<?php

$where = "1";

if (!empty($_POST['searchPhrase']))
{
  $where .= ' AND S.msg LIKE "%'.mres($_POST['searchPhrase']).'%"';
}

if ($_POST['program'])
{
  $where .= " AND S.program = ?";
  $param[] = $_POST['program'];
}

if (is_numeric($_POST['device']))
{
  $where .= " AND S.device_id = ?";
  $param[] = $_POST['device'];
}

if( !empty($_POST['from']) ) {
  $where .= " AND timestamp >= ?";
  $param[] = $_POST['from'];
}
if( !empty($_POST['to']) ) {
  $where .= " AND timestamp <= ?";
  $param[] = $_POST['to'];
}

if ($_SESSION['userlevel'] >= '5')
{
  $sql = "FROM syslog AS S";
  $sql .= " WHERE ".$where;
} else {
  $sql  = "FROM syslog AS S, devices_perms AS P";
  $sql .= "WHERE S.device_id = P.device_id AND P.user_id = ?";
  $sql .= $where;
  $param = array_merge(array($_SESSION['user_id']), $param);
}

$count_sql = "SELECT COUNT(timestamp) $sql";
$total = dbFetchCell($count_sql,$param);
if (empty($total)) {
    $total = 0;
}

if (!isset($sort) || empty($sort)) {
    $sort = 'timestamp DESC';
}

$sql .= " ORDER BY $sort";

if (isset($current)) {
    $limit_low = ($current * $rowCount) - ($rowCount);
    $limit_high = $rowCount;
}

if ($rowCount != -1) {
    $sql .= " LIMIT $limit_low,$limit_high";
}

$sql = "SELECT S.*, DATE_FORMAT(timestamp, '".$config['dateformat']['mysql']['compact']."') AS date $sql";

foreach (dbFetchRows($sql,$param) as $syslog) {
    $dev = device_by_id_cache($syslog['device_id']);
    $response[] = array('timestamp'=>$syslog['date'],
                        'device_id'=>generate_device_link($dev, shorthost($dev['hostname'])),
                        'program'=>$syslog['program'],
                        'msg'=>htmlspecialchars($syslog['msg']));
}

$output = array('current'=>$current,'rowCount'=>$rowCount,'rows'=>$response,'total'=>$total);
echo _json_encode($output);
?>