dolibarr  9.0.0
listevents.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2005-2012 Regis Houssin <regis.houssin@inodbox.com>
4  * Copyright (C) 2015 Bahfir Abbes <bafbes@gmail.com>
5  * Copyright (C) 2018 Frédéric France <frederic.france@netlogic.fr>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program. If not, see <http://www.gnu.org/licenses/>.
19  */
20 
27 require '../../main.inc.php';
28 require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php';
29 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
30 
31 if (! $user->admin)
33 
34 $action=GETPOST('action', 'alpha');
35 $confirm=GETPOST('confirm','alpha');
36 
37 // Security check
38 if ($user->societe_id > 0)
39 {
40  $action = '';
41  $socid = $user->societe_id;
42 }
43 
44 // Load translation files required by the page
45 $langs->loadLangs(array("companies","admin","users","other"));
46 
47 // Load variable for pagination
48 $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
49 $sortfield = GETPOST('sortfield','alpha');
50 $sortorder = GETPOST('sortorder','alpha');
51 $page = GETPOST('page','int');
52 if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
53 $offset = $limit * $page;
54 $pageprev = $page - 1;
55 $pagenext = $page + 1;
56 if (! $sortfield) $sortfield="dateevent";
57 if (! $sortorder) $sortorder="DESC";
58 
59 $search_code = GETPOST("search_code");
60 $search_ip = GETPOST("search_ip");
61 $search_user = GETPOST("search_user");
62 $search_desc = GETPOST("search_desc");
63 $search_ua = GETPOST("search_ua");
64 
65 if (GETPOST("date_startmonth") == '' || GETPOST("date_startmonth") > 0) $date_start=dol_mktime(0,0,0,GETPOST("date_startmonth"),GETPOST("date_startday"),GETPOST("date_startyear"));
66 else $date_start=-1;
67 if (GETPOST("date_endmonth") == '' || GETPOST("date_endmonth") > 0) $date_end=dol_mktime(23,59,59,GETPOST("date_endmonth"),GETPOST("date_endday"),GETPOST("date_endyear"));
68 else $date_end=-1;
69 
70 // checks:if date_start>date_end then date_end=date_start + 24 hours
71 if ($date_start > 0 && $date_end > 0 && $date_start > $date_end) $date_end=$date_start+86400;
72 
73 $now = dol_now();
74 $nowarray = dol_getdate($now);
75 
76 if (empty($date_start)) // We define date_start and date_end
77 {
78  $date_start=dol_get_first_day($nowarray['year'],$nowarray['mon'],false);
79 }
80 if (empty($date_end))
81 {
82  $date_end=dol_mktime(23,59,59,$nowarray['mon'],$nowarray['mday'],$nowarray['year']);
83 }
84 // Set $date_startmonth...
85 $tmp = dol_getdate($date_start);
86 $date_startday = $tmp['mday'];
87 $date_startmonth = $tmp['mon'];
88 $date_startyear = $tmp['year'];
89 $tmp = dol_getdate($date_end);
90 $date_endday = $tmp['mday'];
91 $date_endmonth = $tmp['mon'];
92 $date_endyear = $tmp['year'];
93 
94 
95 /*
96  * Actions
97  */
98 
99 $now=dol_now();
100 
101 // Purge search criteria
102 if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
103 {
104  $date_start=-1;
105  $date_end=-1;
106  $search_code='';
107  $search_ip='';
108  $search_user='';
109  $search_desc='';
110  $search_ua='';
111 }
112 
113 // Purge audit events
114 if ($action == 'confirm_purge' && $confirm == 'yes' && $user->admin)
115 {
116  $error=0;
117 
118  $db->begin();
119  $securityevents=new Events($db);
120 
121  // Delete events
122  $sql = "DELETE FROM ".MAIN_DB_PREFIX."events";
123  $sql.= " WHERE entity = ".$conf->entity;
124 
125  dol_syslog("listevents purge", LOG_DEBUG);
126  $resql = $db->query($sql);
127  if (! $resql)
128  {
129  $error++;
130  setEventMessages($db->lasterror(), null, 'errors');
131  }
132 
133  // Add event purge
134  $text=$langs->trans("SecurityEventsPurged");
135  $securityevent=new Events($db);
136  $securityevent->type='SECURITY_EVENTS_PURGE';
137  $securityevent->dateevent=$now;
138  $securityevent->description=$text;
139  $result=$securityevent->create($user);
140  if ($result > 0)
141  {
142  $db->commit();
143  dol_syslog($text, LOG_WARNING);
144  }
145  else
146  {
147  $error++;
148  dol_syslog($securityevent->error, LOG_ERR);
149  $db->rollback();
150  }
151 }
152 
153 
154 /*
155  * View
156  */
157 
158 llxHeader('',$langs->trans("Audit"));
159 
160 $form=new Form($db);
161 
162 $userstatic=new User($db);
163 $usefilter=0;
164 
165 $sql = "SELECT e.rowid, e.type, e.ip, e.user_agent, e.dateevent,";
166 $sql.= " e.fk_user, e.description,";
167 $sql.= " u.login";
168 $sql.= " FROM ".MAIN_DB_PREFIX."events as e";
169 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = e.fk_user";
170 $sql.= " WHERE e.entity IN (".getEntity('event').")";
171 if ($date_start > 0) $sql.= " AND e.dateevent >= '".$db->idate($date_start)."'";
172 if ($date_end > 0) $sql.= " AND e.dateevent <= '".$db->idate($date_end)."'";
173 if ($search_code) { $usefilter++; $sql.=natural_search("e.type", $search_code, 0); }
174 if ($search_ip) { $usefilter++; $sql.=natural_search("e.ip", $search_ip, 0); }
175 if ($search_user) { $usefilter++; $sql.=natural_search("u.login", $search_user, 0); }
176 if ($search_desc) { $usefilter++; $sql.=natural_search("e.description", $search_desc, 0); }
177 if ($search_ua) { $usefilter++; $sql.=natural_search("e.user_agent", $search_ua, 0); }
178 $sql.= $db->order($sortfield,$sortorder);
179 
180 // Count total nb of records
181 $nbtotalofrecords = '';
182 /*if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
183 {
184  $result = $db->query($sql);
185  $nbtotalofrecords = $db->num_rows($result);
186  if (($page * $limit) > $nbtotalofrecords) // if total resultset is smaller then paging size (filtering), goto and load page 0
187  {
188  $page = 0;
189  $offset = 0;
190  }
191 }*/
192 
193 $sql.= $db->plimit($conf->liste_limit+1, $offset);
194 //print $sql;
195 $result = $db->query($sql);
196 if ($result)
197 {
198  $num = $db->num_rows($result);
199  $i = 0;
200 
201  $param='';
202  if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
203  if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
204  if ($optioncss != '') $param.='&optioncss='.$optioncss;
205  if ($search_code) $param.='&search_code='.urlencode($search_code);
206  if ($search_ip) $param.='&search_ip='.urlencode($search_ip);
207  if ($search_user) $param.='&search_user='.urlencode($search_user);
208  if ($search_desc) $param.='&search_desc='.urlencode($search_desc);
209  if ($search_ua) $param.='&search_ua='.urlencode($search_ua);
210  if ($date_startmonth) $param.= "&date_startmonth=".urlencode($date_startmonth);
211  if ($date_startday) $param.= "&date_startday=".urlencode($date_startday);
212  if ($date_startyear) $param.= "&date_startyear=".urlencode($date_startyear);
213  if ($date_endmonth) $param.= "&date_endmonth=".urlencode($date_endmonth);
214  if ($date_endday) $param.= "&date_endday=".urlencode($date_endday);
215  if ($date_endyear) $param.= "&date_endyear=".urlencode($date_endyear);
216 
217  $langs->load('withdrawals');
218  if ($num)
219  {
220  $center='<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?action=purge">'.$langs->trans("Purge").'</a>';
221  }
222 
223  print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
224 
225  print_barre_liste($langs->trans("ListOfSecurityEvents"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $center, $num, $nbtotalofrecords, 'setup', 0, '', '', $limit);
226 
227  if ($action == 'purge')
228  {
229  $formquestion=array();
230  print $form->formconfirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('PurgeAuditEvents'), $langs->trans('ConfirmPurgeAuditEvents'),'confirm_purge',$formquestion,'no',1);
231  }
232 
233  print '<div class="div-table-responsive">';
234  print '<table class="liste" width="100%">';
235 
236  // Lignes des champs de filtres
237  print '<tr class="liste_titre">';
238 
239  print '<td class="liste_titre" width="15%">'.$form->selectDate($date_start,'date_start',0,0,0,'',1,0).$form->selectDate($date_end,'date_end',0,0,0,'',1,0).'</td>';
240 
241  print '<td align="left" class="liste_titre">';
242  print '<input class="flat" type="text" size="10" name="search_code" value="'.$search_code.'">';
243  print '</td>';
244 
245  // IP
246  print '<td align="left" class="liste_titre">';
247  print '<input class="flat" type="text" size="10" name="search_ip" value="'.$search_ip.'">';
248  print '</td>';
249 
250  print '<td align="left" class="liste_titre">';
251  print '<input class="flat" type="text" size="10" name="search_user" value="'.$search_user.'">';
252  print '</td>';
253 
254  print '<td align="left" class="liste_titre">';
255  //print '<input class="flat" type="text" size="10" name="search_desc" value="'.$search_desc.'">';
256  print '</td>';
257 
258  print '<td align="right" class="liste_titre">';
259  $searchpicto=$form->showFilterAndCheckAddButtons(0);
260  print $searchpicto;
261  print '</td>';
262 
263  print "</tr>\n";
264 
265 
266  print '<tr class="liste_titre">';
267  print_liste_field_titre("Date",$_SERVER["PHP_SELF"],"e.dateevent","",$param,'align="left"',$sortfield,$sortorder);
268  print_liste_field_titre("Code",$_SERVER["PHP_SELF"],"e.type","",$param,'align="left"',$sortfield,$sortorder);
269  print_liste_field_titre("IP",$_SERVER["PHP_SELF"],"e.ip","",$param,'align="left"',$sortfield,$sortorder);
270  print_liste_field_titre("User",$_SERVER["PHP_SELF"],"u.login","",$param,'align="left"',$sortfield,$sortorder);
271  print_liste_field_titre("Description",$_SERVER["PHP_SELF"],"e.description","",$param,'align="left"',$sortfield,$sortorder);
273  print "</tr>\n";
274 
275  while ($i < min($num, $limit))
276  {
277  $obj = $db->fetch_object($result);
278 
279  print '<tr class="oddeven">';
280 
281  // Date
282  print '<td align="left" class="nowrap">'.dol_print_date($db->jdate($obj->dateevent),'%Y-%m-%d %H:%M:%S').'</td>';
283 
284  // Code
285  print '<td>'.$obj->type.'</td>';
286 
287  // IP
288  print '<td class="nowrap">';
289  print dol_print_ip($obj->ip);
290  print '</td>';
291 
292  // Login
293  print '<td class="nowrap">';
294  if ($obj->fk_user)
295  {
296  $userstatic->id=$obj->fk_user;
297  $userstatic->login=$obj->login;
298  print $userstatic->getLoginUrl(1);
299  }
300  else print '&nbsp;';
301  print '</td>';
302 
303  // Description
304  print '<td>';
305  $text=$langs->trans($obj->description);
306  if (preg_match('/\((.*)\)(.*)/i',$obj->description,$reg))
307  {
308  $val=explode(',',$reg[1]);
309  $text=$langs->trans($val[0], isset($val[1])?$val[1]:'', isset($val[2])?$val[2]:'', isset($val[3])?$val[3]:'', isset($val[4])?$val[4]:'');
310  if (! empty($reg[2])) $text.=$reg[2];
311  }
312  print $text;
313  print '</td>';
314 
315  // More informations
316  print '<td align="right">';
317  $htmltext='<b>'.$langs->trans("UserAgent").'</b>: '.($obj->user_agent?$obj->user_agent:$langs->trans("Unknown"));
318  print $form->textwithpicto('',$htmltext);
319  print '</td>';
320 
321  print "</tr>\n";
322  $i++;
323  }
324 
325  if ($num == 0)
326  {
327  if ($usefilter) print '<tr><td colspan="6">'.$langs->trans("NoEventFoundWithCriteria").'</td></tr>';
328  else print '<tr><td colspan="6">'.$langs->trans("NoEventOrNoAuditSetup").'</td></tr>';
329  }
330  print "</table>";
331  print "</div>";
332 
333  print "</form>";
334  $db->free($result);
335 }
336 else
337 {
338  dol_print_error($db);
339 }
340 
341 // End of page
342 llxFooter();
343 $db->close();
llxFooter()
Empty footer.
Definition: wrapper.php:56
GETPOST($paramname, $check='none', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
print
Draft customers invoices.
Definition: index.php:91
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
if(! empty($conf->facture->enabled) && $user->rights->facture->lire) if(! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture->lire) if(! empty($conf->don->enabled) && $user->rights->societe->lire) if(! empty($conf->tax->enabled) && $user->rights->tax->charges->lire) if(! empty($conf->facture->enabled) &&! empty($conf->commande->enabled) && $user->rights->commande->lire &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) if(! empty($conf->facture->enabled) && $user->rights->facture->lire) if(! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture->lire) $resql
Social contributions to pay.
Definition: index.php:1053
dol_mktime($hour, $minute, $second, $month, $day, $year, $gm=false, $check=1)
Return a timestamp date built from detailed informations (by default a local PHP server timestamp) Re...
Class to manage Dolibarr users.
Definition: user.class.php:41
dol_get_first_day($year, $month=1, $gm=false)
Return GMT time for first day of a month or year.
Definition: date.lib.php:453
dol_print_error($db='', $error='', $errors=null)
Affiche message erreur system avec toutes les informations pour faciliter le diagnostic et la remonte...
dol_print_ip($ip, $mode=0)
Return an IP formated to be shown on screen.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Class to manage generation of HTML components Only common components must be here.
print_barre_liste($titre, $page, $file, $options='', $sortfield='', $sortorder='', $morehtmlcenter='', $num=-1, $totalnboflines='', $picto='title_generic.png', $pictoisfullpath=0, $morehtmlright='', $morecss='', $limit=-1, $hideselectlimit=0, $hidenavigation=0)
Print a title with navigation controls for pagination.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
llxHeader()
Empty header.
Definition: wrapper.php:44
natural_search($fields, $value, $mode=0, $nofirstand=0)
Generate natural SQL search string for a criteria (this criteria can be tested on one or several fiel...
dol_now($mode='gmt')
Return date for now.
print_liste_field_titre($name, $file="", $field="", $begin="", $moreparam="", $moreattrib="", $sortfield="", $sortorder="", $prefix="", $tooltip="")
Show title line of an array.
dol_getdate($timestamp, $fast=false)
Return an array with locale date info.
Events class.