Context Navigation

source: trunk/admin/admin.php@ 426

Last change on this file since 426 was 426, checked in by roby, 4 weeks ago

ADMIN

-- Inserito nuovo file ele_restorebackup.php
-- Modificata la funzione di verifica presenza aggiornamenti, evitato il rallentamento in accesso per il superutente e velocizzato il controllo da menu

CLIENT

-- Corrette alcune visualizzazioni per il tema Futura2 per mobile

File size: 24.1 KB

Line
1	<?php
2
3	/************************************************************************/
4	/* Eleonline - Raccolta e diffusione dei dati elettorali */
5	/* by Roberto Gigli & Luciano Apolito */
6	/* http://www.eleonline.it */
7	/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
8	/************************************************************************/
9	/* Admin */
10	/* Amministrazione */
11	/************************************************************************/
12
13	/* Descrizione file admin.php =
14	effettua il login o il rilancio alla gestione */
15
16	define('ADMIN_FILE', true);
17	#$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
18	# tempo di sessione: ini_set('session.gc_maxlifetime','3600');
19	global $multicomune,$msglogout,$language,$id_sez;
20
21	// Adattamento variabili superglobal
22	// Versione di php
23	$phpver = phpversion();
24	global $dbi;
25	// converte superglobal se php e' < 4.1.0
26
27	if ($phpver < '4.1.0') {
28	$_GET = $HTTP_GET_VARS;
29	$_POST = $HTTP_POST_VARS;
30	$_SERVER = $HTTP_SERVER_VARS;
31	$_FILES = $HTTP_POST_FILES;
32	$_ENV = $HTTP_ENV_VARS;
33	if($_SERVER['REQUEST_METHOD'] == "POST") {
34	$_REQUEST = $_POST;
35	} elseif($_SERVER['REQUEST_METHOD'] == "GET") {
36	$_REQUEST = $_GET;
37	}
38	if(isset($HTTP_COOKIE_VARS)) {
39	$_COOKIE = $HTTP_COOKIE_VARS;
40	}
41
42	}
43
44	$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
45	if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
46	if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
47	if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
48
49	// Additional security (Union, CLike, XSS)
50
51	// We want to use the function stripos,
52	// but thats only available since PHP5.
53	// So we cloned the function...
54	if(!function_exists('stripos')) {
55	function stripos_clone($haystack, $needle, $offset=0) {
56	return strpos(strtoupper($haystack), strtoupper($needle), $offset);
57	}
58	} else {
59	// But when this is PHP5, we use the original function
60	function stripos_clone($haystack, $needle, $offset=0) {
61	return stripos($haystack, $needle, $offset=0);
62	}
63	}
64
65	if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") \|\| !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
66	$queryString = $_SERVER['QUERY_STRING'];
67	if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/') OR stripos_clone($queryString,'/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
68	die('Operazione non consentita');
69	}
70	}
71
72
73	foreach ($_GET as $sec_key => $secvalue) {
74	if ((preg_match("/<[^>]script\"?[^>]*>/i",$secvalue)) \|\|
75	(preg_match("/<[^>]object\"?[^>]*>/i", $secvalue)) \|\|
76	(preg_match("/<[^>]iframe\"?[^>]*>/i", $secvalue)) \|\|
77	(preg_match("/<[^>]applet\"?[^>]*>/i", $secvalue)) \|\|
78	(preg_match("/<[^>]meta\"?[^>]*>/i", $secvalue)) \|\|
79	(preg_match("/<[^>]style\"?[^>]*>/i", $secvalue)) \|\|
80	(preg_match("/<[^>]form\"?[^>]*>/i", $secvalue)) \|\|
81	(preg_match("/<[^>]img\"?[^>]*>/i", $secvalue)) \|\|
82	(preg_match("/<[^>]onmouseover\"?[^>]*>/i", $secvalue)) \|\|
83	(preg_match("/<[^>]body\"?[^>]*>/i", $secvalue)) \|\|
84	(preg_match("/\"/", $secvalue)) \|\|
85	(preg_match("/inside_mod/i", $sec_key))) {
86	die ("Operazione non consentita");
87	}
88	}
89
90	foreach ($_POST as $secvalue) {
91	if ((preg_match("/<[^>]onmouseover\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]script\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]body\"?[^>]>/i", $secvalue)) \|\| (preg_match("/<[^>]style\"?[^>]>/i", $secvalue))) {
92	die ('Operazione non consentita');
93	}
94	}
95
96	// Posting from other servers in not allowed
97	// Fix by Quake
98	// Bug found by PeNdEjO
99
100	if ($_SERVER['REQUEST_METHOD'] == "POST") {
101	if (isset($_SERVER['HTTP_REFERER'])) {
102	if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
103	die('Posting da un altro server non consentito!');
104	}
105	} else {
106	# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
107	}
108	}
109
110
111
112
113
114
115
116	//===================================================================
117	session_name('sesadmin');
118	#session_start();//MODIFICHE PER GESTIONE SESSIONI
119	// gestione sessione
120	if (!isset($_SESSION))
121	{
122	session_start();
123	}else session_regenerate_id();
124	$a = session_id();
125	if(empty($a)) session_start();
126	#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
127
128
129	if (file_exists("config.php")){
130	$install="0"; @require_once("config.php");
131	}else{
132	$install="1";
133	}
134
135	# verifica se effettuata la configurazione
136	if(empty($dbname) \|\| $install=="1") {
137	die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
138	}
139	require_once('variabili.php');
140	$dsn = "mysql:host=$dbhost";
141	$opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
142	if($prefix == '') {
143	db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
144	}
145	try
146	{
147	$dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
148	}
149	catch(PDOException $e)
150	{
151	echo "<br>" . $e->getMessage();die();
152	}
153	$sql = "use $dbname";
154	try
155	{
156	$dbi->exec($sql);
157	}
158	catch(PDOException $e)
159	{
160	echo $sql . "<br>" . $e->getMessage();
161	}
162	$sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
163	$sth->execute();
164	$sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
165	$sth->execute();
166	$sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
167	$sth->execute();
168	$sth = $dbi->prepare("SET CHARACTER SET utf8");
169	$sth->execute();
170
171	$sth = $dbi->prepare("SET NAMES 'utf8'");
172	$sth->execute();
173	$sth = $dbi->prepare("select * from ".$prefix."_config");
174	$sth->execute();
175
176	# $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
177	# mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
178	## mysql_query("SET NAMES 'utf8'", $dbi);
179	//---10/05/2009 gestione consultazione predefinita
180	$sth = $dbi->prepare("select * from ".$prefix."_config");
181	$sth->execute();
182	$row = $sth->fetch(PDO::FETCH_ASSOC);
183	#$row = $sth->fetchAll();
184	$siteistat=$row['siteistat'];
185	if (!isset($_SESSION['id_comune'])){
186	$_SESSION['sitename']=$row['sitename'];
187	$_SESSION['siteurl']=$row['siteurl'];
188	$_SESSION['site_logo']=$row['site_logo'];
189	$_SESSION['slogan']=$row['slogan'];
190	$_SESSION['startdate']=$row['startdate'];
191	$_SESSION['adminmail']=$row['adminmail'];
192	# if (isset($tema) and $tema=='facebook')
193	# $_SESSION['tema']=$row['tema'];
194	$_SESSION['foot']=$row['foot'];
195	$_SESSION['lang']=$row['language'];
196	$_SESSION['blocco']=$row['blocco'];
197	$_SESSION['testata']=$row['testata'];
198	# $_SESSION['logo']=$row['logo'];
199	$_SESSION['fileout']=$row['fileout'];
200	$_SESSION['copyright']=$row['copyright'];
201	$_SESSION['versione']=$row['versione'];
202	$_SESSION['patch']=$row['patch'];
203	$_SESSION['id_comune']=$row['siteistat'];
204	$_SESSION['multicomune']=$row['multicomune'];
205	$_SESSION['flash']=$row['flash'];
206	$_SESSION['displayerrors']=$row['displayerrors'];
207	$_SESSION['editor']=$row['editor'];
208	$_SESSION['tema_on']=$row['tema_on'];
209	$_SESSION['ed_user']=$row['ed_user'];
210	$multicomune=$row['multicomune'];
211	}
212
213	//fine
214	if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
215	if (!isset($_SESSION['tema']))
216	$_SESSION['tema']='default';
217	$tema=$_SESSION['tema'];
218
219	if (isset($param['aid'])) {
220	if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
221	if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
222	if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
223	if (isset($_SESSION['aid'])){
224	logout();//se hai gia' una sessione aperta non puoi postare 'aid'
225	}else{
226
227	// $pwd2=$param['pwd'];
228	$mpwd=md5($pwd2);
229
230	// se superUserAdmin
231	########
232	# $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
233	# $sth->execute();
234	# $row = $sth->fetch(PDO::FETCH_ASSOC);
235	if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
236	# if ($adminsuper==1) $id_comune2=0; else
237	$id_comune2=$id_comune;
238	$sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where binary aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
239	$sth->execute();
240	$esiste=$sth->rowCount();
241	# $adminsuper=$row['adminsuper'];
242	$row = $sth->fetch(PDO::FETCH_ASSOC);
243	if(!$esiste) {
244	$msglogout=2;
245	logout();
246	}else{
247	if ($row['pwd']!=$mpwd) {
248	$msglogout=3;
249	logout();
250	}elseif($row['adminop']==1) {
251	$msglogout=1;
252	logout();
253	}
254	$counter=$row['counter'];
255	$tmplang=$row['admlanguage'];
256	if(strlen($tmplang)==2) $language=$tmplang;
257	$sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
258	$sth->execute();
259	# $row = $sth->fetch(PDO::FETCH_ASSOC);
260	if ($esiste==1) {
261	# $_SESSION['dbi']=$dbi;
262	$_SESSION['aid']="$aid";
263	$_SESSION['pwd']="$mpwd";
264	$_SESSION['lang']="$language";
265	$_SESSION['id_comune']="$id_comune";
266	$_SESSION['prefix']="soraldo";
267	$_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
268	$_SESSION['bgcolor1']='#ffffff';
269	$_SESSION['bgcolor2']='#c5c5c5';
270	if (!isset($op)) $op='consultazione';
271	}
272	}
273	}
274	}else{
275	#$_SESSION['dbi']=$dbi;
276
277	}
278	# si settano le variabili per il controllo degli aggiornamenti
279	if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
280	{
281	$sql="SELECT COLUMN_NAME
282	FROM INFORMATION_SCHEMA.COLUMNS
283	WHERE TABLE_SCHEMA = '$dbname'
284	AND TABLE_NAME = '".$prefix."_config'
285	AND COLUMN_NAME = 'aggiornamento'";
286	$sth = $dbi->prepare($sql);
287	$sth->execute();
288	if($sth->rowCount())
289	{
290	$sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
291	$sth = $dbi->prepare($sql);
292	$sth->execute();
293	}
294	include('versione.php');
295	}
296	if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
297	if(!isset($language) and isset($_SESSION['lang'])) $language=$_SESSION['lang']; else $language='it';
298	if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
299	$currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
300
301	if (isset($_SESSION['aid']))
302	{
303	//lettura sessione
304	$aid=$_SESSION['aid'];
305	#$dbi=$_SESSION['dbi'];
306	$prefix=$_SESSION['prefix'];
307	$id_comune=$_SESSION['id_comune'];
308	if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
309	if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
310	else {
311	# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
312	$sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval $giorniaut day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1";# TEST: and id_sez>0
313	$rese = $dbi->prepare("$sql");
314	$rese->execute();
315	if($rese->rowCount())
316	{list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
317	else {
318	$sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
319	$sth = $dbi->prepare($sql);
320	$sth->execute();
321	$row = $sth->fetch(PDO::FETCH_BOTH);
322	if($sth->rowCount())
323	$id_cons_gen=$row[0];
324	else
325	$id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
326	}
327	}
328	$currentlang=$_SESSION['lang'];
329	#$bgcolor1=$_SESSION['bgcolor1'];
330	$bgcolor2=$_SESSION['bgcolor2'];
331	$bgcolor1='#e7e7e7';
332	$session=$_SESSION['remote'];
333
334	}
335
336
337
338	/*********************************************************/
339	/* Login Function */
340	/*********************************************************/
341	function ChiSei($idcg){
342	global $dbi, $msglogout, $id_cons_gen,$giorniaut;
343
344	$aid=$_SESSION['aid'];
345	$prefix=$_SESSION['prefix'];
346	$pwd=$_SESSION['pwd'];
347	$id_comune=$_SESSION['id_comune'];
348	#echo "prima: $idcg - dopo: $id_cons_gen<br>";
349	$perms=0;
350	$sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
351	$sth = $dbi->prepare("$sql");
352	$sth->execute();
353	$row = $sth->fetch(PDO::FETCH_BOTH);
354	if($row){
355	$adminsuper=$row[0];
356	$admincomune=$row[1];
357	$oper=$row[2];
358	}else{
359	$adminsuper=0;
360	$admincomune=0;
361	$oper=1;
362	}
363	if ($adminsuper==1)
364	return 256;
365	elseif ($admincomune==1)
366	return 64;
367	# $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
368	elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
369	else {
370	# $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
371	$sql="select t1.id_cons, t1.id_cons_gen from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.chiusa='0' and t1.id_comune='$id_comune' and date_add(t2.data_fine, interval $giorniaut day)>CURDATE()";
372	$sth = $dbi->prepare("$sql");
373	$sth->execute();
374	if(!$sth->rowCount()) { $msglogout=1; $perms=0; return $perms;}
375	list($id_cons,$idcg) = $sth->fetch(PDO::FETCH_NUM);
376	if (!$id_cons_gen) $id_cons_gen=$idcg;
377	$sql="select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid'";
378	$sth = $dbi->prepare("$sql");
379	$sth->execute();
380	list($perms) = $sth->fetch(PDO::FETCH_NUM);
381	return $perms;
382	}
383	}
384
385	function OpenTable(){
386	echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
387	}
388
389	function CloseTable(){
390	echo "</table>";
391	}
392
393	function login() {
394	global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $perms, $msglogout;#, $id_cons_gen
395	if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
396	if (!isset($id_comune)) $id_comune=0;
397	if(isset($_SESSION['aid'])){
398	session_regenerate_id();
399	}
400	$lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
401	$id_ses=session_id();
402
403	//include("modules/Elezioni/language/lang-$lang.php");
404	if($multicomune==''){
405	$sth = $dbi->prepare("select multicomune from ".$prefix."_config");
406	$sth->execute();
407	list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
408	}
409	include ("header.php");
410	echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
411	if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
412	elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
413	elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
414	elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
415	echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
416	."<table class=\"table-menu\">"
417	."<tr><td>"._ADMINID."</td>"
418	."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
419	."<tr><td>"._PASSWORD."</td>"
420	."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
421	."<tr><td>";
422	// scelta comune
423	if($multicomune=='1'){
424	echo ""._COMUNE."</td><td>";
425	$sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
426	$sth = $dbi->prepare("$sql");
427	$sth->execute();
428	$row = $sth->fetchAll();
429	echo "<select name=\"id_comune\">";
430	foreach($row as $comuni)
431	{$id=$comuni[0];$descrizione=$comuni[1];
432	$sel=($id == $id_comune) ? "selected":"";
433	echo "<option value=\"$id\" $sel>$descrizione";
434	}
435	}else{
436	echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
437	}
438	// echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
439	if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
440	echo "</td></tr><tr><td>";
441	echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
442	echo "<input type=\"submit\" VALUE=\""._OK."\">"
443	."</td></tr></table>"
444	."</form></div>";
445
446	include ("footer.php");
447	}
448
449	function logout()
450	{
451	/* $lang=$_SESSION['lang'];
452	$id_comune=$_SESSION['id_comune'];
453	// setcookie ("PHPSESSID", "", time() - 3600);
454	session_cache_expire (0);
455	$_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
456	session_unset();
457	session_destroy();
458	Header("Location: admin.php?id_comune=$id_comune&language=$lang");
459	*/
460
461	global $siteistat,$perms,$msglogout;
462	if (!isset($_SESSION))
463	{
464	session_start();
465	}
466	$language=$_SESSION['lang'];
467	$ref="Location: admin.php?";
468	#$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
469	if (isset($_SESSION['id_comune']))
470	$id_comune=$_SESSION['id_comune'];
471	else
472	$id_comune=$siteistat;
473	$ref=$ref."id_comune=".$id_comune;
474
475	if (isset($_SESSION['lang']))
476	$ref=$ref."&language=$language";
477	$ref.="&msglogout=$msglogout";
478	$_SESSION=array();
479
480	session_regenerate_id();
481	session_write_close();
482	session_cache_expire (0);
483	Header($ref);
484
485	}
486	#include("TEST tema: $tema--");
487	#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
488	#die( "$sql <br> TEST id_cons_gen:$id_cons_gen:".$_SESSION['id_cons_gen']);
489	if(isset($id_cons_gen) and isset($id_comune)){
490	if(!isset($id_cons)){
491	# $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
492	$sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
493	$sth = $dbi->prepare("$sql");
494	$sth->execute();
495	if ($sth->rowCount()) {
496	list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
497	$_SESSION['id_cons']=$id_cons;
498	}
499	}
500	if(isset($id_cons)) {
501	$sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune and id_cons=$id_cons";
502	try {
503	$resmod = $dbi->prepare("$sql");
504	$resmod->execute();
505	}catch(PDOException $e)
506	{
507	# echo "Viene eseguito un aggiornamento forzato del db<br>";
508	$_SESSION['forzadb']=1;
509	include("modules/Elezioni/aggiornamento.php");
510
511	die();
512	}
513	list($id_sez) = $resmod->fetch(PDO::FETCH_NUM);
514	if($id_sez) {
515	$sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
516	$resmod = $dbi->prepare("$sql");
517	$resmod->execute();
518	if ($resmod->rowCount()>0) {
519	list($id_cons_gen, $desc,$id_cons)=$resmod->fetch(PDO::FETCH_NUM);
520	$tema='Futura2';
521	$_SESSION['tema']=$tema;
522	} #else {die("TEST: $sql"); logout();}
523	}
524	}
525	$perms=ChiSei($id_cons_gen);
526	if($perms==0) {logout();}
527	}
528
529	#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
530	if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
531	//if (isset($param['op'])) $op=$param['op']; else $op='ele';
532	#
533	#die("TEST: qui2 op:$op - $aid $id_cons $id_sez ".$_SESSION['aid']);
534
535	if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
536	if($tema=='Futura2' and $op!='logout')
537	{
538	include("temi/$tema/index.php");
539	}else
540	switch($op) {
541	case "tipo":
542	include("modules/Elezioni/ele_tipi.php");
543	break;
544	case "aggiorna":
545	include("modules/Elezioni/aggiornamento.php");
546	break;
547	case "constipi":
548	include("modules/Elezioni/ele_consultazionitipi.php");
549	break;
550	case "parziali":
551	include("modules/Elezioni/ele_parziali.php");
552	break;
553	case "ele":
554	include("modules/Elezioni/ele.php");
555	break;
556	case "consultazione":
557	include("modules/Elezioni/ele_consultazioni.php");
558	break;
559	case "configurazione":
560	include("modules/Elezioni/ele_configurazione.php");
561	break;
562	case "cons_comuni":
563	include("modules/Elezioni/ele_cons_comuni.php");
564	break;
565	case "confconsiglio":
566	include("modules/Elezioni/ele_confcons.php");
567	break;
568	case "inscomuni":
569	include("modules/Elezioni/ele_comuni.php");
570	break;
571	case "oper_admin":
572	include("modules/Elezioni/ele_operatori.php");
573	break;
574	case "inscollegi":
575	include("modules/Elezioni/ele_collegi.php");
576	break;
577	case "associazioni":
578	include("modules/Elezioni/ele_associazioni.php");
579	break;
580	case "operatori":
581	include("modules/Elezioni/ele_operatori.php");
582	break;
583	case "permessi":
584	include("modules/Elezioni/ele_permessi.php");
585	break;
586	case "circo":
587	include("modules/Elezioni/ele_circo.php");
588	break;
589	case "sede":
590	include("modules/Elezioni/ele_sede.php");
591	break;
592	case "sezione":
593	include("modules/Elezioni/ele_sezione.php");
594	break;
595	case "gruppo":
596	include("modules/Elezioni/ele_gruppo.php");
597	break;
598	case "rec_add_aff":
599	include("modules/Elezioni/ele_affluenze.php");
600	break;
601	case "rec_add_mod":
602	include("modules/Elezioni/ele_modelli.php");
603	break;
604	case "upgruppo":
605	include("modules/Elezioni/ele_gruppo.php");
606	break;
607	case "delimggruppo":
608	include("modules/Elezioni/ele_gruppo.php");
609	break;
610	case "lista":
611	include("modules/Elezioni/ele_lista.php");
612	break;
613	case "uplista":
614	include("modules/Elezioni/ele_lista.php");
615	break;
616	case "delimglista":
617	include("modules/Elezioni/ele_lista.php");
618	break;
619	case "candidato":
620	include("modules/Elezioni/ele_candidato.php");
621	break;
622	case "upcandidato":
623	include("modules/Elezioni/ele_candidato.php");
624	break;
625	case "delimgcandidato":
626	include("modules/Elezioni/ele_candidato.php");
627	break;
628
629	case "voti":
630	include("modules/Elezioni/ele_voti.php");
631	break;
632	case "sezioni_voti":
633	include("modules/Elezioni/ele_voti.php");
634	break;
635	case "rec_voti":
636	include("modules/Elezioni/ele_voti.php");
637	break;
638	case "rec_voti_gruppi":
639	include("modules/Elezioni/ele_voti.php");
640	break;
641	case "rec_add_votanti":
642	include("modules/Elezioni/ele_voti.php");
643	break;
644	case "rec_finale":
645	include("modules/Elezioni/ele_voti.php");
646	break;
647	case "controllo_voti":
648	include("modules/Elezioni/controllo_voti.php");
649	break;
650	case "controllo_votanti":
651	include("modules/Elezioni/controllo_votanti.php");
652	break;
653	case "come":
654	include("modules/Elezioni/ele_come.php");
655	break;
656	case "numeri":
657	include("modules/Elezioni/ele_come.php");
658	break;
659	case "servizi":
660	include("modules/Elezioni/ele_come.php");
661	break;
662	case "link":
663	include("modules/Elezioni/ele_come.php");
664	break;
665	case "conf":
666	include("modules/Elezioni/ele_conf.php");
667	break;
668	case "stampa":
669	include("modules/Elezioni/ele_stampe.php");
670	break;
671	case "cambiopwd":
672	include("modules/Elezioni/ele_pwd.php");
673	break;
674	case "eletti":
675	include("modules/Elezioni/ele_eletti.php");
676	break;
677	case "foto":
678	include("modules/Elezioni/foto.php");
679	break;
680	case "consiglieri":
681	include("modules/Elezioni/ele_consiglieri.php");
682	break;
683	case "backup":
684	include("modules/Elezioni/backup.php");
685	break;
686	case "restore":
687	include("modules/Elezioni/restore.php");
688	break;
689	case "scarica":
690	include("modules/Elezioni/scarica.php");
691	break;
692	case "importa":
693	include("modules/Elezioni/importa.php");
694	break;
695	case "widget":
696	include("modules/Elezioni/ele_widget.php");
697	break;
698	case "riepilogo":
699	include("modules/Elezioni/ele_riepilogo.php");
700	break;
701	case "riepilogovoti":
702	include("modules/Elezioni/ele_riepilogovoti.php");
703	break;
704	case "aggcons":
705	include("modules/Elezioni/ele_restorebackup.php");
706	break;
707	case "logout":
708	logout();
709	break;
710	}
711
712	}else {
713
714	login();
715
716	}
717
718	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: