2008-02-28 17:27:18 +01:00
|
|
|
<?php
|
2019-07-04 02:01:55 +02:00
|
|
|
/* Copyright (C) 2007-2019 Laurent Destailleur <eldy@users.sourceforge.net>
|
2018-10-27 14:43:12 +02:00
|
|
|
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
|
2008-02-28 17:27:18 +01:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2013-01-16 15:36:08 +01:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2008-02-28 17:27:18 +01:00
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2019-09-23 21:55:30 +02:00
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2008-02-28 17:27:18 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
2010-06-08 01:52:43 +02:00
|
|
|
* \file htdocs/core/class/events.class.php
|
2008-11-09 13:33:13 +01:00
|
|
|
* \ingroup core
|
2011-06-19 16:35:16 +02:00
|
|
|
* \brief File of class to manage security events.
|
2008-11-09 13:33:13 +01:00
|
|
|
*/
|
2008-02-28 17:27:18 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2018-08-28 08:33:02 +02:00
|
|
|
* Events class
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2008-02-28 17:27:18 +01:00
|
|
|
class Events // extends CommonObject
|
|
|
|
|
{
|
2018-08-23 18:17:09 +02:00
|
|
|
/**
|
|
|
|
|
* @var string ID to identify managed object
|
|
|
|
|
*/
|
|
|
|
|
public $element='events';
|
2018-08-28 08:33:02 +02:00
|
|
|
|
2018-08-22 18:34:50 +02:00
|
|
|
/**
|
|
|
|
|
* @var string Name of table without prefix where object is stored
|
|
|
|
|
*/
|
2018-08-28 08:33:02 +02:00
|
|
|
public $table_element='events';
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2018-08-22 11:24:31 +02:00
|
|
|
/**
|
|
|
|
|
* @var int ID
|
|
|
|
|
*/
|
|
|
|
|
public $id;
|
2018-08-28 08:33:02 +02:00
|
|
|
|
|
|
|
|
/**
|
2018-08-22 11:06:34 +02:00
|
|
|
* @var DoliDB Database handler.
|
|
|
|
|
*/
|
|
|
|
|
public $db;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2018-08-22 10:37:16 +02:00
|
|
|
/**
|
|
|
|
|
* @var string Error code (or message)
|
|
|
|
|
*/
|
|
|
|
|
public $error='';
|
2015-04-08 21:50:17 +02:00
|
|
|
|
2018-10-04 09:24:57 +02:00
|
|
|
public $tms;
|
|
|
|
|
public $type;
|
2018-10-05 15:44:57 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var int Entity
|
|
|
|
|
*/
|
2018-10-04 09:24:57 +02:00
|
|
|
public $entity;
|
2018-10-05 15:44:57 +02:00
|
|
|
|
2018-10-04 09:24:57 +02:00
|
|
|
public $dateevent;
|
2018-08-31 19:26:08 +02:00
|
|
|
|
2019-07-29 02:16:21 +02:00
|
|
|
public $ip;
|
|
|
|
|
|
|
|
|
|
public $user_agent;
|
|
|
|
|
|
2018-08-31 19:26:08 +02:00
|
|
|
/**
|
|
|
|
|
* @var string description
|
|
|
|
|
*/
|
|
|
|
|
public $description;
|
2008-02-28 17:27:18 +01:00
|
|
|
|
2019-07-29 02:16:21 +02:00
|
|
|
/**
|
|
|
|
|
* @var string Prefix session obtained with method dol_getprefix()
|
|
|
|
|
*/
|
|
|
|
|
public $prefix_session;
|
|
|
|
|
|
2017-09-16 01:34:15 +02:00
|
|
|
// List of all Audit/Security events supported by triggers
|
2018-10-04 09:24:57 +02:00
|
|
|
public $eventstolog=array(
|
2018-12-10 11:19:52 +01:00
|
|
|
array('id'=>'USER_LOGIN', 'test'=>1),
|
2011-07-19 01:28:30 +02:00
|
|
|
array('id'=>'USER_LOGIN_FAILED', 'test'=>1),
|
2018-12-10 11:19:52 +01:00
|
|
|
array('id'=>'USER_LOGOUT', 'test'=>1),
|
2011-07-19 01:28:30 +02:00
|
|
|
array('id'=>'USER_CREATE', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_MODIFY', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_NEW_PASSWORD', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_ENABLEDISABLE', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_DELETE', 'test'=>1),
|
|
|
|
|
array('id'=>'GROUP_CREATE', 'test'=>1),
|
|
|
|
|
array('id'=>'GROUP_MODIFY', 'test'=>1),
|
|
|
|
|
array('id'=>'GROUP_DELETE', 'test'=>1),
|
|
|
|
|
);
|
2008-02-28 17:27:18 +01:00
|
|
|
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2019-07-29 02:16:21 +02:00
|
|
|
// BEGIN MODULEBUILDER PROPERTIES
|
|
|
|
|
/**
|
|
|
|
|
* @var array Array with all fields and their property. Do not use it as a static var. It may be modified by constructor.
|
|
|
|
|
*/
|
|
|
|
|
public $fields=array(
|
|
|
|
|
'rowid' =>array('type'=>'integer', 'label'=>'TechnicalID', 'enabled'=>1, 'visible'=>-2, 'noteditable'=>1, 'notnull'=> 1, 'index'=>1, 'position'=>1, 'comment'=>'Id'),
|
|
|
|
|
'entity' =>array('type'=>'integer', 'label'=>'Entity', 'enabled'=>1, 'visible'=>0, 'notnull'=> 1, 'default'=>1, 'index'=>1, 'position'=>20),
|
|
|
|
|
'prefix_session'=>array('type'=>'varchar(255)', 'label'=>'PrefixSession', 'enabled'=>1, 'visible'=>-1, 'notnull'=>-1, 'index'=>0, 'position'=>1000),
|
|
|
|
|
'user_agent' =>array('type'=>'varchar(255)', 'label'=>'UserAgent', 'enabled'=>1, 'visible'=>-1, 'notnull'=> 1, 'default'=>0, 'index'=>1, 'position'=>1000),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
2009-10-20 14:45:52 +02:00
|
|
|
/**
|
2011-09-11 20:35:38 +02:00
|
|
|
* Constructor
|
|
|
|
|
*
|
2012-02-20 10:09:28 +01:00
|
|
|
* @param DoliDB $db Database handler
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2019-02-27 20:45:07 +01:00
|
|
|
public function __construct($db)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
2012-02-20 10:09:28 +01:00
|
|
|
$this->db = $db;
|
2009-10-20 14:45:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2011-09-11 20:35:38 +02:00
|
|
|
* Create in database
|
2012-02-20 10:09:28 +01:00
|
|
|
*
|
2011-09-11 20:35:38 +02:00
|
|
|
* @param User $user User that create
|
2019-02-27 20:45:07 +01:00
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2019-02-27 20:45:07 +01:00
|
|
|
public function create($user)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
2019-07-04 02:01:55 +02:00
|
|
|
global $conf;
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Clean parameters
|
|
|
|
|
$this->description=trim($this->description);
|
2018-11-21 15:40:15 +01:00
|
|
|
if (empty($this->user_agent) && !empty($_SERVER['HTTP_USER_AGENT'])) $this->user_agent=$_SERVER['HTTP_USER_AGENT'];
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Check parameters
|
2015-02-11 22:54:06 +01:00
|
|
|
if (empty($this->description)) { $this->error='ErrorBadValueForParameterCreateEventDesc'; return -1; }
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Insert request
|
|
|
|
|
$sql = "INSERT INTO ".MAIN_DB_PREFIX."events(";
|
|
|
|
|
$sql.= "type,";
|
|
|
|
|
$sql.= "entity,";
|
|
|
|
|
$sql.= "ip,";
|
|
|
|
|
$sql.= "user_agent,";
|
|
|
|
|
$sql.= "dateevent,";
|
|
|
|
|
$sql.= "fk_user,";
|
2019-07-29 02:16:21 +02:00
|
|
|
$sql.= "description,";
|
|
|
|
|
$sql.= "prefix_session";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= ") VALUES (";
|
2017-09-15 15:41:07 +02:00
|
|
|
$sql.= " '".$this->db->escape($this->type)."',";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " ".$conf->entity.",";
|
2018-11-21 15:40:15 +01:00
|
|
|
$sql.= " '".$this->db->escape(getUserRemoteIP())."',";
|
2019-01-27 11:55:16 +01:00
|
|
|
$sql.= " ".($this->user_agent ? "'".$this->db->escape(dol_trunc($this->user_agent, 250))."'" : 'NULL').",";
|
2014-03-15 23:12:00 +01:00
|
|
|
$sql.= " '".$this->db->idate($this->dateevent)."',";
|
2017-09-15 15:41:07 +02:00
|
|
|
$sql.= " ".($user->id?"'".$this->db->escape($user->id)."'":'NULL').",";
|
2019-07-29 02:16:21 +02:00
|
|
|
$sql.= " '".$this->db->escape(dol_trunc($this->description, 250))."',";
|
|
|
|
|
$sql.= " '".$this->db->escape(dol_getprefix())."'";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= ")";
|
|
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
2009-10-20 14:45:52 +02:00
|
|
|
$resql=$this->db->query($sql);
|
|
|
|
|
if ($resql)
|
|
|
|
|
{
|
|
|
|
|
$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."events");
|
|
|
|
|
return $this->id;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Update database
|
|
|
|
|
*
|
|
|
|
|
* @param User $user User that modify
|
|
|
|
|
* @param int $notrigger 0=no, 1=yes (no update trigger)
|
|
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2019-02-27 20:45:07 +01:00
|
|
|
public function update($user = null, $notrigger = 0)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
|
|
|
|
// Clean parameters
|
|
|
|
|
$this->id=trim($this->id);
|
|
|
|
|
$this->type=trim($this->type);
|
|
|
|
|
$this->description=trim($this->description);
|
|
|
|
|
|
|
|
|
|
// Check parameters
|
|
|
|
|
// Put here code to add control on parameters values
|
|
|
|
|
|
|
|
|
|
// Update request
|
|
|
|
|
$sql = "UPDATE ".MAIN_DB_PREFIX."events SET";
|
2017-05-12 16:55:11 +02:00
|
|
|
$sql.= " type='".$this->db->escape($this->type)."',";
|
2017-07-26 21:22:53 +02:00
|
|
|
$sql.= " dateevent='".$this->db->idate($this->dateevent)."',";
|
2011-02-24 19:11:12 +01:00
|
|
|
$sql.= " description='".$this->db->escape($this->description)."'";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " WHERE rowid=".$this->id;
|
|
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::update", LOG_DEBUG);
|
2009-10-20 14:45:52 +02:00
|
|
|
$resql = $this->db->query($sql);
|
|
|
|
|
if (! $resql)
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Load object in memory from database
|
|
|
|
|
*
|
|
|
|
|
* @param int $id Id object
|
|
|
|
|
* @param User $user User that load
|
|
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2019-02-27 20:45:07 +01:00
|
|
|
public function fetch($id, $user = null)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
|
|
|
|
$sql = "SELECT";
|
|
|
|
|
$sql.= " t.rowid,";
|
2010-01-13 19:51:19 +01:00
|
|
|
$sql.= " t.tms,";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " t.type,";
|
|
|
|
|
$sql.= " t.entity,";
|
2010-01-13 19:51:19 +01:00
|
|
|
$sql.= " t.dateevent,";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " t.description,";
|
|
|
|
|
$sql.= " t.ip,";
|
2019-07-29 02:16:21 +02:00
|
|
|
$sql.= " t.user_agent,";
|
|
|
|
|
$sql.= " t.prefix_session";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " FROM ".MAIN_DB_PREFIX."events as t";
|
|
|
|
|
$sql.= " WHERE t.rowid = ".$id;
|
|
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
2009-10-20 14:45:52 +02:00
|
|
|
$resql=$this->db->query($sql);
|
|
|
|
|
if ($resql)
|
|
|
|
|
{
|
|
|
|
|
if ($this->db->num_rows($resql))
|
|
|
|
|
{
|
|
|
|
|
$obj = $this->db->fetch_object($resql);
|
|
|
|
|
|
|
|
|
|
$this->id = $obj->rowid;
|
2010-01-13 19:51:19 +01:00
|
|
|
$this->tms = $this->db->jdate($obj->tms);
|
2009-10-20 14:45:52 +02:00
|
|
|
$this->type = $obj->type;
|
|
|
|
|
$this->entity = $obj->entity;
|
2010-01-13 19:51:19 +01:00
|
|
|
$this->dateevent = $this->db->jdate($obj->dateevent);
|
2009-10-20 14:45:52 +02:00
|
|
|
$this->description = $obj->description;
|
|
|
|
|
$this->ip = $obj->ip;
|
|
|
|
|
$this->user_agent = $obj->user_agent;
|
2019-07-29 02:16:21 +02:00
|
|
|
$this->prefix_session = $obj->prefix_session;
|
2009-10-20 14:45:52 +02:00
|
|
|
}
|
|
|
|
|
$this->db->free($resql);
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Delete object in database
|
|
|
|
|
*
|
|
|
|
|
* @param User $user User that delete
|
|
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2019-02-27 20:45:07 +01:00
|
|
|
public function delete($user)
|
2008-02-28 17:27:18 +01:00
|
|
|
{
|
|
|
|
|
$sql = "DELETE FROM ".MAIN_DB_PREFIX."events";
|
|
|
|
|
$sql.= " WHERE rowid=".$this->id;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
|
2008-02-28 17:27:18 +01:00
|
|
|
$resql = $this->db->query($sql);
|
|
|
|
|
if (! $resql)
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
/**
|
2011-09-20 19:19:46 +02:00
|
|
|
* Initialise an instance with random values.
|
|
|
|
|
* Used to build previews or test instances.
|
|
|
|
|
* id must be 0 if object instance is a specimen.
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
2019-02-27 20:45:07 +01:00
|
|
|
*/
|
|
|
|
|
public function initAsSpecimen()
|
2008-02-28 17:27:18 +01:00
|
|
|
{
|
|
|
|
|
$this->id=0;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 21:37:04 +01:00
|
|
|
$this->tms=time();
|
|
|
|
|
$this->type='';
|
|
|
|
|
$this->dateevent=time();
|
|
|
|
|
$this->description='This is a specimen event';
|
2019-07-29 02:16:21 +02:00
|
|
|
$this->ip = '1.2.3.4';
|
|
|
|
|
$this->user_agent = 'Mozilla specimen User Agent X.Y';
|
|
|
|
|
$this->prefix_session = dol_getprefix();
|
2019-02-27 20:45:07 +01:00
|
|
|
}
|
2008-02-28 17:27:18 +01:00
|
|
|
}
|
