[2] | 1 | <?php
|
---|
| 2 | /************************************************************************/
|
---|
| 3 | /* Eleonline - Raccolta e diffusione dei dati elettorali */
|
---|
| 4 | /* by Roberto Gigli & Luciano Apolito */
|
---|
| 5 | /* http://www.eleonline.it */
|
---|
| 6 | /* info@eleonline.it luciano@aniene.net rgigli@libero.it */
|
---|
| 7 | /************************************************************************/
|
---|
| 8 | /* Modulo Operatori */
|
---|
| 9 | /* Amministrazione */
|
---|
| 10 | /************************************************************************/
|
---|
| 11 | if (!defined('ADMIN_FILE')) {
|
---|
| 12 | die ("You can't access this file directly...");
|
---|
| 13 | }
|
---|
| 14 |
|
---|
| 15 | $perms=ChiSei($id_cons_gen);
|
---|
| 16 | if (($perms<64 or !$id_cons_gen) and $perms!=256) die("(($perms<64 or !$id_cons_gen) and $perms!=256)Non hai i permessi per inserire dati, o non hai scelto la consultazione!");
|
---|
[257] | 17 | $sql="SELECT t1.tipo_cons,t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
|
---|
| 18 | $res = $dbi->prepare("$sql");
|
---|
| 19 | $res->execute();
|
---|
| 20 | list($tipo_cons,$id_cons) = $res->fetch(PDO::FETCH_NUM);
|
---|
[2] | 21 | if (isset($_GET['aid2'])) get_magic_quotes_gpc() ? $aid2=$param['aid2']:$aid2=addslashes($param['aid2']); else {if ($perms==256) $aid2='admin'; else $aid2='';}
|
---|
| 22 | if (isset($_GET['id_sede'])) $id_sede=intval($_GET['id_sede']); else $id_sede='';
|
---|
| 23 | if (isset($_GET['do'])) get_magic_quotes_gpc() ? $do=$param['do']:$do=addslashes($param['do']); else $do='';
|
---|
| 24 | if (isset($_GET['name'])) get_magic_quotes_gpc() ? $name=$param['name']:$name=addslashes($param['name']); else $name='';
|
---|
| 25 | if (isset($_GET['email'])) get_magic_quotes_gpc() ? $email=$param['email']:$email=addslashes($param['email']); else $email='';
|
---|
| 26 | if (isset($_GET['passwd'])) get_magic_quotes_gpc() ? $passwd=$param['passwd']:$passwd=addslashes($param['passwd']); else $passwd='';
|
---|
| 27 | if (isset($_GET['passwd2'])) get_magic_quotes_gpc() ? $passwd2=$param['passwd2']:$passwd2=addslashes($param['passwd2']); else $passwd2='';
|
---|
| 28 |
|
---|
| 29 | include("modules/Elezioni/funzionidata.php");
|
---|
| 30 | include("modules/Elezioni/ele.php");
|
---|
| 31 |
|
---|
| 32 | /******************************************************/
|
---|
| 33 | /*Funzione di visualizzazione globale */
|
---|
| 34 | /*****************************************************/
|
---|
| 35 | //crea la pagina delle affluenze
|
---|
| 36 | function all() {
|
---|
| 37 | global $aid, $offset, $prefix, $dbi,$id_cons,$aid2,$id_sede,$id_cons_gen,$mex,$perms;
|
---|
| 38 | //echo $perms;die();
|
---|
| 39 | $bgcolor1=$_SESSION['bgcolor1'];
|
---|
| 40 | $id_comune=$_SESSION['id_comune'];
|
---|
| 41 | $user=$aid;
|
---|
[257] | 42 | $sql="select descrizione from ".$prefix."_ele_comuni where id_comune=$id_comune";
|
---|
| 43 | $rescom = $dbi->prepare("$sql");
|
---|
| 44 | $rescom->execute();
|
---|
| 45 | list($descr_com) = $rescom->fetch(PDO::FETCH_NUM);
|
---|
| 46 | $sql="SELECT aid,name,email FROM ".$prefix."_authors where aid='$aid2' and id_comune='$id_comune'";
|
---|
| 47 | $resmod = $dbi->prepare("$sql");
|
---|
| 48 | $resmod->execute();
|
---|
| 49 | list ($aid2,$name,$email) = $resmod->fetch(PDO::FETCH_NUM);
|
---|
[2] | 50 | if (isset($_GET['mex'])){
|
---|
| 51 | echo "<table align=\"center\"><tr><td style=\"background-color: rgb(255, 0, 0)\">";
|
---|
| 52 | echo $_GET['mex'];
|
---|
| 53 | echo "</td></tr></table>";
|
---|
| 54 | }
|
---|
[53] | 55 | # OpenTable();
|
---|
| 56 | echo "<table>";
|
---|
[2] | 57 | $esiste=0;
|
---|
| 58 | echo "<tr><td>";
|
---|
| 59 | echo "<form name=\"autorizza\" action=\"admin.php\">";
|
---|
[53] | 60 | echo "<table style=\"color: #000000;\"><tr align=\"center\" bgcolor=\"$bgcolor1\">";
|
---|
[2] | 61 | echo "<td><b>"._UTENTE."</b></td>";
|
---|
[257] | 62 | $sql="select aid from ".$prefix."_authors where id_comune='$id_comune' order by aid";
|
---|
| 63 | $resins = $dbi->prepare("$sql");
|
---|
| 64 | $resins->execute();
|
---|
[2] | 65 | echo "</tr><tr align=\"center\">";
|
---|
| 66 | echo "<td><input type=\"hidden\" name=\"pag_op\" value=\"admin.php?op=operatori&id_cons_gen=$id_cons_gen&aid2=\">";
|
---|
| 67 | echo "<select name=\"aid2\" onChange=\"top.location.href=this.form.pag_op.value+this.form.aid2.options[this.form.aid2.selectedIndex].value;return false\">";
|
---|
| 68 | echo "<option value=\"\">";
|
---|
[257] | 69 | while(list($utente)=$resins->fetch(PDO::FETCH_NUM)){
|
---|
[2] | 70 | $sel= ($utente == $aid2) ? "selected":"";
|
---|
| 71 | echo "<option value=\"$utente\" $sel>$utente";
|
---|
| 72 | if($utente=="admin") $esiste=1;
|
---|
| 73 | }
|
---|
| 74 | echo "</select></td>";
|
---|
| 75 | echo "</tr></table></form><br><hr>";
|
---|
[257] | 76 | # $sql="SELECT * FROM ".$prefix."_authors where id_cons='$id_cons' and id_comune='$id_comune'";
|
---|
| 77 | # $resmod = $dbi->prepare("$sql");
|
---|
| 78 | # $resmod->execute();
|
---|
[2] | 79 | echo "<form name=\"modello\" action=\"admin.php\">";
|
---|
[53] | 80 | echo "<table style=\"color: #000000;\">";
|
---|
[2] | 81 | if ($perms==256) echo "<tr><td colspan=\"6\">"._NOTAOP." <b>$descr_com</b><hr></td></tr>";
|
---|
| 82 | echo "<tr align=\"center\" bgcolor=\"$bgcolor1\">";
|
---|
| 83 | echo "<td><b>"._UTENTE."</b></td>";
|
---|
| 84 | echo "<td><b>"._PASSWORD."</b></td>";
|
---|
| 85 | echo "<td><b>"._RIPETI."</b></td>";
|
---|
| 86 | echo "<td bgcolor=\"$bgcolor1\"><b>"._NOME."</b></td>"
|
---|
| 87 | ."<td bgcolor=\"$bgcolor1\"><b>"._EMAIL."</b></td>";
|
---|
| 88 | echo "<td bgcolor=\"$bgcolor1\"><b>"._FUNZIONI."</b></td></tr>";
|
---|
| 89 | echo "<tr align=\"center\"><td>";
|
---|
| 90 | echo "<input type=\"hidden\" name=\"op\" value=\"operatori\">"
|
---|
| 91 | ."<input type=\"hidden\" name=\"id_comune\" value=\"$id_comune\">";
|
---|
| 92 | if ($perms==256 and $aid2==''){
|
---|
| 93 | if($esiste) $supadm=''; else $supadm='admin';
|
---|
| 94 | echo "<input name=\"aid2\" value=\"$supadm\"></td>";
|
---|
| 95 | }else
|
---|
| 96 | echo "<input name=\"aid2\" value=\"$aid2\"></td>";
|
---|
| 97 | echo "<td align=\"center\"><input type=password name=\"passwd\" size=\"12\"></td>";
|
---|
| 98 | echo "<td align=\"center\"><input type=password name=\"passwd2\" size=\"12\"></td>";
|
---|
| 99 | echo "<td><input name=\"name\" value=\"$name\"></td>";
|
---|
| 100 | echo "<td><input name=\"email\" value=\"$email\">";
|
---|
| 101 | echo "<input type=\"hidden\" name=\"id_cons_gen\" value=\"$id_cons_gen\">";
|
---|
| 102 | echo "<input type=\"hidden\" name=\"ok\" value=0></td>";
|
---|
| 103 | if ($aid2) {
|
---|
| 104 | echo "<td><input type=\"hidden\" name=\"do\" value=\"update\">";
|
---|
| 105 | echo "<input type=\"submit\" name=\"add\" value=\""._MODIFY."\"></td></tr>";
|
---|
| 106 | }else{
|
---|
| 107 | echo "<td><input type=\"hidden\" name=\"do\" value=\"add\">";
|
---|
| 108 | echo "<input type=\"submit\" name=\"add\" value=\""._NEW." "._UTENTE."\"></td></tr>";
|
---|
| 109 | }
|
---|
| 110 | echo "</table></form><br>";
|
---|
| 111 |
|
---|
| 112 | CloseTable();
|
---|
| 113 | }
|
---|
| 114 |
|
---|
| 115 | function operatori($do,$aid2,$name,$email,$passwd,$passwd2,$id_comune) {
|
---|
| 116 | global $aid, $prefix, $dbi, $id_cons,$id_cons_gen,$currentlang;
|
---|
| 117 | $perms=ChiSei($id_cons_gen);
|
---|
| 118 |
|
---|
| 119 | if ($perms!=256) $id_comune=$_SESSION['id_comune'];
|
---|
| 120 | if ($perms>32 and $aid2) {
|
---|
| 121 | if ($do == "add") {
|
---|
| 122 | $sql="select * from ".$prefix."_authors where aid='$aid2' and id_comune=$id_comune";
|
---|
[257] | 123 | $res = $dbi->prepare("$sql");
|
---|
| 124 | $res->execute();
|
---|
| 125 | $max=$res->rowCount();
|
---|
[2] | 126 | if ($passwd==$passwd2 and $max==0){
|
---|
| 127 | if ($aid2=='admin') $super='1,0,0,'; else $super = '0,1,0,';
|
---|
| 128 | $sql="insert into ".$prefix."_authors (aid,name,id_comune,email,pwd,counter,adminop,admincomune,adminsuper,admlanguage) values ('$aid2','$name','$id_comune' , '$email','".md5($passwd)."',0,$super'$currentlang')";
|
---|
[257] | 129 | $res = $dbi->prepare("$sql");
|
---|
| 130 | $res->execute();
|
---|
[2] | 131 | if ($perms==256 and $aid2=='admin'){
|
---|
[257] | 132 | $sql="insert into ".$prefix."_ele_operatori (id_cons,id_sede,id_comune,permessi,aid) values ('0','0','$id_comune','64','$aid2')";
|
---|
| 133 | $res = $dbi->prepare("$sql");
|
---|
| 134 | $res->execute();
|
---|
[2] | 135 | }
|
---|
| 136 | Header("Location: admin.php?op=operatori&id_cons_gen=$id_cons_gen");
|
---|
| 137 | }else{
|
---|
| 138 | $mex='';
|
---|
| 139 | if($passwd!=$passwd2) $mex="- Le password non coincidono! -<br>";
|
---|
| 140 | if($max>0) $mex.=" - Utente <b>$aid2</b> presente in archivio! - ";
|
---|
| 141 | header("location:admin.php?op=operatori&id_cons_gen=$id_cons_gen&aid2=$aid2&name=$name&email=$email&mex=$mex");
|
---|
| 142 | }
|
---|
| 143 | } elseif ($do == "update") {
|
---|
[257] | 144 | $sql="update ".$prefix."_authors set name='$name',pwd='".md5($passwd)."', email='$email' where id_comune='$id_comune' and aid='$aid2' ";
|
---|
| 145 | $res = $dbi->prepare("$sql");
|
---|
[332] | 146 | $res->execute();
|
---|
| 147 | $result=$res->rowCount();
|
---|
[2] | 148 | if (!$result) return;
|
---|
| 149 | if ($aid2==$aid) $_SESSION['pwd']=md5($passwd);
|
---|
| 150 | Header("Location: admin.php?op=operatori&id_cons_gen=$id_cons_gen");
|
---|
| 151 | }
|
---|
| 152 | }
|
---|
| 153 | }
|
---|
| 154 |
|
---|
| 155 |
|
---|
| 156 | //****************************
|
---|
| 157 | // switch
|
---|
| 158 | //****************************
|
---|
| 159 | if ($do) operatori($do,$aid2,$name,$email,$passwd,$passwd2,$id_comune);
|
---|
| 160 | ele();
|
---|
| 161 | all();
|
---|
| 162 | echo"</td></tr></table>";
|
---|
| 163 | include("footer.php");
|
---|
| 164 | ?>
|
---|
| 165 |
|
---|