source: trunk/admin/admin.php

Last change on this file was 429, checked in by roby, 12 days ago
  • ADMIN

-- Aggiunta funzione di estrazione dati in csv per consiglieri
-- Aggiunto un controllo per le tabelle voti_lista e voti_consiglieri

File size: 24.2 KB
RevLine 
[2]1<?php
2
3/************************************************************************/
4/* Eleonline - Raccolta e diffusione dei dati elettorali */
5/* by Roberto Gigli & Luciano Apolito */
6/* http://www.eleonline.it */
7/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
8/************************************************************************/
9/* Admin */
10/* Amministrazione */
11/************************************************************************/
12
13/* Descrizione file admin.php =
14effettua il login o il rilancio alla gestione */
15
16define('ADMIN_FILE', true);
17#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
[35]18# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
[361]19global $multicomune,$msglogout,$language,$id_sez;
[2]20
21// Adattamento variabili superglobal
22// Versione di php
23$phpver = phpversion();
[255]24global $dbi;
[2]25// converte superglobal se php e' < 4.1.0
26
27if ($phpver < '4.1.0') {
28 $_GET = $HTTP_GET_VARS;
29 $_POST = $HTTP_POST_VARS;
30 $_SERVER = $HTTP_SERVER_VARS;
31 $_FILES = $HTTP_POST_FILES;
32 $_ENV = $HTTP_ENV_VARS;
33 if($_SERVER['REQUEST_METHOD'] == "POST") {
34 $_REQUEST = $_POST;
35 } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
36 $_REQUEST = $_GET;
37 }
38 if(isset($HTTP_COOKIE_VARS)) {
39 $_COOKIE = $HTTP_COOKIE_VARS;
40 }
[424]41
[2]42}
43
44$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
[344]45if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
[358]46if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
47if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
48
[2]49// Additional security (Union, CLike, XSS)
50
51// We want to use the function stripos,
52// but thats only available since PHP5.
53// So we cloned the function...
54if(!function_exists('stripos')) {
55 function stripos_clone($haystack, $needle, $offset=0) {
56 return strpos(strtoupper($haystack), strtoupper($needle), $offset);
57 }
58} else {
59// But when this is PHP5, we use the original function
60 function stripos_clone($haystack, $needle, $offset=0) {
61 return stripos($haystack, $needle, $offset=0);
62 }
63}
64
65 if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
66 $queryString = $_SERVER['QUERY_STRING'];
67 if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
68 die('Operazione non consentita');
69 }
70 }
71
72
73foreach ($_GET as $sec_key => $secvalue) {
[21]74 if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
75 (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
76 (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
77 (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
78 (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
79 (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
80 (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
81 (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
82 (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
83 (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
84 (preg_match("/\"/", $secvalue)) ||
85 (preg_match("/inside_mod/i", $sec_key))) {
[2]86 die ("Operazione non consentita");
87 }
88 }
89
90 foreach ($_POST as $secvalue) {
[21]91 if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
[2]92 die ('Operazione non consentita');
93 }
94 }
95
96// Posting from other servers in not allowed
97// Fix by Quake
98// Bug found by PeNdEjO
99
100if ($_SERVER['REQUEST_METHOD'] == "POST") {
101 if (isset($_SERVER['HTTP_REFERER'])) {
102 if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
103 die('Posting da un altro server non consentito!');
104 }
105 } else {
106# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
107 }
108}
109
110
111
112
113
114
115
116//===================================================================
117session_name('sesadmin');
[255]118#session_start();//MODIFICHE PER GESTIONE SESSIONI
[2]119 // gestione sessione
[424]120if (!isset($_SESSION))
121 {
122 session_start();
123 }else session_regenerate_id();
[255]124$a = session_id();
125if(empty($a)) session_start();
126#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
[2]127
[424]128
[246]129if (file_exists("config.php")){
130 $install="0"; @require_once("config.php");
131}else{
132 $install="1";
133}
[2]134
[154]135# verifica se effettuata la configurazione
[246]136if(empty($dbname) || $install=="1") {
[230]137 die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
[154]138}
[424]139require_once('variabili.php');
[376]140$dsn = "mysql:host=$dbhost";
[377]141$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
[376]142if($prefix == '') {
143 db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
144}
145try
146{
147 $dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
148}
149catch(PDOException $e)
150{
[426]151 echo "<br>" . $e->getMessage();die();
[376]152}
153$sql = "use $dbname";
154try
155{
156 $dbi->exec($sql);
157}
158catch(PDOException $e)
159{
160 echo $sql . "<br>" . $e->getMessage();
161}
162$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
163$sth->execute();
164$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
165$sth->execute();
166$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
167$sth->execute();
168$sth = $dbi->prepare("SET CHARACTER SET utf8");
169$sth->execute();
[154]170
[376]171$sth = $dbi->prepare("SET NAMES 'utf8'");
172$sth->execute();
173$sth = $dbi->prepare("select * from ".$prefix."_config");
174$sth->execute();
[154]175
[253]176# $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
177# mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
178## mysql_query("SET NAMES 'utf8'", $dbi);
[2]179//---10/05/2009 gestione consultazione predefinita
[376]180$sth = $dbi->prepare("select * from ".$prefix."_config");
181$sth->execute();
182$row = $sth->fetch(PDO::FETCH_ASSOC);
183#$row = $sth->fetchAll();
184$siteistat=$row['siteistat'];
[2]185if (!isset($_SESSION['id_comune'])){
[253]186 $_SESSION['sitename']=$row['sitename'];
187 $_SESSION['siteurl']=$row['siteurl'];
188 $_SESSION['site_logo']=$row['site_logo'];
189 $_SESSION['slogan']=$row['slogan'];
190 $_SESSION['startdate']=$row['startdate'];
191 $_SESSION['adminmail']=$row['adminmail'];
[358]192# if (isset($tema) and $tema=='facebook')
193# $_SESSION['tema']=$row['tema'];
[253]194 $_SESSION['foot']=$row['foot'];
195 $_SESSION['lang']=$row['language'];
196 $_SESSION['blocco']=$row['blocco'];
197 $_SESSION['testata']=$row['testata'];
[255]198# $_SESSION['logo']=$row['logo'];
[253]199 $_SESSION['fileout']=$row['fileout'];
200 $_SESSION['copyright']=$row['copyright'];
201 $_SESSION['versione']=$row['versione'];
202 $_SESSION['patch']=$row['patch'];
203 $_SESSION['id_comune']=$row['siteistat'];
[255]204 $_SESSION['multicomune']=$row['multicomune'];
205 $_SESSION['flash']=$row['flash'];
206 $_SESSION['displayerrors']=$row['displayerrors'];
207 $_SESSION['editor']=$row['editor'];
208 $_SESSION['tema_on']=$row['tema_on'];
209 $_SESSION['ed_user']=$row['ed_user'];
[332]210 $multicomune=$row['multicomune'];
[378]211}
[379]212
[2]213//fine
[358]214 if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
215 if (!isset($_SESSION['tema']))
216 $_SESSION['tema']='default';
217 $tema=$_SESSION['tema'];
218
[2]219if (isset($param['aid'])) {
[358]220 if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
[2]221 if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
[21]222 if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
[358]223 if (isset($_SESSION['aid'])){
[2]224 logout();//se hai gia' una sessione aperta non puoi postare 'aid'
225 }else{
226
[358]227 // $pwd2=$param['pwd'];
228 $mpwd=md5($pwd2);
[2]229
[358]230 // se superUserAdmin
231 ########
232 # $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
233 # $sth->execute();
234 # $row = $sth->fetch(PDO::FETCH_ASSOC);
235 if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
236 # if ($adminsuper==1) $id_comune2=0; else
237 $id_comune2=$id_comune;
[416]238 $sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where binary aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
[358]239 $sth->execute();
240 $esiste=$sth->rowCount();
241 # $adminsuper=$row['adminsuper'];
242 $row = $sth->fetch(PDO::FETCH_ASSOC);
243 if(!$esiste) {
244 $msglogout=2;
245 logout();
246 }else{
247 if ($row['pwd']!=$mpwd) {
248 $msglogout=3;
249 logout();
250 }elseif($row['adminop']==1) {
251 $msglogout=1;
252 logout();
253 }
[254]254 $counter=$row['counter'];
255 $tmplang=$row['admlanguage'];
[2]256 if(strlen($tmplang)==2) $language=$tmplang;
[358]257 $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
[254]258 $sth->execute();
[358]259# $row = $sth->fetch(PDO::FETCH_ASSOC);
[2]260 if ($esiste==1) {
[255]261# $_SESSION['dbi']=$dbi;
[2]262 $_SESSION['aid']="$aid";
263 $_SESSION['pwd']="$mpwd";
264 $_SESSION['lang']="$language";
265 $_SESSION['id_comune']="$id_comune";
266 $_SESSION['prefix']="soraldo";
267 $_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
268 $_SESSION['bgcolor1']='#ffffff';
[269]269 $_SESSION['bgcolor2']='#c5c5c5';
270 if (!isset($op)) $op='consultazione';
[2]271 }
272 }
273 }
274}else{
[255]275#$_SESSION['dbi']=$dbi;
[2]276
[255]277}
[379]278# si settano le variabili per il controllo degli aggiornamenti
279if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
280{
[381]281 $sql="SELECT COLUMN_NAME
[379]282 FROM INFORMATION_SCHEMA.COLUMNS
283 WHERE TABLE_SCHEMA = '$dbname'
284 AND TABLE_NAME = '".$prefix."_config'
285 AND COLUMN_NAME = 'aggiornamento'";
286 $sth = $dbi->prepare($sql);
287 $sth->execute();
[381]288 if($sth->rowCount())
[379]289 {
[381]290 $sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
[379]291 $sth = $dbi->prepare($sql);
292 $sth->execute();
293 }
294 include('versione.php');
295}
[358]296if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
[424]297if(!isset($language) and isset($_SESSION['lang'])) $language=$_SESSION['lang']; else $language='it';
[2]298if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
299$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
[358]300
301if (isset($_SESSION['aid']))
[2]302{
303//lettura sessione
304$aid=$_SESSION['aid'];
[255]305#$dbi=$_SESSION['dbi'];
[2]306$prefix=$_SESSION['prefix'];
[254]307$id_comune=$_SESSION['id_comune'];
[358]308if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
[360]309if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
[2]310else {
[406]311# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
[424]312 $sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval $giorniaut day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1";# TEST: and id_sez>0
[360]313 $rese = $dbi->prepare("$sql");
314 $rese->execute();
315 if($rese->rowCount())
316 {list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
317 else {
318 $sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
319 $sth = $dbi->prepare($sql);
320 $sth->execute();
321 $row = $sth->fetch(PDO::FETCH_BOTH);
322 if($sth->rowCount())
323 $id_cons_gen=$row[0];
324 else
325 $id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
326 }
327}
[2]328$currentlang=$_SESSION['lang'];
[358]329#$bgcolor1=$_SESSION['bgcolor1'];
[2]330$bgcolor2=$_SESSION['bgcolor2'];
331$bgcolor1='#e7e7e7';
332$session=$_SESSION['remote'];
333
334}
335
336
[361]337
[2]338/*********************************************************/
339/* Login Function */
340/*********************************************************/
[406]341function ChiSei($idcg){
[424]342global $dbi, $msglogout, $id_cons_gen,$giorniaut;
[2]343
344$aid=$_SESSION['aid'];
345$prefix=$_SESSION['prefix'];
346$pwd=$_SESSION['pwd'];
347$id_comune=$_SESSION['id_comune'];
[406]348#echo "prima: $idcg - dopo: $id_cons_gen<br>";
[2]349$perms=0;
[257]350$sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
351$sth = $dbi->prepare("$sql");
352$sth->execute();
353$row = $sth->fetch(PDO::FETCH_BOTH);
[424]354if($row){
[254]355$adminsuper=$row[0];
356$admincomune=$row[1];
[424]357$oper=$row[2];
358}else{
359$adminsuper=0;
360$admincomune=0;
361$oper=1;
362}
[2]363 if ($adminsuper==1)
364 return 256;
[359]365 elseif ($admincomune==1)
[358]366 return 64;
367# $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
[361]368 elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
369 else {
[406]370# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
[424]371 $sql="select t1.id_cons, t1.id_cons_gen from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.chiusa='0' and t1.id_comune='$id_comune' and date_add(t2.data_fine, interval $giorniaut day)>CURDATE()";
[361]372 $sth = $dbi->prepare("$sql");
[406]373 $sth->execute();
374 if(!$sth->rowCount()) { $msglogout=1; $perms=0; return $perms;}
375 list($id_cons,$idcg) = $sth->fetch(PDO::FETCH_NUM);
376 if (!$id_cons_gen) $id_cons_gen=$idcg;
[400]377 $sql="select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid'";
378 $sth = $dbi->prepare("$sql");
[406]379 $sth->execute();
[400]380 list($perms) = $sth->fetch(PDO::FETCH_NUM);
[406]381 return $perms;
[361]382 }
[2]383}
384
385function OpenTable(){
386echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
387}
388
389function CloseTable(){
390echo "</table>";
391}
392
393function login() {
[406]394 global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $perms, $msglogout;#, $id_cons_gen
[2]395 if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
[31]396 if (!isset($id_comune)) $id_comune=0;
[358]397 if(isset($_SESSION['aid'])){
398 session_regenerate_id();
399 }
400 $lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
[2]401 $id_ses=session_id();
[358]402
[2]403 //include("modules/Elezioni/language/lang-$lang.php");
[358]404 if($multicomune==''){
405 $sth = $dbi->prepare("select multicomune from ".$prefix."_config");
406 $sth->execute();
407 list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
408 }
[2]409 include ("header.php");
410 echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
[358]411 if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
412 elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
413 elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
[361]414 elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
[358]415 echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
[80]416 ."<table class=\"table-menu\">"
[2]417 ."<tr><td>"._ADMINID."</td>"
418 ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
419 ."<tr><td>"._PASSWORD."</td>"
420 ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
421 ."<tr><td>";
422 // scelta comune
423 if($multicomune=='1'){
424 echo ""._COMUNE."</td><td>";
[332]425 $sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
426 $sth = $dbi->prepare("$sql");
427 $sth->execute();
428 $row = $sth->fetchAll();
[2]429 echo "<select name=\"id_comune\">";
[255]430 foreach($row as $comuni)
431 {$id=$comuni[0];$descrizione=$comuni[1];
[2]432 $sel=($id == $id_comune) ? "selected":"";
433 echo "<option value=\"$id\" $sel>$descrizione";
434 }
435 }else{
436 echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
437 }
438// echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
439 if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
440 echo "</td></tr><tr><td>";
441 echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
442 echo "<input type=\"submit\" VALUE=\""._OK."\">"
443 ."</td></tr></table>"
444 ."</form></div>";
445
446 include ("footer.php");
447}
448
449function logout()
450{
451/* $lang=$_SESSION['lang'];
452$id_comune=$_SESSION['id_comune'];
453// setcookie ("PHPSESSID", "", time() - 3600);
454 session_cache_expire (0);
455 $_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
456 session_unset();
457 session_destroy();
458 Header("Location: admin.php?id_comune=$id_comune&language=$lang");
459*/
[360]460
[358]461global $siteistat,$perms,$msglogout;
[424]462if (!isset($_SESSION))
463 {
464 session_start();
465 }
[359]466$language=$_SESSION['lang'];
[2]467$ref="Location: admin.php?";
[358]468#$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
[2]469if (isset($_SESSION['id_comune']))
470$id_comune=$_SESSION['id_comune'];
471else
472$id_comune=$siteistat;
473$ref=$ref."id_comune=".$id_comune;
474
475if (isset($_SESSION['lang']))
[359]476$ref=$ref."&language=$language";
[358]477$ref.="&msglogout=$msglogout";
[426]478$_SESSION=array();
479
480session_regenerate_id();
481session_write_close();
482session_cache_expire (0);
[2]483Header($ref);
484
485}
[358]486#include("TEST tema: $tema--");
487#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
[406]488#die( "$sql <br> TEST id_cons_gen:$id_cons_gen:".$_SESSION['id_cons_gen']);
[424]489if(isset($id_cons_gen) and isset($id_comune)){
[406]490 if(!isset($id_cons)){
[358]491# $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
492 $sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
493 $sth = $dbi->prepare("$sql");
494 $sth->execute();
[360]495 if ($sth->rowCount()) {
496 list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
497 $_SESSION['id_cons']=$id_cons;
498 }
[358]499 }
500 if(isset($id_cons)) {
[424]501 $sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune and id_cons=$id_cons";
[397]502 try {
503 $resmod = $dbi->prepare("$sql");
504 $resmod->execute();
505 }catch(PDOException $e)
506 {
507# echo "Viene eseguito un aggiornamento forzato del db<br>";
508 $_SESSION['forzadb']=1;
509 include("modules/Elezioni/aggiornamento.php");
510
511 die();
512 }
[406]513 list($id_sez) = $resmod->fetch(PDO::FETCH_NUM);
514 if($id_sez) {
[428]515 if(isset($id_cons_gen) and $id_cons_gen>0) {$singola="and t1.id_cons_gen=$id_cons_gen";}
516 else{ $singola='';}
517 $sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen $singola and t2.id_comune=$id_comune and date_add(t1.data_fine, interval $giorniaut day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
[360]518 $resmod = $dbi->prepare("$sql");
519 $resmod->execute();
520 if ($resmod->rowCount()>0) {
[406]521 list($id_cons_gen, $desc,$id_cons)=$resmod->fetch(PDO::FETCH_NUM);
522 $tema='Futura2';
[360]523 $_SESSION['tema']=$tema;
[428]524 }
[360]525 }
[406]526 }
[424]527$perms=ChiSei($id_cons_gen);
[361]528if($perms==0) {logout();}
[358]529}
[359]530
[255]531#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
[344]532if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
[360]533#
[406]534#die("TEST: qui2 op:$op - $aid $id_cons $id_sez ".$_SESSION['aid']);
[369]535
[2]536if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
[358]537 if($tema=='Futura2' and $op!='logout')
538 {
[359]539 include("temi/$tema/index.php");
[358]540 }else
[2]541switch($op) {
542 case "tipo":
543 include("modules/Elezioni/ele_tipi.php");
544 break;
[379]545 case "aggiorna":
546 include("modules/Elezioni/aggiornamento.php");
547 break;
[2]548 case "constipi":
549 include("modules/Elezioni/ele_consultazionitipi.php");
550 break;
551 case "parziali":
552 include("modules/Elezioni/ele_parziali.php");
553 break;
554 case "ele":
555 include("modules/Elezioni/ele.php");
556 break;
557 case "consultazione":
558 include("modules/Elezioni/ele_consultazioni.php");
559 break;
560 case "configurazione":
561 include("modules/Elezioni/ele_configurazione.php");
562 break;
563 case "cons_comuni":
564 include("modules/Elezioni/ele_cons_comuni.php");
565 break;
566 case "confconsiglio":
567 include("modules/Elezioni/ele_confcons.php");
568 break;
569 case "inscomuni":
570 include("modules/Elezioni/ele_comuni.php");
571 break;
572 case "oper_admin":
573 include("modules/Elezioni/ele_operatori.php");
574 break;
575 case "inscollegi":
576 include("modules/Elezioni/ele_collegi.php");
577 break;
578 case "associazioni":
579 include("modules/Elezioni/ele_associazioni.php");
580 break;
581 case "operatori":
582 include("modules/Elezioni/ele_operatori.php");
583 break;
584 case "permessi":
585 include("modules/Elezioni/ele_permessi.php");
586 break;
587 case "circo":
588 include("modules/Elezioni/ele_circo.php");
589 break;
590 case "sede":
591 include("modules/Elezioni/ele_sede.php");
592 break;
593case "sezione":
594 include("modules/Elezioni/ele_sezione.php");
595 break;
596case "gruppo":
597 include("modules/Elezioni/ele_gruppo.php");
598 break;
599case "rec_add_aff":
600 include("modules/Elezioni/ele_affluenze.php");
601 break;
602case "rec_add_mod":
603 include("modules/Elezioni/ele_modelli.php");
604 break;
605case "upgruppo":
606 include("modules/Elezioni/ele_gruppo.php");
607 break;
608case "delimggruppo":
609 include("modules/Elezioni/ele_gruppo.php");
610 break;
611case "lista":
612 include("modules/Elezioni/ele_lista.php");
613 break;
614case "uplista":
615 include("modules/Elezioni/ele_lista.php");
616 break;
617case "delimglista":
618 include("modules/Elezioni/ele_lista.php");
619 break;
620case "candidato":
621 include("modules/Elezioni/ele_candidato.php");
622 break;
623case "upcandidato":
624 include("modules/Elezioni/ele_candidato.php");
625 break;
626case "delimgcandidato":
627 include("modules/Elezioni/ele_candidato.php");
628 break;
629
630case "voti":
631 include("modules/Elezioni/ele_voti.php");
632 break;
633case "sezioni_voti":
634 include("modules/Elezioni/ele_voti.php");
635 break;
636case "rec_voti":
637 include("modules/Elezioni/ele_voti.php");
638 break;
639case "rec_voti_gruppi":
640 include("modules/Elezioni/ele_voti.php");
641 break;
642case "rec_add_votanti":
643 include("modules/Elezioni/ele_voti.php");
644 break;
645case "rec_finale":
646 include("modules/Elezioni/ele_voti.php");
647 break;
648case "controllo_voti":
649 include("modules/Elezioni/controllo_voti.php");
650 break;
651case "controllo_votanti":
652 include("modules/Elezioni/controllo_votanti.php");
653 break;
654case "come":
655 include("modules/Elezioni/ele_come.php");
656 break;
657case "numeri":
658 include("modules/Elezioni/ele_come.php");
659 break;
660case "servizi":
661 include("modules/Elezioni/ele_come.php");
662 break;
663case "link":
664 include("modules/Elezioni/ele_come.php");
665 break;
666case "conf":
667 include("modules/Elezioni/ele_conf.php");
668 break;
669case "stampa":
670 include("modules/Elezioni/ele_stampe.php");
671 break;
672case "cambiopwd":
673 include("modules/Elezioni/ele_pwd.php");
674 break;
675case "eletti":
676 include("modules/Elezioni/ele_eletti.php");
677 break;
678case "foto":
679 include("modules/Elezioni/foto.php");
680 break;
681case "consiglieri":
682 include("modules/Elezioni/ele_consiglieri.php");
683 break;
684case "backup":
685 include("modules/Elezioni/backup.php");
686 break;
687case "restore":
688 include("modules/Elezioni/restore.php");
689 break;
690case "scarica":
691 include("modules/Elezioni/scarica.php");
692 break;
693case "importa":
694 include("modules/Elezioni/importa.php");
695 break;
[80]696case "widget":
697 include("modules/Elezioni/ele_widget.php");
[2]698 break;
[139]699case "riepilogo":
700 include("modules/Elezioni/ele_riepilogo.php");
701 break;
[254]702case "riepilogovoti":
703 include("modules/Elezioni/ele_riepilogovoti.php");
704 break;
[429]705case "estraidati":
706 include("modules/Elezioni/ele_estraidati.php");
707 break;
[424]708case "aggcons":
709 include("modules/Elezioni/ele_restorebackup.php");
710 break;
[2]711case "logout":
712 logout();
713 break;
714}
[258]715
[2]716}else {
717
718 login();
719
720}
721
722?>
Note: See TracBrowser for help on using the repository browser.