Context Navigation

source: trunk/admin/admin.php@ 379

Last change on this file since 379 was 379, checked in by roby, 19 months ago

ADMIN seconda rev sperimentale per l'implementazione della funzione di aggiornamento.

Eliminate le voci di menu: Gestione tipi e Segnala l'installazione a Eleonline
Aggiunta la voce di menu: Aggiornamento
Modificata la funzione di aggiornamento

File size: 25.0 KB

Line
1	<?php
2
3	/************************************************************************/
4	/* Eleonline - Raccolta e diffusione dei dati elettorali */
5	/* by Roberto Gigli & Luciano Apolito */
6	/* http://www.eleonline.it */
7	/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
8	/************************************************************************/
9	/* Admin */
10	/* Amministrazione */
11	/************************************************************************/
12
13	/* Descrizione file admin.php =
14	effettua il login o il rilancio alla gestione */
15
16	define('ADMIN_FILE', true);
17	#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
18	# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
19	global $multicomune,$msglogout,$language,$id_sez;
20
21	// Adattamento variabili superglobal
22	// Versione di php
23	$phpver = phpversion();
24	global $dbi;
25	// converte superglobal se php e' < 4.1.0
26
27	if ($phpver < '4.1.0') {
28	$_GET = $HTTP_GET_VARS;
29	$_POST = $HTTP_POST_VARS;
30	$_SERVER = $HTTP_SERVER_VARS;
31	$_FILES = $HTTP_POST_FILES;
32	$_ENV = $HTTP_ENV_VARS;
33	if($_SERVER['REQUEST_METHOD'] == "POST") {
34	$_REQUEST = $_POST;
35	} elseif($_SERVER['REQUEST_METHOD'] == "GET") {
36	$_REQUEST = $_GET;
37	}
38	if(isset($HTTP_COOKIE_VARS)) {
39	$_COOKIE = $HTTP_COOKIE_VARS;
40	}
41	if(isset($HTTP_SESSION_VARS)) {
42	$_SESSION = $HTTP_SESSION_VARS;
43	}
44	}
45
46	$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
47	if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
48	if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
49	if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
50
51	// Additional security (Union, CLike, XSS)
52
53	// We want to use the function stripos,
54	// but thats only available since PHP5.
55	// So we cloned the function...
56	if(!function_exists('stripos')) {
57	function stripos_clone($haystack, $needle, $offset=0) {
58	return strpos(strtoupper($haystack), strtoupper($needle), $offset);
59	}
60	} else {
61	// But when this is PHP5, we use the original function
62	function stripos_clone($haystack, $needle, $offset=0) {
63	return stripos($haystack, $needle, $offset=0);
64	}
65	}
66
67	if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") \|\| !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
68	$queryString = $_SERVER['QUERY_STRING'];
69	if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/') OR stripos_clone($queryString,'/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
70	die('Operazione non consentita');
71	}
72	}
73
74
75	foreach ($_GET as $sec_key => $secvalue) {
76	if ((preg_match("/<[^>]script\"?[^>]*>/i",$secvalue)) \|\|
77	(preg_match("/<[^>]object\"?[^>]*>/i", $secvalue)) \|\|
78	(preg_match("/<[^>]iframe\"?[^>]*>/i", $secvalue)) \|\|
79	(preg_match("/<[^>]applet\"?[^>]*>/i", $secvalue)) \|\|
80	(preg_match("/<[^>]meta\"?[^>]*>/i", $secvalue)) \|\|
81	(preg_match("/<[^>]style\"?[^>]*>/i", $secvalue)) \|\|
82	(preg_match("/<[^>]form\"?[^>]*>/i", $secvalue)) \|\|
83	(preg_match("/<[^>]img\"?[^>]*>/i", $secvalue)) \|\|
84	(preg_match("/<[^>]onmouseover\"?[^>]*>/i", $secvalue)) \|\|
85	(preg_match("/<[^>]body\"?[^>]*>/i", $secvalue)) \|\|
86	(preg_match("/\"/", $secvalue)) \|\|
87	(preg_match("/inside_mod/i", $sec_key))) {
88	die ("Operazione non consentita");
89	}
90	}
91
92	foreach ($_POST as $secvalue) {
93	if ((preg_match("/<[^>]onmouseover\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]script\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]body\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]style\"?[^>]>/i", $secvalue))) {
94	die ('Operazione non consentita');
95	}
96	}
97
98	// Posting from other servers in not allowed
99	// Fix by Quake
100	// Bug found by PeNdEjO
101
102	if ($_SERVER['REQUEST_METHOD'] == "POST") {
103	if (isset($_SERVER['HTTP_REFERER'])) {
104	if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
105	die('Posting da un altro server non consentito!');
106	}
107	} else {
108	# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
109	}
110	}
111
112
113
114
115
116
117
118	//===================================================================
119	session_name('sesadmin');
120	#session_start();//MODIFICHE PER GESTIONE SESSIONI
121	// gestione sessione
122	$a = session_id();
123	if(empty($a)) session_start();
124	#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
125
126	if (file_exists("config.php")){
127	$install="0"; @require_once("config.php");
128	}else{
129	$install="1";
130	}
131
132	# verifica se effettuata la configurazione
133	if(empty($dbname) \|\| $install=="1") {
134	die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
135	}
136
137	$dsn = "mysql:host=$dbhost";
138	$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
139	if($prefix == '') {
140	db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
141	}
142	try
143	{
144	$dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
145	}
146	catch(PDOException $e)
147	{
148	echo $sql . "<br>" . $e->getMessage();die();
149	}
150	$sql = "use $dbname";
151	try
152	{
153	$dbi->exec($sql);
154	}
155	catch(PDOException $e)
156	{
157	echo $sql . "<br>" . $e->getMessage();
158	}
159	$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
160	$sth->execute();
161	$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
162	$sth->execute();
163	$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
164	$sth->execute();
165	$sth = $dbi->prepare("SET CHARACTER SET utf8");
166	$sth->execute();
167
168	$sth = $dbi->prepare("SET NAMES 'utf8'");
169	$sth->execute();
170	$sth = $dbi->prepare("select * from ".$prefix."_config");
171	$sth->execute();
172
173	# $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
174	# mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
175	## mysql_query("SET NAMES 'utf8'", $dbi);
176	//---10/05/2009 gestione consultazione predefinita
177	$sth = $dbi->prepare("select * from ".$prefix."_config");
178	$sth->execute();
179	$row = $sth->fetch(PDO::FETCH_ASSOC);
180	#$row = $sth->fetchAll();
181	$siteistat=$row['siteistat'];
182	if (!isset($_SESSION['id_comune'])){
183	$_SESSION['sitename']=$row['sitename'];
184	$_SESSION['siteurl']=$row['siteurl'];
185	$_SESSION['site_logo']=$row['site_logo'];
186	$_SESSION['slogan']=$row['slogan'];
187	$_SESSION['startdate']=$row['startdate'];
188	$_SESSION['adminmail']=$row['adminmail'];
189	# if (isset($tema) and $tema=='facebook')
190	# $_SESSION['tema']=$row['tema'];
191	$_SESSION['foot']=$row['foot'];
192	$_SESSION['lang']=$row['language'];
193	$_SESSION['blocco']=$row['blocco'];
194	$_SESSION['testata']=$row['testata'];
195	# $_SESSION['logo']=$row['logo'];
196	$_SESSION['fileout']=$row['fileout'];
197	$_SESSION['copyright']=$row['copyright'];
198	$_SESSION['versione']=$row['versione'];
199	$_SESSION['patch']=$row['patch'];
200	$_SESSION['id_comune']=$row['siteistat'];
201	$_SESSION['multicomune']=$row['multicomune'];
202	$_SESSION['flash']=$row['flash'];
203	$_SESSION['displayerrors']=$row['displayerrors'];
204	$_SESSION['editor']=$row['editor'];
205	$_SESSION['tema_on']=$row['tema_on'];
206	$_SESSION['ed_user']=$row['ed_user'];
207	$multicomune=$row['multicomune'];
208	}
209
210	//fine
211	if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
212	if (!isset($_SESSION['tema']))
213	$_SESSION['tema']='default';
214	$tema=$_SESSION['tema'];
215
216	if (isset($param['aid'])) {
217	if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
218	if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
219	if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
220	if (isset($_SESSION['aid'])){
221	logout();//se hai gia' una sessione aperta non puoi postare 'aid'
222	}else{
223
224	// $pwd2=$param['pwd'];
225	$mpwd=md5($pwd2);
226
227	// se superUserAdmin
228	########
229	# $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
230	# $sth->execute();
231	# $row = $sth->fetch(PDO::FETCH_ASSOC);
232	if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
233	# if ($adminsuper==1) $id_comune2=0; else
234	$id_comune2=$id_comune;
235	$sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
236	$sth->execute();
237	$esiste=$sth->rowCount();
238	# $adminsuper=$row['adminsuper'];
239	$row = $sth->fetch(PDO::FETCH_ASSOC);
240	if(!$esiste) {
241	$msglogout=2;
242	logout();
243	}else{
244	if ($row['pwd']!=$mpwd) {
245	$msglogout=3;
246	logout();
247	}elseif($row['adminop']==1) {
248	$msglogout=1;
249	logout();
250	}
251	$counter=$row['counter'];
252	$tmplang=$row['admlanguage'];
253	if(strlen($tmplang)==2) $language=$tmplang;
254	$sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
255	$sth->execute();
256	# $row = $sth->fetch(PDO::FETCH_ASSOC);
257	if ($esiste==1) {
258	# $_SESSION['dbi']=$dbi;
259	$_SESSION['aid']="$aid";
260	$_SESSION['pwd']="$mpwd";
261	$_SESSION['lang']="$language";
262	$_SESSION['id_comune']="$id_comune";
263	$_SESSION['prefix']="soraldo";
264	$_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
265	$_SESSION['bgcolor1']='#ffffff';
266	$_SESSION['bgcolor2']='#c5c5c5';
267	if (!isset($op)) $op='consultazione';
268	session_regenerate_id();
269	}
270	}
271	}
272	}else{
273	#$_SESSION['dbi']=$dbi;
274
275	}
276	# si settano le variabili per il controllo degli aggiornamenti
277	if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
278	{
279	$sql="SELECT COLUMN_NAME
280	FROM INFORMATION_SCHEMA.COLUMNS
281	WHERE TABLE_SCHEMA = '$dbname'
282	AND TABLE_NAME = '".$prefix."_config'
283	AND COLUMN_NAME = 'aggiornamento'";
284	$sth = $dbi->prepare($sql);
285	$sth->execute();
286	if(!$sth->rowCount())
287	{
288	$sql="ALTER TABLE `soraldo_config` ADD `aggiornamento` ENUM('0','1','2') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '1' AFTER `ed_user`;";
289	$sth = $dbi->prepare($sql);
290	$sth->execute();
291	}
292	$sth = $dbi->prepare("select aggiornamento from ".$prefix."_config");
293	$sth->execute();
294	list($agg)=$sth->fetch(PDO::FETCH_NUM);
295	$_SESSION['aggiornamento']=$agg;
296	###########
297	$righe='';
298	if(phpversion()<5.6) $host="http://80.211.143.127";
299	else $host="https://trac.eleonline.it";
300	if(false === $file = file("$host/ele3/changeset/")) {
301	$newrev=0;
302	}else{
303	$cntFile = count($file);
304	$fine=0;
305	$currentLine=0;
306
307	foreach ($file as $line_num => $line) {
308	if(strpos($line,'<title>') ) {$fine=1; continue;}
309	if ($fine){
310	$newrev=(int) filter_var($line, FILTER_SANITIZE_NUMBER_INT);
311	break;
312	}
313	}
314	}
315	include('versione.php');
316	$myrev=intval(substr($versione,-4,4));
317	$_SESSION['aggiornamento']=$agg;
318	$_SESSION['localrev']=$myrev;
319	$_SESSION['remoterev']=$newrev;
320	unset($file);
321	# if($agg) include('aggiornamento.php');
322	#die("local: ".$_SESSION['localrev'].$_SESSION['remoterev']);
323	}
324	if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
325	if(!isset($language)) $language=$_SESSION['lang'];
326	if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
327	$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
328
329	if (isset($_SESSION['aid']))
330	{
331	//lettura sessione
332	$aid=$_SESSION['aid'];
333	#$dbi=$_SESSION['dbi'];
334	$prefix=$_SESSION['prefix'];
335	$id_comune=$_SESSION['id_comune'];
336	if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
337	if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
338	else {
339	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
340	$sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and t1.data_fine>'$oggi' and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1"; # TEST: and id_sez>0
341	$rese = $dbi->prepare("$sql");
342	$rese->execute();
343	if($rese->rowCount())
344	{list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
345	else {
346	$sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
347	$sth = $dbi->prepare($sql);
348	$sth->execute();
349	$row = $sth->fetch(PDO::FETCH_BOTH);
350	if($sth->rowCount())
351	$id_cons_gen=$row[0];
352	else
353	$id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
354	}
355	}
356	$currentlang=$_SESSION['lang'];
357	#$bgcolor1=$_SESSION['bgcolor1'];
358	$bgcolor2=$_SESSION['bgcolor2'];
359	$bgcolor1='#e7e7e7';
360	$session=$_SESSION['remote'];
361
362	}
363
364
365
366	/*********************************************************/
367	/* Login Function */
368	/*********************************************************/
369	function ChiSei($id_cons_gen){
370	global $dbi, $msglogout;
371
372	$aid=$_SESSION['aid'];
373	$prefix=$_SESSION['prefix'];
374	$pwd=$_SESSION['pwd'];
375	$id_comune=$_SESSION['id_comune'];
376
377	$perms=0;
378	$sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
379	$sth = $dbi->prepare("$sql");
380	$sth->execute();
381	$row = $sth->fetch(PDO::FETCH_BOTH);
382
383	$adminsuper=$row[0];
384	$admincomune=$row[1];
385	$oper=$row[2];
386
387	#if (($adminsuper==1 \|\| $admincomune==1 \|\| $adminop==1)) {
388	if ($adminsuper==1)
389	return 256;
390	elseif ($admincomune==1)
391	return 64;
392	# $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
393	elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
394	else {
395	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
396	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where aid='$aid' and permessi>0 and id_cons in (select t1.id_cons from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.id_comune='$id_comune' and t2.data_fine>$oggi)";
397	$sth = $dbi->prepare("$sql");
398	$sth->execute(); #die("TEST: $sql");
399	if($sth->rowCount()) {$perms=16; return $perms;}
400	else {$msglogout=1; return 0;}
401	}
402	/* $sth = $dbi->prepare("select id_cons from ".$prefix."_ele_cons_comune where id_comune='$id_comune' and id_cons_gen='$id_cons_gen'");
403	$sth->execute();
404	$row = $sth->fetch(PDO::FETCH_BOTH);
405	$id_cons=$row[0];
406	$sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'");
407
408	$sth->execute();
409	list($perms)=$sth->fetch(PDO::FETCH_NUM);
410	# $row = die("test:$sql".$row[0] );
411	if (!$perms) {die("qui: select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'"); $msglogout=1; $perms=0; }
412
413	return $perms; */
414	#} else return 0;
415	}
416
417	function OpenTable(){
418	echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
419	}
420
421	function CloseTable(){
422	echo "</table>";
423	}
424
425	function login() {
426	global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $id_cons_gen, $perms, $msglogout;
427	if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
428	if (!isset($id_comune)) $id_comune=0;
429	if(isset($_SESSION['aid'])){
430	session_regenerate_id();
431	}
432	$lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
433	$id_ses=session_id();
434
435	//include("modules/Elezioni/language/lang-$lang.php");
436	if($multicomune==''){
437	$sth = $dbi->prepare("select multicomune from ".$prefix."_config");
438	$sth->execute();
439	list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
440	}
441	include ("header.php");
442	echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
443	echo "<br>"; # method=\"post\"
444	if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
445	elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
446	elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
447	elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
448	echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
449	."<table class=\"table-menu\">"
450	."<tr><td>"._ADMINID."</td>"
451	."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
452	."<tr><td>"._PASSWORD."</td>"
453	."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
454	."<tr><td>";
455	// scelta comune
456	if($multicomune=='1'){
457	echo ""._COMUNE."</td><td>";
458	$sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
459	$sth = $dbi->prepare("$sql");
460	$sth->execute();
461	$row = $sth->fetchAll();
462	echo "<select name=\"id_comune\">";
463	foreach($row as $comuni)
464	{$id=$comuni[0];$descrizione=$comuni[1];
465	$sel=($id == $id_comune) ? "selected":"";
466	echo "<option value=\"$id\" $sel>$descrizione";
467	}
468	}else{
469	echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
470	}
471	// echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
472	if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
473	echo "</td></tr><tr><td>";
474	echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
475	echo "<input type=\"submit\" VALUE=\""._OK."\">"
476	."</td></tr></table>"
477	."</form></div>";
478
479	include ("footer.php");
480	}
481
482	function logout()
483	{
484	/* $lang=$_SESSION['lang'];
485	$id_comune=$_SESSION['id_comune'];
486	// setcookie ("PHPSESSID", "", time() - 3600);
487	session_cache_expire (0);
488	$_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
489	session_unset();
490	session_destroy();
491	Header("Location: admin.php?id_comune=$id_comune&language=$lang");
492	*/
493
494	global $siteistat,$perms,$msglogout;
495	$language=$_SESSION['lang'];
496	$ref="Location: admin.php?";
497	#$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
498	if (isset($_SESSION['id_comune']))
499	$id_comune=$_SESSION['id_comune'];
500	else
501	$id_comune=$siteistat;
502	$ref=$ref."id_comune=".$id_comune;
503
504	if (isset($_SESSION['lang']))
505	$ref=$ref."&language=$language";
506	$ref.="&msglogout=$msglogout";
507	$_SESSION=array();
508	session_unset();
509	session_destroy();
510	session_cache_expire (0);
511	Header($ref);
512
513	}
514	#include("TEST tema: $tema--");
515	#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
516
517	if(isset($id_cons_gen) and isset($id_comune)){
518	if(!isset($id_cons)){
519	# $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
520	$sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
521	$sth = $dbi->prepare("$sql");
522	$sth->execute();
523	if ($sth->rowCount()) {
524	list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
525	$_SESSION['id_cons']=$id_cons;
526	}
527	}
528	if(isset($id_cons)) {
529	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune";
530	$resmod = $dbi->prepare("$sql");
531	$resmod->execute();
532	list($id_sez) = $resmod->fetch(PDO::FETCH_NUM); #die("qui:$id_sez:$sql");
533	if($id_sez) {
534	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
535	$sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and t1.data_fine>'$oggi' and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
536	$resmod = $dbi->prepare("$sql");
537	$resmod->execute();
538	if ($resmod->rowCount()>0) {
539	$tema='Futura2'; #die( "TEST id_cons:$id_cons:".$_SESSION['aid']);
540	$_SESSION['tema']=$tema;
541	} #else {die("TEST: $sql"); logout();}
542	}
543	}
544	$perms=ChiSei($id_cons_gen); #die("qui".$_SESSION['aid']);
545	if($perms==0) {logout();}
546	}
547
548	#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
549	if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
550	//if (isset($param['op'])) $op=$param['op']; else $op='ele';
551	#
552	#die("TEST: qui $aid $id_cons $id_sez ".$_SESSION['aid']);
553
554	if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
555	if($tema=='Futura2' and $op!='logout')
556	{
557	include("temi/$tema/index.php");
558	}else
559	switch($op) {
560	case "tipo":
561	include("modules/Elezioni/ele_tipi.php");
562	break;
563	case "aggiorna":
564	include("modules/Elezioni/aggiornamento.php");
565	break;
566	case "constipi":
567	include("modules/Elezioni/ele_consultazionitipi.php");
568	break;
569	case "parziali":
570	include("modules/Elezioni/ele_parziali.php");
571	break;
572	case "ele":
573	include("modules/Elezioni/ele.php");
574	break;
575	case "consultazione":
576	include("modules/Elezioni/ele_consultazioni.php");
577	break;
578	case "configurazione":
579	include("modules/Elezioni/ele_configurazione.php");
580	break;
581	case "cons_comuni":
582	include("modules/Elezioni/ele_cons_comuni.php");
583	break;
584	case "confconsiglio":
585	include("modules/Elezioni/ele_confcons.php");
586	break;
587	case "inscomuni":
588	include("modules/Elezioni/ele_comuni.php");
589	break;
590	case "oper_admin":
591	include("modules/Elezioni/ele_operatori.php");
592	break;
593	case "inscollegi":
594	include("modules/Elezioni/ele_collegi.php");
595	break;
596	case "associazioni":
597	include("modules/Elezioni/ele_associazioni.php");
598	break;
599	case "operatori":
600	include("modules/Elezioni/ele_operatori.php");
601	break;
602	case "permessi":
603	include("modules/Elezioni/ele_permessi.php");
604	break;
605	case "circo":
606	include("modules/Elezioni/ele_circo.php");
607	break;
608	case "sede":
609	include("modules/Elezioni/ele_sede.php");
610	break;
611	case "sezione":
612	include("modules/Elezioni/ele_sezione.php");
613	break;
614	case "gruppo":
615	include("modules/Elezioni/ele_gruppo.php");
616	break;
617	case "rec_add_aff":
618	include("modules/Elezioni/ele_affluenze.php");
619	break;
620	case "rec_add_mod":
621	include("modules/Elezioni/ele_modelli.php");
622	break;
623	case "upgruppo":
624	include("modules/Elezioni/ele_gruppo.php");
625	break;
626	case "delimggruppo":
627	include("modules/Elezioni/ele_gruppo.php");
628	break;
629	case "lista":
630	include("modules/Elezioni/ele_lista.php");
631	break;
632	case "uplista":
633	include("modules/Elezioni/ele_lista.php");
634	break;
635	case "delimglista":
636	include("modules/Elezioni/ele_lista.php");
637	break;
638	case "candidato":
639	include("modules/Elezioni/ele_candidato.php");
640	break;
641	case "upcandidato":
642	include("modules/Elezioni/ele_candidato.php");
643	break;
644	case "delimgcandidato":
645	include("modules/Elezioni/ele_candidato.php");
646	break;
647
648	case "voti":
649	include("modules/Elezioni/ele_voti.php");
650	break;
651	case "sezioni_voti":
652	include("modules/Elezioni/ele_voti.php");
653	break;
654	case "rec_voti":
655	include("modules/Elezioni/ele_voti.php");
656	break;
657	case "rec_voti_gruppi":
658	include("modules/Elezioni/ele_voti.php");
659	break;
660	case "rec_add_votanti":
661	include("modules/Elezioni/ele_voti.php");
662	break;
663	case "rec_finale":
664	include("modules/Elezioni/ele_voti.php");
665	break;
666	case "controllo_voti":
667	include("modules/Elezioni/controllo_voti.php");
668	break;
669	case "controllo_votanti":
670	include("modules/Elezioni/controllo_votanti.php");
671	break;
672	case "come":
673	include("modules/Elezioni/ele_come.php");
674	break;
675	case "numeri":
676	include("modules/Elezioni/ele_come.php");
677	break;
678	case "servizi":
679	include("modules/Elezioni/ele_come.php");
680	break;
681	case "link":
682	include("modules/Elezioni/ele_come.php");
683	break;
684	case "conf":
685	include("modules/Elezioni/ele_conf.php");
686	break;
687	case "stampa":
688	include("modules/Elezioni/ele_stampe.php");
689	break;
690	case "cambiopwd":
691	include("modules/Elezioni/ele_pwd.php");
692	break;
693	case "eletti":
694	include("modules/Elezioni/ele_eletti.php");
695	break;
696	case "foto":
697	include("modules/Elezioni/foto.php");
698	break;
699	case "consiglieri":
700	include("modules/Elezioni/ele_consiglieri.php");
701	break;
702	case "backup":
703	include("modules/Elezioni/backup.php");
704	break;
705	case "restore":
706	include("modules/Elezioni/restore.php");
707	break;
708	case "scarica":
709	include("modules/Elezioni/scarica.php");
710	break;
711	case "importa":
712	include("modules/Elezioni/importa.php");
713	break;
714	case "widget":
715	include("modules/Elezioni/ele_widget.php");
716	break;
717	case "riepilogo":
718	include("modules/Elezioni/ele_riepilogo.php");
719	break;
720	case "riepilogovoti":
721	include("modules/Elezioni/ele_riepilogovoti.php");
722	break;
723	case "logout":
724	logout();
725	break;
726	}
727
728	}else {
729
730	login();
731
732	}
733
734	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: