".__('Note successfully added').""; } $sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$config['id_user']."' AND timestamp = '".$timestamp."'"; $res2=mysql_query($sql2); $row2=mysql_fetch_array($res2); $id_nota = $row2["id_nota"]; $sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")"; $res3=mysql_query($sql3); $sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc; $res4 = mysql_query($sql4); } // Delete note if (isset($_GET["id_nota"])){ $note_user = give_note_author ($_GET["id_nota"]); if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes // But note authors was able to delete this own notes $id_nota = $_GET["id_nota"]; $id_nota_inc = $_GET["id_nota_inc"]; $query ="DELETE FROM tnota WHERE id_nota = ".$id_nota; $query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc; //echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2; mysql_query($query); mysql_query($query2); if (mysql_query($query)) { echo "

".__('Note successfully deleted'); } } } // Delete file if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){ $file_id = $_GET["delete_file"]; $sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id; $res2=mysql_query($sql2); $row2=mysql_fetch_array($res2); $filename = $row2["filename"]; $sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id; $res2=mysql_query($sql2); unlink ($config["attachment_store"]."/pand".$file_id."_".$filename); } // Upload file if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) { if (( $_FILES['userfile']['name'] != "" )){ //if file $tipo = $_FILES['userfile']['type']; if (isset($_POST["file_description"])) $description = $_POST["file_description"]; else $description = "No description available"; // Insert into database $filename= $_FILES['userfile']['name']; $filesize = $_FILES['userfile']['size']; $sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") "; mysql_query($sql); $id_attachment=mysql_insert_id(); // Copy file to directory and change name $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename; if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){ echo "

".__('File cannot be saved. Please contact Pandora administrator about this error
')."

"; $sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment; mysql_query($sql); } else { // Delete temporal file unlink ($_FILES['userfile']['tmp_name']); } } } } // else Not given id // Create incident from event... read event data elseif (isset($_GET["insert_form"])){ $iduser_temp=$_SESSION['id_usuario']; $titulo = ""; if (isset($_GET["from_event"])){ $titulo = return_event_description($_GET["from_event"]); $descripcion = ""; $origen = "Pandora FMS event"; } else { $titulo = ""; $descripcion = ""; $origen = ""; } $prioridad = 0; $id_grupo = 0; $grupo = dame_nombre_grupo(1); $usuario= $_SESSION["id_usuario"]; $estado = 0; $actualizacion=date("Y/m/d H:i:s"); $inicio = $actualizacion; $id_creator = $iduser_temp; $creacion_incidente = 1; } else { audit_db($config['id_user'],$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way"); no_permission(); } // ******************************************************************************************************** // ******************************************************************************************************** // Show the form // ******************************************************************************************************** if ($creacion_incidente == 0) echo "
"; else echo ""; if (isset($id_inc)) { echo ""; } echo "

".__('Incident management')." > "; if (isset($id_inc)) { echo __('Review of incident')." # ".$id_inc; } else { echo __('Create incident'); } echo "

"; echo ''; if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo ''; // Only owner could change source or user with Incident management privileges if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo '"; // Group combo if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo ''; if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo '"; echo '
'.__('Incident').' '; } else { echo '
'.__('Incident').''; } echo '
'.__('Opened at').''; echo "".$inicio.""; echo ''.__('Updated at').''; echo "".$actualizacion.""; echo '
'.__('Owner').''; if ((give_acl($config['id_user'], $id_grupo, "IM")==1) OR ($usuario == $config['id_user'])) { echo ""; } else { echo ""; echo $usuario." - (".$nombre_real.")"; } // Tipo de estado // 0 - Abierta / Sin notas - Open, without notes // 1 - Abierta / Notas aniadidas - Open, with notes // 2 - Descartada / Not valid // 3 - Caducada / Outdated // 13 - Cerrada / Closed if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo ''.__('Status').' '.__('Status').'
'.__('Source').'
'.__('Source').' '.__('Group').' '.__('Group').'
'.__('Priority').' '.__('Priority').' Creator ".$id_creator." ( ".dame_nombre_real($id_creator)." )"; if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { echo '
'; echo "
"; // Only if user is the used who opened incident or (s)he is admin $iduser_temp=$_SESSION['id_usuario']; if ($creacion_incidente == 0){ if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){ echo ''; } } else { if (give_acl($iduser_temp, $id_grupo, "IW")) { echo ''; } } echo ""; if ($creacion_incidente == 0){ echo "
"; echo '
'; } echo "

"; if ($creacion_incidente == 0){ // ******************************************************************** // Notes // ******************************************************************** $cabecera=0; $sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc; $res4=mysql_query($sql4); while ($row2=mysql_fetch_array($res4)){ if ($cabecera == 0) { // Show head only one time echo "

".__('Notes attached to incident')."

"; echo ""; echo "'; echo '
"; $cabecera = 1; } $sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC'; $res3=mysql_query($sql3); while ($row3=mysql_fetch_array($res3)){ $timestamp = $row3["timestamp"]; $nota = $row3["nota"]; $id_usuario_nota = $row3["id_usuario"]; // Show data echo '
'.__('Author').': '; $usuario = $id_usuario_nota; $nombre_real = dame_nombre_real ($usuario); echo $usuario." - (".$nombre_real.")"; // Delete comment, only for admins if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) { $myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"]; echo ''; } echo '
'.__('Date').': '.$timestamp.'
'; echo ''; echo '"; echo '
'; echo salida_limpia ($nota); echo "
'; } } if ($cabecera == 1){ echo "
"; // note table } echo ""; // ************************************************************ // Files attached to this incident // ************************************************************ // Attach head if there's attach for this incident $att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc); if (mysql_num_rows($att_fil)){ echo "

".__('Attached files')."

"; echo ""; echo ""; while ($row=mysql_fetch_array($att_fil)){ echo "
".__('Filename')." ".__('Description')." ".__('Size')." ".__('Delete')."
  ".$row["filename"].""; echo "".$row["description"]; echo "".$row["size"]; if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment echo ''; } } echo "
"; } // ************************************************************ // Upload control // ************************************************************ // Upload control if (give_acl($iduser_temp, $id_grupo, "IW")==1){ echo "

".__('Attach file'); ?> "; echo "

"; echo ""; } } // create mode ?>