Changeset 253 for trunk

Timestamp:

Apr 15, 2017, 3:51:51 PM (7 years ago)

Author:

roby

Message:

admin: allargato lo spazio di lavoro
client: sistemato il tema Futura2 per il mobile

Location:

trunk

Files:

• admin/temi/facebook/style.css (modified) (1 diff)
• client/inc/csrf-magic/csrf-magic.php (modified) (11 diffs)
• client/modules/Elezioni/grafici.php (modified) (2 diffs)
• client/modules/Elezioni/gruppo.php (modified) (8 diffs)
• client/modules/Elezioni/language/lang-it.php (modified) (1 diff)
• client/temi/Futura2/config.php (modified) (1 diff)
• client/temi/Futura2/style.css (added)
• install/sql/eleonline.sql (modified) (1 diff)

trunk/admin/temi/facebook/style.css

@@ -87 +87 @@
 
 div#container{
-    width: 999px;
+    width: 80%;
     margin: 0 auto;   /*centra negli altri browsers*/
     /*text-align: left;  */ /*ripristina l' allineamento*/

trunk/client/inc/csrf-magic/csrf-magic.php

@@ -54 +54 @@
  */
 $GLOBALS['csrf']['secret'] = '';
+// nota bene: library code should use csrf_get_secret() and not access
+// this global directly
 
 /**
@@ -130 +132 @@
 
 // Don't edit this!
-$GLOBALS['csrf']['version'] = '1.0.1';
+$GLOBALS['csrf']['version'] = '1.0.4';
 
 /**
@@ -152 +154 @@
     $name = $GLOBALS['csrf']['input-name'];
     $endslash = $GLOBALS['csrf']['xhtml'] ? ' /' : '';
-    $input = "\n<div><input type='hidden' name='$name' value=\"$tokens\"$endslash></div>";
+    $input = "<input type='hidden' name='$name' value=\"$tokens\"$endslash>";
     $buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . $input, $buffer);
     if ($GLOBALS['csrf']['frame-breaker']) {
@@ -216 +218 @@
     if (!$has_cookies && $secret) {
         // :TODO: Harden this against proxy-spoofing attacks
-        $ip = ';ip:' . csrf_hash($_SERVER['IP_ADDRESS']);
+        $IP_ADDRESS = (isset($_SERVER['IP_ADDRESS']) ? $_SERVER['IP_ADDRESS'] : $_SERVER['REMOTE_ADDR']);
+        $ip = ';ip:' . csrf_hash($IP_ADDRESS);
     } else {
         $ip = '';
@@ -241 +244 @@
 }
 
+function csrf_flattenpost($data) {
+    $ret = array();
+    foreach($data as $n => $v) {
+        $ret = array_merge($ret, csrf_flattenpost2(1, $n, $v));
+    }
+    return $ret;
+}
+function csrf_flattenpost2($level, $key, $data) {
+    if(!is_array($data)) return array($key => $data);
+    $ret = array();
+    foreach($data as $n => $v) {
+        $nk = $level >= 1 ? $key."[$n]" : "[$n]";
+        $ret = array_merge($ret, csrf_flattenpost2($level+1, $nk, $v));
+    }
+    return $ret;
+}
+
 /**
  * @param $tokens is safe for HTML consumption
  */
 function csrf_callback($tokens) {
+    // (yes, $tokens is safe to echo without escaping)
     header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
-    echo "<html><head><title>CSRF check failed</title></head><body>CSRF check failed. Please enable cookies.<br />Debug: ".$tokens."</body></html>
+    $data = '';
+    foreach (csrf_flattenpost($_POST) as $key => $value) {
+        if ($key == $GLOBALS['csrf']['input-name']) continue;
+        $data .= '<input type="hidden" name="'.htmlspecialchars($key).'" value="'.htmlspecialchars($value).'" />';
+    }
+    echo "<html><head><title>CSRF check failed</title></head>
+        <body>
+        <p>CSRF check failed. Your form session may have expired, or you may not have
+        cookies enabled.</p>
+        <form method='post' action=''>$data<input type='submit' value='Try again' /></form>
+        <p>Debug: $tokens</p></body></html>
 ";
 }
@@ -298 +329 @@
             if (!empty($_COOKIE)) return false;
             if (!$GLOBALS['csrf']['allow-ip']) return false;
-            return $value === csrf_hash($_SERVER['IP_ADDRESS'], $time);
+            $IP_ADDRESS = (isset($_SERVER['IP_ADDRESS']) ? $_SERVER['IP_ADDRESS'] : $_SERVER['REMOTE_ADDR']);
+            return $value === csrf_hash($IP_ADDRESS, $time);
     }
     return false;
@@ -328 +360 @@
 function csrf_get_secret() {
     if ($GLOBALS['csrf']['secret']) return $GLOBALS['csrf']['secret'];
-    // secret by db l.apolito
-    global $prefix,$dbi;
-    # crea campo secret nella tabella _config se non esiste             
-    $campo= mysql_query("SHOW COLUMNS FROM ".$prefix."_config LIKE 'secret' ",$dbi);
-    $esiste=mysql_num_rows($campo);
-        if ($esiste==0) {
-                $result=mysql_query("ALTER TABLE ".$prefix."_config ADD secret VARCHAR(30);",$dbi);
-        }
-
-    $res_secret =  mysql_query("SELECT * FROM ".$prefix."_config" , $dbi);
-    $row = mysql_fetch_array($res_secret);
-    $secret = $row['secret'];   
-    if (isset($secret)){ return $secret;
-
-    }else{
-        $secret = csrf_generate_secret();
-        mysql_query("UPDATE ".$prefix."_config SET secret='$secret'" , $dbi);
-        return $secret;
-    }
-         return '';
-
-        
-    /* nel caso di registrazione del file                               
     $dir = dirname(__FILE__);
     $file = $dir . '/csrf-secret.php';
@@ -358 +367 @@
         return $secret;
     }
-        
     if (is_writable($dir)) {
         $secret = csrf_generate_secret();
@@ -367 +375 @@
     }
     return '';
-    */  
 }
 
@@ -375 +382 @@
 function csrf_generate_secret($len = 32) {
     $r = '';
-    for ($i = 0; $i < 32; $i++) {
+    for ($i = 0; $i < $len; $i++) {
         $r .= chr(mt_rand(0, 255));
     }
@@ -388 +395 @@
 function csrf_hash($value, $time = null) {
     if (!$time) $time = time();
-    return sha1($GLOBALS['csrf']['secret'] . $value . $time) . ',' . $time;
+    return sha1(csrf_get_secret() . $value . $time) . ',' . $time;
 }
 

trunk/client/modules/Elezioni/grafici.php

@@ -657 +657 @@
 
 function graf_candidato(){
-global $bgcolor1, $bgcolor5,$bgcolor5, $prefix, $dbi, $offset, $min,$descr_cons, $id_cons,$tipo_cons,$copy,$id_comune,$id_istat,$genere,$votog,$votol,$votoc,$circo,$siteistat;
+global $descr_com, $bgcolor1, $bgcolor5,$bgcolor5, $prefix, $dbi, $offset, $min,$descr_cons, $id_cons,$tipo_cons,$copy,$id_comune,$id_istat,$genere,$votog,$votol,$votoc,$circo,$siteistat;
 
 $logo=verificasimbolo(); // carica_logo da funzioni.php 
@@ -700 +700 @@
                         while (list($id_lista,$id_cand,$nome,$cognome,$voti)  = mysql_fetch_row($res)){
                                 $candidato[$i]=$cognome;
-                                $pro[$i]=number_format($voti*100/$tot,2);
+                                if ($tot) $pro[$i]=number_format($voti*100/$tot,2); else $pro[$i]=0;
                                 // sviluppo tabella dati
                                 $e=$i+1;

trunk/client/modules/Elezioni/gruppo.php

@@ -638 +638 @@
                                         $voticompl=$sevaltot+$senultot+$sebiatot+$secontot+$sevnutot;
                                         $resvt = mysql_query("SELECT voti from ".$prefix."_ele_voti_$tab15 where id_cons='$id_cons'",$dbi);
-                                        list($votlt)=mysql_fetch_row($resvt);
+                                        if($resvt) list($votlt)=mysql_fetch_row($resvt); else $votlt=0;
                                         $temp3=arrayperc($tempar,$sevaltot);
                                         while (list($key,$voti)= each($temp)) {
@@ -680 +680 @@
                 }else{
                         $res_lis = mysql_query("SELECT id_gruppo, descrizione,num_gruppo from ".$prefix."_ele_gruppo where id_cons=$id_cons order by num_gruppo",$dbi);
-                        $numliste=mysql_num_rows($res_lis);
+                        if($res_lis) $numliste=mysql_num_rows($res_lis); else $numliste=0;
 
                         if (!isset($offset)) $offset=10;
@@ -695 +695 @@
                                 echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\"></input>";                 
                                 echo ""._SCELTA." "._CONSULTAZIONE.": <select name=\"id_gruppo\">";
-                                while(list($id_rif,$descrizione,$num_lis) = mysql_fetch_row($res_lis)) {
+                                if($res_lis)
+                                    while(list($id_rif,$descrizione,$num_lis) = mysql_fetch_row($res_lis)) {
                                         if (!$id_gruppo) $id_gruppo=$id_rif;
                                         $sel = ($id_rif == $id_gruppo) ? "selected=\"selected\"" : "";
@@ -701 +702 @@
                                         for ($j=strlen($num_lis);$j<2;$j++) { echo "&nbsp;&nbsp;";}
                                         echo $num_lis.") ".strip_tags(substr($descrizione,0,50))."</option>";
-                                }
+                                    }
                                 echo "</select>";
                                 echo "<br />"._VIS_PERC.": <input type=\"checkbox\" name=\"perc\" value=\"true\"";
@@ -724 +725 @@
                         order by $tab3, t1.num_gruppo
                         ", $dbi);
-                        $num_sez=mysql_num_rows($res);
-                        list($num_gruppo,$descr)= mysql_fetch_row($res_ref);
+                        if($res) $num_sez=mysql_num_rows($res); else $num_sez=0;
+                        if($res_ref) list($num_gruppo,$descr)= mysql_fetch_row($res_ref); else {$num_gruppo=0;$descr='';}
                         
                         if (!$csv){
@@ -811 +812 @@
                 $ar[0][5]=_BIANCHI;
                 $ar[0][6]=_CONTESTATI;
-                
-                while (list($num_gruppo,$desc_ref) = mysql_fetch_row($res_ref)){
+                if($res_ref)
+                    while (list($num_gruppo,$desc_ref) = mysql_fetch_row($res_ref)){
                         $ar[0][$i++]= $num_gruppo.") ".$desc_ref;
                         $ar[1][$y++]= "SI";
                         $ar[1][$y++]= "NO";
-                }
+                    }
                 $num_sez++;
                 $tot_si=0;
@@ -824 +825 @@
                 $tot_bi=0;
                 $tot_co=0;
-                while (list($num_circ,$desc_circ,$num_gruppo,$desc_ref,$simbolo,$si,$no,$validi,$nulli,$bianchi, $contestati)  = mysql_fetch_row($res)){
+                if($res)
+                    while (list($num_circ,$desc_circ,$num_gruppo,$desc_ref,$simbolo,$si,$no,$validi,$nulli,$bianchi, $contestati)  = mysql_fetch_row($res)){
                         $i=1;
                         $votanti=$validi+$nulli+$bianchi+$contestati;
@@ -852 +854 @@
                         $ar[$num_circ][$i++]= $perc=='true' ? $contestati."<br /><span class=\"red\"><i>0.00%</i></span>":$contestati;
                         }
-                }
+                    }
                 $i=1;
                 $tot_vo=$tot_va+$tot_nu+$tot_bi+$tot_co;

trunk/client/modules/Elezioni/language/lang-it.php

@@ -272 +272 @@
 //global $tipo_cons;
 switch ($tipo_cons){
+        case '':
+                define("_CONSULTAZIONE","Consultazione");
+                break;
         case 1:
                 define("_SCELTA_CIR","Scegli la Circoscrizione");

trunk/client/temi/Futura2/config.php

@@ -14 +14 @@
 elseif($rss==4){$colortheme="d";$_SESSION['colortheme']=$colortheme;}
 elseif($rss==5){$colortheme="e";$_SESSION['colortheme']=$colortheme;}
-elseif($rss==6){$colortheme="f";$_SESSION['colortheme']=$colortheme;}
+else {$colortheme="f";$_SESSION['colortheme']=$colortheme;}
+
+#elseif($rss==6){$colortheme="f";$_SESSION['colortheme']=$colortheme;}
+
+#colori
+#f=arancio;e=azzurro-grigio;d=verde;c=rosso;b=azzurro;a=grigio
 
 # verifica se arriva dalle app iphone e android

trunk/install/sql/eleonline.sql

@@ -100 +100 @@
 /*!40000 ALTER TABLE `soraldo_config` DISABLE KEYS */;
 LOCK TABLES `soraldo_config` WRITE;
-INSERT INTO `soraldo_config` VALUES ('','http://www.fonte-nuova.it','','Sito istituzionale','Maggio 2009','admin@localhost','facebook','<b>Comune di Menfi</b><br>\r\nvia  - 84023 Menfi (Ag)\r\nTel:  Fax: \r\n<hr>','it','1','','','','Gpl v3',2,0,84023,'1','1','','','0','1','1','Admin');
+INSERT INTO `soraldo_config` VALUES ('','http://www.fonte-nuova.it','','Sito istituzionale','Maggio 2009','admin@localhost','facebook','<b>Comune di Menfi</b><br>\r\nvia  - 84023 Menfi (Ag)\r\nTel:  Fax: \r\n<hr>','it','1','','','','Gpl v3',2,0,84023,'1','1','0','','0','1','1','Admin');
 UNLOCK TABLES;
 /*!40000 ALTER TABLE `soraldo_config` ENABLE KEYS */;