pandorafms/pandora_console/operation/incidents/incident_detail.php

487 lines
18 KiB
PHP

<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2008 Artica Soluciones Tecnologicas, http://www.artica.es
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// Load global vars
?>
<script language="javascript">
/* Function to hide/unhide a specific Div id */
function toggleDiv (divid){
if (document.getElementById(divid).style.display == 'none'){
document.getElementById(divid).style.display = 'block';
} else {
document.getElementById(divid).style.display = 'none';
}
}
</script>
<?php
require("include/config.php");
check_login ();
$id_grupo = get_parameter ('id_grupo');
if (! give_acl ($config['id_user'], $id_grupo, "IR")) {
// Doesn't have access to this page
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation",
"Trying to access to incident ".$id_inc." '".$titulo."'");
include ("general/noaccess.php");
exit;
}
$id_grupo = "";
$creacion_incidente = "";
// EDITION MODE
if (isset ($_GET["id"])) {
$creacion_incidente = 0;
$id_inc = $_GET["id"];
$iduser_temp=$_SESSION['id_usuario'];
// Obtain group of this incident
$sql1='SELECT * FROM tincidencia WHERE id_incidencia = '.$id_inc;
$result=mysql_query($sql1);
$row=mysql_fetch_array($result);
// Get values
$titulo = $row["titulo"];
$texto = $row["descripcion"];
$inicio = $row["inicio"];
$actualizacion = $row["actualizacion"];
$estado = $row["estado"];
$prioridad = $row["prioridad"];
$origen = $row["origen"];
$usuario = $row["id_usuario"];
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"];
$id_creator = $row["id_creator"];
$grupo = dame_nombre_grupo($id_grupo);
// Note add
if (isset($_GET["insertar_nota"])){
$id_inc = entrada_limpia($_POST["id_inc"]);
$timestamp = entrada_limpia($_POST["timestamp"]);
$nota = entrada_limpia($_POST["nota"]);
$sql1 = "INSERT INTO tnota (id_usuario,timestamp,nota)
VALUES ('".$config['id_user']."','".$timestamp."','".$nota."')";
$res1=mysql_query($sql1);
if ($res1) { echo "<h3 class='suc'>".__('Note successfully added')."</h3>"; }
$sql2 = "SELECT * FROM tnota WHERE id_usuario = '".$config['id_user']."' AND timestamp = '".$timestamp."'";
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$id_nota = $row2["id_nota"];
$sql3 = "INSERT INTO tnota_inc (id_incidencia, id_nota) VALUES (".$id_inc.",".$id_nota.")";
$res3=mysql_query($sql3);
$sql4 = "UPDATE tincidencia SET actualizacion = '".$timestamp."' WHERE id_incidencia = ".$id_inc;
$res4 = mysql_query($sql4);
}
// Delete note
if (isset($_GET["id_nota"])){
$note_user = give_note_author ($_GET["id_nota"]);
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($note_user == $iduser_temp)) OR ($usuario = $iduser_temp) ) { // Only admins (manage incident) or owners can modify incidents, including their notes
// But note authors was able to delete this own notes
$id_nota = $_GET["id_nota"];
$id_nota_inc = $_GET["id_nota_inc"];
$query ="DELETE FROM tnota WHERE id_nota = ".$id_nota;
$query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = ".$id_nota_inc;
//echo "DEBUG: DELETING NOTE: ".$query."(----)".$query2;
mysql_query($query);
mysql_query($query2);
if (mysql_query($query)) {
echo "<h3 class='suc'>".__('Note successfully deleted');
}
}
}
// Delete file
if (((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) AND isset($_GET["delete_file"])){
$file_id = $_GET["delete_file"];
$sql2 = "SELECT * FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
$row2=mysql_fetch_array($res2);
$filename = $row2["filename"];
$sql2 = "DELETE FROM tattachment WHERE id_attachment = ".$file_id;
$res2=mysql_query($sql2);
unlink ($config["attachment_store"]."/pand".$file_id."_".$filename);
}
// Upload file
if ((give_acl($iduser_temp, $id_grupo, "IW")==1) AND isset($_GET["upload_file"])) {
if (( $_FILES['userfile']['name'] != "" )){ //if file
$tipo = $_FILES['userfile']['type'];
if (isset($_POST["file_description"]))
$description = $_POST["file_description"];
else
$description = "No description available";
// Insert into database
$filename= $_FILES['userfile']['name'];
$filesize = $_FILES['userfile']['size'];
$sql = " INSERT INTO tattachment (id_incidencia, id_usuario, filename, description, size ) VALUES (".$id_inc.", '".$iduser_temp." ','".$filename."','".$description."',".$filesize.") ";
mysql_query($sql);
$id_attachment=mysql_insert_id();
// Copy file to directory and change name
$nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename;
if (!(copy($_FILES['userfile']['tmp_name'], $nombre_archivo ))){
echo "<h3 class=error>".__('File cannot be saved. Please contact Pandora administrator about this error <br>')."</h3>";
$sql = " DELETE FROM tattachment WHERE id_attachment =".$id_attachment;
mysql_query($sql);
} else {
// Delete temporal file
unlink ($_FILES['userfile']['tmp_name']);
}
}
}
} // else Not given id
// Create incident from event... read event data
elseif (isset($_GET["insert_form"])){
$iduser_temp=$_SESSION['id_usuario'];
$titulo = "";
if (isset($_GET["from_event"])){
$titulo = return_event_description($_GET["from_event"]);
$descripcion = "";
$origen = "Pandora FMS event";
} else {
$titulo = "";
$descripcion = "";
$origen = "";
}
$prioridad = 0;
$id_grupo = 0;
$grupo = dame_nombre_grupo(1);
$usuario= $_SESSION["id_usuario"];
$estado = 0;
$actualizacion=date("Y/m/d H:i:s");
$inicio = $actualizacion;
$id_creator = $iduser_temp;
$creacion_incidente = 1;
} else {
audit_db($config['id_user'],$REMOTE_ADDR, "HACK","Trying to create incident in a unusual way");
no_permission();
}
// ********************************************************************************************************
// ********************************************************************************************************
// Show the form
// ********************************************************************************************************
if ($creacion_incidente == 0)
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident&action=update'>";
else
echo "<form name='accion_form' method='POST' action='index.php?sec=incidencias&sec2=operation/incidents/incident&action=insert'>";
if (isset($id_inc)) {
echo "<input type='hidden' name='id_inc' value='".$id_inc."'>";
}
echo "<h2>".__('Incident management')." &gt; ";
if (isset($id_inc)) {
echo __('Review of incident')." # ".$id_inc;
} else {
echo __('Create incident');
}
echo "</h2>";
echo '<table cellpadding="4" cellspacing="4" class="databox" width="600">';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<tr><td class="datos"><b>'.__('Incident').'</b></td>
<td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'">';
} else {
echo '<tr><td class="datos"><b>'.__('Incident').'</b><td colspan=3 class="datos"><input type="text" name="titulo" size=70 value="'.$titulo.'" readonly>';
}
echo '<tr><td class="datos2"><b>'.__('Opened at').'</b>';
echo "<td class='datos2' <i>".$inicio."</i>";
echo '<td class="datos2"><b>'.__('Updated at').'</b>';
echo "<td class='datos2'><i>".$actualizacion."</i>";
echo '<tr><td class="datos"><b>'.__('Owner').'</b><td class="datos">';
if ((give_acl($config['id_user'], $id_grupo, "IM")==1) OR ($usuario == $config['id_user'])) {
echo "<select name='usuario_form' width='200px'>";
echo "<option value='".$usuario."'>".$usuario." - ".dame_nombre_real($usuario)."</option>";
$sql1='SELECT * FROM tusuario ORDER BY id_usuario';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["id_usuario"]."'>".$row2["id_usuario"]." - ".$row2["nombre_real"]."</option>";
}
echo "</select>";
}
else {
echo "<input type=hidden name='usuario_form2' value='".$usuario."'>";
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
}
// Tipo de estado
// 0 - Abierta / Sin notas - Open, without notes
// 1 - Abierta / Notas aniadidas - Open, with notes
// 2 - Descartada / Not valid
// 3 - Caducada / Outdated
// 13 - Cerrada / Closed
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<td class="datos"><b>'.__('Status').'</b>
<td class="datos">
<select name="estado_form" class="w135">';
} else {
echo '<td class="datos"><b>'.__('Status').'</b>
<td class="datos">
<select disabled name="estado_form" class="w135">';
}
switch ( $estado ){
case 0: echo '<option value="0">'.__('Open and Active'); break;
//case 1: echo '<option value="2">'.__('Open with notes'); break;
case 2: echo '<option value="2">'.__('Not valid'); break;
case 3: echo '<option value="3">'.__('Out of date'); break;
case 13: echo '<option value="13">'.__('Closed'); break;
}
echo '<option value="0">'.__('Open and Active');
//echo '<option value="1">'.__('Open with notes');
echo '<option value="2">'.__('Not valid');
echo '<option value="3">'.__('Out of date');
echo '<option value="13">'.__('Closed');
echo '</select></td>';
// Only owner could change source or user with Incident management privileges
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<tr><td class="datos2"><b>'.__('Source').'</b></td>
<td class="datos2">
<select name="origen_form" class="w135">';
} else {
echo '<tr><td class="datos2"><b>'.__('Source').'</b></td>
<td class="datos2">
<select disabled name="origen_form" class="w135">';
}
// Fill combobox with source (origen)
if ($origen != "")
echo "<option value='".$origen."'>".$origen;
$sql1='SELECT * FROM torigen ORDER BY origen';
$result=mysql_query($sql1);
while ($row2=mysql_fetch_array($result)){
echo "<option value='".$row2["origen"]."'>".$row2["origen"]."</option>";
}
echo "</select></td>";
// Group combo
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<td class="datos2"><b>'.__('Group').'</b></td>
<td class="datos2">
<select name="grupo_form" class="w135">';
} else {
echo '<td class="datos2"><b>'.__('Group').'</b></td>
<td class="datos2">
<select disabled name="grupo_form" class="w135">';
}
if ($id_grupo != 0)
echo "<option value='".$id_grupo."'>".$grupo;
$sql1='SELECT * FROM tgrupo ORDER BY nombre';
$result=mysql_query($sql1);
while ($row=mysql_fetch_array($result)){
if (give_acl($iduser_temp, $row["id_grupo"], "IR")==1)
echo "<option value='".$row["id_grupo"]."'>".$row["nombre"]."</option>";
}
echo '</select></td></tr><tr>';
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '<td class="datos"><b>'.__('Priority').'</b></td>
<td class="datos"><select name="prioridad_form" class="w135">';
} else {
echo '<td class="datos"><b>'.__('Priority').'</b></td>
<td class="datos"><select disabled name="prioridad_form" class="w135">';
}
switch ( $prioridad ){
case 0: echo '<option value="0">'.__('Informative').'</option>'; break;
case 1: echo '<option value="1">'.__('Low').'</option>'; break;
case 2: echo '<option value="2">'.__('Medium').'</option>'; break;
case 3: echo '<option value="3">'.__('Serious').'</option>'; break;
case 4: echo '<option value="4">'.__('Very Serious').'</option>'; break;
case 10: echo '<option value="10">'.__('Maintenance').'</option>'; break;
}
echo '<option value="0">'.__('Informative').'</option>';
echo '<option value="1">'.__('Low').'</option>';
echo '<option value="2">'.__('Medium').'</option>';
echo '<option value="3">'.__('Serious').'</option>';
echo '<option value="4">'.__('Very Serious').'</option>';
echo '<option value="10">'.__('Maintenance').'</option>';
echo "<td class='datos'><b>Creator</b>
<td class='datos'>".$id_creator." ( <i>".dame_nombre_real($id_creator)." </i>)";
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
echo '</select>
<tr><td class="datos2" colspan="4">
<textarea name="descripcion" rows="15" cols="85" style="height: 300px;">';
} else {
echo '</select>
<tr><td class="datos2" colspan="4">
<textarea readonly name="descripcion" rows="15" cols="85" style="height: 300px;">';
}
if (isset($texto)) {
echo $texto;
}
echo "</textarea></td></tr>";
echo '</table><table width="650px">';
echo "<tr><td align='right'>";
// Only if user is the used who opened incident or (s)he is admin
$iduser_temp=$_SESSION['id_usuario'];
if ($creacion_incidente == 0){
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)){
echo '<input type="submit" class="sub upd" name="accion" value="'.__('Update incident').'" border="0">';
}
} else {
if (give_acl($iduser_temp, $id_grupo, "IW")) {
echo '<input type="submit" class="sub wand" name="accion" value="'.__('Create').'" border="0">';
}
}
echo "</form>";
if ($creacion_incidente == 0){
echo "<tr><td align='right'>";
echo '
<form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_note&id_inc='.$id_inc.'">
<input type="hidden" name="nota" value="add">
<input align=right name="addnote" type="submit" class="sub next" value="'.__('Add note').'">
</form>';
}
echo "</tr></table><br>";
if ($creacion_incidente == 0){
// ********************************************************************
// Notes
// ********************************************************************
$cabecera=0;
$sql4='SELECT * FROM tnota_inc WHERE id_incidencia = '.$id_inc;
$res4=mysql_query($sql4);
while ($row2=mysql_fetch_array($res4)){
if ($cabecera == 0) { // Show head only one time
echo "<h3>".__('Notes attached to incident')."</h3>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='650'>";
echo "<tr><td>";
$cabecera = 1;
}
$sql3='SELECT * FROM tnota WHERE id_nota = '.$row2["id_nota"].' ORDER BY timestamp DESC';
$res3=mysql_query($sql3);
while ($row3=mysql_fetch_array($res3)){
$timestamp = $row3["timestamp"];
$nota = $row3["nota"];
$id_usuario_nota = $row3["id_usuario"];
// Show data
echo '<tr><td rowspan="3" class="top"><img src="images/page_white_text.png"></td><td class="datos" width=40><b>'.__('Author').': </b><td class="datos">';
$usuario = $id_usuario_nota;
$nombre_real = dame_nombre_real ($usuario);
echo $usuario." - (<i><a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$usuario."'>".$nombre_real."</a></i>)";
// Delete comment, only for admins
if ((give_acl($iduser_temp, $id_grupo, "IM")==1) OR ($usuario == $iduser_temp)) {
$myurl="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id=".$id_inc."&id_nota=".$row2["id_nota"]."&id_nota_inc=".$row2["id_nota_inc"];
echo '<td rowspan="3" class="top" width="60" align="center"><a href="'.$myurl.'"><img src="images/cross.png" align="middle" border="0"></a>';
}
echo '<tr><td class="datos"><b>'.__('Date').': </b><td class="datos"><i>'.$timestamp.'</i></td></tr>';
echo '<tr><td colspan="2" class="datos"> ';
echo '<table border="0" cellpadding="4" cellspacing="4" style="width: 580px">';
echo '<tr><td class="datos2" align="justify">';
echo salida_limpia ($nota);
echo "</td></tr>";
echo '</table>';
}
}
if ($cabecera == 1){
echo "</table>"; // note table
}
echo "</form></table>";
// ************************************************************
// Files attached to this incident
// ************************************************************
// Attach head if there's attach for this incident
$att_fil=mysql_query("SELECT * FROM tattachment WHERE id_incidencia = ".$id_inc);
if (mysql_num_rows($att_fil)){
echo "<h3>".__('Attached files')."</h3>";
echo "<table cellpadding='4' cellspacing='4' class='databox' width='650'>";
echo "<tr>
<th class=datos>".__('Filename')."</th>
<th class=datos>".__('Description')."</th>
<th class=datos>".__('Size')."</th>
<th class=datos>".__('Delete')."</th></tr>";
while ($row=mysql_fetch_array($att_fil)){
echo "<tr><td class=datos><img src='images/disk.png' border=0 align='top'> &nbsp;&nbsp;<a target='_new' href='attachment/pand".$row["id_attachment"]."_".$row["filename"]."'><b>".$row["filename"]."</b></a>";
echo "<td class=datos>".$row["description"];
echo "<td class=datos>".$row["size"];
if (give_acl($iduser_temp, $id_grupo, "IM")==1){ // Delete attachment
echo '<td class=datos align="center"><a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&delete_file='.$row["id_attachment"].'"><img src="images/cross.png" border=0>';
}
}
echo "</td></tr></table>";
}
// ************************************************************
// Upload control
// ************************************************************
// Upload control
if (give_acl($iduser_temp, $id_grupo, "IW")==1){
echo "<h3>".__('Attach file');
?>
<A HREF="javascript:;" onmousedown="toggleDiv('file_control');">
<?PHP
echo "<img src='images/disk.png'>";
echo "</a></h3>";
echo "<div id='file_control' style='display:none'>";
echo '<table cellpadding="4" cellspacing="3" class="databox" width="400">
<tr>
<td class="datos">'.__('Filename').'</td>
<td class="datos"><form method="post" action="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&id='.$id_inc.'&upload_file=1" enctype="multipart/form-data">
<input type="file" name="userfile" value="userfile" class="sub" size="40">
</td></tr>
<tr><td class="datos2">'.__('Description').'</td>
<td class="datos2" colspan="3">
<input type="text" name="file_description" size="47">
</td></tr>
</table>
<table width="400px">
<tr><td style="text-align: right;">
<input type="submit" name="upload" value="'.__('Upload').'" class="sub wand">
</td></tr></table><br>';
echo "</div>";
}
} // create mode
?>