echo "	".$lang_label["group"]; echo "	".$lang_label["updated_at"]; echo "	".$lang_label["source"]; echo "	".$lang_label["in_openedby"]; echo "
".$row["id_incidencia"].""; // Check for attachments in this incident $result3=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$row["id_incidencia"]); mysql_fetch_array($result3); if (mysql_affected_rows() > 0) echo ' '; // Tipo de estado (Type) // 0 - Abierta / Sin notas (Open, no notes) // 1 - Abierta / Notas anyadidas (Open with notes) // 2 - Descartada (not valid) // 3 - Caducada (out of date) // 13 - Cerrada (closed) // Verify if the status changes if (($row["estado"] == 0) && ($note_number >0 )){ $row["estado"] = 1; } echo "	"; switch ($row["estado"]) { case 0: echo ""; break; case 1: echo ""; break; case 2: echo ""; break; case 3: echo ""; break; case 13: echo ""; break; } echo "	".substr(salida_limpia($row["titulo"]),0,27); echo "	"; switch ( $row["prioridad"] ){ case 0: echo ""."".""; break; case 1: echo ""."".""; break; case 2: echo ""."".""; break; case 3: echo ""."".""; break; case 4: echo ""."".""; break; case 10: echo ""."".""; break; } /* case 0: echo $lang_label["informative"]; break; case 1: echo $lang_label["low"]; break; case 2: echo $lang_label["medium"]; break; case 3: echo $lang_label["serious"]; break; case 4: echo $lang_label["very_serious"]; break; case 10: echo $lang_label["maintenance"]; break; */ echo "	".dame_nombre_grupo($row["id_grupo"]); echo "	".$row["actualizacion"]; echo "	".$row["origen"]; echo "	".dame_nombre_real($row["id_usuario"])."".substr($row["id_usuario"], 0, 8)."
" ; } if (give_acl($_SESSION["id_usuario"], 0, "IW")==1) { echo "
"; echo " "; echo " "; } echo "

"; } else { require ("general/noaccess.php"); audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Incident section"); } } ?>