ClamAV version: '.clam_get_version(); die ($error); //On malware, we die because it's not good to handle it } } $sql = sprintf ("INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size) VALUES (%d, '%s', '%s', '%s', %d)", $id_inc, $config["id_user"], $filename, $description, $filesize); $id_attachment = db_process_sql ($sql,"insert_id"); // Copy file to directory and change name if ($id_attachment !== false) { $nombre_archivo = $config["attachment_store"] . "/pand" . $id_attachment . "_" . $_FILES['userfile']['name']; $zip = new ZipArchive; if ($zip->open($nombre_archivo.".zip", ZIPARCHIVE::CREATE) === true) { $zip->addFile($_FILES['userfile']['tmp_name'], io_safe_output($filename)); $zip->close(); } //$result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo); } else { ui_print_error_message(__('File could not be saved due to database error')); $result = false; } if ($result !== false) { unlink ($_FILES['userfile']['tmp_name']); incidents_process_touch ($id_inc); } else { db_process_sql ("DELETE FROM tattachment WHERE id_attachment = ".$id_attachment); } ui_print_result_message ($result, __('File uploaded'), __('File could not be uploaded')); } } // else Not given id // Create incident from event... read event data elseif (isset ($_GET["insert_form"])) { $titulo = ""; $descripcion = ""; $origen = ""; $prioridad = 0; $id_grupo = 0; $estado = 0; $texto = ""; $usuario = $config["id_user"]; $id_creator = $config["id_user"]; $id_grupo = 0; $id_agent = 0; if (isset ($_GET["from_event"])) { $event = get_parameter ("from_event"); $texto = io_safe_output(events_get_description ($event)); $titulo = ui_print_truncate_text(events_get_description ($event), 'description', false, true, false); $id_grupo = events_get_group ($event); $origen = "Pandora FMS Event"; unset ($event); } $prioridad = 0; } else { db_pandora_audit("HACK","Trying to get to incident details in an unusual way"); require ("general/noaccess.php"); exit; } // ******************************************************************************************************** // ******************************************************************************************************** // Show the form // ******************************************************************************************************** //This is for the pretty slide down attachment form echo ""; if (isset ($id_inc)) { //If $id_inc is set (when $_GET["id"] is set, not $_GET["insert_form"] ui_print_page_header (__('Incident details'). ' #'.$id_inc, "images/book_edit.png", false, "", false, ""); echo '
'; echo ''; } else { ui_print_page_header (__('Create incident'), "images/book_edit.png", false, "", false, ""); echo ''; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; ////////// echo '
'.__('Incident').' '; if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { html_print_input_text ("titulo", $titulo,'', 70); } else { html_print_input_text_extended ("titulo", $titulo, "", "", 70, "", false, "", "readonly"); } echo '
'.__('Opened at').' '.date ($config['date_format'], $inicio).' '.__('Updated at').' '.date ($config['date_format'], $actualizacion).'
'.__('Owner').' '; if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { html_print_select (users_get_info (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135"); } else { html_print_select (users_get_info (), "usuario_form", $usuario, '', 'SYSTEM', '', false, false, true, "w135", true); } echo ' '.__('Status').' '; if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { html_print_select (incidents_get_status (), "estado_form", $estado, '', '', '', false, false, false, 'w135'); } else { html_print_select (incidents_get_status (), "estado_form", $estado, '', '', '', false, false, false, 'w135', true); } echo '
'.__('Source').' '; $fields = array (); $return = db_get_all_rows_sql ("SELECT origen FROM torigen ORDER BY origen"); if ($return === false) $return[0] = $estado; //Something must be displayed foreach ($return as $row) { $fields[$row["origen"]] = $row["origen"]; } // Only owner could change source or user with Incident management privileges if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { html_print_select ($fields, "origen_form", $origen, '', '', '', false, false, false, 'w135'); } else { html_print_select ($fields, "origen_form", $origen, '', '', '', false, false, false, 'w135', true); } echo ''.__('Group').''; // Group combo if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { html_print_select_groups($config["id_user"], "IR", true, "grupo_form", $id_grupo, '', '', '', false, false, false, 'w135'); } else { html_print_select_groups($config["id_user"], "IR", true, "grupo_form", $id_grupo, '', '', '', false, false, true, 'w135', true); } echo '
'.__('Priority').''; if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { html_print_select (incidents_get_priorities (), "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135'); } else { html_print_select (incidents_get_priorities (), "prioridad_form", $prioridad, '', '', '', false, false, false, 'w135', true); } echo ''.__('Creator').''; if (empty ($id_creator)) { echo 'SYSTEM'; } else { echo $id_creator.' ('.get_user_fullname($id_creator).')'; } $agents_incidents = agents_get_agents(false, array('id_agente', 'nombre')); if ($agents_incidents === false) { $agents_incidents = array(); } foreach ($agents_incidents as $agent_incident) { $result_agent_incidents[$agent_incident['id_agente']] = $agent_incident['nombre']; } echo '
' . __('Agent') . ''; $params = array(); $params['show_helptip'] = true; $params['input_name'] = 'agent'; $params['value'] = db_get_value("alias","tagente","id_agente",$id_agent); $params['print_hidden_input_idagent'] = true; $params['hidden_input_idagent_value'] = $id_agent; $params['hidden_input_idagent_name'] = 'id_agent'; ui_print_agent_autocomplete_input($params); echo '
'; if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { html_print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;"'); } else { html_print_textarea ("descripcion", 15, 80, $texto, 'style="height:200px;" disabled'); } echo '
'; // Only if user is the used who opened incident or (s)he is admin if (isset ($id_inc) AND ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"]))) { html_print_submit_button (__('Update incident'), "accion", false, 'class="sub upd"'); } elseif (check_acl ($config["id_user"], $id_grupo, "IW")) { html_print_submit_button (__('Create'), "accion", false, 'class="sub wand"'); } else { html_print_submit_button (__('Submit'), "accion", true, 'class="sub upd"'); } echo "
"; //If we're actually working on an incident if (isset ($id_inc)) { //****************************************************************** // Notes //****************************************************************** echo '
'; echo ''; echo html_print_image ('images/add.png', true); echo __('Add note'); echo ''; echo '
'; echo '

'.__('Add note').'

'; echo '
'; $result = incidents_get_notes ($id_inc); $table->cellpadding = 4; $table->cellspacing = 4; $table->class = "databox"; $table->width = '98%'; $table->data = array (); $table->head = array (); foreach ($result as $row) { $data = array (); $data[0] = html_print_image("images/page_white_text.png", true, array("border" => '0')); $data[1] = __('Author').': '.ui_print_username ($row["id_usuario"], true).' ('.ui_print_timestamp ($row["timestamp"], true).')'; array_push ($table->data, $data); $data = array (); $data[0] = ''; if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($row["id_usuario"] == $config["id_user"])) { $data[0] .= html_print_input_image ("delete_nota", "images/cross.png", $row["id_nota"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true); } $data[1] = $row["nota"]; array_push ($table->data, $data); } if (!empty ($table->data)) { echo "

".__('Notes attached to incident').'

'; echo '
'; html_print_table ($table); echo '
'; } unset ($table); //****************************************************************** // Files attached to this incident //****************************************************************** $result = incidents_get_attach ($id_inc); $table->cellpadding = 4; $table->cellspacing = 4; $table->class = "databox"; $table->width = '98%'; $table->head = array (); $table->data = array (); $table->head[0] = __('Filename'); $table->head[1] = __('Description'); $table->head[2] = __('Size'); $table->head[3] = __('Delete'); $table->align[2] = "center"; $table->align[3] = "center"; foreach ($result as $row) { if (file_exists($config['homedir'] . '/attachment/pand'.$row["id_attachment"].'_'.io_safe_output($row["filename"]). ".zip")) $url = 'attachment/pand'.$row["id_attachment"].'_'.io_safe_output($row["filename"]). ".zip"; else $url = 'attachment/pand'.$row["id_attachment"].'_'.io_safe_output($row["filename"]); $data[0] = html_print_image("images/disk.png", true, array("border" => '0', "align" => "top")) . '  '.$row["filename"].''; $data[1] = $row["description"]; $data[2] = format_for_graph ($row["size"])."B"; if ((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) { $data[3] = html_print_input_image ("delete_file", "images/cross.png", $row["id_attachment"], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true); } else { $data[3] = ''; } array_push ($table->data, $data); } if (!empty ($table->data)) { echo "

".__('Attached files')."

"; echo '
'; html_print_table ($table); echo '
'; } unset ($table); //****************************************************************** // Upload control //****************************************************************** // Upload control if ((check_acl($config["id_user"], $id_grupo, "IW")==1)) { echo '
'; echo ''; echo html_print_image ('images/add.png', true); echo __('Add attachment'); echo ''; echo '
'; echo '

'.__('Add attachment').'

'; echo '
'.__('Filename').'
'.__('Description').'
'; } } ?>