dolibarr  7.0.0-beta
listevents.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
3  * Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
4  * Copyright (C) 2015 Bahfir Abbes <bafbes@gmail.com>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
26 require '../../main.inc.php';
27 require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php';
28 require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
29 
30 if (! $user->admin)
32 
33 $action=GETPOST('action', 'alpha');
34 $confirm=GETPOST('confirm','alpha');
35 
36 // Security check
37 if ($user->societe_id > 0)
38 {
39  $action = '';
40  $socid = $user->societe_id;
41 }
42 
43 $langs->load("admin");
44 $langs->load("companies");
45 $langs->load("users");
46 $langs->load("other");
47 
48 // Load variable for pagination
49 $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
50 $sortfield = GETPOST('sortfield','alpha');
51 $sortorder = GETPOST('sortorder','alpha');
52 $page = GETPOST('page','int');
53 if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1
54 $offset = $limit * $page;
55 $pageprev = $page - 1;
56 $pagenext = $page + 1;
57 if (! $sortfield) $sortfield="dateevent";
58 if (! $sortorder) $sortorder="DESC";
59 
60 $search_code = GETPOST("search_code");
61 $search_ip = GETPOST("search_ip");
62 $search_user = GETPOST("search_user");
63 $search_desc = GETPOST("search_desc");
64 $search_ua = GETPOST("search_ua");
65 
66 if (GETPOST("date_startmonth") == '' || GETPOST("date_startmonth") > 0) $date_start=dol_mktime(0,0,0,GETPOST("date_startmonth"),GETPOST("date_startday"),GETPOST("date_startyear"));
67 else $date_start=-1;
68 if (GETPOST("date_endmonth") == '' || GETPOST("date_endmonth") > 0) $date_end=dol_mktime(23,59,59,GETPOST("date_endmonth"),GETPOST("date_endday"),GETPOST("date_endyear"));
69 else $date_end=-1;
70 
71 // checks:if date_start>date_end then date_end=date_start + 24 hours
72 if ($date_start > 0 && $date_end > 0 && $date_start > $date_end) $date_end=$date_start+86400;
73 
74 $now = dol_now();
75 $nowarray = dol_getdate($now);
76 
77 if (empty($date_start)) // We define date_start and date_end
78 {
79  $date_start=dol_get_first_day($nowarray['year'],$nowarray['mon'],false);
80 }
81 if (empty($date_end))
82 {
83  $date_end=dol_mktime(23,59,59,$nowarray['mon'],$nowarray['mday'],$nowarray['year']);
84 }
85 // Set $date_startmonth...
86 $tmp = dol_getdate($date_start);
87 $date_startday = $tmp['mday'];
88 $date_startmonth = $tmp['mon'];
89 $date_startyear = $tmp['year'];
90 $tmp = dol_getdate($date_end);
91 $date_endday = $tmp['mday'];
92 $date_endmonth = $tmp['mon'];
93 $date_endyear = $tmp['year'];
94 
95 
96 /*
97  * Actions
98  */
99 
100 $now=dol_now();
101 
102 // Purge search criteria
103 if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
104 {
105  $date_start=-1;
106  $date_end=-1;
107  $search_code='';
108  $search_ip='';
109  $search_user='';
110  $search_desc='';
111  $search_ua='';
112 }
113 
114 // Purge audit events
115 if ($action == 'confirm_purge' && $confirm == 'yes' && $user->admin)
116 {
117  $error=0;
118 
119  $db->begin();
120  $securityevents=new Events($db);
121 
122  // Delete events
123  $sql = "DELETE FROM ".MAIN_DB_PREFIX."events";
124  $sql.= " WHERE entity = ".$conf->entity;
125 
126  dol_syslog("listevents purge", LOG_DEBUG);
127  $resql = $db->query($sql);
128  if (! $resql)
129  {
130  $error++;
131  setEventMessages($db->lasterror(), null, 'errors');
132  }
133 
134  // Add event purge
135  $text=$langs->trans("SecurityEventsPurged");
136  $securityevent=new Events($db);
137  $securityevent->type='SECURITY_EVENTS_PURGE';
138  $securityevent->dateevent=$now;
139  $securityevent->description=$text;
140  $result=$securityevent->create($user);
141  if ($result > 0)
142  {
143  $db->commit();
144  dol_syslog($text, LOG_WARNING);
145  }
146  else
147  {
148  $error++;
149  dol_syslog($securityevent->error, LOG_ERR);
150  $db->rollback();
151  }
152 }
153 
154 
155 /*
156  * View
157  */
158 
159 llxHeader('',$langs->trans("Audit"));
160 
161 $form=new Form($db);
162 
163 $userstatic=new User($db);
164 $usefilter=0;
165 
166 $sql = "SELECT e.rowid, e.type, e.ip, e.user_agent, e.dateevent,";
167 $sql.= " e.fk_user, e.description,";
168 $sql.= " u.login";
169 $sql.= " FROM ".MAIN_DB_PREFIX."events as e";
170 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u ON u.rowid = e.fk_user";
171 $sql.= " WHERE e.entity IN (".getEntity('event').")";
172 if ($date_start > 0) $sql.= " AND e.dateevent >= '".$db->idate($date_start)."'";
173 if ($date_end > 0) $sql.= " AND e.dateevent <= '".$db->idate($date_end)."'";
174 if ($search_code) { $usefilter++; $sql.=natural_search("e.type", $search_code, 0); }
175 if ($search_ip) { $usefilter++; $sql.=natural_search("e.ip", $search_ip, 0); }
176 if ($search_user) { $usefilter++; $sql.=natural_search("u.login", $search_user, 0); }
177 if ($search_desc) { $usefilter++; $sql.=natural_search("e.description", $search_desc, 0); }
178 if ($search_ua) { $usefilter++; $sql.=natural_search("e.user_agent", $search_ua, 0); }
179 $sql.= $db->order($sortfield,$sortorder);
180 
181 // Count total nb of records
182 $nbtotalofrecords = '';
183 /*if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
184 {
185  $result = $db->query($sql);
186  $nbtotalofrecords = $db->num_rows($result);
187 }*/
188 
189 $sql.= $db->plimit($conf->liste_limit+1, $offset);
190 //print $sql;
191 $result = $db->query($sql);
192 if ($result)
193 {
194  $num = $db->num_rows($result);
195  $i = 0;
196 
197  $param='';
198  if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
199  if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
200  if ($optioncss != '') $param.='&optioncss='.$optioncss;
201  if ($search_code) $param.='&search_code='.urlencode($search_code);
202  if ($search_ip) $param.='&search_ip='.urlencode($search_ip);
203  if ($search_user) $param.='&search_user='.urlencode($search_user);
204  if ($search_desc) $param.='&search_desc='.urlencode($search_desc);
205  if ($search_ua) $param.='&search_ua='.urlencode($search_ua);
206  if ($date_startmonth) $param.= "&date_startmonth=".urlencode($date_startmonth);
207  if ($date_startday) $param.= "&date_startday=".urlencode($date_startday);
208  if ($date_startyear) $param.= "&date_startyear=".urlencode($date_startyear);
209  if ($date_endmonth) $param.= "&date_endmonth=".urlencode($date_endmonth);
210  if ($date_endday) $param.= "&date_endday=".urlencode($date_endday);
211  if ($date_endyear) $param.= "&date_endyear=".urlencode($date_endyear);
212 
213  $langs->load('withdrawals');
214  if ($num)
215  {
216  $center='<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?action=purge">'.$langs->trans("Purge").'</a>';
217  }
218 
219  print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
220 
221  print_barre_liste($langs->trans("ListOfSecurityEvents"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $center, $num, $nbtotalofrecords, 'setup', 0, '', '', $limit);
222 
223  if ($action == 'purge')
224  {
225  $formquestion=array();
226  print $form->formconfirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('PurgeAuditEvents'), $langs->trans('ConfirmPurgeAuditEvents'),'confirm_purge',$formquestion,'no',1);
227  }
228 
229  print '<div class="div-table-responsive">';
230  print '<table class="liste" width="100%">';
231 
232  // Lignes des champs de filtres
233  print '<tr class="liste_titre">';
234 
235  print '<td class="liste_titre" width="15%">'.$form->select_date($date_start,'date_start',0,0,0,'',1,0,1).$form->select_date($date_end,'date_end',0,0,0,'',1,0,1).'</td>';
236 
237  print '<td align="left" class="liste_titre">';
238  print '<input class="flat" type="text" size="10" name="search_code" value="'.$search_code.'">';
239  print '</td>';
240 
241  // IP
242  print '<td align="left" class="liste_titre">';
243  print '<input class="flat" type="text" size="10" name="search_ip" value="'.$search_ip.'">';
244  print '</td>';
245 
246  print '<td align="left" class="liste_titre">';
247  print '<input class="flat" type="text" size="10" name="search_user" value="'.$search_user.'">';
248  print '</td>';
249 
250  print '<td align="left" class="liste_titre">';
251  //print '<input class="flat" type="text" size="10" name="search_desc" value="'.$search_desc.'">';
252  print '</td>';
253 
254  print '<td align="right" class="liste_titre">';
255  $searchpicto=$form->showFilterAndCheckAddButtons(0);
256  print $searchpicto;
257  print '</td>';
258 
259  print "</tr>\n";
260 
261 
262  print '<tr class="liste_titre">';
263  print_liste_field_titre("Date",$_SERVER["PHP_SELF"],"e.dateevent","",$param,'align="left"',$sortfield,$sortorder);
264  print_liste_field_titre("Code",$_SERVER["PHP_SELF"],"e.type","",$param,'align="left"',$sortfield,$sortorder);
265  print_liste_field_titre("IP",$_SERVER["PHP_SELF"],"e.ip","",$param,'align="left"',$sortfield,$sortorder);
266  print_liste_field_titre("User",$_SERVER["PHP_SELF"],"u.login","",$param,'align="left"',$sortfield,$sortorder);
267  print_liste_field_titre("Description",$_SERVER["PHP_SELF"],"e.description","",$param,'align="left"',$sortfield,$sortorder);
269  print "</tr>\n";
270 
271  while ($i < min($num, $limit))
272  {
273  $obj = $db->fetch_object($result);
274 
275  print '<tr class="oddeven">';
276 
277  // Date
278  print '<td align="left" class="nowrap">'.dol_print_date($db->jdate($obj->dateevent),'%Y-%m-%d %H:%M:%S').'</td>';
279 
280  // Code
281  print '<td>'.$obj->type.'</td>';
282 
283  // IP
284  print '<td class="nowrap">';
285  print dol_print_ip($obj->ip);
286  print '</td>';
287 
288  // Login
289  print '<td class="nowrap">';
290  if ($obj->fk_user)
291  {
292  $userstatic->id=$obj->fk_user;
293  $userstatic->login=$obj->login;
294  print $userstatic->getLoginUrl(1);
295  }
296  else print '&nbsp;';
297  print '</td>';
298 
299  // Description
300  print '<td>';
301  $text=$langs->trans($obj->description);
302  if (preg_match('/\((.*)\)(.*)/i',$obj->description,$reg))
303  {
304  $val=explode(',',$reg[1]);
305  $text=$langs->trans($val[0], isset($val[1])?$val[1]:'', isset($val[2])?$val[2]:'', isset($val[3])?$val[3]:'', isset($val[4])?$val[4]:'');
306  if (! empty($reg[2])) $text.=$reg[2];
307  }
308  print $text;
309  print '</td>';
310 
311  // More informations
312  print '<td align="right">';
313  $htmltext='<b>'.$langs->trans("UserAgent").'</b>: '.($obj->user_agent?$obj->user_agent:$langs->trans("Unknown"));
314  print $form->textwithpicto('',$htmltext);
315  print '</td>';
316 
317  print "</tr>\n";
318  $i++;
319  }
320 
321  if ($num == 0)
322  {
323  if ($usefilter) print '<tr><td colspan="6">'.$langs->trans("NoEventFoundWithCriteria").'</td></tr>';
324  else print '<tr><td colspan="6">'.$langs->trans("NoEventOrNoAuditSetup").'</td></tr>';
325  }
326  print "</table>";
327  print "</div>";
328 
329  print "</form>";
330  $db->free($result);
331 }
332 else
333 {
334  dol_print_error($db);
335 }
336 
337 
338 llxFooter();
339 $db->close();
llxFooter()
Empty footer.
Definition: wrapper.php:58
setEventMessages($mesg, $mesgs, $style='mesgs')
Set event messages in dol_events session object.
dol_mktime($hour, $minute, $second, $month, $day, $year, $gm=false, $check=1)
Return a timestamp date built from detailed informations (by default a local PHP server timestamp) Re...
Class to manage Dolibarr users.
Definition: user.class.php:39
dol_get_first_day($year, $month=1, $gm=false)
Return GMT time for first day of a month or year.
Definition: date.lib.php:445
dol_print_error($db='', $error='', $errors=null)
Affiche message erreur system avec toutes les informations pour faciliter le diagnostic et la remonte...
if(empty($reshook)) $form
View.
Definition: perms.php:103
GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NULL, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_print_ip($ip, $mode=0)
Return an IP formated to be shown on screen.
accessforbidden($message='', $printheader=1, $printfooter=1, $showonlymessage=0)
Show a message to say access is forbidden and stop program Calling this function terminate execution ...
Class to manage generation of HTML components Only common components must be here.
print_barre_liste($titre, $page, $file, $options='', $sortfield='', $sortorder='', $morehtmlcenter='', $num=-1, $totalnboflines='', $picto='title_generic.png', $pictoisfullpath=0, $morehtmlright='', $morecss='', $limit=-1, $hideselectlimit=0, $hidenavigation=0)
Print a title with navigation controls for pagination.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
llxHeader()
Empty header.
Definition: wrapper.php:46
natural_search($fields, $value, $mode=0, $nofirstand=0)
Generate natural SQL search string for a criteria (this criteria can be tested on one or several fiel...
dol_now($mode='gmt')
Return date for now.
print
Draft customers invoices.
Definition: index.php:91
if(!empty($conf->facture->enabled)&&$user->rights->facture->lire) if(!empty($conf->fournisseur->enabled)&&$user->rights->fournisseur->facture->lire) if(!empty($conf->don->enabled)&&$user->rights->societe->lire) if(!empty($conf->tax->enabled)&&$user->rights->tax->charges->lire) if(!empty($conf->facture->enabled)&&!empty($conf->commande->enabled)&&$user->rights->commande->lire &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) if(!empty($conf->facture->enabled)&&$user->rights->facture->lire) if(!empty($conf->fournisseur->enabled)&&$user->rights->fournisseur->facture->lire) $resql
Social contributions to pay.
Definition: index.php:1013
print_liste_field_titre($name, $file="", $field="", $begin="", $moreparam="", $moreattrib="", $sortfield="", $sortorder="", $prefix="", $tooltip="")
Show title line of an array.
dol_getdate($timestamp, $fast=false)
Return an array with locale date info.
Events class.