Context Navigation

source: trunk/admin/admin.php@ 424

Last change on this file since 424 was 424, checked in by roby, 5 months ago

ADMIN

-- Inserito il file admin/variabili.php che contiene le variabili per personalizzare il software
-- Nuovo sistema di backup, permette di avere una installazione di produzione ed una che può essere facilmente aggiornata con i dati della prima
-- Modificato il file dei controlli
-- Modificata la scheda Tabella dei totali

CLIENT

-- Inserito il file client/variabili.php che contiene le variabili per personalizzare il software
-- Modificata per compatibilità con alcune installazioni la funzione di assegnazione dei seggi
-- Modificato il colore dei link per il tema -altro-

File size: 25.1 KB

Rev	Line
[2]	1	<?php
	2
	3	/************************************************************************/
	4	/* Eleonline - Raccolta e diffusione dei dati elettorali */
	5	/* by Roberto Gigli & Luciano Apolito */
	6	/* http://www.eleonline.it */
	7	/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
	8	/************************************************************************/
	9	/* Admin */
	10	/* Amministrazione */
	11	/************************************************************************/
	12
	13	/* Descrizione file admin.php =
	14	effettua il login o il rilancio alla gestione */
	15
	16	define('ADMIN_FILE', true);
	17	#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
[35]	18	# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
[361]	19	global $multicomune,$msglogout,$language,$id_sez;
[2]	20
	21	// Adattamento variabili superglobal
	22	// Versione di php
	23	$phpver = phpversion();
[255]	24	global $dbi;
[2]	25	// converte superglobal se php e' < 4.1.0
	26
	27	if ($phpver < '4.1.0') {
	28	$_GET = $HTTP_GET_VARS;
	29	$_POST = $HTTP_POST_VARS;
	30	$_SERVER = $HTTP_SERVER_VARS;
	31	$_FILES = $HTTP_POST_FILES;
	32	$_ENV = $HTTP_ENV_VARS;
	33	if($_SERVER['REQUEST_METHOD'] == "POST") {
	34	$_REQUEST = $_POST;
	35	} elseif($_SERVER['REQUEST_METHOD'] == "GET") {
	36	$_REQUEST = $_GET;
	37	}
	38	if(isset($HTTP_COOKIE_VARS)) {
	39	$_COOKIE = $HTTP_COOKIE_VARS;
	40	}
[424]	41
[2]	42	}
	43
	44	$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
[344]	45	if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
[358]	46	if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
	47	if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
	48
[2]	49	// Additional security (Union, CLike, XSS)
	50
	51	// We want to use the function stripos,
	52	// but thats only available since PHP5.
	53	// So we cloned the function...
	54	if(!function_exists('stripos')) {
	55	function stripos_clone($haystack, $needle, $offset=0) {
	56	return strpos(strtoupper($haystack), strtoupper($needle), $offset);
	57	}
	58	} else {
	59	// But when this is PHP5, we use the original function
	60	function stripos_clone($haystack, $needle, $offset=0) {
	61	return stripos($haystack, $needle, $offset=0);
	62	}
	63	}
	64
	65	if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") \|\| !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
	66	$queryString = $_SERVER['QUERY_STRING'];
	67	if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/') OR stripos_clone($queryString,'/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
	68	die('Operazione non consentita');
	69	}
	70	}
	71
	72
	73	foreach ($_GET as $sec_key => $secvalue) {
[21]	74	if ((preg_match("/<[^>]script\"?[^>]*>/i",$secvalue)) \|\|
	75	(preg_match("/<[^>]object\"?[^>]*>/i", $secvalue)) \|\|
	76	(preg_match("/<[^>]iframe\"?[^>]*>/i", $secvalue)) \|\|
	77	(preg_match("/<[^>]applet\"?[^>]*>/i", $secvalue)) \|\|
	78	(preg_match("/<[^>]meta\"?[^>]*>/i", $secvalue)) \|\|
	79	(preg_match("/<[^>]style\"?[^>]*>/i", $secvalue)) \|\|
	80	(preg_match("/<[^>]form\"?[^>]*>/i", $secvalue)) \|\|
	81	(preg_match("/<[^>]img\"?[^>]*>/i", $secvalue)) \|\|
	82	(preg_match("/<[^>]onmouseover\"?[^>]*>/i", $secvalue)) \|\|
	83	(preg_match("/<[^>]body\"?[^>]*>/i", $secvalue)) \|\|
	84	(preg_match("/\"/", $secvalue)) \|\|
	85	(preg_match("/inside_mod/i", $sec_key))) {
[2]	86	die ("Operazione non consentita");
	87	}
	88	}
	89
	90	foreach ($_POST as $secvalue) {
[21]	91	if ((preg_match("/<[^>]onmouseover\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]script\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]body\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]style\"?[^>]>/i", $secvalue))) {
[2]	92	die ('Operazione non consentita');
	93	}
	94	}
	95
	96	// Posting from other servers in not allowed
	97	// Fix by Quake
	98	// Bug found by PeNdEjO
	99
	100	if ($_SERVER['REQUEST_METHOD'] == "POST") {
	101	if (isset($_SERVER['HTTP_REFERER'])) {
	102	if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
	103	die('Posting da un altro server non consentito!');
	104	}
	105	} else {
	106	# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
	107	}
	108	}
	109
	110
	111
	112
	113
	114
	115
	116	//===================================================================
	117	session_name('sesadmin');
[255]	118	#session_start();//MODIFICHE PER GESTIONE SESSIONI
[2]	119	// gestione sessione
[424]	120	if (!isset($_SESSION))
	121	{
	122	session_start();
	123	}else session_regenerate_id();
[255]	124	$a = session_id();
	125	if(empty($a)) session_start();
	126	#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
[2]	127
[424]	128
[246]	129	if (file_exists("config.php")){
	130	$install="0"; @require_once("config.php");
	131	}else{
	132	$install="1";
	133	}
[2]	134
[154]	135	# verifica se effettuata la configurazione
[246]	136	if(empty($dbname) \|\| $install=="1") {
[230]	137	die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
[154]	138	}
[424]	139	require_once('variabili.php');
[376]	140	$dsn = "mysql:host=$dbhost";
[377]	141	$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
[376]	142	if($prefix == '') {
	143	db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
	144	}
	145	try
	146	{
	147	$dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
	148	}
	149	catch(PDOException $e)
	150	{
	151	echo $sql . "<br>" . $e->getMessage();die();
	152	}
	153	$sql = "use $dbname";
	154	try
	155	{
	156	$dbi->exec($sql);
	157	}
	158	catch(PDOException $e)
	159	{
	160	echo $sql . "<br>" . $e->getMessage();
	161	}
	162	$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
	163	$sth->execute();
	164	$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
	165	$sth->execute();
	166	$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
	167	$sth->execute();
	168	$sth = $dbi->prepare("SET CHARACTER SET utf8");
	169	$sth->execute();
[154]	170
[376]	171	$sth = $dbi->prepare("SET NAMES 'utf8'");
	172	$sth->execute();
	173	$sth = $dbi->prepare("select * from ".$prefix."_config");
	174	$sth->execute();
[154]	175
[253]	176	# $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
	177	# mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
	178	## mysql_query("SET NAMES 'utf8'", $dbi);
[2]	179	//---10/05/2009 gestione consultazione predefinita
[376]	180	$sth = $dbi->prepare("select * from ".$prefix."_config");
	181	$sth->execute();
	182	$row = $sth->fetch(PDO::FETCH_ASSOC);
	183	#$row = $sth->fetchAll();
	184	$siteistat=$row['siteistat'];
[2]	185	if (!isset($_SESSION['id_comune'])){
[253]	186	$_SESSION['sitename']=$row['sitename'];
	187	$_SESSION['siteurl']=$row['siteurl'];
	188	$_SESSION['site_logo']=$row['site_logo'];
	189	$_SESSION['slogan']=$row['slogan'];
	190	$_SESSION['startdate']=$row['startdate'];
	191	$_SESSION['adminmail']=$row['adminmail'];
[358]	192	# if (isset($tema) and $tema=='facebook')
	193	# $_SESSION['tema']=$row['tema'];
[253]	194	$_SESSION['foot']=$row['foot'];
	195	$_SESSION['lang']=$row['language'];
	196	$_SESSION['blocco']=$row['blocco'];
	197	$_SESSION['testata']=$row['testata'];
[255]	198	# $_SESSION['logo']=$row['logo'];
[253]	199	$_SESSION['fileout']=$row['fileout'];
	200	$_SESSION['copyright']=$row['copyright'];
	201	$_SESSION['versione']=$row['versione'];
	202	$_SESSION['patch']=$row['patch'];
	203	$_SESSION['id_comune']=$row['siteistat'];
[255]	204	$_SESSION['multicomune']=$row['multicomune'];
	205	$_SESSION['flash']=$row['flash'];
	206	$_SESSION['displayerrors']=$row['displayerrors'];
	207	$_SESSION['editor']=$row['editor'];
	208	$_SESSION['tema_on']=$row['tema_on'];
	209	$_SESSION['ed_user']=$row['ed_user'];
[332]	210	$multicomune=$row['multicomune'];
[378]	211	}
[379]	212
[2]	213	//fine
[358]	214	if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
	215	if (!isset($_SESSION['tema']))
	216	$_SESSION['tema']='default';
	217	$tema=$_SESSION['tema'];
	218
[2]	219	if (isset($param['aid'])) {
[358]	220	if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
[2]	221	if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
[21]	222	if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
[358]	223	if (isset($_SESSION['aid'])){
[2]	224	logout();//se hai gia' una sessione aperta non puoi postare 'aid'
	225	}else{
	226
[358]	227	// $pwd2=$param['pwd'];
	228	$mpwd=md5($pwd2);
[2]	229
[358]	230	// se superUserAdmin
	231	########
	232	# $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
	233	# $sth->execute();
	234	# $row = $sth->fetch(PDO::FETCH_ASSOC);
	235	if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
	236	# if ($adminsuper==1) $id_comune2=0; else
	237	$id_comune2=$id_comune;
[416]	238	$sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where binary aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
[358]	239	$sth->execute();
	240	$esiste=$sth->rowCount();
	241	# $adminsuper=$row['adminsuper'];
	242	$row = $sth->fetch(PDO::FETCH_ASSOC);
	243	if(!$esiste) {
	244	$msglogout=2;
	245	logout();
	246	}else{
	247	if ($row['pwd']!=$mpwd) {
	248	$msglogout=3;
	249	logout();
	250	}elseif($row['adminop']==1) {
	251	$msglogout=1;
	252	logout();
	253	}
[254]	254	$counter=$row['counter'];
	255	$tmplang=$row['admlanguage'];
[2]	256	if(strlen($tmplang)==2) $language=$tmplang;
[358]	257	$sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
[254]	258	$sth->execute();
[358]	259	# $row = $sth->fetch(PDO::FETCH_ASSOC);
[2]	260	if ($esiste==1) {
[255]	261	# $_SESSION['dbi']=$dbi;
[2]	262	$_SESSION['aid']="$aid";
	263	$_SESSION['pwd']="$mpwd";
	264	$_SESSION['lang']="$language";
	265	$_SESSION['id_comune']="$id_comune";
	266	$_SESSION['prefix']="soraldo";
	267	$_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
	268	$_SESSION['bgcolor1']='#ffffff';
[269]	269	$_SESSION['bgcolor2']='#c5c5c5';
	270	if (!isset($op)) $op='consultazione';
[2]	271	}
	272	}
	273	}
	274	}else{
[255]	275	#$_SESSION['dbi']=$dbi;
[2]	276
[255]	277	}
[379]	278	# si settano le variabili per il controllo degli aggiornamenti
	279	if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
	280	{
[381]	281	$sql="SELECT COLUMN_NAME
[379]	282	FROM INFORMATION_SCHEMA.COLUMNS
	283	WHERE TABLE_SCHEMA = '$dbname'
	284	AND TABLE_NAME = '".$prefix."_config'
	285	AND COLUMN_NAME = 'aggiornamento'";
	286	$sth = $dbi->prepare($sql);
	287	$sth->execute();
[381]	288	if($sth->rowCount())
[379]	289	{
[381]	290	$sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
[379]	291	$sth = $dbi->prepare($sql);
	292	$sth->execute();
	293	}
[381]	294	/* $sth = $dbi->prepare("select aggiornamento from ".$prefix."_config");
[379]	295	$sth->execute();
	296	list($agg)=$sth->fetch(PDO::FETCH_NUM);
[380]	297	$_SESSION['aggiornamento']=$agg;*/
[379]	298	###########
	299	$righe='';
	300	if(phpversion()<5.6) $host="http://80.211.143.127";
	301	else $host="https://trac.eleonline.it";
[380]	302	$headers=get_headers("$host/ele3/changeset/");
	303	$testurl=strlen($headers[0])>0?true:false;
	304	if(!$testurl){
[379]	305	$newrev=0;
	306	}else{
[380]	307	$file = file("$host/ele3/changeset/");
[379]	308	$cntFile = count($file);
	309	$fine=0;
	310	$currentLine=0;
	311
	312	foreach ($file as $line_num => $line) {
	313	if(strpos($line,'<title>') ) {$fine=1; continue;}
	314	if ($fine){
	315	$newrev=(int) filter_var($line, FILTER_SANITIZE_NUMBER_INT);
	316	break;
	317	}
	318	}
	319	}
	320	include('versione.php');
	321	$myrev=intval(substr($versione,-4,4));
[380]	322	# $_SESSION['aggiornamento']=$agg;
[379]	323	$_SESSION['localrev']=$myrev;
	324	$_SESSION['remoterev']=$newrev;
	325	unset($file);
	326	# if($agg) include('aggiornamento.php');
	327	#die("local: ".$_SESSION['localrev'].$_SESSION['remoterev']);
	328	}
[358]	329	if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
[424]	330	if(!isset($language) and isset($_SESSION['lang'])) $language=$_SESSION['lang']; else $language='it';
[2]	331	if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
	332	$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
[358]	333
	334	if (isset($_SESSION['aid']))
[2]	335	{
	336	//lettura sessione
	337	$aid=$_SESSION['aid'];
[255]	338	#$dbi=$_SESSION['dbi'];
[2]	339	$prefix=$_SESSION['prefix'];
[254]	340	$id_comune=$_SESSION['id_comune'];
[358]	341	if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
[360]	342	if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
[2]	343	else {
[406]	344	# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
[424]	345	$sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval $giorniaut day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1";# TEST: and id_sez>0
[360]	346	$rese = $dbi->prepare("$sql");
	347	$rese->execute();
	348	if($rese->rowCount())
	349	{list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
	350	else {
	351	$sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
	352	$sth = $dbi->prepare($sql);
	353	$sth->execute();
	354	$row = $sth->fetch(PDO::FETCH_BOTH);
	355	if($sth->rowCount())
	356	$id_cons_gen=$row[0];
	357	else
	358	$id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
	359	}
	360	}
[2]	361	$currentlang=$_SESSION['lang'];
[358]	362	#$bgcolor1=$_SESSION['bgcolor1'];
[2]	363	$bgcolor2=$_SESSION['bgcolor2'];
	364	$bgcolor1='#e7e7e7';
	365	$session=$_SESSION['remote'];
	366
	367	}
	368
	369
[361]	370
[2]	371	/*********************************************************/
	372	/* Login Function */
	373	/*********************************************************/
[406]	374	function ChiSei($idcg){
[424]	375	global $dbi, $msglogout, $id_cons_gen,$giorniaut;
[2]	376
	377	$aid=$_SESSION['aid'];
	378	$prefix=$_SESSION['prefix'];
	379	$pwd=$_SESSION['pwd'];
	380	$id_comune=$_SESSION['id_comune'];
[406]	381	#echo "prima: $idcg - dopo: $id_cons_gen<br>";
[2]	382	$perms=0;
[257]	383	$sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
	384	$sth = $dbi->prepare("$sql");
	385	$sth->execute();
	386	$row = $sth->fetch(PDO::FETCH_BOTH);
[424]	387	if($row){
[254]	388	$adminsuper=$row[0];
	389	$admincomune=$row[1];
[424]	390	$oper=$row[2];
	391	}else{
	392	$adminsuper=0;
	393	$admincomune=0;
	394	$oper=1;
	395	}
[2]	396	if ($adminsuper==1)
	397	return 256;
[359]	398	elseif ($admincomune==1)
[358]	399	return 64;
	400	# $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
[361]	401	elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
	402	else {
[406]	403	# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
[424]	404	$sql="select t1.id_cons, t1.id_cons_gen from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.chiusa='0' and t1.id_comune='$id_comune' and date_add(t2.data_fine, interval $giorniaut day)>CURDATE()";
[361]	405	$sth = $dbi->prepare("$sql");
[406]	406	$sth->execute();
	407	if(!$sth->rowCount()) { $msglogout=1; $perms=0; return $perms;}
	408	list($id_cons,$idcg) = $sth->fetch(PDO::FETCH_NUM);
	409	if (!$id_cons_gen) $id_cons_gen=$idcg;
[400]	410	$sql="select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid'";
	411	$sth = $dbi->prepare("$sql");
[406]	412	$sth->execute();
[400]	413	list($perms) = $sth->fetch(PDO::FETCH_NUM);
[406]	414	return $perms;
[361]	415	}
[2]	416	}
	417
	418	function OpenTable(){
	419	echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
	420	}
	421
	422	function CloseTable(){
	423	echo "</table>";
	424	}
	425
	426	function login() {
[406]	427	global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $perms, $msglogout;#, $id_cons_gen
[2]	428	if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
[31]	429	if (!isset($id_comune)) $id_comune=0;
[358]	430	if(isset($_SESSION['aid'])){
	431	session_regenerate_id();
	432	}
	433	$lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
[2]	434	$id_ses=session_id();
[358]	435
[2]	436	//include("modules/Elezioni/language/lang-$lang.php");
[358]	437	if($multicomune==''){
	438	$sth = $dbi->prepare("select multicomune from ".$prefix."_config");
	439	$sth->execute();
	440	list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
	441	}
[2]	442	include ("header.php");
	443	echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
[358]	444	if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
	445	elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
	446	elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
[361]	447	elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
[358]	448	echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
[80]	449	."<table class=\"table-menu\">"
[2]	450	."<tr><td>"._ADMINID."</td>"
	451	."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
	452	."<tr><td>"._PASSWORD."</td>"
	453	."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
	454	."<tr><td>";
	455	// scelta comune
	456	if($multicomune=='1'){
	457	echo ""._COMUNE."</td><td>";
[332]	458	$sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
	459	$sth = $dbi->prepare("$sql");
	460	$sth->execute();
	461	$row = $sth->fetchAll();
[2]	462	echo "<select name=\"id_comune\">";
[255]	463	foreach($row as $comuni)
	464	{$id=$comuni[0];$descrizione=$comuni[1];
[2]	465	$sel=($id == $id_comune) ? "selected":"";
	466	echo "<option value=\"$id\" $sel>$descrizione";
	467	}
	468	}else{
	469	echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
	470	}
	471	// echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
	472	if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
	473	echo "</td></tr><tr><td>";
	474	echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
	475	echo "<input type=\"submit\" VALUE=\""._OK."\">"
	476	."</td></tr></table>"
	477	."</form></div>";
	478
	479	include ("footer.php");
	480	}
	481
	482	function logout()
	483	{
	484	/* $lang=$_SESSION['lang'];
	485	$id_comune=$_SESSION['id_comune'];
	486	// setcookie ("PHPSESSID", "", time() - 3600);
	487	session_cache_expire (0);
	488	$_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
	489	session_unset();
	490	session_destroy();
	491	Header("Location: admin.php?id_comune=$id_comune&language=$lang");
	492	*/
[360]	493
[358]	494	global $siteistat,$perms,$msglogout;
[424]	495	if (!isset($_SESSION))
	496	{
	497	session_start();
	498	}
[359]	499	$language=$_SESSION['lang'];
[2]	500	$ref="Location: admin.php?";
[358]	501	#$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
[2]	502	if (isset($_SESSION['id_comune']))
	503	$id_comune=$_SESSION['id_comune'];
	504	else
	505	$id_comune=$siteistat;
	506	$ref=$ref."id_comune=".$id_comune;
	507
	508	if (isset($_SESSION['lang']))
[359]	509	$ref=$ref."&language=$language";
[358]	510	$ref.="&msglogout=$msglogout";
[424]	511	#$_SESSION=array();
	512	if (session_status() == PHP_SESSION_ACTIVE)
	513	session_destroy();
[291]	514	session_cache_expire (0);
[2]	515	Header($ref);
	516
	517	}
[358]	518	#include("TEST tema: $tema--");
	519	#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
[406]	520	#die( "$sql <br> TEST id_cons_gen:$id_cons_gen:".$_SESSION['id_cons_gen']);
[424]	521	if(isset($id_cons_gen) and isset($id_comune)){
[406]	522	if(!isset($id_cons)){
[358]	523	# $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
	524	$sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
	525	$sth = $dbi->prepare("$sql");
	526	$sth->execute();
[360]	527	if ($sth->rowCount()) {
	528	list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
	529	$_SESSION['id_cons']=$id_cons;
	530	}
[358]	531	}
	532	if(isset($id_cons)) {
[424]	533	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune and id_cons=$id_cons";
[397]	534	try {
	535	$resmod = $dbi->prepare("$sql");
	536	$resmod->execute();
	537	}catch(PDOException $e)
	538	{
	539	# echo "Viene eseguito un aggiornamento forzato del db<br>";
	540	$_SESSION['forzadb']=1;
	541	include("modules/Elezioni/aggiornamento.php");
	542
	543	die();
	544	}
[406]	545	list($id_sez) = $resmod->fetch(PDO::FETCH_NUM);
	546	if($id_sez) {
	547	$sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
[360]	548	$resmod = $dbi->prepare("$sql");
	549	$resmod->execute();
	550	if ($resmod->rowCount()>0) {
[406]	551	list($id_cons_gen, $desc,$id_cons)=$resmod->fetch(PDO::FETCH_NUM);
	552	$tema='Futura2';
[360]	553	$_SESSION['tema']=$tema;
[361]	554	} #else {die("TEST: $sql"); logout();}
[360]	555	}
[406]	556	}
[424]	557	$perms=ChiSei($id_cons_gen);
[361]	558	if($perms==0) {logout();}
[358]	559	}
[359]	560
[255]	561	#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
[344]	562	if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
[2]	563	//if (isset($param['op'])) $op=$param['op']; else $op='ele';
[360]	564	#
[406]	565	#die("TEST: qui2 op:$op - $aid $id_cons $id_sez ".$_SESSION['aid']);
[369]	566
[2]	567	if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
[358]	568	if($tema=='Futura2' and $op!='logout')
	569	{
[359]	570	include("temi/$tema/index.php");
[358]	571	}else
[2]	572	switch($op) {
	573	case "tipo":
	574	include("modules/Elezioni/ele_tipi.php");
	575	break;
[379]	576	case "aggiorna":
	577	include("modules/Elezioni/aggiornamento.php");
	578	break;
[2]	579	case "constipi":
	580	include("modules/Elezioni/ele_consultazionitipi.php");
	581	break;
	582	case "parziali":
	583	include("modules/Elezioni/ele_parziali.php");
	584	break;
	585	case "ele":
	586	include("modules/Elezioni/ele.php");
	587	break;
	588	case "consultazione":
	589	include("modules/Elezioni/ele_consultazioni.php");
	590	break;
	591	case "configurazione":
	592	include("modules/Elezioni/ele_configurazione.php");
	593	break;
	594	case "cons_comuni":
	595	include("modules/Elezioni/ele_cons_comuni.php");
	596	break;
	597	case "confconsiglio":
	598	include("modules/Elezioni/ele_confcons.php");
	599	break;
	600	case "inscomuni":
	601	include("modules/Elezioni/ele_comuni.php");
	602	break;
	603	case "oper_admin":
	604	include("modules/Elezioni/ele_operatori.php");
	605	break;
	606	case "inscollegi":
	607	include("modules/Elezioni/ele_collegi.php");
	608	break;
	609	case "associazioni":
	610	include("modules/Elezioni/ele_associazioni.php");
	611	break;
	612	case "operatori":
	613	include("modules/Elezioni/ele_operatori.php");
	614	break;
	615	case "permessi":
	616	include("modules/Elezioni/ele_permessi.php");
	617	break;
	618	case "circo":
	619	include("modules/Elezioni/ele_circo.php");
	620	break;
	621	case "sede":
	622	include("modules/Elezioni/ele_sede.php");
	623	break;
	624	case "sezione":
	625	include("modules/Elezioni/ele_sezione.php");
	626	break;
	627	case "gruppo":
	628	include("modules/Elezioni/ele_gruppo.php");
	629	break;
	630	case "rec_add_aff":
	631	include("modules/Elezioni/ele_affluenze.php");
	632	break;
	633	case "rec_add_mod":
	634	include("modules/Elezioni/ele_modelli.php");
	635	break;
	636	case "upgruppo":
	637	include("modules/Elezioni/ele_gruppo.php");
	638	break;
	639	case "delimggruppo":
	640	include("modules/Elezioni/ele_gruppo.php");
	641	break;
	642	case "lista":
	643	include("modules/Elezioni/ele_lista.php");
	644	break;
	645	case "uplista":
	646	include("modules/Elezioni/ele_lista.php");
	647	break;
	648	case "delimglista":
	649	include("modules/Elezioni/ele_lista.php");
	650	break;
	651	case "candidato":
	652	include("modules/Elezioni/ele_candidato.php");
	653	break;
	654	case "upcandidato":
	655	include("modules/Elezioni/ele_candidato.php");
	656	break;
	657	case "delimgcandidato":
	658	include("modules/Elezioni/ele_candidato.php");
	659	break;
	660
	661	case "voti":
	662	include("modules/Elezioni/ele_voti.php");
	663	break;
	664	case "sezioni_voti":
	665	include("modules/Elezioni/ele_voti.php");
	666	break;
	667	case "rec_voti":
	668	include("modules/Elezioni/ele_voti.php");
	669	break;
	670	case "rec_voti_gruppi":
	671	include("modules/Elezioni/ele_voti.php");
	672	break;
	673	case "rec_add_votanti":
	674	include("modules/Elezioni/ele_voti.php");
	675	break;
	676	case "rec_finale":
	677	include("modules/Elezioni/ele_voti.php");
	678	break;
	679	case "controllo_voti":
	680	include("modules/Elezioni/controllo_voti.php");
	681	break;
	682	case "controllo_votanti":
	683	include("modules/Elezioni/controllo_votanti.php");
	684	break;
	685	case "come":
	686	include("modules/Elezioni/ele_come.php");
	687	break;
	688	case "numeri":
	689	include("modules/Elezioni/ele_come.php");
	690	break;
	691	case "servizi":
	692	include("modules/Elezioni/ele_come.php");
	693	break;
	694	case "link":
	695	include("modules/Elezioni/ele_come.php");
	696	break;
	697	case "conf":
	698	include("modules/Elezioni/ele_conf.php");
	699	break;
	700	case "stampa":
	701	include("modules/Elezioni/ele_stampe.php");
	702	break;
	703	case "cambiopwd":
	704	include("modules/Elezioni/ele_pwd.php");
	705	break;
	706	case "eletti":
	707	include("modules/Elezioni/ele_eletti.php");
	708	break;
	709	case "foto":
	710	include("modules/Elezioni/foto.php");
	711	break;
	712	case "consiglieri":
	713	include("modules/Elezioni/ele_consiglieri.php");
	714	break;
	715	case "backup":
	716	include("modules/Elezioni/backup.php");
	717	break;
	718	case "restore":
	719	include("modules/Elezioni/restore.php");
	720	break;
	721	case "scarica":
	722	include("modules/Elezioni/scarica.php");
	723	break;
	724	case "importa":
	725	include("modules/Elezioni/importa.php");
	726	break;
[80]	727	case "widget":
	728	include("modules/Elezioni/ele_widget.php");
[2]	729	break;
[139]	730	case "riepilogo":
	731	include("modules/Elezioni/ele_riepilogo.php");
	732	break;
[254]	733	case "riepilogovoti":
	734	include("modules/Elezioni/ele_riepilogovoti.php");
	735	break;
[424]	736	case "aggcons":
	737	include("modules/Elezioni/ele_restorebackup.php");
	738	break;
[2]	739	case "logout":
	740	logout();
	741	break;
	742	}
[258]	743
[2]	744	}else {
	745
	746	login();
	747
	748	}
	749
	750	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: