2008-02-28 17:27:18 +01:00
|
|
|
<?php
|
2010-04-12 02:27:14 +02:00
|
|
|
/* Copyright (C) 2007-2010 Laurent Destailleur <eldy@users.sourceforge.net>
|
2012-12-30 15:13:49 +01:00
|
|
|
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@capnetworks.com>
|
2008-02-28 17:27:18 +01:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2013-01-16 15:36:08 +01:00
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2008-02-28 17:27:18 +01:00
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2011-08-01 01:45:11 +02:00
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2008-02-28 17:27:18 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
2010-06-08 01:52:43 +02:00
|
|
|
* \file htdocs/core/class/events.class.php
|
2008-11-09 13:33:13 +01:00
|
|
|
* \ingroup core
|
2011-06-19 16:35:16 +02:00
|
|
|
* \brief File of class to manage security events.
|
2008-11-09 13:33:13 +01:00
|
|
|
* \author Laurent Destailleur
|
|
|
|
|
*/
|
2008-02-28 17:27:18 +01:00
|
|
|
|
|
|
|
|
// Put here all includes required by your class file
|
2012-08-22 23:11:24 +02:00
|
|
|
//require_once DOL_DOCUMENT_ROOT.'/core/class/commonobject.class.php';
|
|
|
|
|
//require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
|
|
|
|
|
//require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
|
2008-02-28 17:27:18 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Events class
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2008-02-28 17:27:18 +01:00
|
|
|
class Events // extends CommonObject
|
|
|
|
|
{
|
2011-09-20 19:19:46 +02:00
|
|
|
public $element='events'; //!< Id that identify managed objects
|
|
|
|
|
public $table_element='events'; //!< Name of table without prefix where object is stored
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2009-10-20 14:45:52 +02:00
|
|
|
var $id;
|
2012-02-20 10:09:28 +01:00
|
|
|
var $db;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2015-04-08 21:50:17 +02:00
|
|
|
var $error;
|
|
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
var $tms;
|
2008-02-28 21:37:04 +01:00
|
|
|
var $type;
|
2009-04-27 22:37:50 +02:00
|
|
|
var $entity;
|
2008-02-28 17:27:18 +01:00
|
|
|
var $dateevent;
|
|
|
|
|
var $description;
|
|
|
|
|
|
2017-09-16 01:34:15 +02:00
|
|
|
// List of all Audit/Security events supported by triggers
|
2011-07-19 01:28:30 +02:00
|
|
|
var $eventstolog=array(
|
|
|
|
|
array('id'=>'USER_LOGIN', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_LOGIN_FAILED', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_LOGOUT', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_CREATE', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_MODIFY', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_NEW_PASSWORD', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_ENABLEDISABLE', 'test'=>1),
|
|
|
|
|
array('id'=>'USER_DELETE', 'test'=>1),
|
2017-02-28 11:48:46 +01:00
|
|
|
/* array('id'=>'USER_SETINGROUP', 'test'=>1), deprecated. Replace with USER_MODIFY
|
|
|
|
|
array('id'=>'USER_REMOVEFROMGROUP', 'test'=>1), deprecated. Replace with USER_MODIFY */
|
2011-07-19 01:28:30 +02:00
|
|
|
array('id'=>'GROUP_CREATE', 'test'=>1),
|
|
|
|
|
array('id'=>'GROUP_MODIFY', 'test'=>1),
|
|
|
|
|
array('id'=>'GROUP_DELETE', 'test'=>1),
|
|
|
|
|
/* array('id'=>'ACTION_CREATE', 'test'=>$conf->societe->enabled),
|
|
|
|
|
array('id'=>'COMPANY_CREATE', 'test'=>$conf->societe->enabled),
|
|
|
|
|
array('id'=>'CONTRACT_VALIDATE', 'test'=>$conf->contrat->enabled),
|
|
|
|
|
array('id'=>'PROPAL_VALIDATE', 'test'=>$conf->propal->enabled),
|
|
|
|
|
array('id'=>'PROPAL_CLOSE_SIGNED', 'test'=>$conf->propal->enabled),
|
|
|
|
|
array('id'=>'PROPAL_CLOSE_REFUSED', 'test'=>$conf->propal->enabled),
|
|
|
|
|
array('id'=>'PROPAL_SENTBYMAIL', 'test'=>$conf->propal->enabled),
|
|
|
|
|
array('id'=>'ORDER_VALIDATE', 'test'=>$conf->commande->enabled),
|
|
|
|
|
array('id'=>'ORDER_SENTBYMAIL', 'test'=>$conf->commande->enabled),
|
|
|
|
|
array('id'=>'BILL_VALIDATE', 'test'=>$conf->facture->enabled),
|
|
|
|
|
array('id'=>'BILL_PAYED', 'test'=>$conf->facture->enabled),
|
|
|
|
|
array('id'=>'BILL_CANCEL', 'test'=>$conf->facture->enabled),
|
|
|
|
|
array('id'=>'BILL_SENTBYMAIL', 'test'=>$conf->facture->enabled),
|
|
|
|
|
array('id'=>'PAYMENT_CUSTOMER_CREATE','test'=>$conf->facture->enabled),
|
|
|
|
|
array('id'=>'PAYMENT_SUPPLIER_CREATE','test'=>$conf->fournisseur->enabled),
|
|
|
|
|
array('id'=>'MEMBER_CREATE', 'test'=>$conf->adherent->enabled),
|
|
|
|
|
array('id'=>'MEMBER_VALIDATE', 'test'=>$conf->adherent->enabled),
|
|
|
|
|
array('id'=>'MEMBER_SUBSCRIPTION', 'test'=>$conf->adherent->enabled),
|
|
|
|
|
array('id'=>'MEMBER_MODIFY', 'test'=>$conf->adherent->enabled),
|
|
|
|
|
array('id'=>'MEMBER_RESILIATE', 'test'=>$conf->adherent->enabled),
|
|
|
|
|
array('id'=>'MEMBER_DELETE', 'test'=>$conf->adherent->enabled),
|
|
|
|
|
*/
|
|
|
|
|
);
|
2008-02-28 17:27:18 +01:00
|
|
|
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2009-10-20 14:45:52 +02:00
|
|
|
/**
|
2011-09-11 20:35:38 +02:00
|
|
|
* Constructor
|
|
|
|
|
*
|
2012-02-20 10:09:28 +01:00
|
|
|
* @param DoliDB $db Database handler
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2012-07-30 17:17:33 +02:00
|
|
|
function __construct($db)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
2012-02-20 10:09:28 +01:00
|
|
|
$this->db = $db;
|
2009-10-20 14:45:52 +02:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2011-09-11 20:35:38 +02:00
|
|
|
* Create in database
|
2012-02-20 10:09:28 +01:00
|
|
|
*
|
2011-09-11 20:35:38 +02:00
|
|
|
* @param User $user User that create
|
|
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
|
|
|
|
function create($user)
|
|
|
|
|
{
|
|
|
|
|
global $conf, $langs;
|
|
|
|
|
|
|
|
|
|
// Clean parameters
|
|
|
|
|
$this->description=trim($this->description);
|
2018-11-21 15:40:15 +01:00
|
|
|
if (empty($this->user_agent) && !empty($_SERVER['HTTP_USER_AGENT'])) $this->user_agent=$_SERVER['HTTP_USER_AGENT'];
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Check parameters
|
2015-02-11 22:54:06 +01:00
|
|
|
if (empty($this->description)) { $this->error='ErrorBadValueForParameterCreateEventDesc'; return -1; }
|
2009-10-20 14:45:52 +02:00
|
|
|
|
|
|
|
|
// Insert request
|
|
|
|
|
$sql = "INSERT INTO ".MAIN_DB_PREFIX."events(";
|
|
|
|
|
$sql.= "type,";
|
|
|
|
|
$sql.= "entity,";
|
|
|
|
|
$sql.= "ip,";
|
|
|
|
|
$sql.= "user_agent,";
|
|
|
|
|
$sql.= "dateevent,";
|
|
|
|
|
$sql.= "fk_user,";
|
|
|
|
|
$sql.= "description";
|
|
|
|
|
$sql.= ") VALUES (";
|
2017-09-15 15:41:07 +02:00
|
|
|
$sql.= " '".$this->db->escape($this->type)."',";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " ".$conf->entity.",";
|
2018-11-21 15:40:15 +01:00
|
|
|
$sql.= " '".$this->db->escape(getUserRemoteIP())."',";
|
|
|
|
|
$sql.= " ".($this->user_agent ? "'".$this->db->escape(dol_trunc($this->user_agent,250))."'" : 'NULL').",";
|
2014-03-15 23:12:00 +01:00
|
|
|
$sql.= " '".$this->db->idate($this->dateevent)."',";
|
2017-09-15 15:41:07 +02:00
|
|
|
$sql.= " ".($user->id?"'".$this->db->escape($user->id)."'":'NULL').",";
|
2014-10-31 15:41:58 +01:00
|
|
|
$sql.= " '".$this->db->escape(dol_trunc($this->description,250))."'";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= ")";
|
|
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::create", LOG_DEBUG);
|
2009-10-20 14:45:52 +02:00
|
|
|
$resql=$this->db->query($sql);
|
|
|
|
|
if ($resql)
|
|
|
|
|
{
|
|
|
|
|
$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."events");
|
|
|
|
|
return $this->id;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Update database
|
|
|
|
|
*
|
|
|
|
|
* @param User $user User that modify
|
|
|
|
|
* @param int $notrigger 0=no, 1=yes (no update trigger)
|
|
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2014-11-15 18:24:38 +01:00
|
|
|
function update($user=null, $notrigger=0)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
|
|
|
|
global $conf, $langs;
|
|
|
|
|
|
|
|
|
|
// Clean parameters
|
|
|
|
|
$this->id=trim($this->id);
|
|
|
|
|
$this->type=trim($this->type);
|
|
|
|
|
$this->description=trim($this->description);
|
|
|
|
|
|
|
|
|
|
// Check parameters
|
|
|
|
|
// Put here code to add control on parameters values
|
|
|
|
|
|
|
|
|
|
// Update request
|
|
|
|
|
$sql = "UPDATE ".MAIN_DB_PREFIX."events SET";
|
2017-05-12 16:55:11 +02:00
|
|
|
$sql.= " type='".$this->db->escape($this->type)."',";
|
2017-07-26 21:22:53 +02:00
|
|
|
$sql.= " dateevent='".$this->db->idate($this->dateevent)."',";
|
2011-02-24 19:11:12 +01:00
|
|
|
$sql.= " description='".$this->db->escape($this->description)."'";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " WHERE rowid=".$this->id;
|
|
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::update", LOG_DEBUG);
|
2009-10-20 14:45:52 +02:00
|
|
|
$resql = $this->db->query($sql);
|
|
|
|
|
if (! $resql)
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Load object in memory from database
|
|
|
|
|
*
|
|
|
|
|
* @param int $id Id object
|
|
|
|
|
* @param User $user User that load
|
|
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2014-11-15 18:24:38 +01:00
|
|
|
function fetch($id, $user=null)
|
2009-10-20 14:45:52 +02:00
|
|
|
{
|
|
|
|
|
global $langs;
|
|
|
|
|
|
|
|
|
|
$sql = "SELECT";
|
|
|
|
|
$sql.= " t.rowid,";
|
2010-01-13 19:51:19 +01:00
|
|
|
$sql.= " t.tms,";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " t.type,";
|
|
|
|
|
$sql.= " t.entity,";
|
2010-01-13 19:51:19 +01:00
|
|
|
$sql.= " t.dateevent,";
|
2009-10-20 14:45:52 +02:00
|
|
|
$sql.= " t.description,";
|
|
|
|
|
$sql.= " t.ip,";
|
|
|
|
|
$sql.= " t.user_agent";
|
|
|
|
|
$sql.= " FROM ".MAIN_DB_PREFIX."events as t";
|
|
|
|
|
$sql.= " WHERE t.rowid = ".$id;
|
|
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
|
2009-10-20 14:45:52 +02:00
|
|
|
$resql=$this->db->query($sql);
|
|
|
|
|
if ($resql)
|
|
|
|
|
{
|
|
|
|
|
if ($this->db->num_rows($resql))
|
|
|
|
|
{
|
|
|
|
|
$obj = $this->db->fetch_object($resql);
|
|
|
|
|
|
|
|
|
|
$this->id = $obj->rowid;
|
2010-01-13 19:51:19 +01:00
|
|
|
$this->tms = $this->db->jdate($obj->tms);
|
2009-10-20 14:45:52 +02:00
|
|
|
$this->type = $obj->type;
|
|
|
|
|
$this->entity = $obj->entity;
|
2010-01-13 19:51:19 +01:00
|
|
|
$this->dateevent = $this->db->jdate($obj->dateevent);
|
2009-10-20 14:45:52 +02:00
|
|
|
$this->description = $obj->description;
|
|
|
|
|
$this->ip = $obj->ip;
|
|
|
|
|
$this->user_agent = $obj->user_agent;
|
|
|
|
|
}
|
|
|
|
|
$this->db->free($resql);
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2012-02-20 10:09:28 +01:00
|
|
|
* Delete object in database
|
|
|
|
|
*
|
|
|
|
|
* @param User $user User that delete
|
|
|
|
|
* @return int <0 if KO, >0 if OK
|
2009-10-20 14:45:52 +02:00
|
|
|
*/
|
2008-02-28 17:27:18 +01:00
|
|
|
function delete($user)
|
|
|
|
|
{
|
|
|
|
|
global $conf, $langs;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
$sql = "DELETE FROM ".MAIN_DB_PREFIX."events";
|
|
|
|
|
$sql.= " WHERE rowid=".$this->id;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2014-06-12 11:31:53 +02:00
|
|
|
dol_syslog(get_class($this)."::delete", LOG_DEBUG);
|
2008-02-28 17:27:18 +01:00
|
|
|
$resql = $this->db->query($sql);
|
|
|
|
|
if (! $resql)
|
|
|
|
|
{
|
|
|
|
|
$this->error="Error ".$this->db->lasterror();
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 17:27:18 +01:00
|
|
|
/**
|
2011-09-20 19:19:46 +02:00
|
|
|
* Initialise an instance with random values.
|
|
|
|
|
* Used to build previews or test instances.
|
|
|
|
|
* id must be 0 if object instance is a specimen.
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
2008-02-28 17:27:18 +01:00
|
|
|
*/
|
|
|
|
|
function initAsSpecimen()
|
|
|
|
|
{
|
|
|
|
|
$this->id=0;
|
2009-01-21 15:09:42 +01:00
|
|
|
|
2008-02-28 21:37:04 +01:00
|
|
|
$this->tms=time();
|
|
|
|
|
$this->type='';
|
|
|
|
|
$this->dateevent=time();
|
|
|
|
|
$this->description='This is a specimen event';
|
2008-02-28 17:27:18 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
