Context Navigation

source: trunk/admin/admin.php@ 384

Last change on this file since 384 was 381, checked in by roby, 2 years ago
INSTALL adeguamento php5 ADMIN continua elaborazione funzione di aggiornamento
File size: 25.0 KB

Rev	Line
[2]	1	<?php
	2
	3	/************************************************************************/
	4	/* Eleonline - Raccolta e diffusione dei dati elettorali */
	5	/* by Roberto Gigli & Luciano Apolito */
	6	/* http://www.eleonline.it */
	7	/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
	8	/************************************************************************/
	9	/* Admin */
	10	/* Amministrazione */
	11	/************************************************************************/
	12
	13	/* Descrizione file admin.php =
	14	effettua il login o il rilancio alla gestione */
	15
	16	define('ADMIN_FILE', true);
	17	#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
[35]	18	# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
[361]	19	global $multicomune,$msglogout,$language,$id_sez;
[2]	20
	21	// Adattamento variabili superglobal
	22	// Versione di php
	23	$phpver = phpversion();
[255]	24	global $dbi;
[2]	25	// converte superglobal se php e' < 4.1.0
	26
	27	if ($phpver < '4.1.0') {
	28	$_GET = $HTTP_GET_VARS;
	29	$_POST = $HTTP_POST_VARS;
	30	$_SERVER = $HTTP_SERVER_VARS;
	31	$_FILES = $HTTP_POST_FILES;
	32	$_ENV = $HTTP_ENV_VARS;
	33	if($_SERVER['REQUEST_METHOD'] == "POST") {
	34	$_REQUEST = $_POST;
	35	} elseif($_SERVER['REQUEST_METHOD'] == "GET") {
	36	$_REQUEST = $_GET;
	37	}
	38	if(isset($HTTP_COOKIE_VARS)) {
	39	$_COOKIE = $HTTP_COOKIE_VARS;
	40	}
	41	if(isset($HTTP_SESSION_VARS)) {
	42	$_SESSION = $HTTP_SESSION_VARS;
	43	}
	44	}
	45
	46	$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
[344]	47	if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
[358]	48	if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
	49	if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
	50
[2]	51	// Additional security (Union, CLike, XSS)
	52
	53	// We want to use the function stripos,
	54	// but thats only available since PHP5.
	55	// So we cloned the function...
	56	if(!function_exists('stripos')) {
	57	function stripos_clone($haystack, $needle, $offset=0) {
	58	return strpos(strtoupper($haystack), strtoupper($needle), $offset);
	59	}
	60	} else {
	61	// But when this is PHP5, we use the original function
	62	function stripos_clone($haystack, $needle, $offset=0) {
	63	return stripos($haystack, $needle, $offset=0);
	64	}
	65	}
	66
	67	if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") \|\| !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
	68	$queryString = $_SERVER['QUERY_STRING'];
	69	if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/') OR stripos_clone($queryString,'/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
	70	die('Operazione non consentita');
	71	}
	72	}
	73
	74
	75	foreach ($_GET as $sec_key => $secvalue) {
[21]	76	if ((preg_match("/<[^>]script\"?[^>]*>/i",$secvalue)) \|\|
	77	(preg_match("/<[^>]object\"?[^>]*>/i", $secvalue)) \|\|
	78	(preg_match("/<[^>]iframe\"?[^>]*>/i", $secvalue)) \|\|
	79	(preg_match("/<[^>]applet\"?[^>]*>/i", $secvalue)) \|\|
	80	(preg_match("/<[^>]meta\"?[^>]*>/i", $secvalue)) \|\|
	81	(preg_match("/<[^>]style\"?[^>]*>/i", $secvalue)) \|\|
	82	(preg_match("/<[^>]form\"?[^>]*>/i", $secvalue)) \|\|
	83	(preg_match("/<[^>]img\"?[^>]*>/i", $secvalue)) \|\|
	84	(preg_match("/<[^>]onmouseover\"?[^>]*>/i", $secvalue)) \|\|
	85	(preg_match("/<[^>]body\"?[^>]*>/i", $secvalue)) \|\|
	86	(preg_match("/\"/", $secvalue)) \|\|
	87	(preg_match("/inside_mod/i", $sec_key))) {
[2]	88	die ("Operazione non consentita");
	89	}
	90	}
	91
	92	foreach ($_POST as $secvalue) {
[21]	93	if ((preg_match("/<[^>]onmouseover\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]script\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]body\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]style\"?[^>]>/i", $secvalue))) {
[2]	94	die ('Operazione non consentita');
	95	}
	96	}
	97
	98	// Posting from other servers in not allowed
	99	// Fix by Quake
	100	// Bug found by PeNdEjO
	101
	102	if ($_SERVER['REQUEST_METHOD'] == "POST") {
	103	if (isset($_SERVER['HTTP_REFERER'])) {
	104	if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
	105	die('Posting da un altro server non consentito!');
	106	}
	107	} else {
	108	# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
	109	}
	110	}
	111
	112
	113
	114
	115
	116
	117
	118	//===================================================================
	119	session_name('sesadmin');
[255]	120	#session_start();//MODIFICHE PER GESTIONE SESSIONI
[2]	121	// gestione sessione
[255]	122	$a = session_id();
	123	if(empty($a)) session_start();
	124	#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
[2]	125
[246]	126	if (file_exists("config.php")){
	127	$install="0"; @require_once("config.php");
	128	}else{
	129	$install="1";
	130	}
[2]	131
[154]	132	# verifica se effettuata la configurazione
[246]	133	if(empty($dbname) \|\| $install=="1") {
[230]	134	die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
[154]	135	}
[2]	136
[376]	137	$dsn = "mysql:host=$dbhost";
[377]	138	$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
[376]	139	if($prefix == '') {
	140	db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
	141	}
	142	try
	143	{
	144	$dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
	145	}
	146	catch(PDOException $e)
	147	{
	148	echo $sql . "<br>" . $e->getMessage();die();
	149	}
	150	$sql = "use $dbname";
	151	try
	152	{
	153	$dbi->exec($sql);
	154	}
	155	catch(PDOException $e)
	156	{
	157	echo $sql . "<br>" . $e->getMessage();
	158	}
	159	$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
	160	$sth->execute();
	161	$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
	162	$sth->execute();
	163	$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
	164	$sth->execute();
	165	$sth = $dbi->prepare("SET CHARACTER SET utf8");
	166	$sth->execute();
[154]	167
[376]	168	$sth = $dbi->prepare("SET NAMES 'utf8'");
	169	$sth->execute();
	170	$sth = $dbi->prepare("select * from ".$prefix."_config");
	171	$sth->execute();
[154]	172
[253]	173	# $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
	174	# mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
	175	## mysql_query("SET NAMES 'utf8'", $dbi);
[2]	176	//---10/05/2009 gestione consultazione predefinita
[376]	177	$sth = $dbi->prepare("select * from ".$prefix."_config");
	178	$sth->execute();
	179	$row = $sth->fetch(PDO::FETCH_ASSOC);
	180	#$row = $sth->fetchAll();
	181	$siteistat=$row['siteistat'];
[2]	182	if (!isset($_SESSION['id_comune'])){
[253]	183	$_SESSION['sitename']=$row['sitename'];
	184	$_SESSION['siteurl']=$row['siteurl'];
	185	$_SESSION['site_logo']=$row['site_logo'];
	186	$_SESSION['slogan']=$row['slogan'];
	187	$_SESSION['startdate']=$row['startdate'];
	188	$_SESSION['adminmail']=$row['adminmail'];
[358]	189	# if (isset($tema) and $tema=='facebook')
	190	# $_SESSION['tema']=$row['tema'];
[253]	191	$_SESSION['foot']=$row['foot'];
	192	$_SESSION['lang']=$row['language'];
	193	$_SESSION['blocco']=$row['blocco'];
	194	$_SESSION['testata']=$row['testata'];
[255]	195	# $_SESSION['logo']=$row['logo'];
[253]	196	$_SESSION['fileout']=$row['fileout'];
	197	$_SESSION['copyright']=$row['copyright'];
	198	$_SESSION['versione']=$row['versione'];
	199	$_SESSION['patch']=$row['patch'];
	200	$_SESSION['id_comune']=$row['siteistat'];
[255]	201	$_SESSION['multicomune']=$row['multicomune'];
	202	$_SESSION['flash']=$row['flash'];
	203	$_SESSION['displayerrors']=$row['displayerrors'];
	204	$_SESSION['editor']=$row['editor'];
	205	$_SESSION['tema_on']=$row['tema_on'];
	206	$_SESSION['ed_user']=$row['ed_user'];
[332]	207	$multicomune=$row['multicomune'];
[378]	208	}
[379]	209
[2]	210	//fine
[358]	211	if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
	212	if (!isset($_SESSION['tema']))
	213	$_SESSION['tema']='default';
	214	$tema=$_SESSION['tema'];
	215
[2]	216	if (isset($param['aid'])) {
[358]	217	if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
[2]	218	if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
[21]	219	if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
[358]	220	if (isset($_SESSION['aid'])){
[2]	221	logout();//se hai gia' una sessione aperta non puoi postare 'aid'
	222	}else{
	223
[358]	224	// $pwd2=$param['pwd'];
	225	$mpwd=md5($pwd2);
[2]	226
[358]	227	// se superUserAdmin
	228	########
	229	# $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
	230	# $sth->execute();
	231	# $row = $sth->fetch(PDO::FETCH_ASSOC);
	232	if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
	233	# if ($adminsuper==1) $id_comune2=0; else
	234	$id_comune2=$id_comune;
	235	$sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
	236	$sth->execute();
	237	$esiste=$sth->rowCount();
	238	# $adminsuper=$row['adminsuper'];
	239	$row = $sth->fetch(PDO::FETCH_ASSOC);
	240	if(!$esiste) {
	241	$msglogout=2;
	242	logout();
	243	}else{
	244	if ($row['pwd']!=$mpwd) {
	245	$msglogout=3;
	246	logout();
	247	}elseif($row['adminop']==1) {
	248	$msglogout=1;
	249	logout();
	250	}
[254]	251	$counter=$row['counter'];
	252	$tmplang=$row['admlanguage'];
[2]	253	if(strlen($tmplang)==2) $language=$tmplang;
[358]	254	$sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
[254]	255	$sth->execute();
[358]	256	# $row = $sth->fetch(PDO::FETCH_ASSOC);
[2]	257	if ($esiste==1) {
[255]	258	# $_SESSION['dbi']=$dbi;
[2]	259	$_SESSION['aid']="$aid";
	260	$_SESSION['pwd']="$mpwd";
	261	$_SESSION['lang']="$language";
	262	$_SESSION['id_comune']="$id_comune";
	263	$_SESSION['prefix']="soraldo";
	264	$_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
	265	$_SESSION['bgcolor1']='#ffffff';
[269]	266	$_SESSION['bgcolor2']='#c5c5c5';
	267	if (!isset($op)) $op='consultazione';
[2]	268	session_regenerate_id();
	269	}
	270	}
	271	}
	272	}else{
[255]	273	#$_SESSION['dbi']=$dbi;
[2]	274
[255]	275	}
[379]	276	# si settano le variabili per il controllo degli aggiornamenti
	277	if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
	278	{
[381]	279	$sql="SELECT COLUMN_NAME
[379]	280	FROM INFORMATION_SCHEMA.COLUMNS
	281	WHERE TABLE_SCHEMA = '$dbname'
	282	AND TABLE_NAME = '".$prefix."_config'
	283	AND COLUMN_NAME = 'aggiornamento'";
	284	$sth = $dbi->prepare($sql);
	285	$sth->execute();
[381]	286	if($sth->rowCount())
[379]	287	{
[381]	288	$sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
[379]	289	$sth = $dbi->prepare($sql);
	290	$sth->execute();
	291	}
[381]	292	/* $sth = $dbi->prepare("select aggiornamento from ".$prefix."_config");
[379]	293	$sth->execute();
	294	list($agg)=$sth->fetch(PDO::FETCH_NUM);
[380]	295	$_SESSION['aggiornamento']=$agg;*/
[379]	296	###########
	297	$righe='';
	298	if(phpversion()<5.6) $host="http://80.211.143.127";
	299	else $host="https://trac.eleonline.it";
[380]	300	$headers=get_headers("$host/ele3/changeset/");
	301	$testurl=strlen($headers[0])>0?true:false;
	302	if(!$testurl){
[379]	303	$newrev=0;
	304	}else{
[380]	305	$file = file("$host/ele3/changeset/");
[379]	306	$cntFile = count($file);
	307	$fine=0;
	308	$currentLine=0;
	309
	310	foreach ($file as $line_num => $line) {
	311	if(strpos($line,'<title>') ) {$fine=1; continue;}
	312	if ($fine){
	313	$newrev=(int) filter_var($line, FILTER_SANITIZE_NUMBER_INT);
	314	break;
	315	}
	316	}
	317	}
	318	include('versione.php');
	319	$myrev=intval(substr($versione,-4,4));
[380]	320	# $_SESSION['aggiornamento']=$agg;
[379]	321	$_SESSION['localrev']=$myrev;
	322	$_SESSION['remoterev']=$newrev;
	323	unset($file);
	324	# if($agg) include('aggiornamento.php');
	325	#die("local: ".$_SESSION['localrev'].$_SESSION['remoterev']);
	326	}
[358]	327	if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
	328	if(!isset($language)) $language=$_SESSION['lang'];
[2]	329	if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
	330	$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
[358]	331
	332	if (isset($_SESSION['aid']))
[2]	333	{
	334	//lettura sessione
	335	$aid=$_SESSION['aid'];
[255]	336	#$dbi=$_SESSION['dbi'];
[2]	337	$prefix=$_SESSION['prefix'];
[254]	338	$id_comune=$_SESSION['id_comune'];
[358]	339	if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
[360]	340	if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
[2]	341	else {
[360]	342	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
[369]	343	$sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and t1.data_fine>'$oggi' and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1"; # TEST: and id_sez>0
[360]	344	$rese = $dbi->prepare("$sql");
	345	$rese->execute();
	346	if($rese->rowCount())
	347	{list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
	348	else {
	349	$sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
	350	$sth = $dbi->prepare($sql);
	351	$sth->execute();
	352	$row = $sth->fetch(PDO::FETCH_BOTH);
	353	if($sth->rowCount())
	354	$id_cons_gen=$row[0];
	355	else
	356	$id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
	357	}
	358	}
[2]	359	$currentlang=$_SESSION['lang'];
[358]	360	#$bgcolor1=$_SESSION['bgcolor1'];
[2]	361	$bgcolor2=$_SESSION['bgcolor2'];
	362	$bgcolor1='#e7e7e7';
	363	$session=$_SESSION['remote'];
	364
	365	}
	366
	367
[361]	368
[2]	369	/*********************************************************/
	370	/* Login Function */
	371	/*********************************************************/
	372	function ChiSei($id_cons_gen){
[358]	373	global $dbi, $msglogout;
[2]	374
	375	$aid=$_SESSION['aid'];
	376	$prefix=$_SESSION['prefix'];
	377	$pwd=$_SESSION['pwd'];
	378	$id_comune=$_SESSION['id_comune'];
	379
	380	$perms=0;
[257]	381	$sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
	382	$sth = $dbi->prepare("$sql");
	383	$sth->execute();
	384	$row = $sth->fetch(PDO::FETCH_BOTH);
[254]	385
	386	$adminsuper=$row[0];
	387	$admincomune=$row[1];
[361]	388	$oper=$row[2];
[359]	389
[358]	390	#if (($adminsuper==1 \|\| $admincomune==1 \|\| $adminop==1)) {
[2]	391	if ($adminsuper==1)
	392	return 256;
[359]	393	elseif ($admincomune==1)
[358]	394	return 64;
	395	# $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
[361]	396	elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
	397	else {
	398	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
	399	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where aid='$aid' and permessi>0 and id_cons in (select t1.id_cons from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.id_comune='$id_comune' and t2.data_fine>$oggi)";
	400	$sth = $dbi->prepare("$sql");
	401	$sth->execute(); #die("TEST: $sql");
	402	if($sth->rowCount()) {$perms=16; return $perms;}
	403	else {$msglogout=1; return 0;}
	404	}
	405	/* $sth = $dbi->prepare("select id_cons from ".$prefix."_ele_cons_comune where id_comune='$id_comune' and id_cons_gen='$id_cons_gen'");
[358]	406	$sth->execute();
[359]	407	$row = $sth->fetch(PDO::FETCH_BOTH);
	408	$id_cons=$row[0];
	409	$sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'");
	410
[361]	411	$sth->execute();
	412	list($perms)=$sth->fetch(PDO::FETCH_NUM);
	413	# $row = die("test:$sql".$row[0] );
	414	if (!$perms) {die("qui: select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'"); $msglogout=1; $perms=0; }
[360]	415
[361]	416	return $perms; */
[358]	417	#} else return 0;
[2]	418	}
	419
	420	function OpenTable(){
	421	echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
	422	}
	423
	424	function CloseTable(){
	425	echo "</table>";
	426	}
	427
	428	function login() {
[358]	429	global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $id_cons_gen, $perms, $msglogout;
[2]	430	if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
[31]	431	if (!isset($id_comune)) $id_comune=0;
[358]	432	if(isset($_SESSION['aid'])){
	433	session_regenerate_id();
	434	}
	435	$lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
[2]	436	$id_ses=session_id();
[358]	437
[2]	438	//include("modules/Elezioni/language/lang-$lang.php");
[358]	439	if($multicomune==''){
	440	$sth = $dbi->prepare("select multicomune from ".$prefix."_config");
	441	$sth->execute();
	442	list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
	443	}
[2]	444	include ("header.php");
	445	echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
[358]	446	echo "<br>"; # method=\"post\"
	447	if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
	448	elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
	449	elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
[361]	450	elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
[358]	451	echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
[80]	452	."<table class=\"table-menu\">"
[2]	453	."<tr><td>"._ADMINID."</td>"
	454	."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
	455	."<tr><td>"._PASSWORD."</td>"
	456	."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
	457	."<tr><td>";
	458	// scelta comune
	459	if($multicomune=='1'){
	460	echo ""._COMUNE."</td><td>";
[332]	461	$sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
	462	$sth = $dbi->prepare("$sql");
	463	$sth->execute();
	464	$row = $sth->fetchAll();
[2]	465	echo "<select name=\"id_comune\">";
[255]	466	foreach($row as $comuni)
	467	{$id=$comuni[0];$descrizione=$comuni[1];
[2]	468	$sel=($id == $id_comune) ? "selected":"";
	469	echo "<option value=\"$id\" $sel>$descrizione";
	470	}
	471	}else{
	472	echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
	473	}
	474	// echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
	475	if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
	476	echo "</td></tr><tr><td>";
	477	echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
	478	echo "<input type=\"submit\" VALUE=\""._OK."\">"
	479	."</td></tr></table>"
	480	."</form></div>";
	481
	482	include ("footer.php");
	483	}
	484
	485	function logout()
	486	{
	487	/* $lang=$_SESSION['lang'];
	488	$id_comune=$_SESSION['id_comune'];
	489	// setcookie ("PHPSESSID", "", time() - 3600);
	490	session_cache_expire (0);
	491	$_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
	492	session_unset();
	493	session_destroy();
	494	Header("Location: admin.php?id_comune=$id_comune&language=$lang");
	495	*/
[360]	496
[358]	497	global $siteistat,$perms,$msglogout;
[359]	498	$language=$_SESSION['lang'];
[2]	499	$ref="Location: admin.php?";
[358]	500	#$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
[2]	501	if (isset($_SESSION['id_comune']))
	502	$id_comune=$_SESSION['id_comune'];
	503	else
	504	$id_comune=$siteistat;
	505	$ref=$ref."id_comune=".$id_comune;
	506
	507	if (isset($_SESSION['lang']))
[359]	508	$ref=$ref."&language=$language";
[358]	509	$ref.="&msglogout=$msglogout";
[2]	510	$_SESSION=array();
	511	session_unset();
	512	session_destroy();
[291]	513	session_cache_expire (0);
[2]	514	Header($ref);
	515
	516	}
[358]	517	#include("TEST tema: $tema--");
	518	#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
[369]	519
[358]	520	if(isset($id_cons_gen) and isset($id_comune)){
	521	if(!isset($id_cons)){
	522	# $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
	523	$sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
	524	$sth = $dbi->prepare("$sql");
	525	$sth->execute();
[360]	526	if ($sth->rowCount()) {
	527	list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
	528	$_SESSION['id_cons']=$id_cons;
	529	}
[358]	530	}
	531	if(isset($id_cons)) {
[360]	532	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune";
[358]	533	$resmod = $dbi->prepare("$sql");
	534	$resmod->execute();
[360]	535	list($id_sez) = $resmod->fetch(PDO::FETCH_NUM); #die("qui:$id_sez:$sql");
	536	if($id_sez) {
	537	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
	538	$sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and t1.data_fine>'$oggi' and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
	539	$resmod = $dbi->prepare("$sql");
	540	$resmod->execute();
	541	if ($resmod->rowCount()>0) {
	542	$tema='Futura2'; #die( "TEST id_cons:$id_cons:".$_SESSION['aid']);
	543	$_SESSION['tema']=$tema;
[361]	544	} #else {die("TEST: $sql"); logout();}
[360]	545	}
[358]	546	}
[361]	547	$perms=ChiSei($id_cons_gen); #die("qui".$_SESSION['aid']);
	548	if($perms==0) {logout();}
[358]	549	}
[359]	550
[255]	551	#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
[344]	552	if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
[2]	553	//if (isset($param['op'])) $op=$param['op']; else $op='ele';
[360]	554	#
	555	#die("TEST: qui $aid $id_cons $id_sez ".$_SESSION['aid']);
[369]	556
[2]	557	if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
[358]	558	if($tema=='Futura2' and $op!='logout')
	559	{
[359]	560	include("temi/$tema/index.php");
[358]	561	}else
[2]	562	switch($op) {
	563	case "tipo":
	564	include("modules/Elezioni/ele_tipi.php");
	565	break;
[379]	566	case "aggiorna":
	567	include("modules/Elezioni/aggiornamento.php");
	568	break;
[2]	569	case "constipi":
	570	include("modules/Elezioni/ele_consultazionitipi.php");
	571	break;
	572	case "parziali":
	573	include("modules/Elezioni/ele_parziali.php");
	574	break;
	575	case "ele":
	576	include("modules/Elezioni/ele.php");
	577	break;
	578	case "consultazione":
	579	include("modules/Elezioni/ele_consultazioni.php");
	580	break;
	581	case "configurazione":
	582	include("modules/Elezioni/ele_configurazione.php");
	583	break;
	584	case "cons_comuni":
	585	include("modules/Elezioni/ele_cons_comuni.php");
	586	break;
	587	case "confconsiglio":
	588	include("modules/Elezioni/ele_confcons.php");
	589	break;
	590	case "inscomuni":
	591	include("modules/Elezioni/ele_comuni.php");
	592	break;
	593	case "oper_admin":
	594	include("modules/Elezioni/ele_operatori.php");
	595	break;
	596	case "inscollegi":
	597	include("modules/Elezioni/ele_collegi.php");
	598	break;
	599	case "associazioni":
	600	include("modules/Elezioni/ele_associazioni.php");
	601	break;
	602	case "operatori":
	603	include("modules/Elezioni/ele_operatori.php");
	604	break;
	605	case "permessi":
	606	include("modules/Elezioni/ele_permessi.php");
	607	break;
	608	case "circo":
	609	include("modules/Elezioni/ele_circo.php");
	610	break;
	611	case "sede":
	612	include("modules/Elezioni/ele_sede.php");
	613	break;
	614	case "sezione":
	615	include("modules/Elezioni/ele_sezione.php");
	616	break;
	617	case "gruppo":
	618	include("modules/Elezioni/ele_gruppo.php");
	619	break;
	620	case "rec_add_aff":
	621	include("modules/Elezioni/ele_affluenze.php");
	622	break;
	623	case "rec_add_mod":
	624	include("modules/Elezioni/ele_modelli.php");
	625	break;
	626	case "upgruppo":
	627	include("modules/Elezioni/ele_gruppo.php");
	628	break;
	629	case "delimggruppo":
	630	include("modules/Elezioni/ele_gruppo.php");
	631	break;
	632	case "lista":
	633	include("modules/Elezioni/ele_lista.php");
	634	break;
	635	case "uplista":
	636	include("modules/Elezioni/ele_lista.php");
	637	break;
	638	case "delimglista":
	639	include("modules/Elezioni/ele_lista.php");
	640	break;
	641	case "candidato":
	642	include("modules/Elezioni/ele_candidato.php");
	643	break;
	644	case "upcandidato":
	645	include("modules/Elezioni/ele_candidato.php");
	646	break;
	647	case "delimgcandidato":
	648	include("modules/Elezioni/ele_candidato.php");
	649	break;
	650
	651	case "voti":
	652	include("modules/Elezioni/ele_voti.php");
	653	break;
	654	case "sezioni_voti":
	655	include("modules/Elezioni/ele_voti.php");
	656	break;
	657	case "rec_voti":
	658	include("modules/Elezioni/ele_voti.php");
	659	break;
	660	case "rec_voti_gruppi":
	661	include("modules/Elezioni/ele_voti.php");
	662	break;
	663	case "rec_add_votanti":
	664	include("modules/Elezioni/ele_voti.php");
	665	break;
	666	case "rec_finale":
	667	include("modules/Elezioni/ele_voti.php");
	668	break;
	669	case "controllo_voti":
	670	include("modules/Elezioni/controllo_voti.php");
	671	break;
	672	case "controllo_votanti":
	673	include("modules/Elezioni/controllo_votanti.php");
	674	break;
	675	case "come":
	676	include("modules/Elezioni/ele_come.php");
	677	break;
	678	case "numeri":
	679	include("modules/Elezioni/ele_come.php");
	680	break;
	681	case "servizi":
	682	include("modules/Elezioni/ele_come.php");
	683	break;
	684	case "link":
	685	include("modules/Elezioni/ele_come.php");
	686	break;
	687	case "conf":
	688	include("modules/Elezioni/ele_conf.php");
	689	break;
	690	case "stampa":
	691	include("modules/Elezioni/ele_stampe.php");
	692	break;
	693	case "cambiopwd":
	694	include("modules/Elezioni/ele_pwd.php");
	695	break;
	696	case "eletti":
	697	include("modules/Elezioni/ele_eletti.php");
	698	break;
	699	case "foto":
	700	include("modules/Elezioni/foto.php");
	701	break;
	702	case "consiglieri":
	703	include("modules/Elezioni/ele_consiglieri.php");
	704	break;
	705	case "backup":
	706	include("modules/Elezioni/backup.php");
	707	break;
	708	case "restore":
	709	include("modules/Elezioni/restore.php");
	710	break;
	711	case "scarica":
	712	include("modules/Elezioni/scarica.php");
	713	break;
	714	case "importa":
	715	include("modules/Elezioni/importa.php");
	716	break;
[80]	717	case "widget":
	718	include("modules/Elezioni/ele_widget.php");
[2]	719	break;
[139]	720	case "riepilogo":
	721	include("modules/Elezioni/ele_riepilogo.php");
	722	break;
[254]	723	case "riepilogovoti":
	724	include("modules/Elezioni/ele_riepilogovoti.php");
	725	break;
[2]	726	case "logout":
	727	logout();
	728	break;
	729	}
[258]	730
[2]	731	}else {
	732
	733	login();
	734
	735	}
	736
	737	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: