ClamAV version: '.clam_get_version(); die ($error); //On malware, we die because it's not good to handle it } } $sql = sprintf ("INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size) VALUES (%d, '%s', '%s', '%s', %d)", $id_inc, $config["id_user"],$filename,$description,$filesize); $id_attachment = process_sql ($sql,"insert_id"); // Copy file to directory and change name if ($id_attachment !== false) { $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename; $result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo); } else { echo '

'.__('File could not be saved due to database error').'

'; $result = false; } if ($result !== false) { unlink ($_FILES['userfile']['tmp_name']); process_incidents_touch ($id_inc); } else { process_sql ("DELETE FROM tattachment WHERE id_attachment = ".$id_attachment); } print_result_message ($result, __('File uploaded'), __('File could not be uploaded')); } } // else Not given id // Create incident from event... read event data elseif (isset ($_GET["insert_form"])) { $titulo = ""; $descripcion = ""; $origen = ""; $prioridad = 0; $id_grupo = 0; $estado = 0; $texto = ""; $usuario = $config["id_user"]; $id_creator = $config["id_user"]; if (isset ($_GET["from_event"])) { $event = get_parameter_get ("from_event"); $titulo = get_event_description ($event); $id_grupo = get_event_group ($event); $origen = "Pandora FMS event"; unset ($event); } $prioridad = 0; $id_grupo = 0; } else { audit_db ($config['id_user'],$config["remote_addr"], "HACK","Trying to get to incident details in an unusual way"); require ("general/noaccess.php"); exit; } // ******************************************************************************************************** // ******************************************************************************************************** // Show the form // ******************************************************************************************************** //This is for the pretty slide down attachment form echo ""; if (isset ($id_inc)) { //If $id_inc is set (when $_GET["id"] is set, not $_GET["insert_form"] print_page_header (__('Incident details'). ' #'.$id_inc, "images/book_edit.png", false, "", false, ""); echo '
'; echo ''; } else { print_page_header (__('Create incident'), "images/book_edit.png", false, "", false, ""); echo ''; } echo ''; echo ''; echo ''; echo ''; echo ''; echo '
'.__('Incident').''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_input_text ("titulo", $titulo,'', 70); } else { print_input_text_extended ("titulo", $titulo, "", "", 70, "", false, "", "readonly"); } echo '
'.__('Opened at').''.date ($config['date_format'], $inicio).''.__('Updated at').''.date ($config['date_format'], $actualizacion).'
'.__('Owner').''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select (get_users_info (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135"); } else { print_select (get_users_info (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135", true); } echo ''.__('Status').''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select (get_incidents_status (), "estado_form", $estado, '', '', '', false, false, false, 'w135'); } else { print_select (get_incidents_status (), "estado_form", $estado, '', '', '', false, false, false, 'w135', true); } echo '
'.__('Source').''; $fields = array (); $return = get_db_all_rows_sql ("SELECT origen FROM torigen ORDER BY origen"); if ($return === false) $return[0] = $estado; //Something must be displayed foreach ($return as $row) { $fields[$row["origen"]] = $row["origen"]; } // Only owner could change source or user with Incident management privileges if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select ($fields, "origen_form", $estado, '', '', '', false, false, false, 'w135'); } else { print_select ($fields, "origen_form", $estado, '', '', '', false, false, false, 'w135', true); } echo ''.__('Group').''; // Group combo if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select (get_user_groups ($config["id_user"], "IR"), "grupo_form", $id_grupo, '', '', '', false, false, false, 'w135'); } else { print_select (get_user_groups ($config["id_user"], "IR"), "grupo_form", $id_grupo, '', '', '', false, false, true, 'w135', true); } echo '
'.__('Priority').''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_select (get_incidents_priorities (), "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135'); } else { print_select (get_incidents_priorities (), "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135', true); } echo ''.__('Creator').''; if (empty ($id_creator)) { echo 'SYSTEM'; } else { echo $id_creator.' ('.dame_nombre_real ($id_creator).')'; } echo '
'; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;"'); } else { print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;" disabled'); } echo '
'; // Only if user is the used who opened incident or (s)he is admin if (isset ($id_inc) AND ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"]))) { print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"'); } elseif (give_acl ($config["id_user"], $id_grupo, "IW")) { print_submit_button (__('Create'), "accion", false, 'class="sub wand"'); } else { print_submit_button (__('Submit'), "accion", true, 'class="sub upd"'); } echo "
"; //If we're actually working on an incident if (isset ($id_inc)) { // ******************************************************************** // Notes // ******************************************************************** echo '
'; print_submit_button (__('Add note'), "note_control", false, 'class="sub next"'); echo '
'; echo '
'; echo '
'; $result = get_incidents_notes ($id_inc); $table->cellpadding = 4; $table->cellspacing = 4; $table->class = "databox"; $table->width = 600; $table->data = array (); $table->head = array (); foreach ($result as $row) { $data = array (); $data[0] = ''; $data[1] = __('Author').': '.print_username ($row["id_usuario"], true).' ('.print_timestamp ($row["timestamp"], true).')'; array_push ($table->data, $data); $data = array (); $data[0] = ''; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) { $data[0] .= print_input_image ("delete_nota", "images/cross.png", $row["id_nota"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true); } $data[1] = $row["nota"]; array_push ($table->data, $data); } if (!empty ($table->data)) { echo "

".__('Notes attached to incident').'

'; echo '
'; print_table ($table); echo '
'; } unset ($table); // ************************************************************ // Files attached to this incident // ************************************************************ $result = get_incidents_attach ($id_inc); $table->cellpadding = 4; $table->cellspacing = 4; $table->class = "databox"; $table->width = 650; $table->head = array (); $table->data = array (); $table->head[0] = __('Filename'); $table->head[1] = __('Description'); $table->head[2] = __('Size'); $table->head[3] = __('Delete'); $table->align[2] = "center"; $table->align[3] = "center"; foreach ($result as $row) { $data[0] = '  '.$row["filename"].''; $data[1] = $row["description"]; $data[2] = format_for_graph ($row["size"])."B"; if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { $data[3] = print_input_image ("delete_file", "images/cross.png", $row["id_attachment"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true); } else { $data[3] = ''; } array_push ($table->data, $data); } if (!empty ($table->data)) { echo "

".__('Attached files')."

"; echo '
'; print_table ($table); echo '
'; } unset ($table); // ************************************************************ // Upload control // ************************************************************ // Upload control if ((give_acl($config["id_user"], $id_grupo, "IW")==1)) { echo '
'; print_submit_button (__('Add attachment'), "attachment", false, 'class="sub next"'); echo '
'; echo '
'; echo '
'.__('Filename').'
'.__('Description').'
'; } } ?>