[2] | 1 | <?php
|
---|
| 2 |
|
---|
| 3 | /************************************************************************/
|
---|
| 4 | /* Eleonline - Raccolta e diffusione dei dati elettorali */
|
---|
| 5 | /* by Roberto Gigli & Luciano Apolito */
|
---|
| 6 | /* http://www.eleonline.it */
|
---|
| 7 | /* info@eleonline.it luciano@aniene.net rgigli@libero.it */
|
---|
| 8 | /************************************************************************/
|
---|
| 9 | /* Admin */
|
---|
| 10 | /* Amministrazione */
|
---|
| 11 | /************************************************************************/
|
---|
| 12 |
|
---|
| 13 | /* Descrizione file admin.php =
|
---|
| 14 | effettua il login o il rilancio alla gestione */
|
---|
| 15 |
|
---|
| 16 | define('ADMIN_FILE', true);
|
---|
| 17 | #$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
|
---|
[35] | 18 | # tempo di sessione: ini_set('session.gc_maxlifetime','3600');
|
---|
[2] | 19 |
|
---|
| 20 | // Adattamento variabili superglobal
|
---|
| 21 | // Versione di php
|
---|
| 22 | $phpver = phpversion();
|
---|
| 23 |
|
---|
| 24 | // converte superglobal se php e' < 4.1.0
|
---|
| 25 |
|
---|
| 26 | if ($phpver < '4.1.0') {
|
---|
| 27 | $_GET = $HTTP_GET_VARS;
|
---|
| 28 | $_POST = $HTTP_POST_VARS;
|
---|
| 29 | $_SERVER = $HTTP_SERVER_VARS;
|
---|
| 30 | $_FILES = $HTTP_POST_FILES;
|
---|
| 31 | $_ENV = $HTTP_ENV_VARS;
|
---|
| 32 | if($_SERVER['REQUEST_METHOD'] == "POST") {
|
---|
| 33 | $_REQUEST = $_POST;
|
---|
| 34 | } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
|
---|
| 35 | $_REQUEST = $_GET;
|
---|
| 36 | }
|
---|
| 37 | if(isset($HTTP_COOKIE_VARS)) {
|
---|
| 38 | $_COOKIE = $HTTP_COOKIE_VARS;
|
---|
| 39 | }
|
---|
| 40 | if(isset($HTTP_SESSION_VARS)) {
|
---|
| 41 | $_SESSION = $HTTP_SESSION_VARS;
|
---|
| 42 | }
|
---|
| 43 | }
|
---|
| 44 |
|
---|
| 45 | $param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
|
---|
| 46 | if (isset($param['aid'])) get_magic_quotes_gpc() ? $aid=$param['aid']:$aid=addslashes($param['aid']);
|
---|
| 47 | if (isset($param['pwd'])) get_magic_quotes_gpc() ? $pwd2=$param['pwd']:$pwd2=addslashes($param['pwd']);
|
---|
| 48 | // Additional security (Union, CLike, XSS)
|
---|
| 49 |
|
---|
| 50 | // We want to use the function stripos,
|
---|
| 51 | // but thats only available since PHP5.
|
---|
| 52 | // So we cloned the function...
|
---|
| 53 | if(!function_exists('stripos')) {
|
---|
| 54 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
| 55 | return strpos(strtoupper($haystack), strtoupper($needle), $offset);
|
---|
| 56 | }
|
---|
| 57 | } else {
|
---|
| 58 | // But when this is PHP5, we use the original function
|
---|
| 59 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
| 60 | return stripos($haystack, $needle, $offset=0);
|
---|
| 61 | }
|
---|
| 62 | }
|
---|
| 63 |
|
---|
| 64 | if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
|
---|
| 65 | $queryString = $_SERVER['QUERY_STRING'];
|
---|
| 66 | if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
|
---|
| 67 | die('Operazione non consentita');
|
---|
| 68 | }
|
---|
| 69 | }
|
---|
| 70 |
|
---|
| 71 |
|
---|
| 72 | foreach ($_GET as $sec_key => $secvalue) {
|
---|
[21] | 73 | if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
|
---|
| 74 | (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 75 | (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 76 | (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 77 | (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 78 | (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 79 | (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 80 | (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 81 | (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 82 | (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 83 | (preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) ||
|
---|
| 84 | (preg_match("/\"/", $secvalue)) ||
|
---|
| 85 | (preg_match("/inside_mod/i", $sec_key))) {
|
---|
[2] | 86 | die ("Operazione non consentita");
|
---|
| 87 | }
|
---|
| 88 | }
|
---|
| 89 |
|
---|
| 90 | foreach ($_POST as $secvalue) {
|
---|
[21] | 91 | if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
|
---|
[2] | 92 | die ('Operazione non consentita');
|
---|
| 93 | }
|
---|
| 94 | }
|
---|
| 95 |
|
---|
| 96 | // Posting from other servers in not allowed
|
---|
| 97 | // Fix by Quake
|
---|
| 98 | // Bug found by PeNdEjO
|
---|
| 99 |
|
---|
| 100 | if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
---|
| 101 | if (isset($_SERVER['HTTP_REFERER'])) {
|
---|
| 102 | if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
|
---|
| 103 | die('Posting da un altro server non consentito!');
|
---|
| 104 | }
|
---|
| 105 | } else {
|
---|
| 106 | # die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
|
---|
| 107 | }
|
---|
| 108 | }
|
---|
| 109 |
|
---|
| 110 |
|
---|
| 111 |
|
---|
| 112 |
|
---|
| 113 |
|
---|
| 114 |
|
---|
| 115 |
|
---|
| 116 | //===================================================================
|
---|
| 117 | session_name('sesadmin');
|
---|
| 118 | session_start();//MODIFICHE PER GESTIONE SESSIONI
|
---|
| 119 | // gestione sessione
|
---|
| 120 |
|
---|
| 121 |
|
---|
[154] | 122 | @require_once("config.php");
|
---|
| 123 | # verifica se effettuata la configurazione
|
---|
| 124 | if(empty($dbname)) {
|
---|
| 125 | die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"../client/modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
|
---|
| 126 | }
|
---|
[2] | 127 |
|
---|
[154] | 128 |
|
---|
| 129 |
|
---|
| 130 |
|
---|
| 131 |
|
---|
| 132 |
|
---|
[2] | 133 | $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
|
---|
| 134 | mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
|
---|
[21] | 135 | mysql_query("SET NAMES 'utf8'", $dbi);
|
---|
[2] | 136 | //---10/05/2009 gestione consultazione predefinita
|
---|
| 137 | $res_config = mysql_query("select * from ".$prefix."_config ",$dbi);
|
---|
| 138 | list ($sitename,$siteurl,$site_logo,$slogan,$startdate,$adminmail,$tema,$foot,$language,$blocco
|
---|
| 139 | ,$testata,$logo,$fileout,$copyright,$versione,$patch,$id_comune,$multicomune,$flash,$displayerrors,$editor,$tema_on,$ed_user) = mysql_fetch_row($res_config);
|
---|
| 140 | $siteistat=$id_comune;
|
---|
| 141 | if (!isset($_SESSION['id_comune'])){
|
---|
| 142 | $_SESSION['sitename']=$sitename;
|
---|
| 143 | $_SESSION['siteurl']=$siteurl;
|
---|
| 144 | $_SESSION['site_logo']=$site_logo;
|
---|
| 145 | $_SESSION['slogan']=$slogan;
|
---|
| 146 | $_SESSION['startdate']=$startdate;
|
---|
| 147 | $_SESSION['adminmail']=$adminmail;
|
---|
| 148 | if ($tema=='facebook')
|
---|
| 149 | $_SESSION['tema']=$tema;
|
---|
| 150 | else $_SESSION['tema']='default';
|
---|
| 151 | $_SESSION['foot']=$foot;
|
---|
| 152 | $_SESSION['lang']=$language;
|
---|
| 153 | $_SESSION['blocco']=$blocco;
|
---|
| 154 | $_SESSION['testata']=$testata;
|
---|
| 155 | $_SESSION['logo']=$logo;
|
---|
| 156 | $_SESSION['fileout']=$fileout;
|
---|
| 157 | $_SESSION['copyright']=$copyright;
|
---|
| 158 | $_SESSION['versione']=$versione;
|
---|
| 159 | $_SESSION['patch']=$patch;
|
---|
| 160 | $_SESSION['id_comune']=$id_comune;
|
---|
| 161 | $_SESSION['multicomune']=$multicomune;
|
---|
| 162 | $_SESSION['flash']=$flash;
|
---|
| 163 | $_SESSION['displayerrors']=$displayerrors;
|
---|
| 164 | $_SESSION['editor']=$editor;
|
---|
| 165 | $_SESSION['tema_on']=$tema_on;
|
---|
| 166 | $_SESSION['ed_user']=$ed_user;
|
---|
| 167 | }
|
---|
| 168 | //fine
|
---|
| 169 | if (isset($param['aid'])) {
|
---|
| 170 | if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
|
---|
| 171 | if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
|
---|
[21] | 172 | if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
|
---|
[2] | 173 | if (isset($_SESSION['aid'])){
|
---|
| 174 | logout();//se hai gia' una sessione aperta non puoi postare 'aid'
|
---|
| 175 | }else{
|
---|
| 176 |
|
---|
| 177 |
|
---|
| 178 | // $pwd2=$param['pwd'];
|
---|
| 179 | $mpwd=md5($pwd2);
|
---|
| 180 |
|
---|
| 181 | // se superUserAdmin
|
---|
| 182 | ########
|
---|
| 183 | $res_comune = mysql_query("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'",$dbi);
|
---|
| 184 | list ($adminsuper) = mysql_fetch_row($res_comune);
|
---|
| 185 | if ($adminsuper==1) $id_comune='0';
|
---|
| 186 | elseif (is_numeric($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']);
|
---|
| 187 | $res= mysql_query("select counter,admlanguage from ".$prefix."_authors where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune'", $dbi);
|
---|
| 188 |
|
---|
| 189 | if ($res){
|
---|
| 190 | $esiste=mysql_num_rows($res);
|
---|
| 191 |
|
---|
| 192 |
|
---|
| 193 | list ($counter,$tmplang) = mysql_fetch_row($res);
|
---|
| 194 | $counter+=1;
|
---|
| 195 | if(strlen($tmplang)==2) $language=$tmplang;
|
---|
| 196 | $resup=mysql_query("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune'", $dbi);
|
---|
| 197 | if ($esiste==1) {
|
---|
| 198 | $_SESSION['dbi']=$dbi;
|
---|
| 199 | $_SESSION['aid']="$aid";
|
---|
| 200 | $_SESSION['pwd']="$mpwd";
|
---|
| 201 | $_SESSION['lang']="$language";
|
---|
| 202 | $_SESSION['id_comune']="$id_comune";
|
---|
| 203 | $_SESSION['prefix']="soraldo";
|
---|
| 204 | $_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
|
---|
| 205 | $_SESSION['bgcolor1']='#ffffff';
|
---|
| 206 | $_SESSION['bgcolor2']='#c5c5c5';
|
---|
| 207 | session_regenerate_id();
|
---|
| 208 | }
|
---|
| 209 | }
|
---|
| 210 | }
|
---|
| 211 | }else{
|
---|
| 212 | $_SESSION['dbi']=$dbi;
|
---|
| 213 |
|
---|
| 214 | }
|
---|
| 215 | if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
|
---|
| 216 | $currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
|
---|
| 217 | #if (isset($_SESSION['lang'])) $currentlang=$_SESSION['lang']; else $currentlang='it';
|
---|
| 218 | if (isset($_SESSION['aid']))
|
---|
| 219 | {
|
---|
| 220 | //lettura sessione
|
---|
| 221 | $aid=$_SESSION['aid'];
|
---|
| 222 | $dbi=$_SESSION['dbi'];
|
---|
| 223 | $prefix=$_SESSION['prefix'];
|
---|
| 224 | $id_comune=$_SESSION['id_comune'];
|
---|
| 225 | if (isset($_GET['id_cons_gen'])) $id_cons_gen=intval($_GET['id_cons_gen']);
|
---|
| 226 | else {
|
---|
| 227 | //10/05/2009 gestione consultazione predefinita
|
---|
| 228 | $result = mysql_query("select id_cons_gen from ".$prefix."_ele_cons_comune where preferita='1' and (id_comune='$id_comune' or id_comune=0)", $dbi);
|
---|
| 229 | list($id_cons_gen) = mysql_fetch_row($result);
|
---|
| 230 | //---fine $id_cons_gen='';
|
---|
| 231 | }
|
---|
| 232 | $currentlang=$_SESSION['lang'];
|
---|
| 233 | $bgcolor1=$_SESSION['bgcolor1'];
|
---|
| 234 | $bgcolor2=$_SESSION['bgcolor2'];
|
---|
| 235 | $bgcolor1='#e7e7e7';
|
---|
| 236 | $session=$_SESSION['remote'];
|
---|
| 237 |
|
---|
| 238 | $perms=ChiSei($id_cons_gen);
|
---|
| 239 | }
|
---|
| 240 |
|
---|
| 241 |
|
---|
| 242 | /*********************************************************/
|
---|
| 243 | /* Login Function */
|
---|
| 244 | /*********************************************************/
|
---|
| 245 | function ChiSei($id_cons_gen){
|
---|
| 246 |
|
---|
| 247 | //$server=$_SERVER['REMOTE_ADDR'];
|
---|
| 248 | //$session=$_SESSION['remote'];
|
---|
| 249 | //if ($session!=$server) { die ("Problema di sessione"); };
|
---|
| 250 | $aid=$_SESSION['aid'];
|
---|
| 251 | $dbi=$_SESSION['dbi'];
|
---|
| 252 | $prefix=$_SESSION['prefix'];
|
---|
| 253 | $pwd=$_SESSION['pwd'];
|
---|
| 254 | $id_comune=$_SESSION['id_comune'];
|
---|
| 255 |
|
---|
| 256 |
|
---|
| 257 | $perms=0;
|
---|
| 258 | $result = mysql_query("select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)", $dbi);
|
---|
| 259 | list($adminsuper,$admincomune,$adminop) = mysql_fetch_row($result);
|
---|
| 260 | //exit;
|
---|
| 261 | if (($adminsuper==1 || $admincomune==1 || $adminop==1)) {
|
---|
| 262 | if ($adminsuper==1)
|
---|
| 263 | return 256;
|
---|
| 264 | // $ressup = mysql_query("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='0'",$dbi);
|
---|
| 265 | elseif ($adminop==1)
|
---|
| 266 | $ressup = mysql_query("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'",$dbi);
|
---|
| 267 | elseif ($admincomune==1) {
|
---|
| 268 | $res=mysql_query("select id_cons from ".$prefix."_ele_cons_comune where id_comune='$id_comune' and id_cons_gen='$id_cons_gen'",$dbi);
|
---|
| 269 | list ($id_cons)=mysql_fetch_row($res);
|
---|
| 270 | $ressup = mysql_query("select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'",$dbi);
|
---|
| 271 | }
|
---|
| 272 | if (mysql_num_rows($ressup)==1) list($perms)=mysql_fetch_row($ressup); else $perms=0;
|
---|
| 273 | return $perms;
|
---|
| 274 | } else return 0;
|
---|
| 275 | }
|
---|
| 276 |
|
---|
| 277 | function OpenTable(){
|
---|
| 278 | echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
|
---|
| 279 | }
|
---|
| 280 |
|
---|
| 281 | function CloseTable(){
|
---|
| 282 | echo "</table>";
|
---|
| 283 | }
|
---|
| 284 |
|
---|
| 285 | function login() {
|
---|
| 286 | global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema;
|
---|
| 287 | $lang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
|
---|
| 288 | if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
|
---|
[31] | 289 | if (!isset($id_comune)) $id_comune=0;
|
---|
[2] | 290 | session_regenerate_id();
|
---|
| 291 | $id_ses=session_id();
|
---|
| 292 | #die("test:$tema");
|
---|
| 293 | //include("modules/Elezioni/language/lang-$lang.php");
|
---|
| 294 | include ("header.php");
|
---|
| 295 | echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
|
---|
| 296 | echo "<br>"; # method=\"post\"
|
---|
| 297 | echo "<form name=\"login\" method=\"post\" action=\"admin.php\">"
|
---|
[80] | 298 | ."<table class=\"table-menu\">"
|
---|
[2] | 299 | ."<tr><td>"._ADMINID."</td>"
|
---|
| 300 | ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
|
---|
| 301 | ."<tr><td>"._PASSWORD."</td>"
|
---|
| 302 | ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
|
---|
| 303 | ."<tr><td>";
|
---|
| 304 | // scelta comune
|
---|
| 305 | if($multicomune=='1'){
|
---|
| 306 | echo ""._COMUNE."</td><td>";
|
---|
| 307 | $sqlcomu="select id_comune,descrizione from ".$prefix."_ele_comuni order by descrizione asc";
|
---|
| 308 | $rescomu= mysql_query("$sqlcomu",$dbi);
|
---|
| 309 |
|
---|
| 310 | echo "<select name=\"id_comune\">";
|
---|
| 311 | while (list($id,$descrizione)=mysql_fetch_row($rescomu))
|
---|
| 312 | {
|
---|
| 313 | $sel=($id == $id_comune) ? "selected":"";
|
---|
| 314 | echo "<option value=\"$id\" $sel>$descrizione";
|
---|
| 315 | }
|
---|
| 316 | }else{
|
---|
| 317 | echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
|
---|
| 318 | }
|
---|
| 319 | // echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
|
---|
| 320 | if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
|
---|
| 321 | echo "</td></tr><tr><td>";
|
---|
| 322 | echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
|
---|
| 323 | echo "<input type=\"submit\" VALUE=\""._OK."\">"
|
---|
| 324 | ."</td></tr></table>"
|
---|
| 325 | ."</form></div>";
|
---|
| 326 |
|
---|
| 327 | include ("footer.php");
|
---|
| 328 | }
|
---|
| 329 |
|
---|
| 330 | function logout()
|
---|
| 331 | {
|
---|
| 332 | /* $lang=$_SESSION['lang'];
|
---|
| 333 | $id_comune=$_SESSION['id_comune'];
|
---|
| 334 | // setcookie ("PHPSESSID", "", time() - 3600);
|
---|
| 335 | session_cache_expire (0);
|
---|
| 336 | $_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
|
---|
| 337 | session_unset();
|
---|
| 338 | session_destroy();
|
---|
| 339 | Header("Location: admin.php?id_comune=$id_comune&language=$lang");
|
---|
| 340 | */
|
---|
| 341 | global $siteistat;
|
---|
| 342 |
|
---|
| 343 | $ref="Location: admin.php?";
|
---|
| 344 | if (isset($_SESSION['id_comune']))
|
---|
| 345 | $id_comune=$_SESSION['id_comune'];
|
---|
| 346 | else
|
---|
| 347 | $id_comune=$siteistat;
|
---|
| 348 | $ref=$ref."id_comune=".$id_comune;
|
---|
| 349 |
|
---|
| 350 | if (isset($_SESSION['lang']))
|
---|
| 351 | $ref=$ref."&language=".$_SESSION['lang'];
|
---|
| 352 |
|
---|
| 353 | session_cache_expire (0);
|
---|
| 354 | $_SESSION=array();
|
---|
| 355 | session_unset();
|
---|
| 356 | session_destroy();
|
---|
| 357 | Header($ref);
|
---|
| 358 |
|
---|
| 359 | }
|
---|
| 360 |
|
---|
| 361 | if (isset($param['op'])) get_magic_quotes_gpc() ? $op=$param['op']:$op=addslashes($param['op']); else $op='ele';
|
---|
| 362 | //if (isset($param['op'])) $op=$param['op']; else $op='ele';
|
---|
| 363 | if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
|
---|
| 364 | switch($op) {
|
---|
| 365 | case "tipo":
|
---|
| 366 | include("modules/Elezioni/ele_tipi.php");
|
---|
| 367 | break;
|
---|
| 368 | case "constipi":
|
---|
| 369 | include("modules/Elezioni/ele_consultazionitipi.php");
|
---|
| 370 | break;
|
---|
| 371 | case "aggiorna":
|
---|
| 372 | include("modules/Elezioni/aggiorna.php");
|
---|
| 373 | break;
|
---|
| 374 | case "parziali":
|
---|
| 375 | include("modules/Elezioni/ele_parziali.php");
|
---|
| 376 | break;
|
---|
| 377 | case "ele":
|
---|
| 378 | include("modules/Elezioni/ele.php");
|
---|
| 379 | break;
|
---|
| 380 | case "consultazione":
|
---|
| 381 | include("modules/Elezioni/ele_consultazioni.php");
|
---|
| 382 | break;
|
---|
| 383 | case "configurazione":
|
---|
| 384 | include("modules/Elezioni/ele_configurazione.php");
|
---|
| 385 | break;
|
---|
| 386 | case "cons_comuni":
|
---|
| 387 | include("modules/Elezioni/ele_cons_comuni.php");
|
---|
| 388 | break;
|
---|
| 389 | case "confconsiglio":
|
---|
| 390 | include("modules/Elezioni/ele_confcons.php");
|
---|
| 391 | break;
|
---|
| 392 | case "inscomuni":
|
---|
| 393 | include("modules/Elezioni/ele_comuni.php");
|
---|
| 394 | break;
|
---|
| 395 | case "oper_admin":
|
---|
| 396 | include("modules/Elezioni/ele_operatori.php");
|
---|
| 397 | break;
|
---|
| 398 | case "inscollegi":
|
---|
| 399 | include("modules/Elezioni/ele_collegi.php");
|
---|
| 400 | break;
|
---|
| 401 | case "associazioni":
|
---|
| 402 | include("modules/Elezioni/ele_associazioni.php");
|
---|
| 403 | break;
|
---|
| 404 | case "operatori":
|
---|
| 405 | include("modules/Elezioni/ele_operatori.php");
|
---|
| 406 | break;
|
---|
| 407 | case "permessi":
|
---|
| 408 | include("modules/Elezioni/ele_permessi.php");
|
---|
| 409 | break;
|
---|
| 410 | case "circo":
|
---|
| 411 | include("modules/Elezioni/ele_circo.php");
|
---|
| 412 | break;
|
---|
| 413 | case "sede":
|
---|
| 414 | include("modules/Elezioni/ele_sede.php");
|
---|
| 415 | break;
|
---|
| 416 | case "sezione":
|
---|
| 417 | include("modules/Elezioni/ele_sezione.php");
|
---|
| 418 | break;
|
---|
| 419 | case "gruppo":
|
---|
| 420 | include("modules/Elezioni/ele_gruppo.php");
|
---|
| 421 | break;
|
---|
| 422 | case "rec_add_aff":
|
---|
| 423 | include("modules/Elezioni/ele_affluenze.php");
|
---|
| 424 | break;
|
---|
| 425 | case "rec_add_mod":
|
---|
| 426 | include("modules/Elezioni/ele_modelli.php");
|
---|
| 427 | break;
|
---|
| 428 | case "upgruppo":
|
---|
| 429 | include("modules/Elezioni/ele_gruppo.php");
|
---|
| 430 | break;
|
---|
| 431 | case "delimggruppo":
|
---|
| 432 | include("modules/Elezioni/ele_gruppo.php");
|
---|
| 433 | break;
|
---|
| 434 | case "lista":
|
---|
| 435 | include("modules/Elezioni/ele_lista.php");
|
---|
| 436 | break;
|
---|
| 437 | case "uplista":
|
---|
| 438 | include("modules/Elezioni/ele_lista.php");
|
---|
| 439 | break;
|
---|
| 440 | case "delimglista":
|
---|
| 441 | include("modules/Elezioni/ele_lista.php");
|
---|
| 442 | break;
|
---|
| 443 | case "candidato":
|
---|
| 444 | include("modules/Elezioni/ele_candidato.php");
|
---|
| 445 | break;
|
---|
| 446 | case "upcandidato":
|
---|
| 447 | include("modules/Elezioni/ele_candidato.php");
|
---|
| 448 | break;
|
---|
| 449 | case "delimgcandidato":
|
---|
| 450 | include("modules/Elezioni/ele_candidato.php");
|
---|
| 451 | break;
|
---|
| 452 |
|
---|
| 453 | case "voti":
|
---|
| 454 | include("modules/Elezioni/ele_voti.php");
|
---|
| 455 | break;
|
---|
| 456 | case "sezioni_voti":
|
---|
| 457 | include("modules/Elezioni/ele_voti.php");
|
---|
| 458 | break;
|
---|
| 459 | case "rec_voti":
|
---|
| 460 | include("modules/Elezioni/ele_voti.php");
|
---|
| 461 | break;
|
---|
| 462 | case "rec_voti_gruppi":
|
---|
| 463 | include("modules/Elezioni/ele_voti.php");
|
---|
| 464 | break;
|
---|
| 465 | case "rec_add_votanti":
|
---|
| 466 | include("modules/Elezioni/ele_voti.php");
|
---|
| 467 | break;
|
---|
| 468 | case "rec_finale":
|
---|
| 469 | include("modules/Elezioni/ele_voti.php");
|
---|
| 470 | break;
|
---|
| 471 | case "controllo_voti":
|
---|
| 472 | include("modules/Elezioni/controllo_voti.php");
|
---|
| 473 | break;
|
---|
| 474 | case "controllo_votanti":
|
---|
| 475 | include("modules/Elezioni/controllo_votanti.php");
|
---|
| 476 | break;
|
---|
| 477 | case "come":
|
---|
| 478 | include("modules/Elezioni/ele_come.php");
|
---|
| 479 | break;
|
---|
| 480 | case "numeri":
|
---|
| 481 | include("modules/Elezioni/ele_come.php");
|
---|
| 482 | break;
|
---|
| 483 | case "servizi":
|
---|
| 484 | include("modules/Elezioni/ele_come.php");
|
---|
| 485 | break;
|
---|
| 486 | case "link":
|
---|
| 487 | include("modules/Elezioni/ele_come.php");
|
---|
| 488 | break;
|
---|
| 489 | case "conf":
|
---|
| 490 | include("modules/Elezioni/ele_conf.php");
|
---|
| 491 | break;
|
---|
| 492 | case "stampa":
|
---|
| 493 | include("modules/Elezioni/ele_stampe.php");
|
---|
| 494 | break;
|
---|
| 495 | case "cambiopwd":
|
---|
| 496 | include("modules/Elezioni/ele_pwd.php");
|
---|
| 497 | break;
|
---|
| 498 | case "eletti":
|
---|
| 499 | include("modules/Elezioni/ele_eletti.php");
|
---|
| 500 | break;
|
---|
| 501 | case "foto":
|
---|
| 502 | include("modules/Elezioni/foto.php");
|
---|
| 503 | break;
|
---|
| 504 | case "consiglieri":
|
---|
| 505 | include("modules/Elezioni/ele_consiglieri.php");
|
---|
| 506 | break;
|
---|
| 507 | case "backup":
|
---|
| 508 | include("modules/Elezioni/backup.php");
|
---|
| 509 | break;
|
---|
| 510 | case "restore":
|
---|
| 511 | include("modules/Elezioni/restore.php");
|
---|
| 512 | break;
|
---|
| 513 | case "scarica":
|
---|
| 514 | include("modules/Elezioni/scarica.php");
|
---|
| 515 | break;
|
---|
| 516 | case "importa":
|
---|
| 517 | include("modules/Elezioni/importa.php");
|
---|
| 518 | break;
|
---|
[80] | 519 | case "widget":
|
---|
| 520 | include("modules/Elezioni/ele_widget.php");
|
---|
[2] | 521 | break;
|
---|
[139] | 522 | case "riepilogo":
|
---|
| 523 | include("modules/Elezioni/ele_riepilogo.php");
|
---|
| 524 | break;
|
---|
[2] | 525 | case "logout":
|
---|
| 526 | logout();
|
---|
| 527 | break;
|
---|
| 528 | }
|
---|
| 529 | }else {
|
---|
| 530 |
|
---|
| 531 | login();
|
---|
| 532 |
|
---|
| 533 | }
|
---|
| 534 |
|
---|
| 535 |
|
---|
| 536 | ?>
|
---|