source: trunk/admin/admin.php

<?php

/************************************************************************/
/* Eleonline - Raccolta e diffusione dei dati elettorali                */
/* by Roberto Gigli & Luciano Apolito                                   */
/* http://www.eleonline.it                                              */
/* info@eleonline.it  luciano@aniene.net rgigli@libero.it               */
/************************************************************************/
/* Admin                                                                  */
/* Amministrazione                                                      */
/************************************************************************/

/* Descrizione file admin.php = 
effettua il login o il rilancio alla gestione */

define('ADMIN_FILE', true);
#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
global $multicomune,$msglogout,$language,$id_sez;

// Adattamento variabili superglobal
// Versione di php
$phpver = phpversion();
global $dbi;
// converte superglobal se php e' < 4.1.0

if ($phpver < '4.1.0') {
  $_GET = $HTTP_GET_VARS;
  $_POST = $HTTP_POST_VARS;
  $_SERVER = $HTTP_SERVER_VARS;
  $_FILES = $HTTP_POST_FILES;
  $_ENV = $HTTP_ENV_VARS;
  if($_SERVER['REQUEST_METHOD'] == "POST") {
    $_REQUEST = $_POST;
  } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
    $_REQUEST = $_GET;
  }
  if(isset($HTTP_COOKIE_VARS)) {
    $_COOKIE = $HTTP_COOKIE_VARS;
  }
  if(isset($HTTP_SESSION_VARS)) {
    $_SESSION = $HTTP_SESSION_VARS;
  }
}

$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid=''; 
if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
 
// Additional security (Union, CLike, XSS)

// We want to use the function stripos,
// but thats only available since PHP5.
// So we cloned the function...
if(!function_exists('stripos')) {
  function stripos_clone($haystack, $needle, $offset=0) {
    return strpos(strtoupper($haystack), strtoupper($needle), $offset);
  }
} else {
// But when this is PHP5, we use the original function  
  function stripos_clone($haystack, $needle, $offset=0) {
    return stripos($haystack, $needle, $offset=0);
  }
}

  if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
    $queryString = $_SERVER['QUERY_STRING'];
    if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
      die('Operazione non consentita');
    }
  }


foreach ($_GET as $sec_key => $secvalue) {
    if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
        (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
        (preg_match("/\"/", $secvalue)) ||
        (preg_match("/inside_mod/i", $sec_key))) {
        die ("Operazione non consentita");
     }
  }

  foreach ($_POST as $secvalue) {
    if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
      die ('Operazione non consentita');
    }
  }
  
// Posting from other servers in not allowed
// Fix by Quake
// Bug found by PeNdEjO

if ($_SERVER['REQUEST_METHOD'] == "POST") {
  if (isset($_SERVER['HTTP_REFERER'])) {
    if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
        die('Posting da un altro server non  consentito!');
    }
  } else {
#    die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
  }
}
  

  




//===================================================================
session_name('sesadmin');
#session_start();//MODIFICHE PER GESTIONE SESSIONI
  // gestione sessione
$a = session_id();
if(empty($a)) session_start();
#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];

if (file_exists("config.php")){ 
        $install="0"; @require_once("config.php"); 
}else{ 
        $install="1";
}

# verifica se effettuata la configurazione
if(empty($dbname) || $install=="1") {
    die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
}

$dsn = "mysql:host=$dbhost";
$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
if($prefix == '') {
        db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
}
try 
{
        $dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
}
catch(PDOException $e)
{
        echo $sql . "<br>" . $e->getMessage();die();
}
$sql = "use $dbname";
try
{
        $dbi->exec($sql);
}
catch(PDOException $e)
{
        echo $sql . "<br>" . $e->getMessage();
}                                                                                               
$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
$sth->execute();
$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
$sth->execute();
$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
$sth->execute();
$sth = $dbi->prepare("SET CHARACTER SET utf8");
$sth->execute();

$sth = $dbi->prepare("SET NAMES 'utf8'");
$sth->execute();
$sth = $dbi->prepare("select * from ".$prefix."_config");
$sth->execute();

#               $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
#               mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
##      mysql_query("SET NAMES 'utf8'", $dbi);
//---10/05/2009  gestione consultazione predefinita
$sth = $dbi->prepare("select * from ".$prefix."_config");
$sth->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
#$row = $sth->fetchAll();       
$siteistat=$row['siteistat'];
if (!isset($_SESSION['id_comune'])){
        $_SESSION['sitename']=$row['sitename'];
        $_SESSION['siteurl']=$row['siteurl'];
        $_SESSION['site_logo']=$row['site_logo'];
        $_SESSION['slogan']=$row['slogan'];
        $_SESSION['startdate']=$row['startdate'];
        $_SESSION['adminmail']=$row['adminmail'];
#       if (isset($tema) and $tema=='facebook')
#               $_SESSION['tema']=$row['tema'];
        $_SESSION['foot']=$row['foot'];
        $_SESSION['lang']=$row['language'];
        $_SESSION['blocco']=$row['blocco'];
        $_SESSION['testata']=$row['testata'];
#       $_SESSION['logo']=$row['logo'];
        $_SESSION['fileout']=$row['fileout'];
        $_SESSION['copyright']=$row['copyright'];
        $_SESSION['versione']=$row['versione'];
        $_SESSION['patch']=$row['patch'];
        $_SESSION['id_comune']=$row['siteistat'];
        $_SESSION['multicomune']=$row['multicomune'];
        $_SESSION['flash']=$row['flash'];
        $_SESSION['displayerrors']=$row['displayerrors'];
        $_SESSION['editor']=$row['editor'];
        $_SESSION['tema_on']=$row['tema_on'];
        $_SESSION['ed_user']=$row['ed_user'];
        $multicomune=$row['multicomune'];
}

//fine
        if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
        if (!isset($_SESSION['tema'])) 
                $_SESSION['tema']='default';
        $tema=$_SESSION['tema'];

if (isset($param['aid'])) {
    if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }   
        if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
        if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
        if (isset($_SESSION['aid'])){ 
                logout();//se hai gia' una sessione aperta non puoi postare 'aid'
        }else{
                
                          //  $pwd2=$param['pwd'];
                        $mpwd=md5($pwd2);

                        // se superUserAdmin 
        ########
        #       $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
        #       $sth->execute();        
        #       $row = $sth->fetch(PDO::FETCH_ASSOC);   
                if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
        #       if ($adminsuper==1) $id_comune2=0; else 
                $id_comune2=$id_comune;
                $sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
                $sth->execute();        
                $esiste=$sth->rowCount();
        #       $adminsuper=$row['adminsuper'];
                $row = $sth->fetch(PDO::FETCH_ASSOC);
                if(!$esiste) {
                        $msglogout=2;
                        logout();
                }else{ 
                        if ($row['pwd']!=$mpwd) {
                                $msglogout=3;
                                logout();                               
                        }elseif($row['adminop']==1) {
                                $msglogout=1;
                                logout();                               
                        }                               
                        $counter=$row['counter'];
                        $tmplang=$row['admlanguage'];
                        if(strlen($tmplang)==2) $language=$tmplang;
                        $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
                        $sth->execute();        
#                       $row = $sth->fetch(PDO::FETCH_ASSOC);                           
                        if ($esiste==1) {
#                               $_SESSION['dbi']=$dbi;
                                $_SESSION['aid']="$aid";
                                $_SESSION['pwd']="$mpwd";
                                $_SESSION['lang']="$language";
                                $_SESSION['id_comune']="$id_comune";
                                $_SESSION['prefix']="soraldo";
                                $_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
                                $_SESSION['bgcolor1']='#ffffff';
                                $_SESSION['bgcolor2']='#c5c5c5'; 
                                if (!isset($op)) $op='consultazione';
                                session_regenerate_id();
                        } 
                }
        }
}else{
#$_SESSION['dbi']=$dbi;

} 
# si settano le variabili per il controllo degli aggiornamenti
if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
{
        $sql="SELECT COLUMN_NAME
        FROM INFORMATION_SCHEMA.COLUMNS
        WHERE TABLE_SCHEMA = '$dbname'
        AND TABLE_NAME = '".$prefix."_config'
        AND COLUMN_NAME = 'aggiornamento'";
        $sth = $dbi->prepare($sql);
        $sth->execute();
        if($sth->rowCount()) 
        {               
                $sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
                $sth = $dbi->prepare($sql);
                $sth->execute();
        }
/*      $sth = $dbi->prepare("select aggiornamento from ".$prefix."_config");
        $sth->execute();
        list($agg)=$sth->fetch(PDO::FETCH_NUM);
        $_SESSION['aggiornamento']=$agg;*/
###########
        $righe='';
        if(phpversion()<5.6) $host="http://80.211.143.127";
        else $host="https://trac.eleonline.it";
        $headers=get_headers("$host/ele3/changeset/");
        $testurl=strlen($headers[0])>0?true:false;
        if(!$testurl){          
                $newrev=0;
        }else{
                $file = file("$host/ele3/changeset/");
                $cntFile = count($file);
                $fine=0;
                $currentLine=0;

                foreach ($file as $line_num => $line) {
                        if(strpos($line,'<title>') ) {$fine=1; continue;}
                        if ($fine){
                                $newrev=(int) filter_var($line, FILTER_SANITIZE_NUMBER_INT);
                                break;
                        }
                }
        }
        include('versione.php');
        $myrev=intval(substr($versione,-4,4));
#       $_SESSION['aggiornamento']=$agg;
        $_SESSION['localrev']=$myrev;
        $_SESSION['remoterev']=$newrev;         
        unset($file);           
#               if($agg) include('aggiornamento.php');
#die("local: ".$_SESSION['localrev'].$_SESSION['remoterev']);   
}
if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
if(!isset($language)) $language=$_SESSION['lang'];
if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;

if (isset($_SESSION['aid'])) 
{
//lettura sessione
$aid=$_SESSION['aid'];
#$dbi=$_SESSION['dbi'];
$prefix=$_SESSION['prefix'];
$id_comune=$_SESSION['id_comune'];
if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
else {
#       $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
        $sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1"; # TEST: and id_sez>0 
        $rese = $dbi->prepare("$sql");
        $rese->execute();
        if($rese->rowCount()) 
        {list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
        else {
                $sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and  t2.id_comune='$id_comune'";
                $sth = $dbi->prepare($sql);
                $sth->execute();        
                $row = $sth->fetch(PDO::FETCH_BOTH);
                if($sth->rowCount())
                        $id_cons_gen=$row[0];
                else
                $id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
        }
} 
$currentlang=$_SESSION['lang'];
#$bgcolor1=$_SESSION['bgcolor1'];
$bgcolor2=$_SESSION['bgcolor2'];
$bgcolor1='#e7e7e7';
$session=$_SESSION['remote'];

}



/*********************************************************/
/* Login Function                                        */
/*********************************************************/
function ChiSei($idcg){
global $dbi, $msglogout, $id_cons_gen;

$aid=$_SESSION['aid'];
$prefix=$_SESSION['prefix'];
$pwd=$_SESSION['pwd'];
$id_comune=$_SESSION['id_comune'];
#echo "prima: $idcg - dopo: $id_cons_gen<br>";
$perms=0;
$sql="select adminsuper, admincomune, adminop  from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
$sth = $dbi->prepare("$sql");
$sth->execute();        
$row = $sth->fetch(PDO::FETCH_BOTH);    

$adminsuper=$row[0];
$admincomune=$row[1];
$oper=$row[2]; 
        if ($adminsuper==1)
                return 256;
        elseif ($admincomune==1) 
                return 64;
#               $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
        elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and 
        else {
#               $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
                $sql="select t1.id_cons, t1.id_cons_gen from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.chiusa='0' and t1.id_comune='$id_comune' and date_add(t2.data_fine, interval 3 day)>CURDATE()";
                $sth = $dbi->prepare("$sql");
                $sth->execute();        
                if(!$sth->rowCount()) { $msglogout=1; $perms=0; return $perms;}
                list($id_cons,$idcg) = $sth->fetch(PDO::FETCH_NUM);           
                if (!$id_cons_gen) $id_cons_gen=$idcg; 
                $sql="select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid'";
                $sth = $dbi->prepare("$sql");
                $sth->execute();                
                list($perms) = $sth->fetch(PDO::FETCH_NUM);
                return $perms;
        }
}

function OpenTable(){
echo "<table  width=\"100%\"   cellpadding=\"0\" cellspacing=\"2\"  BORDER=\"0\">";
}

function CloseTable(){
echo "</table>";
}

function login() {
    global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $perms, $msglogout;#, $id_cons_gen
    if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
    if (!isset($id_comune)) $id_comune=0;
        if(isset($_SESSION['aid'])){
                session_regenerate_id();
        }
        $lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
    $id_ses=session_id();

    //include("modules/Elezioni/language/lang-$lang.php");
        if($multicomune==''){
                $sth = $dbi->prepare("select multicomune from ".$prefix."_config");
                $sth->execute();
                list($multicomune) = $sth->fetch(PDO::FETCH_NUM);       
        }
    include ("header.php");
    echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
        if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
        elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
        elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
        elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
    echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
        ."<table class=\"table-menu\">"
        ."<tr><td>"._ADMINID."</td>"
        ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
        ."<tr><td>"._PASSWORD."</td>"
        ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
        ."<tr><td>";
        // scelta comune 
        if($multicomune=='1'){
                echo ""._COMUNE."</td><td>";
                $sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
                $sth = $dbi->prepare("$sql");
                $sth->execute();        
                $row = $sth->fetchAll();
                echo "<select name=\"id_comune\">";
                foreach($row as $comuni)
                {$id=$comuni[0];$descrizione=$comuni[1];
                        $sel=($id == $id_comune) ? "selected":"";
                        echo "<option value=\"$id\" $sel>$descrizione";
                }
        }else{
                echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
        }
//      echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
        if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
        echo "</td></tr><tr><td>";
        echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
        echo "<input type=\"submit\" VALUE=\""._OK."\">"
        ."</td></tr></table>"
        ."</form></div>";
        
    include ("footer.php");
}

function logout()
{
/* $lang=$_SESSION['lang'];
$id_comune=$_SESSION['id_comune'];
//      setcookie ("PHPSESSID", "", time() - 3600);
        session_cache_expire (0);
        $_SESSION=array();  //MODIFICHE PER GESTIONE SESSIONI
        session_unset();        
        session_destroy();
        Header("Location: admin.php?id_comune=$id_comune&language=$lang");
*/

global $siteistat,$perms,$msglogout; 
$language=$_SESSION['lang'];
$ref="Location: admin.php?"; 
#$ref="Location: https://www.eleonline.it/adminmob/admin.php?"; 
if (isset($_SESSION['id_comune'])) 
$id_comune=$_SESSION['id_comune']; 
else 
$id_comune=$siteistat; 
$ref=$ref."id_comune=".$id_comune; 

if (isset($_SESSION['lang'])) 
$ref=$ref."&language=$language"; 
$ref.="&msglogout=$msglogout";
$_SESSION=array();  
session_unset(); 
session_destroy(); 
session_cache_expire (0); 
Header($ref); 

}
#include("TEST tema: $tema--");
#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
#die( "$sql <br> TEST id_cons_gen:$id_cons_gen:".$_SESSION['id_cons_gen']);
if(isset($id_cons_gen) and isset($id_comune)){
        if(!isset($id_cons)){ 
#               $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
                $sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
                $sth = $dbi->prepare("$sql");
                $sth->execute();        
                if ($sth->rowCount()) {
                        list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
                        $_SESSION['id_cons']=$id_cons;
                }
        } 
        if(isset($id_cons)) {
                $sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune";
                try {
                        $resmod = $dbi->prepare("$sql");
                        $resmod->execute();
                }catch(PDOException $e)
                {
#                       echo "Viene eseguito un aggiornamento forzato del db<br>";
                        $_SESSION['forzadb']=1;
                        include("modules/Elezioni/aggiornamento.php");

                        die();
                }
                list($id_sez) = $resmod->fetch(PDO::FETCH_NUM); 
                if($id_sez) {
                        $sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
                        $resmod = $dbi->prepare("$sql");
                        $resmod->execute();
                        if ($resmod->rowCount()>0) {
                                list($id_cons_gen, $desc,$id_cons)=$resmod->fetch(PDO::FETCH_NUM);
                                $tema='Futura2'; 
                                $_SESSION['tema']=$tema;
                        } #else {die("TEST: $sql"); logout();}
                }
        } 
$perms=ChiSei($id_cons_gen); 
if($perms==0) {logout();} 
}

#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
//if (isset($param['op'])) $op=$param['op']; else $op='ele';
#
#die("TEST: qui2 op:$op - $aid $id_cons $id_sez ".$_SESSION['aid']);

if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
        if($tema=='Futura2' and $op!='logout') 
        {
                include("temi/$tema/index.php");
        }else
switch($op) {
    case "tipo":
    include("modules/Elezioni/ele_tipi.php");
        break;
    case "aggiorna":
    include("modules/Elezioni/aggiornamento.php");
        break;
    case "constipi":
    include("modules/Elezioni/ele_consultazionitipi.php");
        break;
    case "parziali":
    include("modules/Elezioni/ele_parziali.php");
        break;
    case "ele": 
    include("modules/Elezioni/ele.php");
    break;
    case "consultazione":
    include("modules/Elezioni/ele_consultazioni.php");
    break;
    case "configurazione":
    include("modules/Elezioni/ele_configurazione.php");
    break;
    case "cons_comuni":
    include("modules/Elezioni/ele_cons_comuni.php");
    break;
    case "confconsiglio":
    include("modules/Elezioni/ele_confcons.php");
    break;
    case "inscomuni":
    include("modules/Elezioni/ele_comuni.php");
    break;
    case "oper_admin":
    include("modules/Elezioni/ele_operatori.php");
    break;
    case "inscollegi":
    include("modules/Elezioni/ele_collegi.php");
    break;
    case "associazioni":
    include("modules/Elezioni/ele_associazioni.php");
    break;
    case "operatori":
    include("modules/Elezioni/ele_operatori.php");
    break;
    case "permessi":
    include("modules/Elezioni/ele_permessi.php");
    break;
    case "circo":
    include("modules/Elezioni/ele_circo.php");
    break;
 case "sede":
    include("modules/Elezioni/ele_sede.php");
    break;
case "sezione":
    include("modules/Elezioni/ele_sezione.php");
    break;
case "gruppo":
    include("modules/Elezioni/ele_gruppo.php");
    break;
case "rec_add_aff":
    include("modules/Elezioni/ele_affluenze.php");
    break;
case "rec_add_mod":
    include("modules/Elezioni/ele_modelli.php");
    break;
case "upgruppo":
    include("modules/Elezioni/ele_gruppo.php");
    break;
case "delimggruppo":
    include("modules/Elezioni/ele_gruppo.php");
    break;
case "lista":
    include("modules/Elezioni/ele_lista.php");
    break;
case "uplista":
    include("modules/Elezioni/ele_lista.php");
    break;
case "delimglista":
    include("modules/Elezioni/ele_lista.php");
    break;
case "candidato":
    include("modules/Elezioni/ele_candidato.php");
    break;
case "upcandidato":
    include("modules/Elezioni/ele_candidato.php");
    break;
case "delimgcandidato":
    include("modules/Elezioni/ele_candidato.php");
    break;

case "voti":
    include("modules/Elezioni/ele_voti.php");
    break;
case "sezioni_voti":
    include("modules/Elezioni/ele_voti.php");
    break;
case "rec_voti":
    include("modules/Elezioni/ele_voti.php");
    break;
case "rec_voti_gruppi":
    include("modules/Elezioni/ele_voti.php");
    break;
case "rec_add_votanti":
    include("modules/Elezioni/ele_voti.php");
    break;
case "rec_finale":
    include("modules/Elezioni/ele_voti.php");
    break;
case "controllo_voti":
    include("modules/Elezioni/controllo_voti.php");
    break;
case "controllo_votanti":
    include("modules/Elezioni/controllo_votanti.php");
    break;
case "come":
    include("modules/Elezioni/ele_come.php");
    break;
case "numeri":
    include("modules/Elezioni/ele_come.php");
    break;
case "servizi":
    include("modules/Elezioni/ele_come.php");
    break;
case "link":
    include("modules/Elezioni/ele_come.php");
    break;
case "conf":
    include("modules/Elezioni/ele_conf.php");
    break;
case "stampa":
    include("modules/Elezioni/ele_stampe.php");
 break;
case "cambiopwd":
    include("modules/Elezioni/ele_pwd.php");
    break;
case "eletti":
    include("modules/Elezioni/ele_eletti.php");
    break;
case "foto":
    include("modules/Elezioni/foto.php");
    break;
case "consiglieri":
    include("modules/Elezioni/ele_consiglieri.php");
    break;
case "backup":
    include("modules/Elezioni/backup.php");
    break;
case "restore":
    include("modules/Elezioni/restore.php");
    break;
case "scarica":
    include("modules/Elezioni/scarica.php");
    break;
case "importa":
    include("modules/Elezioni/importa.php");
    break;
case "widget":
    include("modules/Elezioni/ele_widget.php");
    break;
case "riepilogo":
    include("modules/Elezioni/ele_riepilogo.php");
    break;
case "riepilogovoti":
    include("modules/Elezioni/ele_riepilogovoti.php");
    break;
case "logout":
        logout();
    break;
}

}else {

    login();

}

?>