1 | <?php
|
---|
2 | /************************************************************************/
|
---|
3 | /* Eleonline - Raccolta e diffusione dei dati elettorali */
|
---|
4 | /* by Roberto Gigli & Luciano Apolito */
|
---|
5 | /* http://www.eleonline.it */
|
---|
6 | /* info@eleonline.it luciano@aniene.net rgigli@libero.it */
|
---|
7 | /************************************************************************/
|
---|
8 | /* Modulo Permessi */
|
---|
9 | /* Amministrazione */
|
---|
10 | /************************************************************************/
|
---|
11 |
|
---|
12 | if (!defined('ADMIN_FILE')) {
|
---|
13 | die ("You can't access this file directly...");
|
---|
14 | }
|
---|
15 |
|
---|
16 | $param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
|
---|
17 | $id_cons_gen=$param['id_cons_gen'];
|
---|
18 |
|
---|
19 | $perms=ChiSei($id_cons_gen);
|
---|
20 | if ($perms<64 or !$id_cons_gen) die("Non hai i permessi per inserire dati ($perms)($id_cons_gen), o non hai scelto la consultazione!");
|
---|
21 | $sql="SELECT t1.tipo_cons,t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
|
---|
22 | $res = $dbi->prepare("$sql");
|
---|
23 | $res->execute();
|
---|
24 | list($tipo_cons,$id_cons) = $res->fetch(PDO::FETCH_NUM);
|
---|
25 | if (isset($param['aid2'])) get_magic_quotes_gpc() ? $aid2=$param['aid2']:$aid2=addslashes($param['aid2']); else $aid2='';
|
---|
26 | if (isset($param['id_sede'])) $id_sede=intval($param['id_sede']); else $id_sede='';
|
---|
27 | if (isset($param['do'])) get_magic_quotes_gpc() ? $do=$param['do']:$do=addslashes($param['do']); else $do='';
|
---|
28 | if (isset($param['permessi'])) get_magic_quotes_gpc() ? $permessi=$param['permessi']:$permessi=addslashes($param['permessi']); else $permessi='';
|
---|
29 | if (isset($param['id_comune2'])) $id_comune2=intval($param['id_comune2']); else $id_comune2='';
|
---|
30 | if (isset($param['ok'])) $ok=intval($param['ok']); else $ok='';
|
---|
31 | if (isset($param['mex'])) get_magic_quotes_gpc() ? $mex=$param['mex']:$mex=addslashes($param['mex']); else $mex='';
|
---|
32 |
|
---|
33 | include("modules/Elezioni/funzionidata.php");
|
---|
34 | include("modules/Elezioni/ele.php");
|
---|
35 |
|
---|
36 | /******************************************************/
|
---|
37 | /*Funzione di visualizzazione globale */
|
---|
38 | /*****************************************************/
|
---|
39 | //crea la pagina delle affluenze
|
---|
40 | function all() {
|
---|
41 | global $adminop,$adminsuper,$admincomune,$aid, $offset, $prefix, $dbi,$id_cons,$aid2,$permessi,$id_sede,$id_cons_gen,$id_comune,$mex;
|
---|
42 | $bgcolor1=$_SESSION['bgcolor1'];
|
---|
43 | if (isset($mex)){
|
---|
44 | echo "<table align=\"center\"><tr><td style=\"background-color: rgb(255, 0, 0)\">";
|
---|
45 | echo $mex;
|
---|
46 | echo "</td></tr></table>";
|
---|
47 | }
|
---|
48 | OpenTable();
|
---|
49 | $sql="SELECT * FROM ".$prefix."_ele_operatori where id_cons=$id_cons and permessi<64 order by aid";
|
---|
50 | $resmod = $dbi->prepare("$sql");
|
---|
51 | $resmod->execute();
|
---|
52 |
|
---|
53 | echo "<br><table><tr align=\"center\" bgcolor=\"$bgcolor1\">";
|
---|
54 | echo "<td><b>"._UTENTE."</b></td>"
|
---|
55 | ."<td bgcolor=\"$bgcolor1\"><b>"._SEDE."</b></td>"
|
---|
56 | ."<td bgcolor=\"$bgcolor1\"><b>"._PERMESSI."</b></td>";
|
---|
57 | echo "<td bgcolor=\"$bgcolor1\"><b>"._FUNZIONI."</b></td></tr>";
|
---|
58 |
|
---|
59 |
|
---|
60 |
|
---|
61 | $sql="SELECT aid FROM ".$prefix."_ele_operatori where id_cons=$id_cons and permessi<64 order by aid";
|
---|
62 | $restmp = $dbi->prepare("$sql");
|
---|
63 | $restmp->execute();
|
---|
64 | if($restmp) {
|
---|
65 | $listmp='';$virg='';
|
---|
66 | while (list($artmp) = $restmp->fetch(PDO::FETCH_NUM)){ //elenco degli operatori gia' autorizzati
|
---|
67 | $listmp .= $virg."'".$artmp."'";
|
---|
68 | $virg=',';
|
---|
69 | }
|
---|
70 | }
|
---|
71 |
|
---|
72 | if (!$listmp) $listmp="''";
|
---|
73 | $sql="select aid from ".$prefix."_authors where id_comune=$id_comune and (admincomune=1 and aid not in ($listmp)) order by aid"; // operatori registrati ma non ancora autorizzati
|
---|
74 | $resins = $dbi->prepare("$sql");
|
---|
75 | $resins->execute();
|
---|
76 |
|
---|
77 |
|
---|
78 | echo "<form name=\"autorizza\" action=\"admin.php\">"
|
---|
79 | ."<input type=\"hidden\" name=\"op\" value=\"permessi\">";
|
---|
80 | echo "<tr align=\"center\">";
|
---|
81 | echo "<td><select name=\"aid2\">";
|
---|
82 | echo "<option value=\"\">";
|
---|
83 | if($resins->rowCount()) {
|
---|
84 | while(list($utente)=$resins->fetch(PDO::FETCH_NUM)){
|
---|
85 | echo "<option value=\"$utente\">$utente";
|
---|
86 | }
|
---|
87 | }
|
---|
88 | echo "</select></td>";
|
---|
89 | $ressede = mysql_query("SELECT id_sede, indirizzo from ".$prefix."_ele_sede where id_cons=$id_cons";
|
---|
90 | $ressede = $dbi->prepare("$sql");
|
---|
91 | $ressede->execute();
|
---|
92 | echo "<td><select name=\"id_sede\">";
|
---|
93 | echo "<option value=\"0\"> "._TUTTESEDI;
|
---|
94 | if($ressede->rowCount())
|
---|
95 | while(list($id,$descr)=$ressede->fetch(PDO::FETCH_NUM)){
|
---|
96 | $sel= ($id == $id_sede) ? "selected":"";
|
---|
97 | $arr[$id]=$descr;
|
---|
98 | echo "<option value=\"$id\" $sel>$descr";
|
---|
99 | }
|
---|
100 | echo "</select></td>";
|
---|
101 | echo "<td><select name=\"permessi\">";
|
---|
102 | if(!isset($permessi)) $permessi=16;
|
---|
103 | $sel=($permessi==32) ? "selected":"";
|
---|
104 | echo "<option value=\"32\" $sel>"._IMPOSTA_DATI;
|
---|
105 | $sel=($permessi==16) ? "selected":"";
|
---|
106 | echo "<option value=\"16\" $sel>"._INSERISCE_DATI;
|
---|
107 | $sel=($permessi==0) ? "selected":"";
|
---|
108 | echo "<option value=\"0\" $sel>"._SOSPESO;
|
---|
109 | echo "</select></td>";
|
---|
110 | echo "<input type=\"hidden\" name=\"id_cons_gen\" value=\"$id_cons_gen\">";
|
---|
111 | echo "<input type=\"hidden\" name=\"ok\" value=0>";
|
---|
112 | echo "<input type=\"hidden\" name=\"do\" value=\"autorizza\">";
|
---|
113 | echo "<td><input type=\"submit\" name=\"add\" value=\""._AGGIUNGI."\"></td></tr></form></table>";
|
---|
114 | echo "<br><hr><br><table>";
|
---|
115 | if($resmod->rowCount()){
|
---|
116 | $i=1;
|
---|
117 | while (list($id_cons2,$id_sede2,$id_comunetemp,$perm,$utente) = $resmod->fetch(PDO::FETCH_NUM)){
|
---|
118 | $bgcolor1=($bgcolor1==$_SESSION['bgcolor1'])?$_SESSION['bgcolor2']:$_SESSION['bgcolor1'];
|
---|
119 | echo "<form name=\"modello$i\" action=\"admin.php\">"
|
---|
120 | ."<input type=\"hidden\" name=\"op\" value=\"permessi\">";
|
---|
121 | echo "<input type=\"hidden\" name=\"do\" value=\"update\">";
|
---|
122 | echo "<input type=\"hidden\" name=\"aid2\" value=\"$utente\">";
|
---|
123 | echo "<input type=\"hidden\" name=\"id_cons_gen\" value=\"$id_cons_gen\">";
|
---|
124 | echo "<input type=\"hidden\" name=\"ok\" value=0>";
|
---|
125 | echo "<tr align=\"center\" bgcolor=\"$bgcolor1\">";
|
---|
126 | echo "<td align=\"center\" width=\"32\"><b>$utente</b></td>";
|
---|
127 | $sql="SELECT id_sede, indirizzo from ".$prefix."_ele_sede where id_cons=$id_cons";
|
---|
128 | $ressede = $dbi->prepare("$sql");
|
---|
129 | $ressede->execute();
|
---|
130 | echo "<td><select name=\"id_sede\">";
|
---|
131 | echo "<option value=\"0\"> "._TUTTESEDI;
|
---|
132 | while(list($id,$descr)=$ressede->fetch(PDO::FETCH_NUM)){
|
---|
133 | $sel= ($id == $id_sede2) ? "selected":"";
|
---|
134 | $arr[$id]=$descr;
|
---|
135 | echo "<option value=\"$id\" $sel>$descr";
|
---|
136 | }
|
---|
137 | echo "</select></td>";
|
---|
138 | echo "<td><select name=\"permessi\">";
|
---|
139 | if(!isset($perm)) $perm=16;
|
---|
140 | $sel=($perm==32) ? "selected":"";
|
---|
141 | echo "<option value=\"32\" $sel>"._IMPOSTA_DATI;
|
---|
142 | $sel=($perm==16) ? "selected":"";
|
---|
143 | echo "<option value=\"16\" $sel>"._INSERISCE_DATI;
|
---|
144 | $sel=($perm==0) ? "selected":"";
|
---|
145 | echo "<option value=\"0\" $sel>"._SOSPESO;
|
---|
146 | echo "</select></td>";
|
---|
147 | echo "<td><input type=\"submit\" name=\"add\" value=\""._OK."\"></td></tr></form>";
|
---|
148 | $i++;
|
---|
149 | }
|
---|
150 | }
|
---|
151 | echo "</table>";
|
---|
152 | CloseTable();
|
---|
153 | }
|
---|
154 |
|
---|
155 | function permessi($ok, $do,$aid2,$id_sede,$permessi,$id_comune) {
|
---|
156 | global $prefix, $dbi, $id_cons,$id_cons_gen,$currentlang;
|
---|
157 | $perms=ChiSei($id_cons_gen);
|
---|
158 | if ($perms!=256) $id_comune=$_SESSION['id_comune'];
|
---|
159 | if ($perms>32 and $permessi<$perms and $aid2) {
|
---|
160 | if ($do == "autorizza") {
|
---|
161 | $sql="insert into ".$prefix."_ele_operatori (id_cons,id_sede,id_comune,permessi,aid) values ('$id_cons','$id_sede','$id_comune','$permessi','$aid2')";
|
---|
162 | $res = $dbi->prepare("$sql");
|
---|
163 | $res->execute();
|
---|
164 | Header("Location: admin.php?op=permessi&id_cons_gen=$id_cons_gen");
|
---|
165 | } elseif ($do == "update") {
|
---|
166 | $sql="update ".$prefix."_ele_operatori set id_sede='$id_sede' , permessi='$permessi' where id_cons='$id_cons' and aid='$aid2' ";
|
---|
167 | $res = $dbi->prepare("$sql");
|
---|
168 | $res->execute();
|
---|
169 | if (!$result) return;
|
---|
170 | Header("Location: admin.php?op=permessi&id_cons_gen=$id_cons_gen");
|
---|
171 | }
|
---|
172 | }
|
---|
173 | }
|
---|
174 |
|
---|
175 |
|
---|
176 | //****************************
|
---|
177 | // switch
|
---|
178 | //****************************
|
---|
179 | if ($do) permessi($ok, $do,$aid2,$id_sede,$permessi,$id_comune);
|
---|
180 | ele();
|
---|
181 | all();
|
---|
182 | include("footer.php");
|
---|
183 | ?>
|
---|
184 |
|
---|