[2] | 1 | <?php
|
---|
| 2 |
|
---|
| 3 | /************************************************************************/
|
---|
| 4 | /* Eleonline - Raccolta e diffusione dei dati elettorali */
|
---|
| 5 | /* by Roberto Gigli & Luciano Apolito */
|
---|
| 6 | /* http://www.eleonline.it */
|
---|
| 7 | /* info@eleonline.it luciano@aniene.net rgigli@libero.it */
|
---|
| 8 | /************************************************************************/
|
---|
| 9 | /* Admin */
|
---|
| 10 | /* Amministrazione */
|
---|
| 11 | /************************************************************************/
|
---|
| 12 |
|
---|
| 13 | /* Descrizione file admin.php =
|
---|
| 14 | effettua il login o il rilancio alla gestione */
|
---|
| 15 |
|
---|
| 16 | define('ADMIN_FILE', true);
|
---|
| 17 | #$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
|
---|
[35] | 18 | # tempo di sessione: ini_set('session.gc_maxlifetime','3600');
|
---|
[361] | 19 | global $multicomune,$msglogout,$language,$id_sez;
|
---|
[2] | 20 |
|
---|
| 21 | // Adattamento variabili superglobal
|
---|
| 22 | // Versione di php
|
---|
| 23 | $phpver = phpversion();
|
---|
[255] | 24 | global $dbi;
|
---|
[2] | 25 | // converte superglobal se php e' < 4.1.0
|
---|
| 26 |
|
---|
| 27 | if ($phpver < '4.1.0') {
|
---|
| 28 | $_GET = $HTTP_GET_VARS;
|
---|
| 29 | $_POST = $HTTP_POST_VARS;
|
---|
| 30 | $_SERVER = $HTTP_SERVER_VARS;
|
---|
| 31 | $_FILES = $HTTP_POST_FILES;
|
---|
| 32 | $_ENV = $HTTP_ENV_VARS;
|
---|
| 33 | if($_SERVER['REQUEST_METHOD'] == "POST") {
|
---|
| 34 | $_REQUEST = $_POST;
|
---|
| 35 | } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
|
---|
| 36 | $_REQUEST = $_GET;
|
---|
| 37 | }
|
---|
| 38 | if(isset($HTTP_COOKIE_VARS)) {
|
---|
| 39 | $_COOKIE = $HTTP_COOKIE_VARS;
|
---|
| 40 | }
|
---|
| 41 | if(isset($HTTP_SESSION_VARS)) {
|
---|
| 42 | $_SESSION = $HTTP_SESSION_VARS;
|
---|
| 43 | }
|
---|
| 44 | }
|
---|
| 45 |
|
---|
| 46 | $param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
|
---|
[344] | 47 | if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
|
---|
[358] | 48 | if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
|
---|
| 49 | if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
|
---|
| 50 |
|
---|
[2] | 51 | // Additional security (Union, CLike, XSS)
|
---|
| 52 |
|
---|
| 53 | // We want to use the function stripos,
|
---|
| 54 | // but thats only available since PHP5.
|
---|
| 55 | // So we cloned the function...
|
---|
| 56 | if(!function_exists('stripos')) {
|
---|
| 57 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
| 58 | return strpos(strtoupper($haystack), strtoupper($needle), $offset);
|
---|
| 59 | }
|
---|
| 60 | } else {
|
---|
| 61 | // But when this is PHP5, we use the original function
|
---|
| 62 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
| 63 | return stripos($haystack, $needle, $offset=0);
|
---|
| 64 | }
|
---|
| 65 | }
|
---|
| 66 |
|
---|
| 67 | if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
|
---|
| 68 | $queryString = $_SERVER['QUERY_STRING'];
|
---|
| 69 | if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
|
---|
| 70 | die('Operazione non consentita');
|
---|
| 71 | }
|
---|
| 72 | }
|
---|
| 73 |
|
---|
| 74 |
|
---|
| 75 | foreach ($_GET as $sec_key => $secvalue) {
|
---|
[21] | 76 | if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
|
---|
| 77 | (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 78 | (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 79 | (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 80 | (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 81 | (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 82 | (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 83 | (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 84 | (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 85 | (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 86 | (preg_match("/\"/", $secvalue)) ||
|
---|
| 87 | (preg_match("/inside_mod/i", $sec_key))) {
|
---|
[2] | 88 | die ("Operazione non consentita");
|
---|
| 89 | }
|
---|
| 90 | }
|
---|
| 91 |
|
---|
| 92 | foreach ($_POST as $secvalue) {
|
---|
[21] | 93 | if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
|
---|
[2] | 94 | die ('Operazione non consentita');
|
---|
| 95 | }
|
---|
| 96 | }
|
---|
| 97 |
|
---|
| 98 | // Posting from other servers in not allowed
|
---|
| 99 | // Fix by Quake
|
---|
| 100 | // Bug found by PeNdEjO
|
---|
| 101 |
|
---|
| 102 | if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
---|
| 103 | if (isset($_SERVER['HTTP_REFERER'])) {
|
---|
| 104 | if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
|
---|
| 105 | die('Posting da un altro server non consentito!');
|
---|
| 106 | }
|
---|
| 107 | } else {
|
---|
| 108 | # die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
|
---|
| 109 | }
|
---|
| 110 | }
|
---|
| 111 |
|
---|
| 112 |
|
---|
| 113 |
|
---|
| 114 |
|
---|
| 115 |
|
---|
| 116 |
|
---|
| 117 |
|
---|
| 118 | //===================================================================
|
---|
| 119 | session_name('sesadmin');
|
---|
[255] | 120 | #session_start();//MODIFICHE PER GESTIONE SESSIONI
|
---|
[2] | 121 | // gestione sessione
|
---|
[255] | 122 | $a = session_id();
|
---|
| 123 | if(empty($a)) session_start();
|
---|
| 124 | #echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
|
---|
[2] | 125 |
|
---|
[246] | 126 | if (file_exists("config.php")){
|
---|
| 127 | $install="0"; @require_once("config.php");
|
---|
| 128 | }else{
|
---|
| 129 | $install="1";
|
---|
| 130 | }
|
---|
[2] | 131 |
|
---|
[154] | 132 | # verifica se effettuata la configurazione
|
---|
[246] | 133 | if(empty($dbname) || $install=="1") {
|
---|
[230] | 134 | die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
|
---|
[154] | 135 | }
|
---|
[2] | 136 |
|
---|
[376] | 137 | $dsn = "mysql:host=$dbhost";
|
---|
[377] | 138 | $opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
|
---|
[376] | 139 | if($prefix == '') {
|
---|
| 140 | db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
|
---|
| 141 | }
|
---|
| 142 | try
|
---|
| 143 | {
|
---|
| 144 | $dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
|
---|
| 145 | }
|
---|
| 146 | catch(PDOException $e)
|
---|
| 147 | {
|
---|
| 148 | echo $sql . "<br>" . $e->getMessage();die();
|
---|
| 149 | }
|
---|
| 150 | $sql = "use $dbname";
|
---|
| 151 | try
|
---|
| 152 | {
|
---|
| 153 | $dbi->exec($sql);
|
---|
| 154 | }
|
---|
| 155 | catch(PDOException $e)
|
---|
| 156 | {
|
---|
| 157 | echo $sql . "<br>" . $e->getMessage();
|
---|
| 158 | }
|
---|
| 159 | $sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
|
---|
| 160 | $sth->execute();
|
---|
| 161 | $sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
|
---|
| 162 | $sth->execute();
|
---|
| 163 | $sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
|
---|
| 164 | $sth->execute();
|
---|
| 165 | $sth = $dbi->prepare("SET CHARACTER SET utf8");
|
---|
| 166 | $sth->execute();
|
---|
[154] | 167 |
|
---|
[376] | 168 | $sth = $dbi->prepare("SET NAMES 'utf8'");
|
---|
| 169 | $sth->execute();
|
---|
| 170 | $sth = $dbi->prepare("select * from ".$prefix."_config");
|
---|
| 171 | $sth->execute();
|
---|
[154] | 172 |
|
---|
[253] | 173 | # $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
|
---|
| 174 | # mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
|
---|
| 175 | ## mysql_query("SET NAMES 'utf8'", $dbi);
|
---|
[2] | 176 | //---10/05/2009 gestione consultazione predefinita
|
---|
[376] | 177 | $sth = $dbi->prepare("select * from ".$prefix."_config");
|
---|
| 178 | $sth->execute();
|
---|
| 179 | $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
| 180 | #$row = $sth->fetchAll();
|
---|
| 181 | $siteistat=$row['siteistat'];
|
---|
[2] | 182 | if (!isset($_SESSION['id_comune'])){
|
---|
[253] | 183 | $_SESSION['sitename']=$row['sitename'];
|
---|
| 184 | $_SESSION['siteurl']=$row['siteurl'];
|
---|
| 185 | $_SESSION['site_logo']=$row['site_logo'];
|
---|
| 186 | $_SESSION['slogan']=$row['slogan'];
|
---|
| 187 | $_SESSION['startdate']=$row['startdate'];
|
---|
| 188 | $_SESSION['adminmail']=$row['adminmail'];
|
---|
[358] | 189 | # if (isset($tema) and $tema=='facebook')
|
---|
| 190 | # $_SESSION['tema']=$row['tema'];
|
---|
[253] | 191 | $_SESSION['foot']=$row['foot'];
|
---|
| 192 | $_SESSION['lang']=$row['language'];
|
---|
| 193 | $_SESSION['blocco']=$row['blocco'];
|
---|
| 194 | $_SESSION['testata']=$row['testata'];
|
---|
[255] | 195 | # $_SESSION['logo']=$row['logo'];
|
---|
[253] | 196 | $_SESSION['fileout']=$row['fileout'];
|
---|
| 197 | $_SESSION['copyright']=$row['copyright'];
|
---|
| 198 | $_SESSION['versione']=$row['versione'];
|
---|
| 199 | $_SESSION['patch']=$row['patch'];
|
---|
| 200 | $_SESSION['id_comune']=$row['siteistat'];
|
---|
[255] | 201 | $_SESSION['multicomune']=$row['multicomune'];
|
---|
| 202 | $_SESSION['flash']=$row['flash'];
|
---|
| 203 | $_SESSION['displayerrors']=$row['displayerrors'];
|
---|
| 204 | $_SESSION['editor']=$row['editor'];
|
---|
| 205 | $_SESSION['tema_on']=$row['tema_on'];
|
---|
| 206 | $_SESSION['ed_user']=$row['ed_user'];
|
---|
[332] | 207 | $multicomune=$row['multicomune'];
|
---|
[378] | 208 | }
|
---|
[379] | 209 |
|
---|
[2] | 210 | //fine
|
---|
[358] | 211 | if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
|
---|
| 212 | if (!isset($_SESSION['tema']))
|
---|
| 213 | $_SESSION['tema']='default';
|
---|
| 214 | $tema=$_SESSION['tema'];
|
---|
| 215 |
|
---|
[2] | 216 | if (isset($param['aid'])) {
|
---|
[358] | 217 | if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
|
---|
[2] | 218 | if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
|
---|
[21] | 219 | if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
|
---|
[358] | 220 | if (isset($_SESSION['aid'])){
|
---|
[2] | 221 | logout();//se hai gia' una sessione aperta non puoi postare 'aid'
|
---|
| 222 | }else{
|
---|
| 223 |
|
---|
[358] | 224 | // $pwd2=$param['pwd'];
|
---|
| 225 | $mpwd=md5($pwd2);
|
---|
[2] | 226 |
|
---|
[358] | 227 | // se superUserAdmin
|
---|
| 228 | ########
|
---|
| 229 | # $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
|
---|
| 230 | # $sth->execute();
|
---|
| 231 | # $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
| 232 | if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
|
---|
| 233 | # if ($adminsuper==1) $id_comune2=0; else
|
---|
| 234 | $id_comune2=$id_comune;
|
---|
[416] | 235 | $sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where binary aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
|
---|
[358] | 236 | $sth->execute();
|
---|
| 237 | $esiste=$sth->rowCount();
|
---|
| 238 | # $adminsuper=$row['adminsuper'];
|
---|
| 239 | $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
| 240 | if(!$esiste) {
|
---|
| 241 | $msglogout=2;
|
---|
| 242 | logout();
|
---|
| 243 | }else{
|
---|
| 244 | if ($row['pwd']!=$mpwd) {
|
---|
| 245 | $msglogout=3;
|
---|
| 246 | logout();
|
---|
| 247 | }elseif($row['adminop']==1) {
|
---|
| 248 | $msglogout=1;
|
---|
| 249 | logout();
|
---|
| 250 | }
|
---|
[254] | 251 | $counter=$row['counter'];
|
---|
| 252 | $tmplang=$row['admlanguage'];
|
---|
[2] | 253 | if(strlen($tmplang)==2) $language=$tmplang;
|
---|
[358] | 254 | $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
|
---|
[254] | 255 | $sth->execute();
|
---|
[358] | 256 | # $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
[2] | 257 | if ($esiste==1) {
|
---|
[255] | 258 | # $_SESSION['dbi']=$dbi;
|
---|
[2] | 259 | $_SESSION['aid']="$aid";
|
---|
| 260 | $_SESSION['pwd']="$mpwd";
|
---|
| 261 | $_SESSION['lang']="$language";
|
---|
| 262 | $_SESSION['id_comune']="$id_comune";
|
---|
| 263 | $_SESSION['prefix']="soraldo";
|
---|
| 264 | $_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
|
---|
| 265 | $_SESSION['bgcolor1']='#ffffff';
|
---|
[269] | 266 | $_SESSION['bgcolor2']='#c5c5c5';
|
---|
| 267 | if (!isset($op)) $op='consultazione';
|
---|
[2] | 268 | session_regenerate_id();
|
---|
| 269 | }
|
---|
| 270 | }
|
---|
| 271 | }
|
---|
| 272 | }else{
|
---|
[255] | 273 | #$_SESSION['dbi']=$dbi;
|
---|
[2] | 274 |
|
---|
[255] | 275 | }
|
---|
[379] | 276 | # si settano le variabili per il controllo degli aggiornamenti
|
---|
| 277 | if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
|
---|
| 278 | {
|
---|
[381] | 279 | $sql="SELECT COLUMN_NAME
|
---|
[379] | 280 | FROM INFORMATION_SCHEMA.COLUMNS
|
---|
| 281 | WHERE TABLE_SCHEMA = '$dbname'
|
---|
| 282 | AND TABLE_NAME = '".$prefix."_config'
|
---|
| 283 | AND COLUMN_NAME = 'aggiornamento'";
|
---|
| 284 | $sth = $dbi->prepare($sql);
|
---|
| 285 | $sth->execute();
|
---|
[381] | 286 | if($sth->rowCount())
|
---|
[379] | 287 | {
|
---|
[381] | 288 | $sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
|
---|
[379] | 289 | $sth = $dbi->prepare($sql);
|
---|
| 290 | $sth->execute();
|
---|
| 291 | }
|
---|
[381] | 292 | /* $sth = $dbi->prepare("select aggiornamento from ".$prefix."_config");
|
---|
[379] | 293 | $sth->execute();
|
---|
| 294 | list($agg)=$sth->fetch(PDO::FETCH_NUM);
|
---|
[380] | 295 | $_SESSION['aggiornamento']=$agg;*/
|
---|
[379] | 296 | ###########
|
---|
| 297 | $righe='';
|
---|
| 298 | if(phpversion()<5.6) $host="http://80.211.143.127";
|
---|
| 299 | else $host="https://trac.eleonline.it";
|
---|
[380] | 300 | $headers=get_headers("$host/ele3/changeset/");
|
---|
| 301 | $testurl=strlen($headers[0])>0?true:false;
|
---|
| 302 | if(!$testurl){
|
---|
[379] | 303 | $newrev=0;
|
---|
| 304 | }else{
|
---|
[380] | 305 | $file = file("$host/ele3/changeset/");
|
---|
[379] | 306 | $cntFile = count($file);
|
---|
| 307 | $fine=0;
|
---|
| 308 | $currentLine=0;
|
---|
| 309 |
|
---|
| 310 | foreach ($file as $line_num => $line) {
|
---|
| 311 | if(strpos($line,'<title>') ) {$fine=1; continue;}
|
---|
| 312 | if ($fine){
|
---|
| 313 | $newrev=(int) filter_var($line, FILTER_SANITIZE_NUMBER_INT);
|
---|
| 314 | break;
|
---|
| 315 | }
|
---|
| 316 | }
|
---|
| 317 | }
|
---|
| 318 | include('versione.php');
|
---|
| 319 | $myrev=intval(substr($versione,-4,4));
|
---|
[380] | 320 | # $_SESSION['aggiornamento']=$agg;
|
---|
[379] | 321 | $_SESSION['localrev']=$myrev;
|
---|
| 322 | $_SESSION['remoterev']=$newrev;
|
---|
| 323 | unset($file);
|
---|
| 324 | # if($agg) include('aggiornamento.php');
|
---|
| 325 | #die("local: ".$_SESSION['localrev'].$_SESSION['remoterev']);
|
---|
| 326 | }
|
---|
[358] | 327 | if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
|
---|
| 328 | if(!isset($language)) $language=$_SESSION['lang'];
|
---|
[2] | 329 | if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
|
---|
| 330 | $currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
|
---|
[358] | 331 |
|
---|
| 332 | if (isset($_SESSION['aid']))
|
---|
[2] | 333 | {
|
---|
| 334 | //lettura sessione
|
---|
| 335 | $aid=$_SESSION['aid'];
|
---|
[255] | 336 | #$dbi=$_SESSION['dbi'];
|
---|
[2] | 337 | $prefix=$_SESSION['prefix'];
|
---|
[254] | 338 | $id_comune=$_SESSION['id_comune'];
|
---|
[358] | 339 | if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
|
---|
[360] | 340 | if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
|
---|
[2] | 341 | else {
|
---|
[406] | 342 | # $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
|
---|
| 343 | $sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1"; # TEST: and id_sez>0
|
---|
[360] | 344 | $rese = $dbi->prepare("$sql");
|
---|
| 345 | $rese->execute();
|
---|
| 346 | if($rese->rowCount())
|
---|
| 347 | {list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
|
---|
| 348 | else {
|
---|
| 349 | $sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
|
---|
| 350 | $sth = $dbi->prepare($sql);
|
---|
| 351 | $sth->execute();
|
---|
| 352 | $row = $sth->fetch(PDO::FETCH_BOTH);
|
---|
| 353 | if($sth->rowCount())
|
---|
| 354 | $id_cons_gen=$row[0];
|
---|
| 355 | else
|
---|
| 356 | $id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
|
---|
| 357 | }
|
---|
| 358 | }
|
---|
[2] | 359 | $currentlang=$_SESSION['lang'];
|
---|
[358] | 360 | #$bgcolor1=$_SESSION['bgcolor1'];
|
---|
[2] | 361 | $bgcolor2=$_SESSION['bgcolor2'];
|
---|
| 362 | $bgcolor1='#e7e7e7';
|
---|
| 363 | $session=$_SESSION['remote'];
|
---|
| 364 |
|
---|
| 365 | }
|
---|
| 366 |
|
---|
| 367 |
|
---|
[361] | 368 |
|
---|
[2] | 369 | /*********************************************************/
|
---|
| 370 | /* Login Function */
|
---|
| 371 | /*********************************************************/
|
---|
[406] | 372 | function ChiSei($idcg){
|
---|
| 373 | global $dbi, $msglogout, $id_cons_gen;
|
---|
[2] | 374 |
|
---|
| 375 | $aid=$_SESSION['aid'];
|
---|
| 376 | $prefix=$_SESSION['prefix'];
|
---|
| 377 | $pwd=$_SESSION['pwd'];
|
---|
| 378 | $id_comune=$_SESSION['id_comune'];
|
---|
[406] | 379 | #echo "prima: $idcg - dopo: $id_cons_gen<br>";
|
---|
[2] | 380 | $perms=0;
|
---|
[257] | 381 | $sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
|
---|
| 382 | $sth = $dbi->prepare("$sql");
|
---|
| 383 | $sth->execute();
|
---|
| 384 | $row = $sth->fetch(PDO::FETCH_BOTH);
|
---|
[254] | 385 |
|
---|
| 386 | $adminsuper=$row[0];
|
---|
| 387 | $admincomune=$row[1];
|
---|
[361] | 388 | $oper=$row[2];
|
---|
[2] | 389 | if ($adminsuper==1)
|
---|
| 390 | return 256;
|
---|
[359] | 391 | elseif ($admincomune==1)
|
---|
[358] | 392 | return 64;
|
---|
| 393 | # $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
|
---|
[361] | 394 | elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
|
---|
| 395 | else {
|
---|
[406] | 396 | # $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
|
---|
| 397 | $sql="select t1.id_cons, t1.id_cons_gen from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.chiusa='0' and t1.id_comune='$id_comune' and date_add(t2.data_fine, interval 3 day)>CURDATE()";
|
---|
[361] | 398 | $sth = $dbi->prepare("$sql");
|
---|
[406] | 399 | $sth->execute();
|
---|
| 400 | if(!$sth->rowCount()) { $msglogout=1; $perms=0; return $perms;}
|
---|
| 401 | list($id_cons,$idcg) = $sth->fetch(PDO::FETCH_NUM);
|
---|
| 402 | if (!$id_cons_gen) $id_cons_gen=$idcg;
|
---|
[400] | 403 | $sql="select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid'";
|
---|
| 404 | $sth = $dbi->prepare("$sql");
|
---|
[406] | 405 | $sth->execute();
|
---|
[400] | 406 | list($perms) = $sth->fetch(PDO::FETCH_NUM);
|
---|
[406] | 407 | return $perms;
|
---|
[361] | 408 | }
|
---|
[2] | 409 | }
|
---|
| 410 |
|
---|
| 411 | function OpenTable(){
|
---|
| 412 | echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
|
---|
| 413 | }
|
---|
| 414 |
|
---|
| 415 | function CloseTable(){
|
---|
| 416 | echo "</table>";
|
---|
| 417 | }
|
---|
| 418 |
|
---|
| 419 | function login() {
|
---|
[406] | 420 | global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $perms, $msglogout;#, $id_cons_gen
|
---|
[2] | 421 | if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
|
---|
[31] | 422 | if (!isset($id_comune)) $id_comune=0;
|
---|
[358] | 423 | if(isset($_SESSION['aid'])){
|
---|
| 424 | session_regenerate_id();
|
---|
| 425 | }
|
---|
| 426 | $lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
|
---|
[2] | 427 | $id_ses=session_id();
|
---|
[358] | 428 |
|
---|
[2] | 429 | //include("modules/Elezioni/language/lang-$lang.php");
|
---|
[358] | 430 | if($multicomune==''){
|
---|
| 431 | $sth = $dbi->prepare("select multicomune from ".$prefix."_config");
|
---|
| 432 | $sth->execute();
|
---|
| 433 | list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
|
---|
| 434 | }
|
---|
[2] | 435 | include ("header.php");
|
---|
| 436 | echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
|
---|
[358] | 437 | if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
|
---|
| 438 | elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
|
---|
| 439 | elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
|
---|
[361] | 440 | elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
|
---|
[358] | 441 | echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
|
---|
[80] | 442 | ."<table class=\"table-menu\">"
|
---|
[2] | 443 | ."<tr><td>"._ADMINID."</td>"
|
---|
| 444 | ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
|
---|
| 445 | ."<tr><td>"._PASSWORD."</td>"
|
---|
| 446 | ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
|
---|
| 447 | ."<tr><td>";
|
---|
| 448 | // scelta comune
|
---|
| 449 | if($multicomune=='1'){
|
---|
| 450 | echo ""._COMUNE."</td><td>";
|
---|
[332] | 451 | $sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
|
---|
| 452 | $sth = $dbi->prepare("$sql");
|
---|
| 453 | $sth->execute();
|
---|
| 454 | $row = $sth->fetchAll();
|
---|
[2] | 455 | echo "<select name=\"id_comune\">";
|
---|
[255] | 456 | foreach($row as $comuni)
|
---|
| 457 | {$id=$comuni[0];$descrizione=$comuni[1];
|
---|
[2] | 458 | $sel=($id == $id_comune) ? "selected":"";
|
---|
| 459 | echo "<option value=\"$id\" $sel>$descrizione";
|
---|
| 460 | }
|
---|
| 461 | }else{
|
---|
| 462 | echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
|
---|
| 463 | }
|
---|
| 464 | // echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
|
---|
| 465 | if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
|
---|
| 466 | echo "</td></tr><tr><td>";
|
---|
| 467 | echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
|
---|
| 468 | echo "<input type=\"submit\" VALUE=\""._OK."\">"
|
---|
| 469 | ."</td></tr></table>"
|
---|
| 470 | ."</form></div>";
|
---|
| 471 |
|
---|
| 472 | include ("footer.php");
|
---|
| 473 | }
|
---|
| 474 |
|
---|
| 475 | function logout()
|
---|
| 476 | {
|
---|
| 477 | /* $lang=$_SESSION['lang'];
|
---|
| 478 | $id_comune=$_SESSION['id_comune'];
|
---|
| 479 | // setcookie ("PHPSESSID", "", time() - 3600);
|
---|
| 480 | session_cache_expire (0);
|
---|
| 481 | $_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
|
---|
| 482 | session_unset();
|
---|
| 483 | session_destroy();
|
---|
| 484 | Header("Location: admin.php?id_comune=$id_comune&language=$lang");
|
---|
| 485 | */
|
---|
[360] | 486 |
|
---|
[358] | 487 | global $siteistat,$perms,$msglogout;
|
---|
[359] | 488 | $language=$_SESSION['lang'];
|
---|
[2] | 489 | $ref="Location: admin.php?";
|
---|
[358] | 490 | #$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
|
---|
[2] | 491 | if (isset($_SESSION['id_comune']))
|
---|
| 492 | $id_comune=$_SESSION['id_comune'];
|
---|
| 493 | else
|
---|
| 494 | $id_comune=$siteistat;
|
---|
| 495 | $ref=$ref."id_comune=".$id_comune;
|
---|
| 496 |
|
---|
| 497 | if (isset($_SESSION['lang']))
|
---|
[359] | 498 | $ref=$ref."&language=$language";
|
---|
[358] | 499 | $ref.="&msglogout=$msglogout";
|
---|
[2] | 500 | $_SESSION=array();
|
---|
| 501 | session_unset();
|
---|
| 502 | session_destroy();
|
---|
[291] | 503 | session_cache_expire (0);
|
---|
[2] | 504 | Header($ref);
|
---|
| 505 |
|
---|
| 506 | }
|
---|
[358] | 507 | #include("TEST tema: $tema--");
|
---|
| 508 | #include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
|
---|
[406] | 509 | #die( "$sql <br> TEST id_cons_gen:$id_cons_gen:".$_SESSION['id_cons_gen']);
|
---|
[358] | 510 | if(isset($id_cons_gen) and isset($id_comune)){
|
---|
[406] | 511 | if(!isset($id_cons)){
|
---|
[358] | 512 | # $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
|
---|
| 513 | $sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
|
---|
| 514 | $sth = $dbi->prepare("$sql");
|
---|
| 515 | $sth->execute();
|
---|
[360] | 516 | if ($sth->rowCount()) {
|
---|
| 517 | list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
|
---|
| 518 | $_SESSION['id_cons']=$id_cons;
|
---|
| 519 | }
|
---|
[358] | 520 | }
|
---|
| 521 | if(isset($id_cons)) {
|
---|
[360] | 522 | $sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune";
|
---|
[397] | 523 | try {
|
---|
| 524 | $resmod = $dbi->prepare("$sql");
|
---|
| 525 | $resmod->execute();
|
---|
| 526 | }catch(PDOException $e)
|
---|
| 527 | {
|
---|
| 528 | # echo "Viene eseguito un aggiornamento forzato del db<br>";
|
---|
| 529 | $_SESSION['forzadb']=1;
|
---|
| 530 | include("modules/Elezioni/aggiornamento.php");
|
---|
| 531 |
|
---|
| 532 | die();
|
---|
| 533 | }
|
---|
[406] | 534 | list($id_sez) = $resmod->fetch(PDO::FETCH_NUM);
|
---|
| 535 | if($id_sez) {
|
---|
| 536 | $sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
|
---|
[360] | 537 | $resmod = $dbi->prepare("$sql");
|
---|
| 538 | $resmod->execute();
|
---|
| 539 | if ($resmod->rowCount()>0) {
|
---|
[406] | 540 | list($id_cons_gen, $desc,$id_cons)=$resmod->fetch(PDO::FETCH_NUM);
|
---|
| 541 | $tema='Futura2';
|
---|
[360] | 542 | $_SESSION['tema']=$tema;
|
---|
[361] | 543 | } #else {die("TEST: $sql"); logout();}
|
---|
[360] | 544 | }
|
---|
[406] | 545 | }
|
---|
| 546 | $perms=ChiSei($id_cons_gen);
|
---|
[361] | 547 | if($perms==0) {logout();}
|
---|
[358] | 548 | }
|
---|
[359] | 549 |
|
---|
[255] | 550 | #echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
|
---|
[344] | 551 | if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
|
---|
[2] | 552 | //if (isset($param['op'])) $op=$param['op']; else $op='ele';
|
---|
[360] | 553 | #
|
---|
[406] | 554 | #die("TEST: qui2 op:$op - $aid $id_cons $id_sez ".$_SESSION['aid']);
|
---|
[369] | 555 |
|
---|
[2] | 556 | if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
|
---|
[358] | 557 | if($tema=='Futura2' and $op!='logout')
|
---|
| 558 | {
|
---|
[359] | 559 | include("temi/$tema/index.php");
|
---|
[358] | 560 | }else
|
---|
[2] | 561 | switch($op) {
|
---|
| 562 | case "tipo":
|
---|
| 563 | include("modules/Elezioni/ele_tipi.php");
|
---|
| 564 | break;
|
---|
[379] | 565 | case "aggiorna":
|
---|
| 566 | include("modules/Elezioni/aggiornamento.php");
|
---|
| 567 | break;
|
---|
[2] | 568 | case "constipi":
|
---|
| 569 | include("modules/Elezioni/ele_consultazionitipi.php");
|
---|
| 570 | break;
|
---|
| 571 | case "parziali":
|
---|
| 572 | include("modules/Elezioni/ele_parziali.php");
|
---|
| 573 | break;
|
---|
| 574 | case "ele":
|
---|
| 575 | include("modules/Elezioni/ele.php");
|
---|
| 576 | break;
|
---|
| 577 | case "consultazione":
|
---|
| 578 | include("modules/Elezioni/ele_consultazioni.php");
|
---|
| 579 | break;
|
---|
| 580 | case "configurazione":
|
---|
| 581 | include("modules/Elezioni/ele_configurazione.php");
|
---|
| 582 | break;
|
---|
| 583 | case "cons_comuni":
|
---|
| 584 | include("modules/Elezioni/ele_cons_comuni.php");
|
---|
| 585 | break;
|
---|
| 586 | case "confconsiglio":
|
---|
| 587 | include("modules/Elezioni/ele_confcons.php");
|
---|
| 588 | break;
|
---|
| 589 | case "inscomuni":
|
---|
| 590 | include("modules/Elezioni/ele_comuni.php");
|
---|
| 591 | break;
|
---|
| 592 | case "oper_admin":
|
---|
| 593 | include("modules/Elezioni/ele_operatori.php");
|
---|
| 594 | break;
|
---|
| 595 | case "inscollegi":
|
---|
| 596 | include("modules/Elezioni/ele_collegi.php");
|
---|
| 597 | break;
|
---|
| 598 | case "associazioni":
|
---|
| 599 | include("modules/Elezioni/ele_associazioni.php");
|
---|
| 600 | break;
|
---|
| 601 | case "operatori":
|
---|
| 602 | include("modules/Elezioni/ele_operatori.php");
|
---|
| 603 | break;
|
---|
| 604 | case "permessi":
|
---|
| 605 | include("modules/Elezioni/ele_permessi.php");
|
---|
| 606 | break;
|
---|
| 607 | case "circo":
|
---|
| 608 | include("modules/Elezioni/ele_circo.php");
|
---|
| 609 | break;
|
---|
| 610 | case "sede":
|
---|
| 611 | include("modules/Elezioni/ele_sede.php");
|
---|
| 612 | break;
|
---|
| 613 | case "sezione":
|
---|
| 614 | include("modules/Elezioni/ele_sezione.php");
|
---|
| 615 | break;
|
---|
| 616 | case "gruppo":
|
---|
| 617 | include("modules/Elezioni/ele_gruppo.php");
|
---|
| 618 | break;
|
---|
| 619 | case "rec_add_aff":
|
---|
| 620 | include("modules/Elezioni/ele_affluenze.php");
|
---|
| 621 | break;
|
---|
| 622 | case "rec_add_mod":
|
---|
| 623 | include("modules/Elezioni/ele_modelli.php");
|
---|
| 624 | break;
|
---|
| 625 | case "upgruppo":
|
---|
| 626 | include("modules/Elezioni/ele_gruppo.php");
|
---|
| 627 | break;
|
---|
| 628 | case "delimggruppo":
|
---|
| 629 | include("modules/Elezioni/ele_gruppo.php");
|
---|
| 630 | break;
|
---|
| 631 | case "lista":
|
---|
| 632 | include("modules/Elezioni/ele_lista.php");
|
---|
| 633 | break;
|
---|
| 634 | case "uplista":
|
---|
| 635 | include("modules/Elezioni/ele_lista.php");
|
---|
| 636 | break;
|
---|
| 637 | case "delimglista":
|
---|
| 638 | include("modules/Elezioni/ele_lista.php");
|
---|
| 639 | break;
|
---|
| 640 | case "candidato":
|
---|
| 641 | include("modules/Elezioni/ele_candidato.php");
|
---|
| 642 | break;
|
---|
| 643 | case "upcandidato":
|
---|
| 644 | include("modules/Elezioni/ele_candidato.php");
|
---|
| 645 | break;
|
---|
| 646 | case "delimgcandidato":
|
---|
| 647 | include("modules/Elezioni/ele_candidato.php");
|
---|
| 648 | break;
|
---|
| 649 |
|
---|
| 650 | case "voti":
|
---|
| 651 | include("modules/Elezioni/ele_voti.php");
|
---|
| 652 | break;
|
---|
| 653 | case "sezioni_voti":
|
---|
| 654 | include("modules/Elezioni/ele_voti.php");
|
---|
| 655 | break;
|
---|
| 656 | case "rec_voti":
|
---|
| 657 | include("modules/Elezioni/ele_voti.php");
|
---|
| 658 | break;
|
---|
| 659 | case "rec_voti_gruppi":
|
---|
| 660 | include("modules/Elezioni/ele_voti.php");
|
---|
| 661 | break;
|
---|
| 662 | case "rec_add_votanti":
|
---|
| 663 | include("modules/Elezioni/ele_voti.php");
|
---|
| 664 | break;
|
---|
| 665 | case "rec_finale":
|
---|
| 666 | include("modules/Elezioni/ele_voti.php");
|
---|
| 667 | break;
|
---|
| 668 | case "controllo_voti":
|
---|
| 669 | include("modules/Elezioni/controllo_voti.php");
|
---|
| 670 | break;
|
---|
| 671 | case "controllo_votanti":
|
---|
| 672 | include("modules/Elezioni/controllo_votanti.php");
|
---|
| 673 | break;
|
---|
| 674 | case "come":
|
---|
| 675 | include("modules/Elezioni/ele_come.php");
|
---|
| 676 | break;
|
---|
| 677 | case "numeri":
|
---|
| 678 | include("modules/Elezioni/ele_come.php");
|
---|
| 679 | break;
|
---|
| 680 | case "servizi":
|
---|
| 681 | include("modules/Elezioni/ele_come.php");
|
---|
| 682 | break;
|
---|
| 683 | case "link":
|
---|
| 684 | include("modules/Elezioni/ele_come.php");
|
---|
| 685 | break;
|
---|
| 686 | case "conf":
|
---|
| 687 | include("modules/Elezioni/ele_conf.php");
|
---|
| 688 | break;
|
---|
| 689 | case "stampa":
|
---|
| 690 | include("modules/Elezioni/ele_stampe.php");
|
---|
| 691 | break;
|
---|
| 692 | case "cambiopwd":
|
---|
| 693 | include("modules/Elezioni/ele_pwd.php");
|
---|
| 694 | break;
|
---|
| 695 | case "eletti":
|
---|
| 696 | include("modules/Elezioni/ele_eletti.php");
|
---|
| 697 | break;
|
---|
| 698 | case "foto":
|
---|
| 699 | include("modules/Elezioni/foto.php");
|
---|
| 700 | break;
|
---|
| 701 | case "consiglieri":
|
---|
| 702 | include("modules/Elezioni/ele_consiglieri.php");
|
---|
| 703 | break;
|
---|
| 704 | case "backup":
|
---|
| 705 | include("modules/Elezioni/backup.php");
|
---|
| 706 | break;
|
---|
| 707 | case "restore":
|
---|
| 708 | include("modules/Elezioni/restore.php");
|
---|
| 709 | break;
|
---|
| 710 | case "scarica":
|
---|
| 711 | include("modules/Elezioni/scarica.php");
|
---|
| 712 | break;
|
---|
| 713 | case "importa":
|
---|
| 714 | include("modules/Elezioni/importa.php");
|
---|
| 715 | break;
|
---|
[80] | 716 | case "widget":
|
---|
| 717 | include("modules/Elezioni/ele_widget.php");
|
---|
[2] | 718 | break;
|
---|
[139] | 719 | case "riepilogo":
|
---|
| 720 | include("modules/Elezioni/ele_riepilogo.php");
|
---|
| 721 | break;
|
---|
[254] | 722 | case "riepilogovoti":
|
---|
| 723 | include("modules/Elezioni/ele_riepilogovoti.php");
|
---|
| 724 | break;
|
---|
[2] | 725 | case "logout":
|
---|
| 726 | logout();
|
---|
| 727 | break;
|
---|
| 728 | }
|
---|
[258] | 729 |
|
---|
[2] | 730 | }else {
|
---|
| 731 |
|
---|
| 732 | login();
|
---|
| 733 |
|
---|
| 734 | }
|
---|
| 735 |
|
---|
| 736 | ?>
|
---|