2008-02-28 17:27:18 +01:00
|
|
|
<?php
|
2023-10-30 04:12:43 +01:00
|
|
|
/* Copyright (C) 2007-2019 Laurent Destailleur <eldy@users.sourceforge.net>
|
|
|
|
|
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
|
|
|
|
|
* Copyright (C) 2023 William Mead <william.mead@manchenumerique.fr>
|
2024-03-02 16:38:35 +01:00
|
|
|
* Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
|
2024-10-26 18:24:40 +02:00
|
|
|
* Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
|
2008-02-28 17:27:18 +01:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2013-01-16 15:36:08 +01:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2008-02-28 17:27:18 +01:00
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2019-09-23 21:55:30 +02:00
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2008-02-28 17:27:18 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
2010-06-08 01:52:43 +02:00
|
|
|
* \file htdocs/core/class/events.class.php
|
2008-11-09 13:33:13 +01:00
|
|
|
* \ingroup core
|
2011-06-19 16:35:16 +02:00
|
|
|
* \brief File of class to manage security events.
|
2008-11-09 13:33:13 +01:00
|
|
|
*/
|
2008-02-28 17:27:18 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2018-08-28 08:33:02 +02:00
|
|
|
* Events class
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2008-02-28 17:27:18 +01:00
|
|
|
class Events // extends CommonObject
|
|
|
|
|
{
|
2018-08-23 18:17:09 +02:00
|
|
|
/**
|
|
|
|
|
* @var string ID to identify managed object
|
|
|
|
|
*/
|
2019-11-28 12:36:20 +01:00
|
|
|
public $element = 'events';
|
2018-08-28 08:33:02 +02:00
|
|
|
|
2018-08-22 18:34:50 +02:00
|
|
|
/**
|
|
|
|
|
* @var string Name of table without prefix where object is stored
|
|
|
|
|
*/
|
2019-11-28 12:36:20 +01:00
|
|
|
public $table_element = 'events';
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2018-08-22 11:24:31 +02:00
|
|
|
/**
|
|
|
|
|
* @var int ID
|
|
|
|
|
*/
|
|
|
|
|
public $id;
|
2018-08-28 08:33:02 +02:00
|
|
|
|
2020-10-31 14:32:18 +01:00
|
|
|
/**
|
|
|
|
|
* @var DoliDB Database handler.
|
|
|
|
|
*/
|
|
|
|
|
public $db;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2018-08-22 10:37:16 +02:00
|
|
|
/**
|
|
|
|
|
* @var string Error code (or message)
|
|
|
|
|
*/
|
2019-11-28 12:36:20 +01:00
|
|
|
public $error = '';
|
2015-04-08 21:50:17 +02:00
|
|
|
|
2019-11-26 00:20:40 +01:00
|
|
|
/**
|
|
|
|
|
* @var int timestamp
|
|
|
|
|
*/
|
2018-10-04 09:24:57 +02:00
|
|
|
public $tms;
|
2019-11-26 00:20:40 +01:00
|
|
|
|
2020-10-31 14:32:18 +01:00
|
|
|
/**
|
2019-11-26 00:20:40 +01:00
|
|
|
* @var string Type
|
|
|
|
|
*/
|
2018-10-04 09:24:57 +02:00
|
|
|
public $type;
|
2018-10-05 15:44:57 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var int Entity
|
|
|
|
|
*/
|
2018-10-04 09:24:57 +02:00
|
|
|
public $entity;
|
2018-10-05 15:44:57 +02:00
|
|
|
|
2024-10-26 18:24:40 +02:00
|
|
|
/**
|
|
|
|
|
* @var int|string
|
|
|
|
|
*/
|
2018-10-04 09:24:57 +02:00
|
|
|
public $dateevent;
|
2018-08-31 19:26:08 +02:00
|
|
|
|
2019-11-26 00:20:40 +01:00
|
|
|
/**
|
|
|
|
|
* @var string IP
|
|
|
|
|
*/
|
2019-07-29 02:16:21 +02:00
|
|
|
public $ip;
|
|
|
|
|
|
2019-11-26 00:20:40 +01:00
|
|
|
/**
|
|
|
|
|
* @var string User agent
|
|
|
|
|
*/
|
2019-07-29 02:16:21 +02:00
|
|
|
public $user_agent;
|
|
|
|
|
|
2023-10-30 04:12:43 +01:00
|
|
|
/**
|
|
|
|
|
* @var string label
|
|
|
|
|
*/
|
|
|
|
|
public $label;
|
|
|
|
|
|
2018-08-31 19:26:08 +02:00
|
|
|
/**
|
|
|
|
|
* @var string description
|
|
|
|
|
*/
|
|
|
|
|
public $description;
|
2008-02-28 17:27:18 +01:00
|
|
|
|
2019-07-29 02:16:21 +02:00
|
|
|
/**
|
|
|
|
|
* @var string Prefix session obtained with method dol_getprefix()
|
|
|
|
|
*/
|
|
|
|
|
public $prefix_session;
|
|
|
|
|
|
2023-08-14 21:43:24 +02:00
|
|
|
/**
|
|
|
|
|
* @var string Authentication method used for USER_LOGIN with success
|
|
|
|
|
*/
|
|
|
|
|
public $authentication_method;
|
|
|
|
|
|
|
|
|
|
|
2024-10-26 18:24:40 +02:00
|
|
|
/**
|
|
|
|
|
* @var array<array{id:string,test:int<0,1>}> List of all Audit/Security events supported by triggers
|
|
|
|
|
*/
|
2019-11-28 12:36:20 +01:00
|
|
|
public $eventstolog = array(
|
2024-10-26 18:24:40 +02:00
|
|
|
array('id' => 'USER_LOGIN', 'test' => 1),
|
|
|
|
|
array('id' => 'USER_LOGIN_FAILED', 'test' => 1),
|
|
|
|
|
array('id' => 'USER_LOGOUT', 'test' => 1),
|
|
|
|
|
array('id' => 'USER_CREATE', 'test' => 1),
|
|
|
|
|
array('id' => 'USER_MODIFY', 'test' => 1),
|
|
|
|
|
array('id' => 'USER_NEW_PASSWORD', 'test' => 1),
|
|
|
|
|
array('id' => 'USER_ENABLEDISABLE', 'test' => 1),
|
|
|
|
|
array('id' => 'USER_DELETE', 'test' => 1),
|
|
|
|
|
array('id' => 'USERGROUP_CREATE', 'test' => 1),
|
|
|
|
|
array('id' => 'USERGROUP_MODIFY', 'test' => 1),
|
|
|
|
|
array('id' => 'USERGROUP_DELETE', 'test' => 1),
|
2011-07-19 01:28:30 +02:00
|
|
|
);
|
2008-02-28 17:27:18 +01:00
|
|
|
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2019-07-29 02:16:21 +02:00
|
|
|
// BEGIN MODULEBUILDER PROPERTIES
|
|
|
|
|
/**
|
2025-02-05 00:40:06 +01:00
|
|
|
* @var array<string,array{type:string,label:string,enabled:int<0,2>|string,position:int,notnull?:int,visible:int<-6,6>|string,alwayseditable?:int<0,1>,noteditable?:int<0,1>,default?:string,index?:int,foreignkey?:string,searchall?:int<0,1>,isameasure?:int<0,1>,css?:string,csslist?:string,help?:string,showoncombobox?:int<0,4>,disabled?:int<0,1>,arrayofkeyval?:array<int|string,string>,autofocusoncreate?:int<0,1>,comment?:string,copytoclipboard?:int<1,2>,validate?:int<0,1>,showonheader?:int<0,1>}> Array with all fields and their property. Do not use it as a static var. It may be modified by constructor.
|
2019-07-29 02:16:21 +02:00
|
|
|
*/
|
2019-11-28 12:36:20 +01:00
|
|
|
public $fields = array(
|
2024-10-26 18:24:40 +02:00
|
|
|
'rowid' => array('type' => 'integer', 'label' => 'TechnicalID', 'enabled' => 1, 'visible' => -2, 'noteditable' => 1, 'notnull' => 1, 'index' => 1, 'position' => 1, 'comment' => 'Id'),
|
|
|
|
|
'entity' => array('type' => 'integer', 'label' => 'Entity', 'enabled' => 1, 'visible' => 0, 'notnull' => 1, 'default' => '1', 'index' => 1, 'position' => 20),
|
|
|
|
|
'prefix_session' => array('type' => 'varchar(255)', 'label' => 'PrefixSession', 'enabled' => 1, 'visible' => -1, 'notnull' => -1, 'index' => 0, 'position' => 1000),
|
|
|
|
|
'user_agent' => array('type' => 'varchar(255)', 'label' => 'UserAgent', 'enabled' => 1, 'visible' => -1, 'notnull' => 1, 'default' => '0', 'index' => 1, 'position' => 1000),
|
2019-07-29 02:16:21 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
2009-10-20 14:45:52 +02:00
|
|
|
/**
|
2011-09-11 20:35:38 +02:00
|
|
|
* Constructor
|
|
|
|
|
*
|
2012-02-20 10:09:28 +01:00
|
|
|
* @param DoliDB $db Database handler
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2019-02-27 20:45:07 +01:00
|
|
|
public function __construct($db)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
2012-02-20 10:09:28 +01:00
|
|
|
$this->db = $db;
|
2009-10-20 14:45:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2011-09-11 20:35:38 +02:00
|
|
|
* Create in database
|
2012-02-20 10:09:28 +01:00
|
|
|
*
|
2011-09-11 20:35:38 +02:00
|
|
|
* @param User $user User that create
|
2023-12-01 19:51:32 +01:00
|
|
|
* @return int Return integer <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2019-02-27 20:45:07 +01:00
|
|
|
public function create($user)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
2019-07-04 02:01:55 +02:00
|
|
|
global $conf;
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Clean parameters
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->description = trim($this->description);
|
2021-02-23 22:03:23 +01:00
|
|
|
if (empty($this->user_agent)) {
|
|
|
|
|
$this->user_agent = (empty($_SERVER['HTTP_USER_AGENT']) ? '' : $_SERVER['HTTP_USER_AGENT']);
|
|
|
|
|
}
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Check parameters
|
2021-02-23 22:03:23 +01:00
|
|
|
if (empty($this->description)) {
|
2021-03-01 20:37:16 +01:00
|
|
|
$this->error = 'ErrorBadValueForParameterCreateEventDesc';
|
|
|
|
|
return -1;
|
2021-02-23 22:03:23 +01:00
|
|
|
}
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Insert request
|
2022-01-27 10:19:35 +01:00
|
|
|
$sql = "INSERT INTO ".$this->db->prefix()."events(";
|
2019-11-28 12:36:20 +01:00
|
|
|
$sql .= "type,";
|
|
|
|
|
$sql .= "entity,";
|
|
|
|
|
$sql .= "ip,";
|
|
|
|
|
$sql .= "user_agent,";
|
|
|
|
|
$sql .= "dateevent,";
|
|
|
|
|
$sql .= "fk_user,";
|
|
|
|
|
$sql .= "description,";
|
|
|
|
|
$sql .= "prefix_session";
|
|
|
|
|
$sql .= ") VALUES (";
|
|
|
|
|
$sql .= " '".$this->db->escape($this->type)."',";
|
2021-06-14 13:51:09 +02:00
|
|
|
$sql .= " ".((int) $conf->entity).",";
|
2019-11-28 12:36:20 +01:00
|
|
|
$sql .= " '".$this->db->escape(getUserRemoteIP())."',";
|
|
|
|
|
$sql .= " ".($this->user_agent ? "'".$this->db->escape(dol_trunc($this->user_agent, 250))."'" : 'NULL').",";
|
|
|
|
|
$sql .= " '".$this->db->idate($this->dateevent)."',";
|
2022-02-21 11:26:03 +01:00
|
|
|
$sql .= " ".($user->id > 0 ? ((int) $user->id) : 'NULL').",";
|
2019-11-28 12:36:20 +01:00
|
|
|
$sql .= " '".$this->db->escape(dol_trunc($this->description, 250))."',";
|
|
|
|
|
$sql .= " '".$this->db->escape(dol_getprefix())."'";
|
|
|
|
|
$sql .= ")";
|
2009-10-20 14:45:52 +02:00
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
2019-11-28 12:36:20 +01:00
|
|
|
$resql = $this->db->query($sql);
|
2021-02-23 22:03:23 +01:00
|
|
|
if ($resql) {
|
2022-01-27 10:19:35 +01:00
|
|
|
$this->id = $this->db->last_insert_id($this->db->prefix()."events");
|
2009-10-20 14:45:52 +02:00
|
|
|
return $this->id;
|
2020-05-21 15:05:19 +02:00
|
|
|
} else {
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->error = "Error ".$this->db->lasterror();
|
2009-10-20 14:45:52 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Update database
|
|
|
|
|
*
|
|
|
|
|
* @param User $user User that modify
|
|
|
|
|
* @param int $notrigger 0=no, 1=yes (no update trigger)
|
2023-12-01 19:51:32 +01:00
|
|
|
* @return int Return integer <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2020-10-31 14:32:18 +01:00
|
|
|
public function update($user = null, $notrigger = 0)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
|
|
|
|
// Clean parameters
|
2019-11-26 00:20:40 +01:00
|
|
|
$this->id = (int) $this->id;
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->type = trim($this->type);
|
|
|
|
|
$this->description = trim($this->description);
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Check parameters
|
|
|
|
|
// Put here code to add control on parameters values
|
|
|
|
|
|
|
|
|
|
// Update request
|
2022-01-27 10:19:35 +01:00
|
|
|
$sql = "UPDATE ".$this->db->prefix()."events SET";
|
2019-11-28 12:36:20 +01:00
|
|
|
$sql .= " type='".$this->db->escape($this->type)."',";
|
|
|
|
|
$sql .= " dateevent='".$this->db->idate($this->dateevent)."',";
|
|
|
|
|
$sql .= " description='".$this->db->escape($this->description)."'";
|
2021-03-14 12:20:23 +01:00
|
|
|
$sql .= " WHERE rowid=".((int) $this->id);
|
2009-10-20 14:45:52 +02:00
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::update", LOG_DEBUG);
|
2009-10-20 14:45:52 +02:00
|
|
|
$resql = $this->db->query($sql);
|
2021-02-23 22:03:23 +01:00
|
|
|
if (!$resql) {
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->error = "Error ".$this->db->lasterror();
|
2009-10-20 14:45:52 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Load object in memory from database
|
|
|
|
|
*
|
|
|
|
|
* @param int $id Id object
|
|
|
|
|
* @param User $user User that load
|
2023-12-01 19:51:32 +01:00
|
|
|
* @return int Return integer <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2020-10-31 14:32:18 +01:00
|
|
|
public function fetch($id, $user = null)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
|
|
|
|
$sql = "SELECT";
|
2019-11-28 12:36:20 +01:00
|
|
|
$sql .= " t.rowid,";
|
|
|
|
|
$sql .= " t.tms,";
|
|
|
|
|
$sql .= " t.type,";
|
|
|
|
|
$sql .= " t.entity,";
|
|
|
|
|
$sql .= " t.dateevent,";
|
|
|
|
|
$sql .= " t.description,";
|
|
|
|
|
$sql .= " t.ip,";
|
|
|
|
|
$sql .= " t.user_agent,";
|
|
|
|
|
$sql .= " t.prefix_session";
|
2022-01-27 10:19:35 +01:00
|
|
|
$sql .= " FROM ".$this->db->prefix()."events as t";
|
2021-03-14 11:48:39 +01:00
|
|
|
$sql .= " WHERE t.rowid = ".((int) $id);
|
2009-10-20 14:45:52 +02:00
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
2019-11-28 12:36:20 +01:00
|
|
|
$resql = $this->db->query($sql);
|
2021-02-23 22:03:23 +01:00
|
|
|
if ($resql) {
|
|
|
|
|
if ($this->db->num_rows($resql)) {
|
2009-10-20 14:45:52 +02:00
|
|
|
$obj = $this->db->fetch_object($resql);
|
|
|
|
|
|
2019-11-26 00:20:40 +01:00
|
|
|
$this->id = $obj->rowid;
|
2010-01-13 19:51:19 +01:00
|
|
|
$this->tms = $this->db->jdate($obj->tms);
|
2009-10-20 14:45:52 +02:00
|
|
|
$this->type = $obj->type;
|
|
|
|
|
$this->entity = $obj->entity;
|
2010-01-13 19:51:19 +01:00
|
|
|
$this->dateevent = $this->db->jdate($obj->dateevent);
|
2009-10-20 14:45:52 +02:00
|
|
|
$this->description = $obj->description;
|
|
|
|
|
$this->ip = $obj->ip;
|
|
|
|
|
$this->user_agent = $obj->user_agent;
|
2019-07-29 02:16:21 +02:00
|
|
|
$this->prefix_session = $obj->prefix_session;
|
2009-10-20 14:45:52 +02:00
|
|
|
}
|
|
|
|
|
$this->db->free($resql);
|
|
|
|
|
|
|
|
|
|
return 1;
|
2020-05-21 15:05:19 +02:00
|
|
|
} else {
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->error = "Error ".$this->db->lasterror();
|
2009-10-20 14:45:52 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Delete object in database
|
|
|
|
|
*
|
|
|
|
|
* @param User $user User that delete
|
2023-12-01 19:51:32 +01:00
|
|
|
* @return int Return integer <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2020-10-31 14:32:18 +01:00
|
|
|
public function delete($user)
|
2008-02-28 17:27:18 +01:00
|
|
|
{
|
2022-01-27 10:19:35 +01:00
|
|
|
$sql = "DELETE FROM ".$this->db->prefix()."events";
|
2021-03-14 12:20:23 +01:00
|
|
|
$sql .= " WHERE rowid=".((int) $this->id);
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
|
2008-02-28 17:27:18 +01:00
|
|
|
$resql = $this->db->query($sql);
|
2021-02-23 22:03:23 +01:00
|
|
|
if (!$resql) {
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->error = "Error ".$this->db->lasterror();
|
2008-02-28 17:27:18 +01:00
|
|
|
return -1;
|
|
|
|
|
}
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
/**
|
2020-10-31 14:32:18 +01:00
|
|
|
* Initialise an instance with random values.
|
|
|
|
|
* Used to build previews or test instances.
|
|
|
|
|
* id must be 0 if object instance is a specimen.
|
|
|
|
|
*
|
2024-03-02 16:38:35 +01:00
|
|
|
* @return int
|
2020-10-31 14:32:18 +01:00
|
|
|
*/
|
|
|
|
|
public function initAsSpecimen()
|
2008-02-28 17:27:18 +01:00
|
|
|
{
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->id = 0;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2019-11-28 12:36:20 +01:00
|
|
|
$this->tms = time();
|
|
|
|
|
$this->type = '';
|
|
|
|
|
$this->dateevent = time();
|
|
|
|
|
$this->description = 'This is a specimen event';
|
2019-07-29 02:16:21 +02:00
|
|
|
$this->ip = '1.2.3.4';
|
|
|
|
|
$this->user_agent = 'Mozilla specimen User Agent X.Y';
|
|
|
|
|
$this->prefix_session = dol_getprefix();
|
2024-03-02 16:38:35 +01:00
|
|
|
|
|
|
|
|
return 1;
|
2020-10-31 14:32:18 +01:00
|
|
|
}
|
2008-02-28 17:27:18 +01:00
|
|
|
}
|
