dolibarr/htdocs/admin/events.php

<?php
/* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2013	   Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */

/**
 *	    \file       htdocs/admin/events.php
 *      \ingroup    core
 *      \brief      Log event setup page
 */

require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php';


if (!$user->admin) {
	accessforbidden();
}

// Load translation files required by the page
$langs->loadLangs(array("users", "admin", "other"));

$action = GETPOST('action', 'aZ09');
$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search
$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')

// Load variable for pagination
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'alpha');
$sortorder = GETPOST('sortorder', 'alpha');
$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');
if (empty($page) || $page < 0 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha')) { $page = 0; }     // If $page is not defined, or '' or -1 or if we click on clear filters
$offset = $limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;

$securityevent = new Events($db);
$eventstolog = $securityevent->eventstolog;


/*
 *	Actions
 */

if ($action == "save")
{
	$i = 0;

	$db->begin();

	foreach ($eventstolog as $key => $arr)
	{
		$param = 'MAIN_LOGEVENTS_'.$arr['id'];
		if (GETPOST($param, 'alphanohtml')) dolibarr_set_const($db, $param, GETPOST($param, 'alphanohtml'), 'chaine', 0, '', $conf->entity);
		else dolibarr_del_const($db, $param, $conf->entity);
	}

	$db->commit();
	setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
}


/*
 * View
 */

$form = new Form($db);

$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;
$selectedfields = '';
$selectedfields .= $form->showCheckAddButtons('checkforselect', 1);

$wikihelp = 'EN:Setup_Security|FR:Paramétrage_Sécurité|ES:Configuración_Seguridad';
llxHeader('', $langs->trans("Audit"), $wikihelp);

//$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
print load_fiche_titre($langs->trans("SecuritySetup"), '', 'title_setup');

print '<span class="opacitymedium">'.$langs->trans("LogEventDesc", $langs->transnoentitiesnoconv("AdminTools"), $langs->transnoentitiesnoconv("Audit"))."</span><br>\n";
print "<br>\n";


print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="save">';

$head = security_prepare_head();

dol_fiche_head($head, 'audit', $langs->trans("Security"), -1);

print '<table class="noborder" width="100%">';
print "<tr class=\"liste_titre\">";
print getTitleFieldOfList("LogEvents", 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, '')."\n";
print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, 'center maxwidthsearch ')."\n";
print "</tr>\n";
// Loop on each event type
foreach ($eventstolog as $key => $arr)
{
	if ($arr['id'])
	{
		print '<tr class="oddeven">';
		print '<td>'.$arr['id'].'</td>';
		print '<td class="center">';
		$key = 'MAIN_LOGEVENTS_'.$arr['id'];
		$value = $conf->global->$key;
		print '<input class="oddeven checkforselect" type="checkbox" name="'.$key.'" value="1"'.($value ? ' checked' : '').'>';
		print '</td></tr>'."\n";
	}
}
print '</table>';

dol_fiche_end();

print '<div class="center">';
print "<input type=\"submit\" name=\"save\" class=\"button\" value=\"".$langs->trans("Save")."\">";
print '</div>';

print "</form>\n";

// End of page
llxFooter();
$db->close();
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`<?php`
Qual: Removed TODO. Now all password generation use the password generator module. 2011-05-01 12:48:43 +02:00			`/* Copyright (C) 2008-2011 Laurent Destailleur <eldy@users.sourceforge.net>`
[ task #1036 ] Normalized usage of setEventMessage instead of dol_htmloutput_mesg: Works in admin 2013-08-14 12:48:00 +02:00			`* Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
Prepare move to other licence. For the moment all answers for licence upgrade were not yet received. So we prepare for GPL by uniformizing licence text keys to GPL-3+. Will move later to AGPL if all answers are positive. 2013-01-16 15:36:08 +01:00			`* the Free Software Foundation; either version 3 of the License, or`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
Move Gnu.org to https 2019-09-23 21:55:30 +02:00			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`*/`

			`/**`
New: Can set session timeout. 2008-10-12 13:41:13 +02:00			`* \file htdocs/admin/events.php`
			`* \ingroup core`
			`* \brief Log event setup page`
			`*/`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
Removed parenthesis from all require and replaced with single quotes 2012-08-22 23:24:21 +02:00			`require '../main.inc.php';`
Removed parenthesis from all require_once and replaced with single quotes 2012-08-22 23:11:24 +02:00			`require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';`
			`require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';`
			`require_once DOL_DOCUMENT_ROOT.'/core/class/events.class.php';`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00

NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`if (!$user->admin) {`
			`accessforbidden();`
			`}`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
loadlangs 2018-05-26 18:41:16 +02:00			`// Load translation files required by the page`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$langs->loadLangs(array("users", "admin", "other"));`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$action = GETPOST('action', 'aZ09');`
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'myobjectlist'; // To manage different context of search`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-04-13 13:24:42 +02:00			`$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')`
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00
			`// Load variable for pagination`
			`$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;`
			`$sortfield = GETPOST('sortfield', 'alpha');`
			`$sortorder = GETPOST('sortorder', 'alpha');`
			`$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int');`
			`if (empty($page) \|\| $page < 0 \|\| GETPOST('button_search', 'alpha') \|\| GETPOST('button_removefilter', 'alpha')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters`
			`$offset = $limit * $page;`
			`$pageprev = $page - 1;`
			`$pagenext = $page + 1;`
New: Added USER_LOGIN trigger event 2008-03-17 15:59:34 +01:00
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$securityevent = new Events($db);`
			`$eventstolog = $securityevent->eventstolog;`
Delete of security event keep add a delete event 2011-07-19 01:28:30 +02:00
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
			`/*`
Delete of security event keep add a delete event 2011-07-19 01:28:30 +02:00			`* Actions`
			`*/`
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`if ($action == "save")`
			`{`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$i = 0;`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
Delete of security event keep add a delete event 2011-07-19 01:28:30 +02:00			`$db->begin();`
Fix: Sending page when subproduct feature is enabled 2009-04-05 21:01:43 +02:00
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`foreach ($eventstolog as $key => $arr)`
			`{`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$param = 'MAIN_LOGEVENTS_'.$arr['id'];`
Fight against $_POST 2020-02-16 19:33:58 +01:00			`if (GETPOST($param, 'alphanohtml')) dolibarr_set_const($db, $param, GETPOST($param, 'alphanohtml'), 'chaine', 0, '', $conf->entity);`
PSR2 space after comma in function call 2019-01-27 11:55:16 +01:00			`else dolibarr_del_const($db, $param, $conf->entity);`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`}`
Fix: Sending page when subproduct feature is enabled 2009-04-05 21:01:43 +02:00
Delete of security event keep add a delete event 2011-07-19 01:28:30 +02:00			`$db->commit();`
[Qual] Uniformize code 2015-10-27 13:42:00 +01:00			`setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`}`



Fix: Sending page when subproduct feature is enabled 2009-04-05 21:01:43 +02:00			`/*`
			`* View`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`*/`

NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`$form = new Form($db);`

			`$varpage = empty($contextpage) ? $_SERVER["PHP_SELF"] : $contextpage;`
			`$selectedfields = '';`
			`$selectedfields .= $form->showCheckAddButtons('checkforselect', 1);`

Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$wikihelp = 'EN:Setup_Security\|FR:Paramétrage_Sécurité\|ES:Configuración_Seguridad';`
PSR2 space after comma in function call 2019-01-27 11:55:16 +01:00			`llxHeader('', $langs->trans("Audit"), $wikihelp);`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
Fix back link of look and feel v7 2018-02-26 09:20:05 +01:00			`//$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';`
PSR2 space after comma in function call 2019-01-27 11:55:16 +01:00			`print load_fiche_titre($langs->trans("SecuritySetup"), '', 'title_setup');`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
Look and feel v11 2019-12-09 09:43:38 +01:00			`print '<span class="opacitymedium">'.$langs->trans("LogEventDesc", $langs->transnoentitiesnoconv("AdminTools"), $langs->transnoentitiesnoconv("Audit"))."</span><br>\n";`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`print "<br>\n";`


			`print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';`
Fix $_SESSION['newtoken'] must be newToken() 2019-12-18 23:12:31 +01:00			`print '<input type="hidden" name="token" value="'.newToken().'">';`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`print '<input type="hidden" name="action" value="save">';`

Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$head = security_prepare_head();`
Fix: W3C. form into table is forbidden. This makes some browsers crazy. 2014-11-20 10:15:24 +01:00
CSS enhancement 2017-03-23 10:59:13 +01:00			`dol_fiche_head($head, 'audit', $langs->trans("Security"), -1);`
Fix: W3C. form into table is forbidden. This makes some browsers crazy. 2014-11-20 10:15:24 +01:00
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`print '<table class="noborder" width="100%">';`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`print "<tr class=\"liste_titre\">";`
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`print getTitleFieldOfList("LogEvents", 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, '')."\n";`
			`print getTitleFieldOfList($selectedfields, 0, $_SERVER["PHP_SELF"], '', '', '', '', $sortfield, $sortorder, 'center maxwidthsearch ')."\n";`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`print "</tr>\n";`
Doxygen 2010-10-27 23:51:41 +02:00			`// Loop on each event type`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`foreach ($eventstolog as $key => $arr)`
			`{`
			`if ($arr['id'])`
trim trailing 2018-07-26 18:22:16 +02:00			`{`
Replace usage of $bc[$var] with class="oddeven" 2017-04-14 11:22:48 +02:00			`print '<tr class="oddeven">';`
Delete of security event keep add a delete event 2011-07-19 01:28:30 +02:00			`print '<td>'.$arr['id'].'</td>';`
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`print '<td class="center">';`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2020-02-18 23:47:25 +01:00			`$key = 'MAIN_LOGEVENTS_'.$arr['id'];`
			`$value = $conf->global->$key;`
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`print '<input class="oddeven checkforselect" type="checkbox" name="'.$key.'" value="1"'.($value ? ' checked' : '').'>';`
Delete of security event keep add a delete event 2011-07-19 01:28:30 +02:00			`print '</td></tr>'."\n";`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`}`
			`}`
			`print '</table>';`

Fix: W3C. form into table is forbidden. This makes some browsers crazy. 2014-11-20 10:15:24 +01:00			`dol_fiche_end();`

			`print '<div class="center">';`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00			`print "<input type=\"submit\" name=\"save\" class=\"button\" value=\"".$langs->trans("Save")."\">";`
NEW Can check all events in one click in setup of audited events 2020-04-12 13:25:19 +02:00			`print '</div>';`
New: Add "Audit" feature. 2008-02-28 21:37:04 +01:00
			`print "</form>\n";`

standardize 2018-07-28 17:26:56 +02:00			`// End of page`
Fix: remove obsolete tags (in progress) 2011-08-27 16:24:16 +02:00			`llxFooter();`
Fix: W3C. form into table is forbidden. This makes some browsers crazy. 2014-11-20 10:15:24 +01:00			`$db->close();`