prepare("$sql"); $res->execute(); list($tipo_cons,$id_cons) = $res->fetch(PDO::FETCH_NUM); if (isset($_GET['aid2'])) $aid2=addslashes($param['aid2']); else {if ($perms==256) $aid2='admin'; else $aid2='';} if (isset($_GET['id_sede'])) $id_sede=intval($_GET['id_sede']); else $id_sede=''; if (isset($_GET['do'])) $do=addslashes($param['do']); else $do=''; if (isset($_GET['name'])) $name=addslashes($param['name']); else $name=''; if (isset($_GET['email'])) $email=addslashes($param['email']); else $email=''; if (isset($_GET['passwd'])) $passwd=addslashes($param['passwd']); else $passwd=''; if (isset($_GET['passwd2'])) $passwd2=addslashes($param['passwd2']); else $passwd2=''; include("modules/Elezioni/funzionidata.php"); include("modules/Elezioni/ele.php"); /******************************************************/ /*Funzione di visualizzazione globale */ /*****************************************************/ //crea la pagina delle affluenze function all() { global $aid, $offset, $prefix, $dbi,$id_cons,$aid2,$id_sede,$id_cons_gen,$mex,$perms; //echo $perms;die(); $bgcolor1=$_SESSION['bgcolor1']; $id_comune=$_SESSION['id_comune']; $user=$aid; $sql="select descrizione from ".$prefix."_ele_comuni where id_comune=$id_comune"; $rescom = $dbi->prepare("$sql"); $rescom->execute(); list($descr_com) = $rescom->fetch(PDO::FETCH_NUM); $sql="SELECT aid,name,email FROM ".$prefix."_authors where aid='$aid2' and id_comune='$id_comune'"; $resmod = $dbi->prepare("$sql"); $resmod->execute(); list ($aid2,$name,$email) = $resmod->fetch(PDO::FETCH_NUM); if (isset($_GET['mex'])){ echo "

"; echo $_GET['mex']; echo "

"; } # OpenTable(); echo ""; $esiste=0; echo "

"; echo "

"; # $sql="SELECT * FROM ".$prefix."_authors where id_cons='$id_cons' and id_comune='$id_comune'"; # $resmod = $dbi->prepare("$sql"); # $resmod->execute(); echo "
"; CloseTable(); } function operatori($do,$aid2,$name,$email,$passwd,$passwd2,$id_comune) { global $aid, $prefix, $dbi, $id_cons,$id_cons_gen,$currentlang; $perms=ChiSei($id_cons_gen); if ($perms!=256) $id_comune=$_SESSION['id_comune']; if ($perms>32 and $aid2) { if ($do == "add") { $sql="select * from ".$prefix."_authors where aid='$aid2' and id_comune=$id_comune"; $res = $dbi->prepare("$sql"); $res->execute(); $max=$res->rowCount(); if ($passwd==$passwd2 and $max==0){ if ($aid2=='admin') $super='1,0,0,'; else $super = '0,1,0,'; $sql="insert into ".$prefix."_authors (aid,name,id_comune,email,pwd,counter,adminop,admincomune,adminsuper,admlanguage) values ('$aid2','$name','$id_comune' , '$email','".md5($passwd)."',0,$super'$currentlang')"; $res = $dbi->prepare("$sql"); $res->execute(); if ($perms==256 and $aid2=='admin'){ $sql="insert into ".$prefix."_ele_operatori (id_cons,id_sede,id_comune,permessi,aid) values ('0','0','$id_comune','64','$aid2')"; $res = $dbi->prepare("$sql"); $res->execute(); } Header("Location: admin.php?op=operatori&id_cons_gen=$id_cons_gen"); }else{ $mex=''; if($passwd!=$passwd2) $mex="- Le password non coincidono! -
"; if($max>0) $mex.=" - Utente $aid2 presente in archivio! - "; header("location:admin.php?op=operatori&id_cons_gen=$id_cons_gen&aid2=$aid2&name=$name&email=$email&mex=$mex"); } } elseif ($do == "update") { $sql="update ".$prefix."_authors set name='$name',pwd='".md5($passwd)."', email='$email' where id_comune='$id_comune' and aid='$aid2' "; $res = $dbi->prepare("$sql"); $res->execute(); $result=$res->rowCount(); if (!$result) return; if ($aid2==$aid) $_SESSION['pwd']=md5($passwd); Header("Location: admin.php?op=operatori&id_cons_gen=$id_cons_gen"); } } } //**************************** // switch //**************************** if ($do) operatori($do,$aid2,$name,$email,$passwd,$passwd2,$id_comune); ele(); all(); echo"

"; include("footer.php"); ?>