1 | <?php
|
---|
2 |
|
---|
3 | /************************************************************************/
|
---|
4 | /* Eleonline - Raccolta e diffusione dei dati elettorali */
|
---|
5 | /* by Roberto Gigli & Luciano Apolito */
|
---|
6 | /* http://www.eleonline.it */
|
---|
7 | /* info@eleonline.it luciano@aniene.net rgigli@libero.it */
|
---|
8 | /************************************************************************/
|
---|
9 | /* Admin */
|
---|
10 | /* Amministrazione */
|
---|
11 | /************************************************************************/
|
---|
12 |
|
---|
13 | /* Descrizione file admin.php =
|
---|
14 | effettua il login o il rilancio alla gestione */
|
---|
15 |
|
---|
16 | define('ADMIN_FILE', true);
|
---|
17 | #$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
|
---|
18 | # tempo di sessione: ini_set('session.gc_maxlifetime','3600');
|
---|
19 | global $multicomune,$msglogout,$language,$id_sez;
|
---|
20 |
|
---|
21 | // Adattamento variabili superglobal
|
---|
22 | // Versione di php
|
---|
23 | $phpver = phpversion();
|
---|
24 | global $dbi;
|
---|
25 | // converte superglobal se php e' < 4.1.0
|
---|
26 |
|
---|
27 | if ($phpver < '4.1.0') {
|
---|
28 | $_GET = $HTTP_GET_VARS;
|
---|
29 | $_POST = $HTTP_POST_VARS;
|
---|
30 | $_SERVER = $HTTP_SERVER_VARS;
|
---|
31 | $_FILES = $HTTP_POST_FILES;
|
---|
32 | $_ENV = $HTTP_ENV_VARS;
|
---|
33 | if($_SERVER['REQUEST_METHOD'] == "POST") {
|
---|
34 | $_REQUEST = $_POST;
|
---|
35 | } elseif($_SERVER['REQUEST_METHOD'] == "GET") {
|
---|
36 | $_REQUEST = $_GET;
|
---|
37 | }
|
---|
38 | if(isset($HTTP_COOKIE_VARS)) {
|
---|
39 | $_COOKIE = $HTTP_COOKIE_VARS;
|
---|
40 | }
|
---|
41 |
|
---|
42 | }
|
---|
43 |
|
---|
44 | $param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
|
---|
45 | if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid='';
|
---|
46 | if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
|
---|
47 | if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
|
---|
48 |
|
---|
49 | // Additional security (Union, CLike, XSS)
|
---|
50 |
|
---|
51 | // We want to use the function stripos,
|
---|
52 | // but thats only available since PHP5.
|
---|
53 | // So we cloned the function...
|
---|
54 | if(!function_exists('stripos')) {
|
---|
55 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
56 | return strpos(strtoupper($haystack), strtoupper($needle), $offset);
|
---|
57 | }
|
---|
58 | } else {
|
---|
59 | // But when this is PHP5, we use the original function
|
---|
60 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
61 | return stripos($haystack, $needle, $offset=0);
|
---|
62 | }
|
---|
63 | }
|
---|
64 |
|
---|
65 | if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
|
---|
66 | $queryString = $_SERVER['QUERY_STRING'];
|
---|
67 | if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
|
---|
68 | die('Operazione non consentita');
|
---|
69 | }
|
---|
70 | }
|
---|
71 |
|
---|
72 |
|
---|
73 | foreach ($_GET as $sec_key => $secvalue) {
|
---|
74 | if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
|
---|
75 | (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
|
---|
76 | (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
|
---|
77 | (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
|
---|
78 | (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
|
---|
79 | (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
|
---|
80 | (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
|
---|
81 | (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
|
---|
82 | (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
|
---|
83 | (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
|
---|
84 | (preg_match("/\"/", $secvalue)) ||
|
---|
85 | (preg_match("/inside_mod/i", $sec_key))) {
|
---|
86 | die ("Operazione non consentita");
|
---|
87 | }
|
---|
88 | }
|
---|
89 |
|
---|
90 | foreach ($_POST as $secvalue) {
|
---|
91 | if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
|
---|
92 | die ('Operazione non consentita');
|
---|
93 | }
|
---|
94 | }
|
---|
95 |
|
---|
96 | // Posting from other servers in not allowed
|
---|
97 | // Fix by Quake
|
---|
98 | // Bug found by PeNdEjO
|
---|
99 |
|
---|
100 | if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
---|
101 | if (isset($_SERVER['HTTP_REFERER'])) {
|
---|
102 | if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
|
---|
103 | die('Posting da un altro server non consentito!');
|
---|
104 | }
|
---|
105 | } else {
|
---|
106 | # die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br>'.$_SERVER['HTTP_REFERER']);
|
---|
107 | }
|
---|
108 | }
|
---|
109 |
|
---|
110 |
|
---|
111 |
|
---|
112 |
|
---|
113 |
|
---|
114 |
|
---|
115 |
|
---|
116 | //===================================================================
|
---|
117 | session_name('sesadmin');
|
---|
118 | #session_start();//MODIFICHE PER GESTIONE SESSIONI
|
---|
119 | // gestione sessione
|
---|
120 | if (!isset($_SESSION))
|
---|
121 | {
|
---|
122 | session_start();
|
---|
123 | }else session_regenerate_id();
|
---|
124 | $a = session_id();
|
---|
125 | if(empty($a)) session_start();
|
---|
126 | #echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
|
---|
127 |
|
---|
128 |
|
---|
129 | if (file_exists("config.php")){
|
---|
130 | $install="0"; @require_once("config.php");
|
---|
131 | }else{
|
---|
132 | $install="1";
|
---|
133 | }
|
---|
134 |
|
---|
135 | # verifica se effettuata la configurazione
|
---|
136 | if(empty($dbname) || $install=="1") {
|
---|
137 | die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
|
---|
138 | }
|
---|
139 | require_once('variabili.php');
|
---|
140 | $dsn = "mysql:host=$dbhost";
|
---|
141 | $opt = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false);
|
---|
142 | if($prefix == '') {
|
---|
143 | db_err ('stepBack','Non avete indicato il prefisso tabelle database.');
|
---|
144 | }
|
---|
145 | try
|
---|
146 | {
|
---|
147 | $dbi = new PDO($dsn, $dbuname, $dbpass, $opt);
|
---|
148 | }
|
---|
149 | catch(PDOException $e)
|
---|
150 | {
|
---|
151 | echo "<br>" . $e->getMessage();die();
|
---|
152 | }
|
---|
153 | $sql = "use $dbname";
|
---|
154 | try
|
---|
155 | {
|
---|
156 | $dbi->exec($sql);
|
---|
157 | }
|
---|
158 | catch(PDOException $e)
|
---|
159 | {
|
---|
160 | echo $sql . "<br>" . $e->getMessage();
|
---|
161 | }
|
---|
162 | $sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
|
---|
163 | $sth->execute();
|
---|
164 | $sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
|
---|
165 | $sth->execute();
|
---|
166 | $sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
|
---|
167 | $sth->execute();
|
---|
168 | $sth = $dbi->prepare("SET CHARACTER SET utf8");
|
---|
169 | $sth->execute();
|
---|
170 |
|
---|
171 | $sth = $dbi->prepare("SET NAMES 'utf8'");
|
---|
172 | $sth->execute();
|
---|
173 | $sth = $dbi->prepare("select * from ".$prefix."_config");
|
---|
174 | $sth->execute();
|
---|
175 |
|
---|
176 | # $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
|
---|
177 | # mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
|
---|
178 | ## mysql_query("SET NAMES 'utf8'", $dbi);
|
---|
179 | //---10/05/2009 gestione consultazione predefinita
|
---|
180 | $sth = $dbi->prepare("select * from ".$prefix."_config");
|
---|
181 | $sth->execute();
|
---|
182 | $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
183 | #$row = $sth->fetchAll();
|
---|
184 | $siteistat=$row['siteistat'];
|
---|
185 | if (!isset($_SESSION['id_comune'])){
|
---|
186 | $_SESSION['sitename']=$row['sitename'];
|
---|
187 | $_SESSION['siteurl']=$row['siteurl'];
|
---|
188 | $_SESSION['site_logo']=$row['site_logo'];
|
---|
189 | $_SESSION['slogan']=$row['slogan'];
|
---|
190 | $_SESSION['startdate']=$row['startdate'];
|
---|
191 | $_SESSION['adminmail']=$row['adminmail'];
|
---|
192 | # if (isset($tema) and $tema=='facebook')
|
---|
193 | # $_SESSION['tema']=$row['tema'];
|
---|
194 | $_SESSION['foot']=$row['foot'];
|
---|
195 | $_SESSION['lang']=$row['language'];
|
---|
196 | $_SESSION['blocco']=$row['blocco'];
|
---|
197 | $_SESSION['testata']=$row['testata'];
|
---|
198 | # $_SESSION['logo']=$row['logo'];
|
---|
199 | $_SESSION['fileout']=$row['fileout'];
|
---|
200 | $_SESSION['copyright']=$row['copyright'];
|
---|
201 | $_SESSION['versione']=$row['versione'];
|
---|
202 | $_SESSION['patch']=$row['patch'];
|
---|
203 | $_SESSION['id_comune']=$row['siteistat'];
|
---|
204 | $_SESSION['multicomune']=$row['multicomune'];
|
---|
205 | $_SESSION['flash']=$row['flash'];
|
---|
206 | $_SESSION['displayerrors']=$row['displayerrors'];
|
---|
207 | $_SESSION['editor']=$row['editor'];
|
---|
208 | $_SESSION['tema_on']=$row['tema_on'];
|
---|
209 | $_SESSION['ed_user']=$row['ed_user'];
|
---|
210 | $multicomune=$row['multicomune'];
|
---|
211 | }
|
---|
212 |
|
---|
213 | //fine
|
---|
214 | if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
|
---|
215 | if (!isset($_SESSION['tema']))
|
---|
216 | $_SESSION['tema']='default';
|
---|
217 | $tema=$_SESSION['tema'];
|
---|
218 |
|
---|
219 | if (isset($param['aid'])) {
|
---|
220 | if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }
|
---|
221 | if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
|
---|
222 | if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
|
---|
223 | if (isset($_SESSION['aid'])){
|
---|
224 | logout();//se hai gia' una sessione aperta non puoi postare 'aid'
|
---|
225 | }else{
|
---|
226 |
|
---|
227 | // $pwd2=$param['pwd'];
|
---|
228 | $mpwd=md5($pwd2);
|
---|
229 |
|
---|
230 | // se superUserAdmin
|
---|
231 | ########
|
---|
232 | # $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
|
---|
233 | # $sth->execute();
|
---|
234 | # $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
235 | if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
|
---|
236 | # if ($adminsuper==1) $id_comune2=0; else
|
---|
237 | $id_comune2=$id_comune;
|
---|
238 | $sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where binary aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
|
---|
239 | $sth->execute();
|
---|
240 | $esiste=$sth->rowCount();
|
---|
241 | # $adminsuper=$row['adminsuper'];
|
---|
242 | $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
243 | if(!$esiste) {
|
---|
244 | $msglogout=2;
|
---|
245 | logout();
|
---|
246 | }else{
|
---|
247 | if ($row['pwd']!=$mpwd) {
|
---|
248 | $msglogout=3;
|
---|
249 | logout();
|
---|
250 | }elseif($row['adminop']==1) {
|
---|
251 | $msglogout=1;
|
---|
252 | logout();
|
---|
253 | }
|
---|
254 | $counter=$row['counter'];
|
---|
255 | $tmplang=$row['admlanguage'];
|
---|
256 | if(strlen($tmplang)==2) $language=$tmplang;
|
---|
257 | $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
|
---|
258 | $sth->execute();
|
---|
259 | # $row = $sth->fetch(PDO::FETCH_ASSOC);
|
---|
260 | if ($esiste==1) {
|
---|
261 | # $_SESSION['dbi']=$dbi;
|
---|
262 | $_SESSION['aid']="$aid";
|
---|
263 | $_SESSION['pwd']="$mpwd";
|
---|
264 | $_SESSION['lang']="$language";
|
---|
265 | $_SESSION['id_comune']="$id_comune";
|
---|
266 | $_SESSION['prefix']="soraldo";
|
---|
267 | $_SESSION['remote']=$_SERVER['REMOTE_ADDR'];
|
---|
268 | $_SESSION['bgcolor1']='#ffffff';
|
---|
269 | $_SESSION['bgcolor2']='#c5c5c5';
|
---|
270 | if (!isset($op)) $op='consultazione';
|
---|
271 | }
|
---|
272 | }
|
---|
273 | }
|
---|
274 | }else{
|
---|
275 | #$_SESSION['dbi']=$dbi;
|
---|
276 |
|
---|
277 | }
|
---|
278 | # si settano le variabili per il controllo degli aggiornamenti
|
---|
279 | if(!isset($_SESSION['localrev']) and isset($_SESSION['aid']) and ChiSei(0)==256)
|
---|
280 | {
|
---|
281 | $sql="SELECT COLUMN_NAME
|
---|
282 | FROM INFORMATION_SCHEMA.COLUMNS
|
---|
283 | WHERE TABLE_SCHEMA = '$dbname'
|
---|
284 | AND TABLE_NAME = '".$prefix."_config'
|
---|
285 | AND COLUMN_NAME = 'aggiornamento'";
|
---|
286 | $sth = $dbi->prepare($sql);
|
---|
287 | $sth->execute();
|
---|
288 | if($sth->rowCount())
|
---|
289 | {
|
---|
290 | $sql="ALTER TABLE `soraldo_config` DROP `aggiornamento`;";
|
---|
291 | $sth = $dbi->prepare($sql);
|
---|
292 | $sth->execute();
|
---|
293 | }
|
---|
294 | include('versione.php');
|
---|
295 | }
|
---|
296 | if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
|
---|
297 | if(!isset($language) and isset($_SESSION['lang'])) $language=$_SESSION['lang']; else $language='it';
|
---|
298 | if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
|
---|
299 | $currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
|
---|
300 |
|
---|
301 | if (isset($_SESSION['aid']))
|
---|
302 | {
|
---|
303 | //lettura sessione
|
---|
304 | $aid=$_SESSION['aid'];
|
---|
305 | #$dbi=$_SESSION['dbi'];
|
---|
306 | $prefix=$_SESSION['prefix'];
|
---|
307 | $id_comune=$_SESSION['id_comune'];
|
---|
308 | if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
|
---|
309 | if (isset($_GET['id_cons_gen'])) {$id_cons_gen=intval($_GET['id_cons_gen']);}
|
---|
310 | else {
|
---|
311 | # $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
|
---|
312 | $sql="select t1.id_cons_gen from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval $giorniaut day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and permessi>0) limit 0,1";# TEST: and id_sez>0
|
---|
313 | $rese = $dbi->prepare("$sql");
|
---|
314 | $rese->execute();
|
---|
315 | if($rese->rowCount())
|
---|
316 | {list($id_cons_gen)=$rese->fetch(PDO::FETCH_NUM); }
|
---|
317 | else {
|
---|
318 | $sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and t2.id_comune='$id_comune'";
|
---|
319 | $sth = $dbi->prepare($sql);
|
---|
320 | $sth->execute();
|
---|
321 | $row = $sth->fetch(PDO::FETCH_BOTH);
|
---|
322 | if($sth->rowCount())
|
---|
323 | $id_cons_gen=$row[0];
|
---|
324 | else
|
---|
325 | $id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:$sql");
|
---|
326 | }
|
---|
327 | }
|
---|
328 | $currentlang=$_SESSION['lang'];
|
---|
329 | #$bgcolor1=$_SESSION['bgcolor1'];
|
---|
330 | $bgcolor2=$_SESSION['bgcolor2'];
|
---|
331 | $bgcolor1='#e7e7e7';
|
---|
332 | $session=$_SESSION['remote'];
|
---|
333 |
|
---|
334 | }
|
---|
335 |
|
---|
336 |
|
---|
337 |
|
---|
338 | /*********************************************************/
|
---|
339 | /* Login Function */
|
---|
340 | /*********************************************************/
|
---|
341 | function ChiSei($idcg){
|
---|
342 | global $dbi, $msglogout, $id_cons_gen,$giorniaut;
|
---|
343 |
|
---|
344 | $aid=$_SESSION['aid'];
|
---|
345 | $prefix=$_SESSION['prefix'];
|
---|
346 | $pwd=$_SESSION['pwd'];
|
---|
347 | $id_comune=$_SESSION['id_comune'];
|
---|
348 | #echo "prima: $idcg - dopo: $id_cons_gen<br>";
|
---|
349 | $perms=0;
|
---|
350 | $sql="select adminsuper, admincomune, adminop from ".$prefix."_authors where aid='$aid' and pwd='$pwd' and (id_comune='$id_comune' or id_comune=0)";
|
---|
351 | $sth = $dbi->prepare("$sql");
|
---|
352 | $sth->execute();
|
---|
353 | $row = $sth->fetch(PDO::FETCH_BOTH);
|
---|
354 | if($row){
|
---|
355 | $adminsuper=$row[0];
|
---|
356 | $admincomune=$row[1];
|
---|
357 | $oper=$row[2];
|
---|
358 | }else{
|
---|
359 | $adminsuper=0;
|
---|
360 | $admincomune=0;
|
---|
361 | $oper=1;
|
---|
362 | }
|
---|
363 | if ($adminsuper==1)
|
---|
364 | return 256;
|
---|
365 | elseif ($admincomune==1)
|
---|
366 | return 64;
|
---|
367 | # $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
|
---|
368 | elseif($oper) {$msglogout=1; return 0;} # id_cons='$id_cons' and
|
---|
369 | else {
|
---|
370 | # $oggi=date("Y-m-d",mktime(0,0,0,date("m"),date("d")-3,date("Y")));
|
---|
371 | $sql="select t1.id_cons, t1.id_cons_gen from ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_consultazione as t2 where t1.id_cons_gen=t2.id_cons_gen and t1.chiusa='0' and t1.id_comune='$id_comune' and date_add(t2.data_fine, interval $giorniaut day)>CURDATE()";
|
---|
372 | $sth = $dbi->prepare("$sql");
|
---|
373 | $sth->execute();
|
---|
374 | if(!$sth->rowCount()) { $msglogout=1; $perms=0; return $perms;}
|
---|
375 | list($id_cons,$idcg) = $sth->fetch(PDO::FETCH_NUM);
|
---|
376 | if (!$id_cons_gen) $id_cons_gen=$idcg;
|
---|
377 | $sql="select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid'";
|
---|
378 | $sth = $dbi->prepare("$sql");
|
---|
379 | $sth->execute();
|
---|
380 | list($perms) = $sth->fetch(PDO::FETCH_NUM);
|
---|
381 | return $perms;
|
---|
382 | }
|
---|
383 | }
|
---|
384 |
|
---|
385 | function OpenTable(){
|
---|
386 | echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"2\" BORDER=\"0\">";
|
---|
387 | }
|
---|
388 |
|
---|
389 | function CloseTable(){
|
---|
390 | echo "</table>";
|
---|
391 | }
|
---|
392 |
|
---|
393 | function login() {
|
---|
394 | global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $perms, $msglogout;#, $id_cons_gen
|
---|
395 | if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
|
---|
396 | if (!isset($id_comune)) $id_comune=0;
|
---|
397 | if(isset($_SESSION['aid'])){
|
---|
398 | session_regenerate_id();
|
---|
399 | }
|
---|
400 | $lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
|
---|
401 | $id_ses=session_id();
|
---|
402 |
|
---|
403 | //include("modules/Elezioni/language/lang-$lang.php");
|
---|
404 | if($multicomune==''){
|
---|
405 | $sth = $dbi->prepare("select multicomune from ".$prefix."_config");
|
---|
406 | $sth->execute();
|
---|
407 | list($multicomune) = $sth->fetch(PDO::FETCH_NUM);
|
---|
408 | }
|
---|
409 | include ("header.php");
|
---|
410 | echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
|
---|
411 | if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
|
---|
412 | elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
|
---|
413 | elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
|
---|
414 | elseif ($msglogout==4) echo "<h1 style=\"color:red;\">Accesso non ammesso da cellulare</h1><br>";
|
---|
415 | echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
|
---|
416 | ."<table class=\"table-menu\">"
|
---|
417 | ."<tr><td>"._ADMINID."</td>"
|
---|
418 | ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
|
---|
419 | ."<tr><td>"._PASSWORD."</td>"
|
---|
420 | ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>"
|
---|
421 | ."<tr><td>";
|
---|
422 | // scelta comune
|
---|
423 | if($multicomune=='1'){
|
---|
424 | echo ""._COMUNE."</td><td>";
|
---|
425 | $sql="select * from ".$prefix."_ele_comuni order by descrizione asc";
|
---|
426 | $sth = $dbi->prepare("$sql");
|
---|
427 | $sth->execute();
|
---|
428 | $row = $sth->fetchAll();
|
---|
429 | echo "<select name=\"id_comune\">";
|
---|
430 | foreach($row as $comuni)
|
---|
431 | {$id=$comuni[0];$descrizione=$comuni[1];
|
---|
432 | $sel=($id == $id_comune) ? "selected":"";
|
---|
433 | echo "<option value=\"$id\" $sel>$descrizione";
|
---|
434 | }
|
---|
435 | }else{
|
---|
436 | echo "<input type=\"hidden\" name=\"id_comune\" value=\"$siteistat\">";
|
---|
437 | }
|
---|
438 | // echo "<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
|
---|
439 | if(strlen($lang)==2) echo "<input type=\"hidden\" name=\"language\" value=\"$lang\">";
|
---|
440 | echo "</td></tr><tr><td>";
|
---|
441 | echo "<input type=\"hidden\" name=\"id_ses\" value=\"$id_ses\">";
|
---|
442 | echo "<input type=\"submit\" VALUE=\""._OK."\">"
|
---|
443 | ."</td></tr></table>"
|
---|
444 | ."</form></div>";
|
---|
445 |
|
---|
446 | include ("footer.php");
|
---|
447 | }
|
---|
448 |
|
---|
449 | function logout()
|
---|
450 | {
|
---|
451 | /* $lang=$_SESSION['lang'];
|
---|
452 | $id_comune=$_SESSION['id_comune'];
|
---|
453 | // setcookie ("PHPSESSID", "", time() - 3600);
|
---|
454 | session_cache_expire (0);
|
---|
455 | $_SESSION=array(); //MODIFICHE PER GESTIONE SESSIONI
|
---|
456 | session_unset();
|
---|
457 | session_destroy();
|
---|
458 | Header("Location: admin.php?id_comune=$id_comune&language=$lang");
|
---|
459 | */
|
---|
460 |
|
---|
461 | global $siteistat,$perms,$msglogout;
|
---|
462 | if (!isset($_SESSION))
|
---|
463 | {
|
---|
464 | session_start();
|
---|
465 | }
|
---|
466 | $language=$_SESSION['lang'];
|
---|
467 | $ref="Location: admin.php?";
|
---|
468 | #$ref="Location: https://www.eleonline.it/adminmob/admin.php?";
|
---|
469 | if (isset($_SESSION['id_comune']))
|
---|
470 | $id_comune=$_SESSION['id_comune'];
|
---|
471 | else
|
---|
472 | $id_comune=$siteistat;
|
---|
473 | $ref=$ref."id_comune=".$id_comune;
|
---|
474 |
|
---|
475 | if (isset($_SESSION['lang']))
|
---|
476 | $ref=$ref."&language=$language";
|
---|
477 | $ref.="&msglogout=$msglogout";
|
---|
478 | $_SESSION=array();
|
---|
479 |
|
---|
480 | session_regenerate_id();
|
---|
481 | session_write_close();
|
---|
482 | session_cache_expire (0);
|
---|
483 | Header($ref);
|
---|
484 |
|
---|
485 | }
|
---|
486 | #include("TEST tema: $tema--");
|
---|
487 | #include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
|
---|
488 | #die( "$sql <br> TEST id_cons_gen:$id_cons_gen:".$_SESSION['id_cons_gen']);
|
---|
489 | if(isset($id_cons_gen) and isset($id_comune)){
|
---|
490 | if(!isset($id_cons)){
|
---|
491 | # $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
|
---|
492 | $sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
|
---|
493 | $sth = $dbi->prepare("$sql");
|
---|
494 | $sth->execute();
|
---|
495 | if ($sth->rowCount()) {
|
---|
496 | list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
|
---|
497 | $_SESSION['id_cons']=$id_cons;
|
---|
498 | }
|
---|
499 | }
|
---|
500 | if(isset($id_cons)) {
|
---|
501 | $sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_sez>0 and aid='$aid' and id_comune=$id_comune and id_cons=$id_cons";
|
---|
502 | try {
|
---|
503 | $resmod = $dbi->prepare("$sql");
|
---|
504 | $resmod->execute();
|
---|
505 | }catch(PDOException $e)
|
---|
506 | {
|
---|
507 | # echo "Viene eseguito un aggiornamento forzato del db<br>";
|
---|
508 | $_SESSION['forzadb']=1;
|
---|
509 | include("modules/Elezioni/aggiornamento.php");
|
---|
510 |
|
---|
511 | die();
|
---|
512 | }
|
---|
513 | list($id_sez) = $resmod->fetch(PDO::FETCH_NUM);
|
---|
514 | if($id_sez) {
|
---|
515 | $sql="select t1.id_cons_gen,t1.descrizione,t2.id_cons from ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_comune=$id_comune and date_add(t1.data_fine, interval 3 day)>CURDATE() and t2.id_cons in (select id_cons from ".$prefix."_ele_operatori where aid='$aid' and id_sez>0 and permessi>0)";
|
---|
516 | $resmod = $dbi->prepare("$sql");
|
---|
517 | $resmod->execute();
|
---|
518 | if ($resmod->rowCount()>0) {
|
---|
519 | list($id_cons_gen, $desc,$id_cons)=$resmod->fetch(PDO::FETCH_NUM);
|
---|
520 | $tema='Futura2';
|
---|
521 | $_SESSION['tema']=$tema;
|
---|
522 | } #else {die("TEST: $sql"); logout();}
|
---|
523 | }
|
---|
524 | }
|
---|
525 | $perms=ChiSei($id_cons_gen);
|
---|
526 | if($perms==0) {logout();}
|
---|
527 | }
|
---|
528 |
|
---|
529 | #echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
|
---|
530 | if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
|
---|
531 | //if (isset($param['op'])) $op=$param['op']; else $op='ele';
|
---|
532 | #
|
---|
533 | #die("TEST: qui2 op:$op - $aid $id_cons $id_sez ".$_SESSION['aid']);
|
---|
534 |
|
---|
535 | if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
|
---|
536 | if($tema=='Futura2' and $op!='logout')
|
---|
537 | {
|
---|
538 | include("temi/$tema/index.php");
|
---|
539 | }else
|
---|
540 | switch($op) {
|
---|
541 | case "tipo":
|
---|
542 | include("modules/Elezioni/ele_tipi.php");
|
---|
543 | break;
|
---|
544 | case "aggiorna":
|
---|
545 | include("modules/Elezioni/aggiornamento.php");
|
---|
546 | break;
|
---|
547 | case "constipi":
|
---|
548 | include("modules/Elezioni/ele_consultazionitipi.php");
|
---|
549 | break;
|
---|
550 | case "parziali":
|
---|
551 | include("modules/Elezioni/ele_parziali.php");
|
---|
552 | break;
|
---|
553 | case "ele":
|
---|
554 | include("modules/Elezioni/ele.php");
|
---|
555 | break;
|
---|
556 | case "consultazione":
|
---|
557 | include("modules/Elezioni/ele_consultazioni.php");
|
---|
558 | break;
|
---|
559 | case "configurazione":
|
---|
560 | include("modules/Elezioni/ele_configurazione.php");
|
---|
561 | break;
|
---|
562 | case "cons_comuni":
|
---|
563 | include("modules/Elezioni/ele_cons_comuni.php");
|
---|
564 | break;
|
---|
565 | case "confconsiglio":
|
---|
566 | include("modules/Elezioni/ele_confcons.php");
|
---|
567 | break;
|
---|
568 | case "inscomuni":
|
---|
569 | include("modules/Elezioni/ele_comuni.php");
|
---|
570 | break;
|
---|
571 | case "oper_admin":
|
---|
572 | include("modules/Elezioni/ele_operatori.php");
|
---|
573 | break;
|
---|
574 | case "inscollegi":
|
---|
575 | include("modules/Elezioni/ele_collegi.php");
|
---|
576 | break;
|
---|
577 | case "associazioni":
|
---|
578 | include("modules/Elezioni/ele_associazioni.php");
|
---|
579 | break;
|
---|
580 | case "operatori":
|
---|
581 | include("modules/Elezioni/ele_operatori.php");
|
---|
582 | break;
|
---|
583 | case "permessi":
|
---|
584 | include("modules/Elezioni/ele_permessi.php");
|
---|
585 | break;
|
---|
586 | case "circo":
|
---|
587 | include("modules/Elezioni/ele_circo.php");
|
---|
588 | break;
|
---|
589 | case "sede":
|
---|
590 | include("modules/Elezioni/ele_sede.php");
|
---|
591 | break;
|
---|
592 | case "sezione":
|
---|
593 | include("modules/Elezioni/ele_sezione.php");
|
---|
594 | break;
|
---|
595 | case "gruppo":
|
---|
596 | include("modules/Elezioni/ele_gruppo.php");
|
---|
597 | break;
|
---|
598 | case "rec_add_aff":
|
---|
599 | include("modules/Elezioni/ele_affluenze.php");
|
---|
600 | break;
|
---|
601 | case "rec_add_mod":
|
---|
602 | include("modules/Elezioni/ele_modelli.php");
|
---|
603 | break;
|
---|
604 | case "upgruppo":
|
---|
605 | include("modules/Elezioni/ele_gruppo.php");
|
---|
606 | break;
|
---|
607 | case "delimggruppo":
|
---|
608 | include("modules/Elezioni/ele_gruppo.php");
|
---|
609 | break;
|
---|
610 | case "lista":
|
---|
611 | include("modules/Elezioni/ele_lista.php");
|
---|
612 | break;
|
---|
613 | case "uplista":
|
---|
614 | include("modules/Elezioni/ele_lista.php");
|
---|
615 | break;
|
---|
616 | case "delimglista":
|
---|
617 | include("modules/Elezioni/ele_lista.php");
|
---|
618 | break;
|
---|
619 | case "candidato":
|
---|
620 | include("modules/Elezioni/ele_candidato.php");
|
---|
621 | break;
|
---|
622 | case "upcandidato":
|
---|
623 | include("modules/Elezioni/ele_candidato.php");
|
---|
624 | break;
|
---|
625 | case "delimgcandidato":
|
---|
626 | include("modules/Elezioni/ele_candidato.php");
|
---|
627 | break;
|
---|
628 |
|
---|
629 | case "voti":
|
---|
630 | include("modules/Elezioni/ele_voti.php");
|
---|
631 | break;
|
---|
632 | case "sezioni_voti":
|
---|
633 | include("modules/Elezioni/ele_voti.php");
|
---|
634 | break;
|
---|
635 | case "rec_voti":
|
---|
636 | include("modules/Elezioni/ele_voti.php");
|
---|
637 | break;
|
---|
638 | case "rec_voti_gruppi":
|
---|
639 | include("modules/Elezioni/ele_voti.php");
|
---|
640 | break;
|
---|
641 | case "rec_add_votanti":
|
---|
642 | include("modules/Elezioni/ele_voti.php");
|
---|
643 | break;
|
---|
644 | case "rec_finale":
|
---|
645 | include("modules/Elezioni/ele_voti.php");
|
---|
646 | break;
|
---|
647 | case "controllo_voti":
|
---|
648 | include("modules/Elezioni/controllo_voti.php");
|
---|
649 | break;
|
---|
650 | case "controllo_votanti":
|
---|
651 | include("modules/Elezioni/controllo_votanti.php");
|
---|
652 | break;
|
---|
653 | case "come":
|
---|
654 | include("modules/Elezioni/ele_come.php");
|
---|
655 | break;
|
---|
656 | case "numeri":
|
---|
657 | include("modules/Elezioni/ele_come.php");
|
---|
658 | break;
|
---|
659 | case "servizi":
|
---|
660 | include("modules/Elezioni/ele_come.php");
|
---|
661 | break;
|
---|
662 | case "link":
|
---|
663 | include("modules/Elezioni/ele_come.php");
|
---|
664 | break;
|
---|
665 | case "conf":
|
---|
666 | include("modules/Elezioni/ele_conf.php");
|
---|
667 | break;
|
---|
668 | case "stampa":
|
---|
669 | include("modules/Elezioni/ele_stampe.php");
|
---|
670 | break;
|
---|
671 | case "cambiopwd":
|
---|
672 | include("modules/Elezioni/ele_pwd.php");
|
---|
673 | break;
|
---|
674 | case "eletti":
|
---|
675 | include("modules/Elezioni/ele_eletti.php");
|
---|
676 | break;
|
---|
677 | case "foto":
|
---|
678 | include("modules/Elezioni/foto.php");
|
---|
679 | break;
|
---|
680 | case "consiglieri":
|
---|
681 | include("modules/Elezioni/ele_consiglieri.php");
|
---|
682 | break;
|
---|
683 | case "backup":
|
---|
684 | include("modules/Elezioni/backup.php");
|
---|
685 | break;
|
---|
686 | case "restore":
|
---|
687 | include("modules/Elezioni/restore.php");
|
---|
688 | break;
|
---|
689 | case "scarica":
|
---|
690 | include("modules/Elezioni/scarica.php");
|
---|
691 | break;
|
---|
692 | case "importa":
|
---|
693 | include("modules/Elezioni/importa.php");
|
---|
694 | break;
|
---|
695 | case "widget":
|
---|
696 | include("modules/Elezioni/ele_widget.php");
|
---|
697 | break;
|
---|
698 | case "riepilogo":
|
---|
699 | include("modules/Elezioni/ele_riepilogo.php");
|
---|
700 | break;
|
---|
701 | case "riepilogovoti":
|
---|
702 | include("modules/Elezioni/ele_riepilogovoti.php");
|
---|
703 | break;
|
---|
704 | case "aggcons":
|
---|
705 | include("modules/Elezioni/ele_restorebackup.php");
|
---|
706 | break;
|
---|
707 | case "logout":
|
---|
708 | logout();
|
---|
709 | break;
|
---|
710 | }
|
---|
711 |
|
---|
712 | }else {
|
---|
713 |
|
---|
714 | login();
|
---|
715 |
|
---|
716 | }
|
---|
717 |
|
---|
718 | ?>
|
---|