source: trunk/admin/modules/Elezioni/ele_come.php@ 214

Last change on this file since 214 was 23, checked in by roby, 15 years ago

Gestione charset con query mysql e sostituzione funzioni ereg

File size: 8.9 KB
Line 
1<?php
2/************************************************************************/
3/* Eleonline - Raccolta e diffusione dei dati elettorali */
4/* by Roberto Gigli & Luciano Apolito */
5/* http://www.eleonline.it */
6/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
7/************************************************************************/
8/* Modulo Come si vota, servizi, numeri e link */
9/* Amministrazione */
10/************************************************************************/
11
12
13if (!defined('ADMIN_FILE')) {
14 die ("You can't access this file directly...");
15}
16
17$aid=$_SESSION['aid'];
18$dbi=$_SESSION['dbi'];
19$prefix=$_SESSION['prefix'];
20$currentlang=$_SESSION['lang'];
21$id_comune=$_SESSION['id_comune'];
22$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
23$id_cons_gen=$param['id_cons_gen'];
24$perms=ChiSei(0);
25
26
27if (isset($param['add_title'])) get_magic_quotes_gpc() ? $add_title=$param['add_title']:$add_title=addslashes($param['add_title']); else $add_title='';
28if (isset($param['add_preamble'])) get_magic_quotes_gpc() ? $add_preamble=$param['add_preamble']:$add_preamble=addslashes($param['add_preamble']); else $add_preamble='';
29if (isset($param['add_content'])) get_magic_quotes_gpc() ? $add_content=$param['add_content']:$add_content=addslashes($param['add_content']); else $add_content='';
30if (isset($param['vai'])) get_magic_quotes_gpc() ? $vai=$param['vai']:$vai=addslashes($param['vai']); else $vai='come';
31if (isset($param['mid'])) get_magic_quotes_gpc() ? $mid=$param['mid']:$mid=addslashes($param['mid']); else $mid='';
32if (isset($param['ok'])) get_magic_quotes_gpc() ? $ok=$param['ok']:$ok=addslashes($param['ok']); else $ok='';
33if (isset($param['op'])) get_magic_quotes_gpc() ? $op=$param['op']:$op=addslashes($param['op']); else $op='come';
34$tab='_ele_'.$op;
35
36/*********************************************************/
37/* come Functions */
38/*********************************************************/
39$sql="SELECT t1.descrizione,t1.tipo_cons,t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
40$res = mysql_query("$sql", $dbi);
41list($descr_cons,$tipo_cons,$id_cons) = mysql_fetch_row($res);
42
43include("modules/Elezioni/ele.php");
44include("inc/funzioni.php");
45
46function come() {
47 global $admin, $bgcolor1, $bgcolor2, $prefix, $dbi, $id_cons, $tipo_cons, $id_cons,$id_cons_gen, $editimage1,
48 $add_content, $add_preamble, $add_title, $vai,$mid,$tab,$op,$editor;
49
50 if ($tab=='_ele_come') echo "<center><font class=\"title\"><b>"._ADMINCOME."</b></font></center><br>";
51 elseif ($tab=='_ele_numeri') echo "<center><font class=\"title\"><b>"._ADMINNUMERI."</b></font></center><br>";
52 elseif ($tab=='_ele_servizi') echo "<center><font class=\"title\"><b>"._ADMINSERVIZI."</b></font></center><br>";
53 elseif ($tab=='_ele_link') echo "<center><font class=\"title\"><b>"._ADMINLINK."</b></font></center><br>";
54
55 echo "<br>";
56
57
58 echo "<center><font class=\"title\"><b>"._ALLCOME."</b></font><br><br><table border=\"0\" width=\"70%\" >"
59 ."<td bgcolor=\"$bgcolor1\" align=\"center\"><b>"._TITOLO."</b></td>"
60 ."<td bgcolor=\"$bgcolor1\" align=\"center\">&nbsp;<b>"._FUNZIONI."</b>&nbsp;</td></tr>";
61 $result = mysql_query("select mid, title,preamble, content, editimage from ".$prefix.$tab." where id_cons='$id_cons'", $dbi);
62 while(list($mid2, $title, $preamble, $content, $editimage) = mysql_fetch_row($result)) {
63
64 echo "<tr>"
65 ."<td align=\"center\" width=\"100%\">$title</td>"
66 ."<td align=\"right\" nowrap bgcolor=\"$bgcolor1\"><a href=\"admin.php?op=$op&amp;vai=editedit&amp;mid=$mid2&amp;id_cons_gen=$id_cons_gen\">
67 <img src=\"modules/Elezioni/images/edit.gif\" border=\"0\" align=\"middle\"> "._EDIT."</a> -
68 <a href=\"admin.php?op=$op&amp;vai=deleteedit&amp;mid=$mid2&amp;id_cons_gen=$id_cons_gen\">"._DELETE."
69 <img src=\"modules/Elezioni/images/delete.gif\" border=\"0\" align=\"middle\"></a>"
70 ."</td></tr>";
71
72 }
73 echo "</table><br>";
74 echo "<table border=\"0\" width=\"70%\"><tr><td>";
75 echo "<br>";
76 if($vai=='editedit'){
77 $result = mysql_query("select title, preamble,content, editimage from ".$prefix.$tab." WHERE mid='$mid' AND id_cons='$id_cons'", $dbi);
78 list($add_title,$add_preamble, $add_content, $editimage) = mysql_fetch_row($result);
79 }
80//25.05.2009
81 $sql="SELECT editor,ed_user FROM ".$prefix."_config";
82$res = mysql_query("$sql", $dbi);
83list($editor,$ed_user) = mysql_fetch_row($res);
84//
85
86 echo "<center><font class=\"title\"><b>"._ADDCOME."</b></font></center><br>";
87 echo "<form action=\"admin.php\" method=\"post\">";
88 echo "<br><b><h6>"._TITOLO.":</b><br>
89 <input class=\"modulo\" type=\"text\" name=\"add_title\" value=\"$add_title\" size=\"50\" maxlength=\"100\"><br><br>";
90 if ($op=="link"){
91 if ($add_preamble=='')$add_preamble="http://";
92 echo "<b>"._LINK.":</b><br>"
93 ."<input class=\"modulo\" name=\"add_preamble\" size=\"50\" value=\"$add_preamble\"><br><br><b>";
94 }else{
95 echo "<b>"._PREAMBOLO.":</b><br>";
96//25 maggio 2009
97 if ($editor)
98 js_textarea("add_preamble", "$add_preamble", "$ed_user", "80", "10"); // 25 --> 24 maggio 2009 editor'
99 else
100 echo "<textarea class=\"modulo\" name=\"add_preamble\" rows=\"7\" wrap=\"virtual\" cols=\"60\">$add_preamble</textarea><br><br><b>";
101//
102 echo "<br><br><b>";
103 }
104 if ($op=='come') echo _CONTENUTO;
105 elseif ($op=='numeri') echo _NUMERITEL;
106 elseif ($op=='servizi') echo _DESCRAPP;
107 elseif ($op=='link') echo _DESCRLINK;
108 echo ":</b><br>";
109 //( "._HELPHTML." )<br>";
110//25 maggio 2009
111
112 if ($editor)
113 js_textarea("add_content", "$add_content", "$ed_user", "80", "20"); // 25 -->24 maggio 2009 editor
114 else
115 echo "<textarea class=\"modulo\" name=\"add_content\" rows=\"15\" wrap=\"virtual\" cols=\"60\">$add_content</textarea><br><br>";
116//
117 echo "<br/><br/>";
118 echo "<input type=\"hidden\" name=\"id_cons_gen\" value=\"$id_cons_gen\">"
119 ."<input type=\"hidden\" name=\"mid\" value=\"$mid\">"
120 ."<input type=\"hidden\" name=\"tab\" value=\"$tab\">"
121 ."<input type=\"hidden\" name=\"op\" value=\"$op\">";
122 if ($vai=='editedit'){
123 echo "<input type=\"hidden\" name=\"vai\" value=\"saveedit\">"
124 ."<input class=\"modulo-button\"type=\"submit\" value=\""._OK."\">";
125 }else{
126 echo "<input type=\"hidden\" name=\"vai\" value=\"addedit\">"
127 ."<input class=\"modulo-button\" type=\"submit\" value=\""._ADDCOME."\">";
128 }
129
130 echo "</form>";
131 echo "</td></tr></table></center>";
132 echo"</td></tr></table>";
133 include ("footer.php");
134}
135
136function saveedit($mid, $title, $preamble, $content) {
137 global $prefix, $dbi,$id_cons,$id_cons_gen,$tab,$op;
138
139$temp=$title.$preamble.$content;
140 if (preg_match("/script/i",$temp)) die("La parola script e' proibita, devi toglierla dal testo.");
141 $result = mysql_query("update ".$prefix.$tab." set title='$title', preamble='$preamble', content='$content' WHERE mid='$mid' AND id_cons='$id_cons'", $dbi);
142 Header("Location: admin.php?op=$op&vai=come&id_cons_gen=$id_cons_gen");
143}
144
145function addedit($add_title, $add_preamble, $add_content) {
146 global $prefix, $dbi,$id_cons, $id_cons_gen,$tab,$op;
147
148 $result = mysql_query("insert into ".$prefix.$tab." (id_cons,title,preamble,content) values ('$id_cons', '$add_title', '$add_preamble','$add_content')", $dbi);
149 if (!$result) {
150 exit();
151 }
152 Header("Location: admin.php?op=$op&vai=come&id_cons_gen=$id_cons_gen");
153}
154
155
156function deleteedit($mid, $ok=0) {
157 global $prefix, $dbi, $id_cons,$id_cons_gen,$tab,$op;
158 if($ok) {
159 $result = mysql_query("delete from ".$prefix.$tab." where mid=$mid and id_cons='$id_cons'", $dbi);
160 if (!$result) {
161 return;
162 }
163 Header("Location: admin.php?op=$op&vai=come&id_cons_gen=$id_cons_gen");
164 } else {
165 ele();
166 OpenTable();
167 echo "<center><font size=\"4\"><b>"._ADMINCOME."</b></font></center>";
168 CloseTable();
169 echo "<br>";
170 OpenTable();
171 echo "<center>"._REMOVEINFO."";
172 echo "<br><br>[ <a href=\"admin.php?op=$op&amp;vai=come&amp;id_cons_gen=$id_cons_gen\">"._NO."</a> | <a href=\"admin.php?op=$op&amp;vai=deleteedit&amp;mid=$mid&amp;ok=1&amp;id_cons_gen=$id_cons_gen\">"._YES."</a> ]</center>";
173 CloseTable();
174 echo"</td></tr></table>";
175 include("footer.php");
176 }
177
178
179
180}
181switch ($vai){
182
183// or "come" or "servizi" or "editedit"
184 case "come":
185 ele();
186 come();
187 break;
188 case "editedit":
189 ele();
190 come();
191 break;
192
193 case "saveedit":
194 saveedit($mid, $add_title, $add_preamble,$add_content);
195 break;
196
197 case "numeri":
198 ele();
199 come();
200 break;
201
202 case "servizi":
203 ele();
204 come();
205 break;
206
207 case "link":
208 ele();
209 come();
210 break;
211
212
213
214 case "addedit":
215 addedit($add_title, $add_preamble,$add_content);
216 break;
217
218 case "deleteedit":
219 deleteedit($mid, $ok);
220 break;
221
222
223
224}
225
226?>
Note: See TracBrowser for help on using the repository browser.