ClamAV version: '.clam_get_version(); die($error); // On malware, we die because it's not good to handle it } } $sql = sprintf( "INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size) VALUES (%d, '%s', '%s', '%s', %d)", $id_inc, $config['id_user'], $filename, $description, $filesize ); $id_attachment = db_process_sql($sql, 'insert_id'); // Copy file to directory and change name if ($id_attachment !== false) { $nombre_archivo = $config['attachment_store'].'/pand'.$id_attachment.'_'.$_FILES['userfile']['name']; $zip = new ZipArchive; if ($zip->open($nombre_archivo.'.zip', ZIPARCHIVE::CREATE) === true) { $zip->addFile($_FILES['userfile']['tmp_name'], io_safe_output($filename)); $zip->close(); } // $result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo); } else { ui_print_error_message(__('File could not be saved due to database error')); $result = false; } if ($result !== false) { unlink($_FILES['userfile']['tmp_name']); incidents_process_touch($id_inc); } else { db_process_sql('DELETE FROM tattachment WHERE id_attachment = '.$id_attachment); } ui_print_result_message( $result, __('File uploaded'), __('File could not be uploaded') ); } } //end if // Create incident from event... read event data else if (isset($_GET['insert_form'])) { $titulo = ''; $descripcion = ''; $origen = ''; $prioridad = 0; $id_grupo = 0; $estado = 0; $texto = ''; $usuario = $config['id_user']; $id_creator = $config['id_user']; $id_grupo = 0; $id_agent = 0; if (isset($_GET['from_event'])) { $event = get_parameter('from_event'); $texto = io_safe_output(events_get_description($event)); $titulo = ui_print_truncate_text(events_get_description($event), 'description', false, true, false); $id_grupo = events_get_group($event); $origen = 'Pandora FMS Event'; $id_agent = db_get_value('id_agente', 'tevento', 'id_evento', $event); unset($event); } $prioridad = 0; } else { db_pandora_audit('HACK', 'Trying to get to incident details in an unusual way'); include 'general/noaccess.php'; exit; } // ******************************************************************************************************** // ******************************************************************************************************** // Show the form // ******************************************************************************************************** // This is for the pretty slide down attachment form echo ""; if (isset($id_inc)) { // If $id_inc is set (when $_GET["id"] is set, not $_GET["insert_form"] ui_print_page_header(__('Incident details').' #'.$id_inc, 'images/book_edit.png', false, '', false, ''); echo '
'; echo ''; } else { ui_print_page_header(__('Create incident'), 'images/book_edit.png', false, '', false, ''); echo ''; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '
'.__('Incident').' '; if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user']) ) { html_print_input_text('titulo', $titulo, '', 70); } else { html_print_input_text_extended('titulo', $titulo, '', '', 70, '', false, '', 'readonly'); } echo '
'.__('Opened at').' '.date($config['date_format'], $inicio).' '.__('Updated at').' '.date($config['date_format'], $actualizacion).'
'.__('Owner').' '; if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user'])) { html_print_select(users_get_info(), 'usuario_form', $usuario, '', 'SYSTEM', '', false, false, true, 'w135'); } else { html_print_select(users_get_info(), 'usuario_form', $usuario, '', 'SYSTEM', '', false, false, true, 'w135', true); } echo ' '.__('Status').' '; if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user'])) { html_print_select(incidents_get_status(), 'estado_form', $estado, '', '', '', false, false, false, 'w135'); } else { html_print_select(incidents_get_status(), 'estado_form', $estado, '', '', '', false, false, false, 'w135', true); } echo '
'.__('Source').' '; $fields = []; $return = db_get_all_rows_sql('SELECT origen FROM torigen ORDER BY origen'); if ($return === false) { $return[0] = $estado; // Something must be displayed } foreach ($return as $row) { $fields[$row['origen']] = $row['origen']; } // Only owner could change source or user with Incident management privileges if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user'])) { html_print_select($fields, 'origen_form', $origen, '', '', '', false, false, false, 'w135'); } else { html_print_select($fields, 'origen_form', $origen, '', '', '', false, false, false, 'w135', true); } echo ''.__('Group').''; // Group combo if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user'])) { html_print_select_groups($config['id_user'], 'IR', true, 'grupo_form', $id_grupo, '', '', '', false, false, false, 'w135'); } else { html_print_select_groups($config['id_user'], 'IR', true, 'grupo_form', $id_grupo, '', '', '', false, false, true, 'w135', true); } echo '
'.__('Priority').''; if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user'])) { html_print_select(incidents_get_priorities(), 'prioridad_form', $prioridad, '', '', '', false, false, false, 'w135'); } else { html_print_select(incidents_get_priorities(), 'prioridad_form', $prioridad, '', '', '', false, false, false, 'w135', true); } echo ''.__('Creator').''; if (empty($id_creator)) { echo 'SYSTEM'; } else { echo $id_creator.' ('.get_user_fullname($id_creator).')'; } $agents_incidents = agents_get_agents(false, ['id_agente', 'nombre']); if ($agents_incidents === false) { $agents_incidents = []; } foreach ($agents_incidents as $agent_incident) { $result_agent_incidents[$agent_incident['id_agente']] = $agent_incident['nombre']; } echo '
'.__('Agent').''; $params = []; $params['show_helptip'] = true; $params['input_name'] = 'agent'; $params['value'] = db_get_value('alias', 'tagente', 'id_agente', $id_agent); $params['print_hidden_input_idagent'] = true; $params['hidden_input_idagent_value'] = $id_agent; $params['hidden_input_idagent_name'] = 'id_agent'; ui_print_agent_autocomplete_input($params); echo '
'; if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user'])) { html_print_textarea('descripcion', 15, 80, $texto, 'style="height:200px;"'); } else { html_print_textarea('descripcion', 15, 80, $texto, 'style="height:200px;" disabled'); } echo '
'; // Only if user is the used who opened incident or (s)he is admin if (isset($id_inc) and ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user']))) { html_print_submit_button(__('Update incident'), 'accion', false, 'class="sub upd"'); } else if (check_acl($config['id_user'], $id_grupo, 'IW')) { html_print_submit_button(__('Create'), 'accion', false, 'class="sub wand"'); } else { html_print_submit_button(__('Submit'), 'accion', true, 'class="sub upd"'); } echo '
'; // If we're actually working on an incident if (isset($id_inc)) { // ****************************************************************** // Notes // ****************************************************************** echo '
'; echo ''; echo html_print_image('images/add.png', true); echo __('Add note'); echo ''; echo '
'; echo '

'.__('Add note').'

'; echo '
'; $result = incidents_get_notes($id_inc); $table->cellpadding = 4; $table->cellspacing = 4; $table->class = 'databox'; $table->width = '98%'; $table->data = []; $table->head = []; foreach ($result as $row) { $data = []; $data[0] = html_print_image('images/page_white_text.png', true, ['border' => '0']); $data[1] = __('Author').': '.ui_print_username($row['id_usuario'], true).' ('.ui_print_timestamp($row['timestamp'], true).')'; array_push($table->data, $data); $data = []; $data[0] = ''; if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($row['id_usuario'] == $config['id_user'])) { $data[0] .= html_print_input_image('delete_nota', 'images/cross.png', $row['id_nota'], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true); } $data[1] = $row['nota']; array_push($table->data, $data); } if (!empty($table->data)) { echo '

'.__('Notes attached to incident').'

'; echo '
'; html_print_table($table); echo '
'; } unset($table); // ****************************************************************** // Files attached to this incident // ****************************************************************** $result = incidents_get_attach($id_inc); $table->cellpadding = 4; $table->cellspacing = 4; $table->class = 'databox'; $table->width = '98%'; $table->head = []; $table->data = []; $table->head[0] = __('Filename'); $table->head[1] = __('Description'); $table->head[2] = __('Size'); $table->head[3] = __('Delete'); $table->align[2] = 'center'; $table->align[3] = 'center'; foreach ($result as $row) { if (file_exists($config['homedir'].'/attachment/pand'.$row['id_attachment'].'_'.io_safe_output($row['filename']).'.zip')) { $url = 'attachment/pand'.$row['id_attachment'].'_'.io_safe_output($row['filename']).'.zip'; } else { $url = 'attachment/pand'.$row['id_attachment'].'_'.io_safe_output($row['filename']); } $data[0] = html_print_image('images/disk.png', true, ['border' => '0', 'align' => 'top']).'  '.$row['filename'].''; $data[1] = $row['description']; $data[2] = format_for_graph($row['size']).'B'; if ((check_acl($config['id_user'], $id_grupo, 'IM') == 1) or ($usuario == $config['id_user'])) { $data[3] = html_print_input_image('delete_file', 'images/cross.png', $row['id_attachment'], 'border:0px;" onClick="if (!confirm(\' '.__('Are you sure?').'\')) return false;', true); } else { $data[3] = ''; } array_push($table->data, $data); } if (!empty($table->data)) { echo '

'.__('Attached files').'

'; echo '
'; html_print_table($table); echo '
'; } unset($table); // ****************************************************************** // Upload control // ****************************************************************** // Upload control if ((check_acl($config['id_user'], $id_grupo, 'IW') == 1)) { echo '
'; echo ''; echo html_print_image('images/add.png', true); echo __('Add attachment'); echo ''; echo '
'; echo '

'.__('Add attachment').'

'; echo '
'.__('Filename').'
'.__('Description').'
'; } }