source: trunk/admin/admin.php@ 407

Last change on this file since 407 was 406, checked in by roby, 8 months ago

Modifiche alla gestione degli operatori

File size: 24.8 KB
RevLine 
[2]1<?php
2
3/************************************************************************/
4/* Eleonline - Raccolta e diffusione dei dati elettorali */
5/* by Roberto Gigli & Luciano Apolito */
6/* http://www.eleonline.it */
7/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
8/************************************************************************/
9/* Admin */
10/* Amministrazione */
11/************************************************************************/
12
13/* Descrizione file admin.php =
14effettua il login o il rilancio alla gestione */
15
16define('ADMIN_FILE', true);
17#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
[35]18# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
[361]19global $multicomune,$msglogout,$language,$id_sez;
[2]20
21// Adattamento variabili superglobal
22// Versione di php
23$phpver = phpversion();
[255]24global $dbi;
[2]25// converte superglobal se php e' < 4.1.0
26
27if ($phpver < '4.1.0') {
28 $_GET = $HTTP_GET_VARS;
29 $_POST = $HTTP_POST_VARS;
30 $_SERVER = $HTTP_SERVER_VARS;
31 $_FILES = $HTTP_POST_FILES;
32 $_ENV = $HTTP_ENV_VARS;
33 if($_SERVER['REQUEST_METHOD'] == "POST") {
34 $_REQUEST = $_POST;
35 } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
36 $_REQUEST = $_GET;
37 }
38 if(isset($HTTP_COOKIE_VARS)) {
39 $_COOKIE = $HTTP_COOKIE_VARS;
40 }
41 if(isset($HTTP_SESSION_VARS)) {
42 $_SESSION = $HTTP_SESSION_VARS;
43 }
44}
45
46$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
[344]47if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
[358]48if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
49if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
50
[2]51// Additional security (Union, CLike, XSS)
52
53// We want to use the function stripos,
54// but thats only available since PHP5.
55// So we cloned the function...
56if(!function_exists('stripos')) {
57 function stripos_clone($haystack, $needle, $offset=0) {
58 return strpos(strtoupper($haystack), strtoupper($needle), $offset);
59 }
60} else {
61// But when this is PHP5, we use the original function
62 function stripos_clone($haystack, $needle, $offset=0) {
63 return stripos($haystack, $needle, $offset=0);
64 }
65}
66
67 if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
68 $queryString = $_SERVER['QUERY_STRING'];
69 if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
70 die('Operazione non consentita');
71 }
72 }
73
74
75foreach ($_GET as $sec_key => $secvalue) {
[21]76 if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
77 (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
78 (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
79 (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
80 (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
81 (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
82 (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
83 (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
84 (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
85 (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
86 (preg_match("/\"/", $secvalue)) ||
87 (preg_match("/inside_mod/i", $sec_key))) {
[2]88 die ("Operazione non consentita");
89 }
90 }
91
92 foreach ($_POST as $secvalue) {
[21]93 if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
[2]94 die ('Operazione non consentita');
95 }
96 }
97
98// Posting from other servers in not allowed
99// Fix by Quake
100// Bug found by PeNdEjO
101
102if ($_SERVER['REQUEST_METHOD'] == "POST") {
103 if (isset($_SERVER['HTTP_REFERER'])) {
104 if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
105 die('Posting da un altro server non consentito!');
106 }
107 } else {
108# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
109 }
110}
111
112
113
114
115
116
117
118//===================================================================
119session_name('sesadmin');
[255]120#session_start();//MODIFICHE PER GESTIONE SESSIONI
[2]121 // gestione sessione
[255]122$a = session_id();
123if(empty($a)) session_start();
124#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
[2]125
[246]126if (file_exists("config.php")){
127 $install="0"; @require_once("config.php");
128}else{
129 $install="1";
130}
[2]131
[154]132# verifica se effettuata la configurazione
[246]133if(empty($dbname) || $install=="1") {
[230]134 die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
[154]135}
[2]136
[376]137$dsn = "mysql:host=$dbhost";
[377]138$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
[376]139if($prefix == '') {
140 db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
141}
142try
143{
144 $dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
145}
146catch(PDOException $e)
147{
148 echo $sql . "<br>" . $e->getMessage();die();
149}
150$sql = "use $dbname";
151try
152{
153 $dbi->exec($sql);
154}
155catch(PDOException $e)
156{
157 echo $sql . "<br>" . $e->getMessage();
158}
159$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
160$sth->execute();
161$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
162$sth->execute();
163$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
164$sth->execute();
165$sth = $dbi->prepare("SET CHARACTER SET utf8");
166$sth->execute();
[154]167
[376]168$sth = $dbi->prepare("SET NAMES 'utf8'");
169$sth->execute();
170$sth = $dbi->prepare("select * from ".$prefix."_config");
171$sth->execute();
[154]172
[253]173# $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
174# mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
175## mysql_query("SET NAMES 'utf8'", $dbi);
[2]176//---10/05/2009 gestione consultazione predefinita
[376]177$sth = $dbi->prepare("select * from ".$prefix."_config");
178$sth->execute();
179$row = $sth->fetch(PDO::FETCH_ASSOC);
180#$row = $sth->fetchAll();
181$siteistat=$row['siteistat'];
[2]182if (!isset($_SESSION['id_comune'])){
[253]183 $_SESSION['sitename']=$row['sitename'];
184 $_SESSION['siteurl']=$row['siteurl'];
185 $_SESSION['site_logo']=$row['site_logo'];
186 $_SESSION['slogan']=$row['slogan'];
187 $_SESSION['startdate']=$row['startdate'];
188 $_SESSION['adminmail']=$row['adminmail'];
[358]189# if (isset($tema) and $tema=='facebook')
190# $_SESSION['tema']=$row['tema'];
[253]191 $_SESSION['foot']=$row['foot'];
192 $_SESSION['lang']=$row['language'];
193 $_SESSION['blocco']=$row['blocco'];
194 $_SESSION['testata']=$row['testata'];
[255]195# $_SESSION['logo']=$row['logo'];
[253]196 $_SESSION['fileout']=$row['fileout'];
197 $_SESSION['copyright']=$row['copyright'];
198 $_SESSION['versione']=$row['versione'];
199 $_SESSION['patch']=$row['patch'];
200 $_SESSION['id_comune']=$row['siteistat'];
[255]201 $_SESSION['multicomune']=$row['multicomune'];
202 $_SESSION['flash']=$row['flash'];
203 $_SESSION['displayerrors']=$row['displayerrors'];
204 $_SESSION['editor']=$row['editor'];
205 $_SESSION['tema_on']=$row['tema_on'];
206 $_SESSION['ed_user']=$row['ed_user'];
[332]207 $multicomune=$row['multicomune'];
[378]208}
[379]209
[2]210//fine
[358]211 if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
212 if (!isset($_SESSION['tema']))
213 $_SESSION['tema']='default';
214 $tema=$_SESSION['tema'];
215
[2]216if (isset($param['aid'])) {
[358]217 if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
[2]218 if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
[21]219 if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
[358]220 if (isset($_SESSION['aid'])){
[2]221 logout();//se hai gia' una sessione aperta non puoi postare 'aid'
222 }else{
223
[358]224 // $pwd2=$param['pwd'];
225 $mpwd=md5($pwd2);
[2]226
[358]227 // se superUserAdmin
228 ########
229 # $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
230 # $sth->execute();
231 # $row = $sth->fetch(PDO::FETCH_ASSOC);
232 if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
233 # if ($adminsuper==1) $id_comune2=0; else
234 $id_comune2=$id_comune;
235 $sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
236 $sth->execute();
237 $esiste=$sth->rowCount();
238 # $adminsuper=$row['adminsuper'];
239 $row = $sth->fetch(PDO::FETCH_ASSOC);
240 if(!$esiste) {
241 $msglogout=2;
242 logout();
243 }else{
244 if ($row['pwd']!=$mpwd) {
245 $msglogout=3;
246 logout();
247 }elseif($row['adminop']==1) {
248 $msglogout=1;
249 logout();
250 }
[254]251 $counter=$row['counter'];
252 $tmplang=$row['admlanguage'];
[2]253 if(strlen($tmplang)==2) $language=$tmplang;
[358]254 $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
[254]255 $sth->execute();
[358]256# $row = $sth->fetch(PDO::FETCH_ASSOC);
[2]257 if ($esiste==1) {
[255]258# $_SESSION['dbi']=$dbi;
[2]259 $_SESSION['aid']="$aid";
260 $_SESSION['pwd']="$mpwd";
261 $_SESSION['lang']="$language";
262 $_SESSION['id_comune']="$id_comune";
263 $_SESSION['prefix']="soraldo";
264 $_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
265 $_SESSION['bgcolor1']='#ffffff';
[269]266 $_SESSION['bgcolor2']='#c5c5c5';
267 if (!isset($op)) $op='consultazione';
[2]268 session_regenerate_id();
269 }
270 }
271 }
272}else{
[255]273#$_SESSION['dbi']=$dbi;
[2]274
[255]275}
[379]276# si settano le variabili per il controllo degli aggiornamenti
277if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
278{
[381]279 $sql="SELECT COLUMN_NAME
[379]280 FROM INFORMATION_SCHEMA.COLUMNS
281 WHERE TABLE_SCHEMA = '$dbname'
282 AND TABLE_NAME = '".$prefix."_config'
283 AND COLUMN_NAME = 'aggiornamento'";
284 $sth = $dbi->prepare($sql);
285 $sth->execute();
[381]286 if($sth->rowCount())
[379]287 {
[381]288 $sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
[379]289 $sth = $dbi->prepare($sql);
290 $sth->execute();
291 }
[381]292/* $sth = $dbi->prepare("select aggiornamento from ".$prefix."_config");
[379]293 $sth->execute();
294 list($agg)=$sth->fetch(PDO::FETCH_NUM);
[380]295 $_SESSION['aggiornamento']=$agg;*/
[379]296###########
297 $righe='';
298 if(phpversion()<5.6) $host="http://80.211.143.127";
299 else $host="https://trac.eleonline.it";
[380]300 $headers=get_headers("$host/ele3/changeset/");
301 $testurl=strlen($headers[0])>0?true:false;
302 if(!$testurl){
[379]303 $newrev=0;
304 }else{
[380]305 $file = file("$host/ele3/changeset/");
[379]306 $cntFile = count($file);
307 $fine=0;
308 $currentLine=0;
309
310 foreach ($file as $line_num => $line) {
311 if(strpos($line,'<title>') ) {$fine=1; continue;}
312 if ($fine){
313 $newrev=(int) filter_var($line, FILTER_SANITIZE_NUMBER_INT);
314 break;
315 }
316 }
317 }
318 include('versione.php');
319 $myrev=intval(substr($versione,-4,4));
[380]320# $_SESSION['aggiornamento']=$agg;
[379]321 $_SESSION['localrev']=$myrev;
322 $_SESSION['remoterev']=$newrev;
323 unset($file);
324# if($agg) include('aggiornamento.php');
325#die("local: ".$_SESSION['localrev'].$_SESSION['remoterev']);
326}
[358]327if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
328if(!isset($language)) $language=$_SESSION['lang'];
[2]329if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
330$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
[358]331
332if (isset($_SESSION['aid']))
[2]333{
334//lettura sessione
335$aid=$_SESSION['aid'];
[255]336#$dbi=$_SESSION['dbi'];
[2]337$prefix=$_SESSION['prefix'];
[254]338$id_comune=$_SESSION['id_comune'];
[358]339if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
[360]340if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
[2]341else {
[406]342# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
343 $sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1"; # TEST: and id_sez>0
[360]344 $rese = $dbi->prepare("$sql");
345 $rese->execute();
346 if($rese->rowCount())
347 {list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
348 else {
349 $sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
350 $sth = $dbi->prepare($sql);
351 $sth->execute();
352 $row = $sth->fetch(PDO::FETCH_BOTH);
353 if($sth->rowCount())
354 $id_cons_gen=$row[0];
355 else
356 $id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
357 }
358}
[2]359$currentlang=$_SESSION['lang'];
[358]360#$bgcolor1=$_SESSION['bgcolor1'];
[2]361$bgcolor2=$_SESSION['bgcolor2'];
362$bgcolor1='#e7e7e7';
363$session=$_SESSION['remote'];
364
365}
366
367
[361]368
[2]369/*********************************************************/
370/* Login Function */
371/*********************************************************/
[406]372function ChiSei($idcg){
373global $dbi, $msglogout, $id_cons_gen;
[2]374
375$aid=$_SESSION['aid'];
376$prefix=$_SESSION['prefix'];
377$pwd=$_SESSION['pwd'];
378$id_comune=$_SESSION['id_comune'];
[406]379#echo "prima: $idcg - dopo: $id_cons_gen<br>";
[2]380$perms=0;
[257]381$sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
382$sth = $dbi->prepare("$sql");
383$sth->execute();
384$row = $sth->fetch(PDO::FETCH_BOTH);
[254]385
386$adminsuper=$row[0];
387$admincomune=$row[1];
[361]388$oper=$row[2];
[2]389 if ($adminsuper==1)
390 return 256;
[359]391 elseif ($admincomune==1)
[358]392 return 64;
393# $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
[361]394 elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
395 else {
[406]396# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
397 $sql="select t1.id_cons, t1.id_cons_gen from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.chiusa='0' and t1.id_comune='$id_comune' and date_add(t2.data_fine, interval 3 day)>CURDATE()";
[361]398 $sth = $dbi->prepare("$sql");
[406]399 $sth->execute();
400 if(!$sth->rowCount()) { $msglogout=1; $perms=0; return $perms;}
401 list($id_cons,$idcg) = $sth->fetch(PDO::FETCH_NUM);
402 if (!$id_cons_gen) $id_cons_gen=$idcg;
[400]403 $sql="select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid'";
404 $sth = $dbi->prepare("$sql");
[406]405 $sth->execute();
[400]406 list($perms) = $sth->fetch(PDO::FETCH_NUM);
[406]407 return $perms;
[361]408 }
[2]409}
410
411function OpenTable(){
412echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
413}
414
415function CloseTable(){
416echo "</table>";
417}
418
419function login() {
[406]420 global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $perms, $msglogout;#, $id_cons_gen
[2]421 if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
[31]422 if (!isset($id_comune)) $id_comune=0;
[358]423 if(isset($_SESSION['aid'])){
424 session_regenerate_id();
425 }
426 $lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
[2]427 $id_ses=session_id();
[358]428
[2]429 //include("modules/Elezioni/language/lang-$lang.php");
[358]430 if($multicomune==''){
431 $sth = $dbi->prepare("select multicomune from ".$prefix."_config");
432 $sth->execute();
433 list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
434 }
[2]435 include ("header.php");
436 echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
[358]437 if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
438 elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
439 elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
[361]440 elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
[358]441 echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
[80]442 ."<table class=\"table-menu\">"
[2]443 ."<tr><td>"._ADMINID."</td>"
444 ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
445 ."<tr><td>"._PASSWORD."</td>"
446 ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
447 ."<tr><td>";
448 // scelta comune
449 if($multicomune=='1'){
450 echo ""._COMUNE."</td><td>";
[332]451 $sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
452 $sth = $dbi->prepare("$sql");
453 $sth->execute();
454 $row = $sth->fetchAll();
[2]455 echo "<select name=\"id_comune\">";
[255]456 foreach($row as $comuni)
457 {$id=$comuni[0];$descrizione=$comuni[1];
[2]458 $sel=($id == $id_comune) ? "selected":"";
459 echo "<option value=\"$id\" $sel>$descrizione";
460 }
461 }else{
462 echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
463 }
464// echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
465 if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
466 echo "</td></tr><tr><td>";
467 echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
468 echo "<input type=\"submit\" VALUE=\""._OK."\">"
469 ."</td></tr></table>"
470 ."</form></div>";
471
472 include ("footer.php");
473}
474
475function logout()
476{
477/* $lang=$_SESSION['lang'];
478$id_comune=$_SESSION['id_comune'];
479// setcookie ("PHPSESSID", "", time() - 3600);
480 session_cache_expire (0);
481 $_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
482 session_unset();
483 session_destroy();
484 Header("Location: admin.php?id_comune=$id_comune&language=$lang");
485*/
[360]486
[358]487global $siteistat,$perms,$msglogout;
[359]488$language=$_SESSION['lang'];
[2]489$ref="Location: admin.php?";
[358]490#$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
[2]491if (isset($_SESSION['id_comune']))
492$id_comune=$_SESSION['id_comune'];
493else
494$id_comune=$siteistat;
495$ref=$ref."id_comune=".$id_comune;
496
497if (isset($_SESSION['lang']))
[359]498$ref=$ref."&language=$language";
[358]499$ref.="&msglogout=$msglogout";
[2]500$_SESSION=array();
501session_unset();
502session_destroy();
[291]503session_cache_expire (0);
[2]504Header($ref);
505
506}
[358]507#include("TEST tema: $tema--");
508#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
[406]509#die( "$sql <br> TEST id_cons_gen:$id_cons_gen:".$_SESSION['id_cons_gen']);
[358]510if(isset($id_cons_gen) and isset($id_comune)){
[406]511 if(!isset($id_cons)){
[358]512# $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
513 $sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
514 $sth = $dbi->prepare("$sql");
515 $sth->execute();
[360]516 if ($sth->rowCount()) {
517 list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
518 $_SESSION['id_cons']=$id_cons;
519 }
[358]520 }
521 if(isset($id_cons)) {
[360]522 $sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune";
[397]523 try {
524 $resmod = $dbi->prepare("$sql");
525 $resmod->execute();
526 }catch(PDOException $e)
527 {
528# echo "Viene eseguito un aggiornamento forzato del db<br>";
529 $_SESSION['forzadb']=1;
530 include("modules/Elezioni/aggiornamento.php");
531
532 die();
533 }
[406]534 list($id_sez) = $resmod->fetch(PDO::FETCH_NUM);
535 if($id_sez) {
536 $sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
[360]537 $resmod = $dbi->prepare("$sql");
538 $resmod->execute();
539 if ($resmod->rowCount()>0) {
[406]540 list($id_cons_gen, $desc,$id_cons)=$resmod->fetch(PDO::FETCH_NUM);
541 $tema='Futura2';
[360]542 $_SESSION['tema']=$tema;
[361]543 } #else {die("TEST: $sql"); logout();}
[360]544 }
[406]545 }
546$perms=ChiSei($id_cons_gen);
[361]547if($perms==0) {logout();}
[358]548}
[359]549
[255]550#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
[344]551if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
[2]552//if (isset($param['op'])) $op=$param['op']; else $op='ele';
[360]553#
[406]554#die("TEST: qui2 op:$op - $aid $id_cons $id_sez ".$_SESSION['aid']);
[369]555
[2]556if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
[358]557 if($tema=='Futura2' and $op!='logout')
558 {
[359]559 include("temi/$tema/index.php");
[358]560 }else
[2]561switch($op) {
562 case "tipo":
563 include("modules/Elezioni/ele_tipi.php");
564 break;
[379]565 case "aggiorna":
566 include("modules/Elezioni/aggiornamento.php");
567 break;
[2]568 case "constipi":
569 include("modules/Elezioni/ele_consultazionitipi.php");
570 break;
571 case "parziali":
572 include("modules/Elezioni/ele_parziali.php");
573 break;
574 case "ele":
575 include("modules/Elezioni/ele.php");
576 break;
577 case "consultazione":
578 include("modules/Elezioni/ele_consultazioni.php");
579 break;
580 case "configurazione":
581 include("modules/Elezioni/ele_configurazione.php");
582 break;
583 case "cons_comuni":
584 include("modules/Elezioni/ele_cons_comuni.php");
585 break;
586 case "confconsiglio":
587 include("modules/Elezioni/ele_confcons.php");
588 break;
589 case "inscomuni":
590 include("modules/Elezioni/ele_comuni.php");
591 break;
592 case "oper_admin":
593 include("modules/Elezioni/ele_operatori.php");
594 break;
595 case "inscollegi":
596 include("modules/Elezioni/ele_collegi.php");
597 break;
598 case "associazioni":
599 include("modules/Elezioni/ele_associazioni.php");
600 break;
601 case "operatori":
602 include("modules/Elezioni/ele_operatori.php");
603 break;
604 case "permessi":
605 include("modules/Elezioni/ele_permessi.php");
606 break;
607 case "circo":
608 include("modules/Elezioni/ele_circo.php");
609 break;
610 case "sede":
611 include("modules/Elezioni/ele_sede.php");
612 break;
613case "sezione":
614 include("modules/Elezioni/ele_sezione.php");
615 break;
616case "gruppo":
617 include("modules/Elezioni/ele_gruppo.php");
618 break;
619case "rec_add_aff":
620 include("modules/Elezioni/ele_affluenze.php");
621 break;
622case "rec_add_mod":
623 include("modules/Elezioni/ele_modelli.php");
624 break;
625case "upgruppo":
626 include("modules/Elezioni/ele_gruppo.php");
627 break;
628case "delimggruppo":
629 include("modules/Elezioni/ele_gruppo.php");
630 break;
631case "lista":
632 include("modules/Elezioni/ele_lista.php");
633 break;
634case "uplista":
635 include("modules/Elezioni/ele_lista.php");
636 break;
637case "delimglista":
638 include("modules/Elezioni/ele_lista.php");
639 break;
640case "candidato":
641 include("modules/Elezioni/ele_candidato.php");
642 break;
643case "upcandidato":
644 include("modules/Elezioni/ele_candidato.php");
645 break;
646case "delimgcandidato":
647 include("modules/Elezioni/ele_candidato.php");
648 break;
649
650case "voti":
651 include("modules/Elezioni/ele_voti.php");
652 break;
653case "sezioni_voti":
654 include("modules/Elezioni/ele_voti.php");
655 break;
656case "rec_voti":
657 include("modules/Elezioni/ele_voti.php");
658 break;
659case "rec_voti_gruppi":
660 include("modules/Elezioni/ele_voti.php");
661 break;
662case "rec_add_votanti":
663 include("modules/Elezioni/ele_voti.php");
664 break;
665case "rec_finale":
666 include("modules/Elezioni/ele_voti.php");
667 break;
668case "controllo_voti":
669 include("modules/Elezioni/controllo_voti.php");
670 break;
671case "controllo_votanti":
672 include("modules/Elezioni/controllo_votanti.php");
673 break;
674case "come":
675 include("modules/Elezioni/ele_come.php");
676 break;
677case "numeri":
678 include("modules/Elezioni/ele_come.php");
679 break;
680case "servizi":
681 include("modules/Elezioni/ele_come.php");
682 break;
683case "link":
684 include("modules/Elezioni/ele_come.php");
685 break;
686case "conf":
687 include("modules/Elezioni/ele_conf.php");
688 break;
689case "stampa":
690 include("modules/Elezioni/ele_stampe.php");
691 break;
692case "cambiopwd":
693 include("modules/Elezioni/ele_pwd.php");
694 break;
695case "eletti":
696 include("modules/Elezioni/ele_eletti.php");
697 break;
698case "foto":
699 include("modules/Elezioni/foto.php");
700 break;
701case "consiglieri":
702 include("modules/Elezioni/ele_consiglieri.php");
703 break;
704case "backup":
705 include("modules/Elezioni/backup.php");
706 break;
707case "restore":
708 include("modules/Elezioni/restore.php");
709 break;
710case "scarica":
711 include("modules/Elezioni/scarica.php");
712 break;
713case "importa":
714 include("modules/Elezioni/importa.php");
715 break;
[80]716case "widget":
717 include("modules/Elezioni/ele_widget.php");
[2]718 break;
[139]719case "riepilogo":
720 include("modules/Elezioni/ele_riepilogo.php");
721 break;
[254]722case "riepilogovoti":
723 include("modules/Elezioni/ele_riepilogovoti.php");
724 break;
[2]725case "logout":
726 logout();
727 break;
728}
[258]729
[2]730}else {
731
732 login();
733
734}
735
736?>
Note: See TracBrowser for help on using the repository browser.