Context Navigation

source: trunk/admin/admin.php@ 381

Last change on this file since 381 was 381, checked in by roby, 19 months ago
INSTALL adeguamento php5 ADMIN continua elaborazione funzione di aggiornamento
File size: 25.0 KB

Line
1	<?php
2
3	/************************************************************************/
4	/* Eleonline - Raccolta e diffusione dei dati elettorali */
5	/* by Roberto Gigli & Luciano Apolito */
6	/* http://www.eleonline.it */
7	/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
8	/************************************************************************/
9	/* Admin */
10	/* Amministrazione */
11	/************************************************************************/
12
13	/* Descrizione file admin.php =
14	effettua il login o il rilancio alla gestione */
15
16	define('ADMIN_FILE', true);
17	#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
18	# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
19	global $multicomune,$msglogout,$language,$id_sez;
20
21	// Adattamento variabili superglobal
22	// Versione di php
23	$phpver = phpversion();
24	global $dbi;
25	// converte superglobal se php e' < 4.1.0
26
27	if ($phpver < '4.1.0') {
28	$_GET = $HTTP_GET_VARS;
29	$_POST = $HTTP_POST_VARS;
30	$_SERVER = $HTTP_SERVER_VARS;
31	$_FILES = $HTTP_POST_FILES;
32	$_ENV = $HTTP_ENV_VARS;
33	if($_SERVER['REQUEST_METHOD'] == "POST") {
34	$_REQUEST = $_POST;
35	} elseif($_SERVER['REQUEST_METHOD'] == "GET") {
36	$_REQUEST = $_GET;
37	}
38	if(isset($HTTP_COOKIE_VARS)) {
39	$_COOKIE = $HTTP_COOKIE_VARS;
40	}
41	if(isset($HTTP_SESSION_VARS)) {
42	$_SESSION = $HTTP_SESSION_VARS;
43	}
44	}
45
46	$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
47	if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
48	if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
49	if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
50
51	// Additional security (Union, CLike, XSS)
52
53	// We want to use the function stripos,
54	// but thats only available since PHP5.
55	// So we cloned the function...
56	if(!function_exists('stripos')) {
57	function stripos_clone($haystack, $needle, $offset=0) {
58	return strpos(strtoupper($haystack), strtoupper($needle), $offset);
59	}
60	} else {
61	// But when this is PHP5, we use the original function
62	function stripos_clone($haystack, $needle, $offset=0) {
63	return stripos($haystack, $needle, $offset=0);
64	}
65	}
66
67	if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") \|\| !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
68	$queryString = $_SERVER['QUERY_STRING'];
69	if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/') OR stripos_clone($queryString,'/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
70	die('Operazione non consentita');
71	}
72	}
73
74
75	foreach ($_GET as $sec_key => $secvalue) {
76	if ((preg_match("/<[^>]script\"?[^>]*>/i",$secvalue)) \|\|
77	(preg_match("/<[^>]object\"?[^>]*>/i", $secvalue)) \|\|
78	(preg_match("/<[^>]iframe\"?[^>]*>/i", $secvalue)) \|\|
79	(preg_match("/<[^>]applet\"?[^>]*>/i", $secvalue)) \|\|
80	(preg_match("/<[^>]meta\"?[^>]*>/i", $secvalue)) \|\|
81	(preg_match("/<[^>]style\"?[^>]*>/i", $secvalue)) \|\|
82	(preg_match("/<[^>]form\"?[^>]*>/i", $secvalue)) \|\|
83	(preg_match("/<[^>]img\"?[^>]*>/i", $secvalue)) \|\|
84	(preg_match("/<[^>]onmouseover\"?[^>]*>/i", $secvalue)) \|\|
85	(preg_match("/<[^>]body\"?[^>]*>/i", $secvalue)) \|\|
86	(preg_match("/\"/", $secvalue)) \|\|
87	(preg_match("/inside_mod/i", $sec_key))) {
88	die ("Operazione non consentita");
89	}
90	}
91
92	foreach ($_POST as $secvalue) {
93	if ((preg_match("/<[^>]onmouseover\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]script\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]body\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]style\"?[^>]>/i", $secvalue))) {
94	die ('Operazione non consentita');
95	}
96	}
97
98	// Posting from other servers in not allowed
99	// Fix by Quake
100	// Bug found by PeNdEjO
101
102	if ($_SERVER['REQUEST_METHOD'] == "POST") {
103	if (isset($_SERVER['HTTP_REFERER'])) {
104	if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
105	die('Posting da un altro server non consentito!');
106	}
107	} else {
108	# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
109	}
110	}
111
112
113
114
115
116
117
118	//===================================================================
119	session_name('sesadmin');
120	#session_start();//MODIFICHE PER GESTIONE SESSIONI
121	// gestione sessione
122	$a = session_id();
123	if(empty($a)) session_start();
124	#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
125
126	if (file_exists("config.php")){
127	$install="0"; @require_once("config.php");
128	}else{
129	$install="1";
130	}
131
132	# verifica se effettuata la configurazione
133	if(empty($dbname) \|\| $install=="1") {
134	die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
135	}
136
137	$dsn = "mysql:host=$dbhost";
138	$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
139	if($prefix == '') {
140	db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
141	}
142	try
143	{
144	$dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
145	}
146	catch(PDOException $e)
147	{
148	echo $sql . "<br>" . $e->getMessage();die();
149	}
150	$sql = "use $dbname";
151	try
152	{
153	$dbi->exec($sql);
154	}
155	catch(PDOException $e)
156	{
157	echo $sql . "<br>" . $e->getMessage();
158	}
159	$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
160	$sth->execute();
161	$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
162	$sth->execute();
163	$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
164	$sth->execute();
165	$sth = $dbi->prepare("SET CHARACTER SET utf8");
166	$sth->execute();
167
168	$sth = $dbi->prepare("SET NAMES 'utf8'");
169	$sth->execute();
170	$sth = $dbi->prepare("select * from ".$prefix."_config");
171	$sth->execute();
172
173	# $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
174	# mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
175	## mysql_query("SET NAMES 'utf8'", $dbi);
176	//---10/05/2009 gestione consultazione predefinita
177	$sth = $dbi->prepare("select * from ".$prefix."_config");
178	$sth->execute();
179	$row = $sth->fetch(PDO::FETCH_ASSOC);
180	#$row = $sth->fetchAll();
181	$siteistat=$row['siteistat'];
182	if (!isset($_SESSION['id_comune'])){
183	$_SESSION['sitename']=$row['sitename'];
184	$_SESSION['siteurl']=$row['siteurl'];
185	$_SESSION['site_logo']=$row['site_logo'];
186	$_SESSION['slogan']=$row['slogan'];
187	$_SESSION['startdate']=$row['startdate'];
188	$_SESSION['adminmail']=$row['adminmail'];
189	# if (isset($tema) and $tema=='facebook')
190	# $_SESSION['tema']=$row['tema'];
191	$_SESSION['foot']=$row['foot'];
192	$_SESSION['lang']=$row['language'];
193	$_SESSION['blocco']=$row['blocco'];
194	$_SESSION['testata']=$row['testata'];
195	# $_SESSION['logo']=$row['logo'];
196	$_SESSION['fileout']=$row['fileout'];
197	$_SESSION['copyright']=$row['copyright'];
198	$_SESSION['versione']=$row['versione'];
199	$_SESSION['patch']=$row['patch'];
200	$_SESSION['id_comune']=$row['siteistat'];
201	$_SESSION['multicomune']=$row['multicomune'];
202	$_SESSION['flash']=$row['flash'];
203	$_SESSION['displayerrors']=$row['displayerrors'];
204	$_SESSION['editor']=$row['editor'];
205	$_SESSION['tema_on']=$row['tema_on'];
206	$_SESSION['ed_user']=$row['ed_user'];
207	$multicomune=$row['multicomune'];
208	}
209
210	//fine
211	if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
212	if (!isset($_SESSION['tema']))
213	$_SESSION['tema']='default';
214	$tema=$_SESSION['tema'];
215
216	if (isset($param['aid'])) {
217	if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
218	if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
219	if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
220	if (isset($_SESSION['aid'])){
221	logout();//se hai gia' una sessione aperta non puoi postare 'aid'
222	}else{
223
224	// $pwd2=$param['pwd'];
225	$mpwd=md5($pwd2);
226
227	// se superUserAdmin
228	########
229	# $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
230	# $sth->execute();
231	# $row = $sth->fetch(PDO::FETCH_ASSOC);
232	if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
233	# if ($adminsuper==1) $id_comune2=0; else
234	$id_comune2=$id_comune;
235	$sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
236	$sth->execute();
237	$esiste=$sth->rowCount();
238	# $adminsuper=$row['adminsuper'];
239	$row = $sth->fetch(PDO::FETCH_ASSOC);
240	if(!$esiste) {
241	$msglogout=2;
242	logout();
243	}else{
244	if ($row['pwd']!=$mpwd) {
245	$msglogout=3;
246	logout();
247	}elseif($row['adminop']==1) {
248	$msglogout=1;
249	logout();
250	}
251	$counter=$row['counter'];
252	$tmplang=$row['admlanguage'];
253	if(strlen($tmplang)==2) $language=$tmplang;
254	$sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
255	$sth->execute();
256	# $row = $sth->fetch(PDO::FETCH_ASSOC);
257	if ($esiste==1) {
258	# $_SESSION['dbi']=$dbi;
259	$_SESSION['aid']="$aid";
260	$_SESSION['pwd']="$mpwd";
261	$_SESSION['lang']="$language";
262	$_SESSION['id_comune']="$id_comune";
263	$_SESSION['prefix']="soraldo";
264	$_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
265	$_SESSION['bgcolor1']='#ffffff';
266	$_SESSION['bgcolor2']='#c5c5c5';
267	if (!isset($op)) $op='consultazione';
268	session_regenerate_id();
269	}
270	}
271	}
272	}else{
273	#$_SESSION['dbi']=$dbi;
274
275	}
276	# si settano le variabili per il controllo degli aggiornamenti
277	if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
278	{
279	$sql="SELECT COLUMN_NAME
280	FROM INFORMATION_SCHEMA.COLUMNS
281	WHERE TABLE_SCHEMA = '$dbname'
282	AND TABLE_NAME = '".$prefix."_config'
283	AND COLUMN_NAME = 'aggiornamento'";
284	$sth = $dbi->prepare($sql);
285	$sth->execute();
286	if($sth->rowCount())
287	{
288	$sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
289	$sth = $dbi->prepare($sql);
290	$sth->execute();
291	}
292	/* $sth = $dbi->prepare("select aggiornamento from ".$prefix."_config");
293	$sth->execute();
294	list($agg)=$sth->fetch(PDO::FETCH_NUM);
295	$_SESSION['aggiornamento']=$agg;*/
296	###########
297	$righe='';
298	if(phpversion()<5.6) $host="http://80.211.143.127";
299	else $host="https://trac.eleonline.it";
300	$headers=get_headers("$host/ele3/changeset/");
301	$testurl=strlen($headers[0])>0?true:false;
302	if(!$testurl){
303	$newrev=0;
304	}else{
305	$file = file("$host/ele3/changeset/");
306	$cntFile = count($file);
307	$fine=0;
308	$currentLine=0;
309
310	foreach ($file as $line_num => $line) {
311	if(strpos($line,'<title>') ) {$fine=1; continue;}
312	if ($fine){
313	$newrev=(int) filter_var($line, FILTER_SANITIZE_NUMBER_INT);
314	break;
315	}
316	}
317	}
318	include('versione.php');
319	$myrev=intval(substr($versione,-4,4));
320	# $_SESSION['aggiornamento']=$agg;
321	$_SESSION['localrev']=$myrev;
322	$_SESSION['remoterev']=$newrev;
323	unset($file);
324	# if($agg) include('aggiornamento.php');
325	#die("local: ".$_SESSION['localrev'].$_SESSION['remoterev']);
326	}
327	if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
328	if(!isset($language)) $language=$_SESSION['lang'];
329	if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
330	$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
331
332	if (isset($_SESSION['aid']))
333	{
334	//lettura sessione
335	$aid=$_SESSION['aid'];
336	#$dbi=$_SESSION['dbi'];
337	$prefix=$_SESSION['prefix'];
338	$id_comune=$_SESSION['id_comune'];
339	if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
340	if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
341	else {
342	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
343	$sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and t1.data_fine>'$oggi' and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1"; # TEST: and id_sez>0
344	$rese = $dbi->prepare("$sql");
345	$rese->execute();
346	if($rese->rowCount())
347	{list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
348	else {
349	$sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
350	$sth = $dbi->prepare($sql);
351	$sth->execute();
352	$row = $sth->fetch(PDO::FETCH_BOTH);
353	if($sth->rowCount())
354	$id_cons_gen=$row[0];
355	else
356	$id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
357	}
358	}
359	$currentlang=$_SESSION['lang'];
360	#$bgcolor1=$_SESSION['bgcolor1'];
361	$bgcolor2=$_SESSION['bgcolor2'];
362	$bgcolor1='#e7e7e7';
363	$session=$_SESSION['remote'];
364
365	}
366
367
368
369	/*********************************************************/
370	/* Login Function */
371	/*********************************************************/
372	function ChiSei($id_cons_gen){
373	global $dbi, $msglogout;
374
375	$aid=$_SESSION['aid'];
376	$prefix=$_SESSION['prefix'];
377	$pwd=$_SESSION['pwd'];
378	$id_comune=$_SESSION['id_comune'];
379
380	$perms=0;
381	$sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
382	$sth = $dbi->prepare("$sql");
383	$sth->execute();
384	$row = $sth->fetch(PDO::FETCH_BOTH);
385
386	$adminsuper=$row[0];
387	$admincomune=$row[1];
388	$oper=$row[2];
389
390	#if (($adminsuper==1 \|\| $admincomune==1 \|\| $adminop==1)) {
391	if ($adminsuper==1)
392	return 256;
393	elseif ($admincomune==1)
394	return 64;
395	# $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
396	elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
397	else {
398	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
399	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where aid='$aid' and permessi>0 and id_cons in (select t1.id_cons from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.id_comune='$id_comune' and t2.data_fine>$oggi)";
400	$sth = $dbi->prepare("$sql");
401	$sth->execute(); #die("TEST: $sql");
402	if($sth->rowCount()) {$perms=16; return $perms;}
403	else {$msglogout=1; return 0;}
404	}
405	/* $sth = $dbi->prepare("select id_cons from ".$prefix."_ele_cons_comune where id_comune='$id_comune' and id_cons_gen='$id_cons_gen'");
406	$sth->execute();
407	$row = $sth->fetch(PDO::FETCH_BOTH);
408	$id_cons=$row[0];
409	$sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'");
410
411	$sth->execute();
412	list($perms)=$sth->fetch(PDO::FETCH_NUM);
413	# $row = die("test:$sql".$row[0] );
414	if (!$perms) {die("qui: select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'"); $msglogout=1; $perms=0; }
415
416	return $perms; */
417	#} else return 0;
418	}
419
420	function OpenTable(){
421	echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
422	}
423
424	function CloseTable(){
425	echo "</table>";
426	}
427
428	function login() {
429	global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $id_cons_gen, $perms, $msglogout;
430	if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
431	if (!isset($id_comune)) $id_comune=0;
432	if(isset($_SESSION['aid'])){
433	session_regenerate_id();
434	}
435	$lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
436	$id_ses=session_id();
437
438	//include("modules/Elezioni/language/lang-$lang.php");
439	if($multicomune==''){
440	$sth = $dbi->prepare("select multicomune from ".$prefix."_config");
441	$sth->execute();
442	list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
443	}
444	include ("header.php");
445	echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
446	echo "<br>"; # method=\"post\"
447	if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
448	elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
449	elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
450	elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
451	echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
452	."<table class=\"table-menu\">"
453	."<tr><td>"._ADMINID."</td>"
454	."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
455	."<tr><td>"._PASSWORD."</td>"
456	."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
457	."<tr><td>";
458	// scelta comune
459	if($multicomune=='1'){
460	echo ""._COMUNE."</td><td>";
461	$sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
462	$sth = $dbi->prepare("$sql");
463	$sth->execute();
464	$row = $sth->fetchAll();
465	echo "<select name=\"id_comune\">";
466	foreach($row as $comuni)
467	{$id=$comuni[0];$descrizione=$comuni[1];
468	$sel=($id == $id_comune) ? "selected":"";
469	echo "<option value=\"$id\" $sel>$descrizione";
470	}
471	}else{
472	echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
473	}
474	// echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
475	if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
476	echo "</td></tr><tr><td>";
477	echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
478	echo "<input type=\"submit\" VALUE=\""._OK."\">"
479	."</td></tr></table>"
480	."</form></div>";
481
482	include ("footer.php");
483	}
484
485	function logout()
486	{
487	/* $lang=$_SESSION['lang'];
488	$id_comune=$_SESSION['id_comune'];
489	// setcookie ("PHPSESSID", "", time() - 3600);
490	session_cache_expire (0);
491	$_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
492	session_unset();
493	session_destroy();
494	Header("Location: admin.php?id_comune=$id_comune&language=$lang");
495	*/
496
497	global $siteistat,$perms,$msglogout;
498	$language=$_SESSION['lang'];
499	$ref="Location: admin.php?";
500	#$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
501	if (isset($_SESSION['id_comune']))
502	$id_comune=$_SESSION['id_comune'];
503	else
504	$id_comune=$siteistat;
505	$ref=$ref."id_comune=".$id_comune;
506
507	if (isset($_SESSION['lang']))
508	$ref=$ref."&language=$language";
509	$ref.="&msglogout=$msglogout";
510	$_SESSION=array();
511	session_unset();
512	session_destroy();
513	session_cache_expire (0);
514	Header($ref);
515
516	}
517	#include("TEST tema: $tema--");
518	#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
519
520	if(isset($id_cons_gen) and isset($id_comune)){
521	if(!isset($id_cons)){
522	# $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
523	$sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
524	$sth = $dbi->prepare("$sql");
525	$sth->execute();
526	if ($sth->rowCount()) {
527	list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
528	$_SESSION['id_cons']=$id_cons;
529	}
530	}
531	if(isset($id_cons)) {
532	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune";
533	$resmod = $dbi->prepare("$sql");
534	$resmod->execute();
535	list($id_sez) = $resmod->fetch(PDO::FETCH_NUM); #die("qui:$id_sez:$sql");
536	if($id_sez) {
537	$oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
538	$sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and t1.data_fine>'$oggi' and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
539	$resmod = $dbi->prepare("$sql");
540	$resmod->execute();
541	if ($resmod->rowCount()>0) {
542	$tema='Futura2'; #die( "TEST id_cons:$id_cons:".$_SESSION['aid']);
543	$_SESSION['tema']=$tema;
544	} #else {die("TEST: $sql"); logout();}
545	}
546	}
547	$perms=ChiSei($id_cons_gen); #die("qui".$_SESSION['aid']);
548	if($perms==0) {logout();}
549	}
550
551	#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
552	if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
553	//if (isset($param['op'])) $op=$param['op']; else $op='ele';
554	#
555	#die("TEST: qui $aid $id_cons $id_sez ".$_SESSION['aid']);
556
557	if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
558	if($tema=='Futura2' and $op!='logout')
559	{
560	include("temi/$tema/index.php");
561	}else
562	switch($op) {
563	case "tipo":
564	include("modules/Elezioni/ele_tipi.php");
565	break;
566	case "aggiorna":
567	include("modules/Elezioni/aggiornamento.php");
568	break;
569	case "constipi":
570	include("modules/Elezioni/ele_consultazionitipi.php");
571	break;
572	case "parziali":
573	include("modules/Elezioni/ele_parziali.php");
574	break;
575	case "ele":
576	include("modules/Elezioni/ele.php");
577	break;
578	case "consultazione":
579	include("modules/Elezioni/ele_consultazioni.php");
580	break;
581	case "configurazione":
582	include("modules/Elezioni/ele_configurazione.php");
583	break;
584	case "cons_comuni":
585	include("modules/Elezioni/ele_cons_comuni.php");
586	break;
587	case "confconsiglio":
588	include("modules/Elezioni/ele_confcons.php");
589	break;
590	case "inscomuni":
591	include("modules/Elezioni/ele_comuni.php");
592	break;
593	case "oper_admin":
594	include("modules/Elezioni/ele_operatori.php");
595	break;
596	case "inscollegi":
597	include("modules/Elezioni/ele_collegi.php");
598	break;
599	case "associazioni":
600	include("modules/Elezioni/ele_associazioni.php");
601	break;
602	case "operatori":
603	include("modules/Elezioni/ele_operatori.php");
604	break;
605	case "permessi":
606	include("modules/Elezioni/ele_permessi.php");
607	break;
608	case "circo":
609	include("modules/Elezioni/ele_circo.php");
610	break;
611	case "sede":
612	include("modules/Elezioni/ele_sede.php");
613	break;
614	case "sezione":
615	include("modules/Elezioni/ele_sezione.php");
616	break;
617	case "gruppo":
618	include("modules/Elezioni/ele_gruppo.php");
619	break;
620	case "rec_add_aff":
621	include("modules/Elezioni/ele_affluenze.php");
622	break;
623	case "rec_add_mod":
624	include("modules/Elezioni/ele_modelli.php");
625	break;
626	case "upgruppo":
627	include("modules/Elezioni/ele_gruppo.php");
628	break;
629	case "delimggruppo":
630	include("modules/Elezioni/ele_gruppo.php");
631	break;
632	case "lista":
633	include("modules/Elezioni/ele_lista.php");
634	break;
635	case "uplista":
636	include("modules/Elezioni/ele_lista.php");
637	break;
638	case "delimglista":
639	include("modules/Elezioni/ele_lista.php");
640	break;
641	case "candidato":
642	include("modules/Elezioni/ele_candidato.php");
643	break;
644	case "upcandidato":
645	include("modules/Elezioni/ele_candidato.php");
646	break;
647	case "delimgcandidato":
648	include("modules/Elezioni/ele_candidato.php");
649	break;
650
651	case "voti":
652	include("modules/Elezioni/ele_voti.php");
653	break;
654	case "sezioni_voti":
655	include("modules/Elezioni/ele_voti.php");
656	break;
657	case "rec_voti":
658	include("modules/Elezioni/ele_voti.php");
659	break;
660	case "rec_voti_gruppi":
661	include("modules/Elezioni/ele_voti.php");
662	break;
663	case "rec_add_votanti":
664	include("modules/Elezioni/ele_voti.php");
665	break;
666	case "rec_finale":
667	include("modules/Elezioni/ele_voti.php");
668	break;
669	case "controllo_voti":
670	include("modules/Elezioni/controllo_voti.php");
671	break;
672	case "controllo_votanti":
673	include("modules/Elezioni/controllo_votanti.php");
674	break;
675	case "come":
676	include("modules/Elezioni/ele_come.php");
677	break;
678	case "numeri":
679	include("modules/Elezioni/ele_come.php");
680	break;
681	case "servizi":
682	include("modules/Elezioni/ele_come.php");
683	break;
684	case "link":
685	include("modules/Elezioni/ele_come.php");
686	break;
687	case "conf":
688	include("modules/Elezioni/ele_conf.php");
689	break;
690	case "stampa":
691	include("modules/Elezioni/ele_stampe.php");
692	break;
693	case "cambiopwd":
694	include("modules/Elezioni/ele_pwd.php");
695	break;
696	case "eletti":
697	include("modules/Elezioni/ele_eletti.php");
698	break;
699	case "foto":
700	include("modules/Elezioni/foto.php");
701	break;
702	case "consiglieri":
703	include("modules/Elezioni/ele_consiglieri.php");
704	break;
705	case "backup":
706	include("modules/Elezioni/backup.php");
707	break;
708	case "restore":
709	include("modules/Elezioni/restore.php");
710	break;
711	case "scarica":
712	include("modules/Elezioni/scarica.php");
713	break;
714	case "importa":
715	include("modules/Elezioni/importa.php");
716	break;
717	case "widget":
718	include("modules/Elezioni/ele_widget.php");
719	break;
720	case "riepilogo":
721	include("modules/Elezioni/ele_riepilogo.php");
722	break;
723	case "riepilogovoti":
724	include("modules/Elezioni/ele_riepilogovoti.php");
725	break;
726	case "logout":
727	logout();
728	break;
729	}
730
731	}else {
732
733	login();
734
735	}
736
737	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: