- Timestamp:
- Apr 15, 2017, 3:51:51 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/temi/facebook/style.css
r250 r253 87 87 88 88 div#container{ 89 width: 999px;89 width: 80%; 90 90 margin: 0 auto; /*centra negli altri browsers*/ 91 91 /*text-align: left; */ /*ripristina l' allineamento*/ -
trunk/client/inc/csrf-magic/csrf-magic.php
r153 r253 54 54 */ 55 55 $GLOBALS['csrf']['secret'] = ''; 56 // nota bene: library code should use csrf_get_secret() and not access 57 // this global directly 56 58 57 59 /** … … 130 132 131 133 // Don't edit this! 132 $GLOBALS['csrf']['version'] = '1.0. 1';134 $GLOBALS['csrf']['version'] = '1.0.4'; 133 135 134 136 /** … … 152 154 $name = $GLOBALS['csrf']['input-name']; 153 155 $endslash = $GLOBALS['csrf']['xhtml'] ? ' /' : ''; 154 $input = " \n<div><input type='hidden' name='$name' value=\"$tokens\"$endslash></div>";156 $input = "<input type='hidden' name='$name' value=\"$tokens\"$endslash>"; 155 157 $buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . $input, $buffer); 156 158 if ($GLOBALS['csrf']['frame-breaker']) { … … 216 218 if (!$has_cookies && $secret) { 217 219 // :TODO: Harden this against proxy-spoofing attacks 218 $ip = ';ip:' . csrf_hash($_SERVER['IP_ADDRESS']); 220 $IP_ADDRESS = (isset($_SERVER['IP_ADDRESS']) ? $_SERVER['IP_ADDRESS'] : $_SERVER['REMOTE_ADDR']); 221 $ip = ';ip:' . csrf_hash($IP_ADDRESS); 219 222 } else { 220 223 $ip = ''; … … 241 244 } 242 245 246 function csrf_flattenpost($data) { 247 $ret = array(); 248 foreach($data as $n => $v) { 249 $ret = array_merge($ret, csrf_flattenpost2(1, $n, $v)); 250 } 251 return $ret; 252 } 253 function csrf_flattenpost2($level, $key, $data) { 254 if(!is_array($data)) return array($key => $data); 255 $ret = array(); 256 foreach($data as $n => $v) { 257 $nk = $level >= 1 ? $key."[$n]" : "[$n]"; 258 $ret = array_merge($ret, csrf_flattenpost2($level+1, $nk, $v)); 259 } 260 return $ret; 261 } 262 243 263 /** 244 264 * @param $tokens is safe for HTML consumption 245 265 */ 246 266 function csrf_callback($tokens) { 267 // (yes, $tokens is safe to echo without escaping) 247 268 header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); 248 echo "<html><head><title>CSRF check failed</title></head><body>CSRF check failed. Please enable cookies.<br />Debug: ".$tokens."</body></html> 269 $data = ''; 270 foreach (csrf_flattenpost($_POST) as $key => $value) { 271 if ($key == $GLOBALS['csrf']['input-name']) continue; 272 $data .= '<input type="hidden" name="'.htmlspecialchars($key).'" value="'.htmlspecialchars($value).'" />'; 273 } 274 echo "<html><head><title>CSRF check failed</title></head> 275 <body> 276 <p>CSRF check failed. Your form session may have expired, or you may not have 277 cookies enabled.</p> 278 <form method='post' action=''>$data<input type='submit' value='Try again' /></form> 279 <p>Debug: $tokens</p></body></html> 249 280 "; 250 281 } … … 298 329 if (!empty($_COOKIE)) return false; 299 330 if (!$GLOBALS['csrf']['allow-ip']) return false; 300 return $value === csrf_hash($_SERVER['IP_ADDRESS'], $time); 331 $IP_ADDRESS = (isset($_SERVER['IP_ADDRESS']) ? $_SERVER['IP_ADDRESS'] : $_SERVER['REMOTE_ADDR']); 332 return $value === csrf_hash($IP_ADDRESS, $time); 301 333 } 302 334 return false; … … 328 360 function csrf_get_secret() { 329 361 if ($GLOBALS['csrf']['secret']) return $GLOBALS['csrf']['secret']; 330 // secret by db l.apolito331 global $prefix,$dbi;332 # crea campo secret nella tabella _config se non esiste333 $campo= mysql_query("SHOW COLUMNS FROM ".$prefix."_config LIKE 'secret' ",$dbi);334 $esiste=mysql_num_rows($campo);335 if ($esiste==0) {336 $result=mysql_query("ALTER TABLE ".$prefix."_config ADD secret VARCHAR(30);",$dbi);337 }338 339 $res_secret = mysql_query("SELECT * FROM ".$prefix."_config" , $dbi);340 $row = mysql_fetch_array($res_secret);341 $secret = $row['secret'];342 if (isset($secret)){ return $secret;343 344 }else{345 $secret = csrf_generate_secret();346 mysql_query("UPDATE ".$prefix."_config SET secret='$secret'" , $dbi);347 return $secret;348 }349 return '';350 351 352 /* nel caso di registrazione del file353 362 $dir = dirname(__FILE__); 354 363 $file = $dir . '/csrf-secret.php'; … … 358 367 return $secret; 359 368 } 360 361 369 if (is_writable($dir)) { 362 370 $secret = csrf_generate_secret(); … … 367 375 } 368 376 return ''; 369 */370 377 } 371 378 … … 375 382 function csrf_generate_secret($len = 32) { 376 383 $r = ''; 377 for ($i = 0; $i < 32; $i++) {384 for ($i = 0; $i < $len; $i++) { 378 385 $r .= chr(mt_rand(0, 255)); 379 386 } … … 388 395 function csrf_hash($value, $time = null) { 389 396 if (!$time) $time = time(); 390 return sha1( $GLOBALS['csrf']['secret']. $value . $time) . ',' . $time;397 return sha1(csrf_get_secret() . $value . $time) . ',' . $time; 391 398 } 392 399 -
trunk/client/modules/Elezioni/grafici.php
r229 r253 657 657 658 658 function graf_candidato(){ 659 global $ bgcolor1, $bgcolor5,$bgcolor5, $prefix, $dbi, $offset, $min,$descr_cons, $id_cons,$tipo_cons,$copy,$id_comune,$id_istat,$genere,$votog,$votol,$votoc,$circo,$siteistat;659 global $descr_com, $bgcolor1, $bgcolor5,$bgcolor5, $prefix, $dbi, $offset, $min,$descr_cons, $id_cons,$tipo_cons,$copy,$id_comune,$id_istat,$genere,$votog,$votol,$votoc,$circo,$siteistat; 660 660 661 661 $logo=verificasimbolo(); // carica_logo da funzioni.php … … 700 700 while (list($id_lista,$id_cand,$nome,$cognome,$voti) = mysql_fetch_row($res)){ 701 701 $candidato[$i]=$cognome; 702 $pro[$i]=number_format($voti*100/$tot,2);702 if ($tot) $pro[$i]=number_format($voti*100/$tot,2); else $pro[$i]=0; 703 703 // sviluppo tabella dati 704 704 $e=$i+1; -
trunk/client/modules/Elezioni/gruppo.php
r225 r253 638 638 $voticompl=$sevaltot+$senultot+$sebiatot+$secontot+$sevnutot; 639 639 $resvt = mysql_query("SELECT voti from ".$prefix."_ele_voti_$tab15 where id_cons='$id_cons'",$dbi); 640 list($votlt)=mysql_fetch_row($resvt);640 if($resvt) list($votlt)=mysql_fetch_row($resvt); else $votlt=0; 641 641 $temp3=arrayperc($tempar,$sevaltot); 642 642 while (list($key,$voti)= each($temp)) { … … 680 680 }else{ 681 681 $res_lis = mysql_query("SELECT id_gruppo, descrizione,num_gruppo from ".$prefix."_ele_gruppo where id_cons=$id_cons order by num_gruppo",$dbi); 682 $numliste=mysql_num_rows($res_lis);682 if($res_lis) $numliste=mysql_num_rows($res_lis); else $numliste=0; 683 683 684 684 if (!isset($offset)) $offset=10; … … 695 695 echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\"></input>"; 696 696 echo ""._SCELTA." "._CONSULTAZIONE.": <select name=\"id_gruppo\">"; 697 while(list($id_rif,$descrizione,$num_lis) = mysql_fetch_row($res_lis)) { 697 if($res_lis) 698 while(list($id_rif,$descrizione,$num_lis) = mysql_fetch_row($res_lis)) { 698 699 if (!$id_gruppo) $id_gruppo=$id_rif; 699 700 $sel = ($id_rif == $id_gruppo) ? "selected=\"selected\"" : ""; … … 701 702 for ($j=strlen($num_lis);$j<2;$j++) { echo " ";} 702 703 echo $num_lis.") ".strip_tags(substr($descrizione,0,50))."</option>"; 703 }704 } 704 705 echo "</select>"; 705 706 echo "<br />"._VIS_PERC.": <input type=\"checkbox\" name=\"perc\" value=\"true\""; … … 724 725 order by $tab3, t1.num_gruppo 725 726 ", $dbi); 726 $num_sez=mysql_num_rows($res);727 list($num_gruppo,$descr)= mysql_fetch_row($res_ref);727 if($res) $num_sez=mysql_num_rows($res); else $num_sez=0; 728 if($res_ref) list($num_gruppo,$descr)= mysql_fetch_row($res_ref); else {$num_gruppo=0;$descr='';} 728 729 729 730 if (!$csv){ … … 811 812 $ar[0][5]=_BIANCHI; 812 813 $ar[0][6]=_CONTESTATI; 813 814 while (list($num_gruppo,$desc_ref) = mysql_fetch_row($res_ref)){814 if($res_ref) 815 while (list($num_gruppo,$desc_ref) = mysql_fetch_row($res_ref)){ 815 816 $ar[0][$i++]= $num_gruppo.") ".$desc_ref; 816 817 $ar[1][$y++]= "SI"; 817 818 $ar[1][$y++]= "NO"; 818 }819 } 819 820 $num_sez++; 820 821 $tot_si=0; … … 824 825 $tot_bi=0; 825 826 $tot_co=0; 826 while (list($num_circ,$desc_circ,$num_gruppo,$desc_ref,$simbolo,$si,$no,$validi,$nulli,$bianchi, $contestati) = mysql_fetch_row($res)){ 827 if($res) 828 while (list($num_circ,$desc_circ,$num_gruppo,$desc_ref,$simbolo,$si,$no,$validi,$nulli,$bianchi, $contestati) = mysql_fetch_row($res)){ 827 829 $i=1; 828 830 $votanti=$validi+$nulli+$bianchi+$contestati; … … 852 854 $ar[$num_circ][$i++]= $perc=='true' ? $contestati."<br /><span class=\"red\"><i>0.00%</i></span>":$contestati; 853 855 } 854 }856 } 855 857 $i=1; 856 858 $tot_vo=$tot_va+$tot_nu+$tot_bi+$tot_co; -
trunk/client/modules/Elezioni/language/lang-it.php
r230 r253 272 272 //global $tipo_cons; 273 273 switch ($tipo_cons){ 274 case '': 275 define("_CONSULTAZIONE","Consultazione"); 276 break; 274 277 case 1: 275 278 define("_SCELTA_CIR","Scegli la Circoscrizione"); -
trunk/client/temi/Futura2/config.php
r249 r253 14 14 elseif($rss==4){$colortheme="d";$_SESSION['colortheme']=$colortheme;} 15 15 elseif($rss==5){$colortheme="e";$_SESSION['colortheme']=$colortheme;} 16 elseif($rss==6){$colortheme="f";$_SESSION['colortheme']=$colortheme;} 16 else {$colortheme="f";$_SESSION['colortheme']=$colortheme;} 17 18 #elseif($rss==6){$colortheme="f";$_SESSION['colortheme']=$colortheme;} 19 20 #colori 21 #f=arancio;e=azzurro-grigio;d=verde;c=rosso;b=azzurro;a=grigio 17 22 18 23 # verifica se arriva dalle app iphone e android -
trunk/install/sql/eleonline.sql
r247 r253 100 100 /*!40000 ALTER TABLE `soraldo_config` DISABLE KEYS */; 101 101 LOCK TABLES `soraldo_config` WRITE; 102 INSERT INTO `soraldo_config` VALUES ('','http://www.fonte-nuova.it','','Sito istituzionale','Maggio 2009','admin@localhost','facebook','<b>Comune di Menfi</b><br>\r\nvia - 84023 Menfi (Ag)\r\nTel: Fax: \r\n<hr>','it','1','','','','Gpl v3',2,0,84023,'1','1',' ','','0','1','1','Admin');102 INSERT INTO `soraldo_config` VALUES ('','http://www.fonte-nuova.it','','Sito istituzionale','Maggio 2009','admin@localhost','facebook','<b>Comune di Menfi</b><br>\r\nvia - 84023 Menfi (Ag)\r\nTel: Fax: \r\n<hr>','it','1','','','','Gpl v3',2,0,84023,'1','1','0','','0','1','1','Admin'); 103 103 UNLOCK TABLES; 104 104 /*!40000 ALTER TABLE `soraldo_config` ENABLE KEYS */;
Note:
See TracChangeset
for help on using the changeset viewer.