28 require
'../../main.inc.php';
29 require_once DOL_DOCUMENT_ROOT.
'/core/class/events.class.php';
30 require_once DOL_DOCUMENT_ROOT.
'/core/lib/date.lib.php';
36 $action =
GETPOST(
'action',
'aZ09');
37 $confirm =
GETPOST(
'confirm',
'alpha');
40 if ($user->socid > 0) {
42 $socid = $user->socid;
46 $langs->loadLangs(array(
"companies",
"admin",
"users",
"other",
"withdrawals"));
49 $limit =
GETPOST(
'limit',
'int') ?
GETPOST(
'limit',
'int') : $conf->liste_limit;
50 $sortfield =
GETPOST(
'sortfield',
'aZ09comma');
51 $sortorder =
GETPOST(
'sortorder',
'aZ09comma');
53 if (empty($page) || $page == -1) {
56 $offset = $limit * $page;
57 $pageprev = $page - 1;
58 $pagenext = $page + 1;
60 $sortfield =
"dateevent";
66 $search_code =
GETPOST(
"search_code",
"alpha");
67 $search_ip =
GETPOST(
"search_ip",
"alpha");
68 $search_user =
GETPOST(
"search_user",
"alpha");
69 $search_desc =
GETPOST(
"search_desc",
"alpha");
70 $search_ua =
GETPOST(
"search_ua",
"restricthtml");
71 $search_prefix_session =
GETPOST(
"search_prefix_session",
"restricthtml");
72 $optioncss =
GETPOST(
"optioncss",
"aZ");
77 if (
GETPOST(
"date_startmonth",
'int') > 0) {
82 if (
GETPOST(
"date_endmonth",
'int') > 0) {
83 $date_end =
dol_get_last_hour(
dol_mktime(23, 59, 59,
GETPOST(
"date_endmonth",
'int'),
GETPOST(
"date_endday",
'int'),
GETPOST(
"date_endyear",
'int'),
'tzuserrel'),
'tzuserrel');
89 if ($date_start !==
'' && $date_end !==
'' && $date_start > $date_end) {
90 $date_end = $date_start + 86400;
95 $date_start =
dol_get_first_day($nowarray[
'year'], $nowarray[
'mon'],
'tzuserrel');
98 $date_end =
dol_get_last_day($nowarray[
'year'], $nowarray[
'mon'],
'tzuserrel');
103 $date_startmonth =
'';
104 $date_startyear =
'';
108 if ($date_start !==
'') {
110 $date_startday = $tmp[
'mday'];
111 $date_startmonth = $tmp[
'mon'];
112 $date_startyear = $tmp[
'year'];
114 if ($date_end !==
'') {
116 $date_endday = $tmp[
'mday'];
117 $date_endmonth = $tmp[
'mon'];
118 $date_endyear = $tmp[
'year'];
122 $arrayfields = array(
123 'e.prefix_session' => array(
124 'label'=>
'UserAgent',
125 'checked'=>(empty($conf->global->AUDIT_ENABLE_PREFIX_SESSION) ? 0 : 1),
126 'enabled'=>(empty($conf->global->AUDIT_ENABLE_PREFIX_SESSION) ? 0 : 1),
139 if (
GETPOST(
'button_removefilter_x',
'alpha') ||
GETPOST(
'button_removefilter.x',
'alpha') ||
GETPOST(
'button_removefilter',
'alpha')) {
144 $date_startmonth =
'';
146 $date_startyear =
'';
153 $search_prefix_session =
'';
157 if ($action ==
'confirm_purge' && $confirm ==
'yes' && $user->admin) {
161 $securityevents =
new Events($db);
164 $sql =
"DELETE FROM ".MAIN_DB_PREFIX.
"events";
165 $sql .=
" WHERE entity = ".$conf->entity;
168 $resql = $db->query(
$sql);
175 $text = $langs->trans(
"SecurityEventsPurged");
176 $securityevent =
new Events($db);
177 $securityevent->type =
'SECURITY_EVENTS_PURGE';
178 $securityevent->dateevent = $now;
179 $securityevent->description = $text;
181 $result = $securityevent->create($user);
197 $title = $langs->trans(
"Audit");
202 $userstatic =
new User($db);
205 $sql =
"SELECT e.rowid, e.type, e.ip, e.user_agent, e.dateevent,";
206 $sql .=
" e.fk_user, e.description, e.prefix_session,";
207 $sql .=
" u.login, u.admin, u.entity, u.firstname, u.lastname, u.statut as status";
208 $sql .=
" FROM ".MAIN_DB_PREFIX.
"events as e";
209 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"user as u ON u.rowid = e.fk_user";
210 $sql .=
" WHERE e.entity IN (".getEntity(
'event').
")";
211 if ($date_start !==
'') {
212 $sql .=
" AND e.dateevent >= '".$db->idate($date_start).
"'";
214 if ($date_end !==
'' ) {
215 $sql .=
" AND e.dateevent <= '".$db->idate($date_end).
"'";
232 if ($search_prefix_session) {
235 $sql .= $db->order($sortfield, $sortorder);
238 $nbtotalofrecords =
'';
250 $sql .= $db->plimit($limit + 1, $offset);
252 $result = $db->query(
$sql);
254 $num = $db->num_rows($result);
258 if (!empty($contextpage) && $contextpage != $_SERVER[
"PHP_SELF"]) {
259 $param .=
'&contextpage='.urlencode($contextpage);
261 if ($limit > 0 && $limit != $conf->liste_limit) {
262 $param .=
'&limit='.((int) $limit);
264 if ($optioncss !=
'') {
265 $param .=
'&optioncss='.urlencode($optioncss);
268 $param .=
'&search_code='.urlencode($search_code);
271 $param .=
'&search_ip='.urlencode($search_ip);
274 $param .=
'&search_user='.urlencode($search_user);
277 $param .=
'&search_desc='.urlencode($search_desc);
280 $param .=
'&search_ua='.urlencode($search_ua);
282 if ($search_prefix_session) {
283 $param .=
'&search_prefix_session='.urlencode($search_prefix_session);
285 if ($date_startmonth) {
286 $param .=
"&date_startmonth=".urlencode($date_startmonth);
288 if ($date_startday) {
289 $param .=
"&date_startday=".urlencode($date_startday);
291 if ($date_startyear) {
292 $param .=
"&date_startyear=".urlencode($date_startyear);
294 if ($date_endmonth) {
295 $param .=
"&date_endmonth=".urlencode($date_endmonth);
298 $param .=
"&date_endday=".urlencode($date_endday);
301 $param .=
"&date_endyear=".urlencode($date_endyear);
306 $center =
'<a class="butActionDelete small" href="'.$_SERVER[
"PHP_SELF"].
'?action=purge">'.$langs->trans(
"Purge").
'</a>';
309 print
'<form method="POST" action="'.$_SERVER[
"PHP_SELF"].
'">';
310 print
'<input type="hidden" name="token" value="'.newToken().
'">';
312 print_barre_liste($langs->trans(
"ListOfSecurityEvents"), $page, $_SERVER[
"PHP_SELF"], $param, $sortfield, $sortorder, $center, $num, $nbtotalofrecords,
'setup', 0,
'',
'', $limit);
314 if ($action ==
'purge') {
315 $formquestion = array();
316 print
$form->formconfirm($_SERVER[
"PHP_SELF"].
'?noparam=noparam', $langs->trans(
'PurgeAuditEvents'), $langs->trans(
'ConfirmPurgeAuditEvents'),
'confirm_purge', $formquestion,
'no', 1);
333 print
'<div class="div-table-responsive">';
334 print
'<table class="liste centpercent">';
337 print
'<tr class="liste_titre">';
341 print
'<td class="liste_titre maxwidthsearch center">';
342 $searchpicto =
$form->showFilterAndCheckAddButtons(0);
347 print
'<td class="liste_titre" width="15%">';
348 print
$form->selectDate($date_start ===
'' ? -1 : $date_start,
'date_start', 0, 0, 0,
'', 1, 0, 0,
'',
'',
'',
'', 1,
'',
'',
'tzuserrel');
349 print
$form->selectDate($date_end ===
'' ? -1 : $date_end,
'date_end', 0, 0, 0,
'', 1, 0, 0,
'',
'',
'',
'', 1,
'',
'',
'tzuserrel');
352 print
'<td class="liste_titre left">';
353 print
'<input class="flat maxwidth100" type="text" name="search_code" value="'.dol_escape_htmltag($search_code).
'">';
357 print
'<td class="liste_titre left">';
358 print
'<input class="flat maxwidth100" type="text" name="search_ip" value="'.dol_escape_htmltag($search_ip).
'">';
361 print
'<td class="liste_titre left">';
362 print
'<input class="flat maxwidth100" type="text" name="search_user" value="'.dol_escape_htmltag($search_user).
'">';
365 print
'<td class="liste_titre left">';
369 if (!empty($arrayfields[
'e.user_agent'][
'checked'])) {
370 print
'<td class="liste_titre left">';
371 print
'<input class="flat maxwidth100" type="text" name="search_ua" value="'.dol_escape_htmltag($search_ua).
'">';
375 if (!empty($arrayfields[
'e.prefix_session'][
'checked'])) {
376 print
'<td class="liste_titre left">';
377 print
'<input class="flat maxwidth100" type="text" name="search_prefix_session" value="'.dol_escape_htmltag($search_prefix_session).
'">';
383 print
'<td class="liste_titre maxwidthsearch">';
384 $searchpicto =
$form->showFilterAndCheckAddButtons(0);
392 print
'<tr class="liste_titre">';
401 print_liste_field_titre(
"Description", $_SERVER[
"PHP_SELF"],
"e.description",
"", $param,
'', $sortfield, $sortorder);
402 if (!empty($arrayfields[
'e.user_agent'][
'checked'])) {
403 print_liste_field_titre(
"UserAgent", $_SERVER[
"PHP_SELF"],
"e.user_agent",
"", $param,
'', $sortfield, $sortorder);
405 if (!empty($arrayfields[
'e.prefix_session'][
'checked'])) {
406 print_liste_field_titre(
"SuffixSessionName", $_SERVER[
"PHP_SELF"],
"e.prefix_session",
"", $param,
'', $sortfield, $sortorder);
414 while ($i < min($num, $limit)) {
415 $obj = $db->fetch_object($result);
417 print
'<tr class="oddeven">';
421 print
'<td class="center">';
422 $htmltext =
'<b>'.$langs->trans(
"UserAgent").
'</b>: '.($obj->user_agent ?
dol_string_nohtmltag($obj->user_agent) : $langs->trans(
"Unknown"));
423 $htmltext .=
'<br><b>'.$langs->trans(
"SuffixSessionName").
' (DOLSESSID_...)</b>: '.($obj->prefix_session ?
dol_string_nohtmltag($obj->prefix_session) : $langs->trans(
"Unknown"));
424 print
$form->textwithpicto(
'', $htmltext);
429 print
'<td class="nowrap left">'.dol_print_date($db->jdate($obj->dateevent),
'%Y-%m-%d %H:%M:%S',
'tzuserrel').
'</td>';
432 print
'<td>'.dol_escape_htmltag($obj->type).
'</td>';
435 print
'<td class="nowraponall">';
440 print
'<td class="tdoverflowmax150">';
441 if ($obj->fk_user > 0) {
442 $userstatic->id = $obj->fk_user;
443 $userstatic->login = $obj->login;
444 $userstatic->admin = $obj->admin;
445 $userstatic->entity = $obj->entity;
446 $userstatic->status = $obj->status;
448 print $userstatic->getLoginUrl(1);
449 if (
isModEnabled(
'multicompany') && $userstatic->admin && !$userstatic->entity) {
450 print
img_picto($langs->trans(
"SuperAdministrator"),
'redstar',
'class="valignmiddle paddingleft"');
451 } elseif ($userstatic->admin) {
452 print
img_picto($langs->trans(
"Administrator"),
'star',
'class="valignmiddle paddingleft"');
461 $text = $langs->trans($obj->description);
463 if (preg_match(
'/\((.*)\)(.*)/i', $obj->description, $reg)) {
464 $val = explode(
',', $reg[1]);
465 $text = $langs->trans($val[0], isset($val[1]) ? $val[1] :
'', isset($val[2]) ? $val[2] :
'', isset($val[3]) ? $val[3] :
'', isset($val[4]) ? $val[4] :
'');
466 if (!empty($reg[2])) {
473 if (!empty($arrayfields[
'e.user_agent'][
'checked'])) {
480 if (!empty($arrayfields[
'e.prefix_session'][
'checked'])) {
489 print
'<td class="right">';
490 $htmltext =
'<b>'.$langs->trans(
"UserAgent").
'</b>: '.($obj->user_agent ?
dol_string_nohtmltag($obj->user_agent) : $langs->trans(
"Unknown"));
491 $htmltext .=
'<br><b>'.$langs->trans(
"SuffixSessionName").
' (DOLSESSID_...)</b>: '.($obj->prefix_session ?
dol_string_nohtmltag($obj->prefix_session) : $langs->trans(
"Unknown"));
492 print
$form->textwithpicto(
'', $htmltext);
502 print
'<tr><td colspan="7"><span class="opacitymedium">'.$langs->trans(
"NoEventFoundWithCriteria").
'</span></td></tr>';
504 print
'<tr><td colspan="7"><span class="opacitymedium">'.$langs->trans(
"NoEventOrNoAuditSetup").
'</span></td></tr>';