[2] | 1 | <?php
|
---|
| 2 |
|
---|
| 3 | /************************************************************************/
|
---|
| 4 | /* Eleonline - Raccolta e diffusione dei dati elettorali */
|
---|
| 5 | /* by Luciano Apolito & Roberto Gigli */
|
---|
| 6 | /* http://www.eleonline.it */
|
---|
| 7 | /* info@eleonline.it luciano@aniene.net rgigli@libero.it */
|
---|
| 8 | /************************************************************************/
|
---|
| 9 |
|
---|
| 10 | define('MODULE_FILE', true);
|
---|
| 11 |
|
---|
| 12 | // Additional security (Union, CLike, XSS)
|
---|
| 13 | // We want to use the function stripos,
|
---|
| 14 | // but thats only available since PHP5.
|
---|
| 15 | // So we cloned the function...
|
---|
| 16 | if(!function_exists('stripos')) {
|
---|
| 17 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
| 18 | return strpos(strtoupper($haystack), strtoupper($needle), $offset);
|
---|
| 19 | }
|
---|
| 20 | } else {
|
---|
| 21 | // But when this is PHP5, we use the original function
|
---|
| 22 | function stripos_clone($haystack, $needle, $offset=0) {
|
---|
| 23 | return stripos($haystack, $needle, $offset=0);
|
---|
| 24 | }
|
---|
| 25 | }
|
---|
| 26 |
|
---|
| 27 | if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
|
---|
| 28 | $queryString = $_SERVER['QUERY_STRING'];
|
---|
[12] | 29 | if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'..') OR stripos_clone($queryString,'+') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
|
---|
[2] | 30 | die('Operazione non consentita');
|
---|
| 31 | }
|
---|
| 32 | }
|
---|
| 33 |
|
---|
| 34 | foreach ($_GET as $sec_key => $secvalue) {
|
---|
[23] | 35 | if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
|
---|
| 36 | (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 37 | (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 38 | (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 39 | (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 40 | (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 41 | (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 42 | (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 43 | (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 44 | (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
|
---|
| 45 | (preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) ||
|
---|
| 46 | (preg_match("/\"/", $secvalue)) ||
|
---|
| 47 | (preg_match("/inside_mod/i", $sec_key))) {
|
---|
[2] | 48 | die ("Operazione non consentita");
|
---|
| 49 | }
|
---|
| 50 | }
|
---|
| 51 |
|
---|
| 52 | foreach ($_POST as $secvalue) {
|
---|
[23] | 53 | if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
|
---|
[2] | 54 | die ($htmltags);
|
---|
| 55 | }
|
---|
| 56 | }
|
---|
| 57 |
|
---|
| 58 | // Posting from other servers in not allowed
|
---|
| 59 | // Fix by Quake
|
---|
| 60 | // Bug found by PeNdEjO
|
---|
| 61 | if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
---|
| 62 | if (isset($_SERVER['HTTP_REFERER'])) {
|
---|
| 63 | if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
|
---|
| 64 | die('Posting da un altro server non consentito!');
|
---|
| 65 | } else {
|
---|
| 66 | # die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br/>');
|
---|
| 67 | }
|
---|
| 68 | }
|
---|
| 69 | }
|
---|
| 70 |
|
---|
| 71 | function jsexist(){ // controlla javascript by l.apolito 2008
|
---|
| 72 | global $op,$name;
|
---|
| 73 | if(!isset($_GET['js'])){
|
---|
[23] | 74 | $querystring= @preg_replace('/'.$_SERVER['DOCUMENT_ROOT'].'/i','http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
|
---|
| 75 | if (preg_match("/modules.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
|
---|
| 76 | if (preg_match("/admin.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
|
---|
[2] | 77 | echo "<noscript><meta http-equiv=\"refresh\" content=\"0; url=".$querystring."?js=b&$pagina\"/></noscript>";
|
---|
| 78 | }
|
---|
| 79 | $js=$_GET['js'];
|
---|
| 80 | return $js;
|
---|
| 81 | }
|
---|
| 82 |
|
---|
| 83 |
|
---|
| 84 |
|
---|
| 85 |
|
---|
| 86 |
|
---|
| 87 |
|
---|
| 88 | session_start();//MODIFICHE PER GESTIONE SESSIONI
|
---|
| 89 | // apre database
|
---|
| 90 | ////////////////////////
|
---|
[230] | 91 | if (file_exists("config.php")) @require_once("config.php"); else $install="1";
|
---|
[2] | 92 |
|
---|
[230] | 93 |
|
---|
| 94 |
|
---|
[154] | 95 | # verifica se effettuata la configurazione
|
---|
[230] | 96 | if(empty($dbname) || $istall=="1") {
|
---|
[154] | 97 | die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
|
---|
| 98 | }
|
---|
[2] | 99 |
|
---|
| 100 |
|
---|
| 101 |
|
---|
| 102 |
|
---|
[154] | 103 |
|
---|
[2] | 104 | if(!$dbi = mysql_connect($dbhost, $dbuname, $dbpass)){
|
---|
| 105 | die("<center><img src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br/><br/><b>Ci sono dei problemi di connessione al Server $dbtype, chiediamo scusa per l'inconveniente.<br/><br/>Provate piu' tardi, Grazie.</b><br/><font color=\"#ff0000\">". mysql_error()."</font></center>");
|
---|
| 106 | }
|
---|
| 107 |
|
---|
| 108 | if(!mysql_select_db($dbname)){
|
---|
| 109 | die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br/><br/><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br/><br/>Provate piu' tardi, Grazie.</b><br/><font color=\"#ff0000\">". mysql_error()."</font></center>");
|
---|
| 110 | }
|
---|
[23] | 111 | mysql_query("SET NAMES 'utf8'", $dbi);
|
---|
[2] | 112 |
|
---|
[153] | 113 | # protezione csrf ottobre 2012 - by l.apolito
|
---|
| 114 | if (file_exists("inc/csrf-magic/csrf-magic.php")) {
|
---|
| 115 | include_once 'inc/csrf-magic/csrf-magic.php';
|
---|
| 116 | }
|
---|
| 117 |
|
---|
| 118 |
|
---|
| 119 |
|
---|
| 120 |
|
---|
| 121 |
|
---|
| 122 |
|
---|
[2] | 123 | # carica i parametri di default sulla tabella
|
---|
| 124 | $res = mysql_query("SELECT * FROM ".$prefix."_config" , $dbi);
|
---|
| 125 | $row = mysql_fetch_array($res);
|
---|
| 126 | $sitename = stripslashes($row['sitename']);
|
---|
| 127 | $siteurl = $row['siteurl'];
|
---|
| 128 | $site_logo = $row['site_logo'];
|
---|
| 129 | $startdate = $row['startdate'];
|
---|
| 130 | $adminmail = $row['adminmail'];
|
---|
| 131 | $tema = $row['tema'];
|
---|
| 132 | $language = $row['language'];
|
---|
| 133 | $blocco = intval($row['blocco']);
|
---|
| 134 | $fileout = intval($row['fileout']);
|
---|
| 135 | $copyright = $row['copyright'];
|
---|
| 136 | $Versione = $row['Versione'];
|
---|
| 137 | $patch = $row['patch'];
|
---|
| 138 | $siteistat = intval($row['siteistat']);
|
---|
| 139 | $multicomune = intval($row['multicomune']);
|
---|
| 140 | $flash = intval($row['flash']);
|
---|
| 141 | $displayerrors = $row['displayerrors'];
|
---|
| 142 | $gkey = $row['gkey'];
|
---|
| 143 | $googlemaps = intval($row['googlemaps']);
|
---|
| 144 | $editor = intval($row['editor']);
|
---|
| 145 | $tema_on = intval($row['tema_on']);
|
---|
| 146 | $ed_user = $row['ed_user'];
|
---|
[230] | 147 | #tema mobile
|
---|
| 148 | $cellulare = intval($row['cellulare']);
|
---|
| 149 |
|
---|
| 150 |
|
---|
| 151 |
|
---|
[2] | 152 | # altre config
|
---|
| 153 | $res = mysql_query("SELECT * FROM ".$prefix."_ele_comuni where id_comune='$siteistat' ", $dbi);
|
---|
| 154 | $row = mysql_fetch_array($res);
|
---|
| 155 | $id_cons_pred = intval($row['id_cons']);
|
---|
| 156 | if($id_cons_pred=='0')$id_cons_pred='';
|
---|
| 157 | if(!isset($id_cons_gen)) $id_cons_gen=$id_cons_pred;
|
---|
| 158 | # carica il metodo d'hontd
|
---|
| 159 | $res = mysql_query("SELECT * FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen' ", $dbi);
|
---|
| 160 | $row = mysql_fetch_array($res);
|
---|
| 161 |
|
---|
| 162 |
|
---|
| 163 |
|
---|
| 164 |
|
---|
| 165 | $param=strip_tags(strtolower($_SERVER['REQUEST_METHOD'])) == 'get' ? $_GET : $_POST;
|
---|
| 166 | ////////////////////
|
---|
| 167 | #funzione di backup
|
---|
| 168 | if (isset($param['op']) and $param['op']=='backup')
|
---|
| 169 | {
|
---|
| 170 | $id_cons_bak=intval($param['id_cons_gen']);
|
---|
[10] | 171 | if (isset($param['id_comune'])) $id_combak=intval($param['id_comune']); else $id_combak=$_SESSION['id_comune'];
|
---|
[2] | 172 | $res = mysql_query("SELECT id_cons,id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_bak' and id_comune='$id_combak'" , $dbi);
|
---|
| 173 | list($id_cons,$hondt) = mysql_fetch_row($res);
|
---|
| 174 |
|
---|
| 175 | // incluso in consiglieri.php, ma io carico le vecchie variabili per compatibilit'a all'indietro
|
---|
| 176 | if($hondt>=1){
|
---|
| 177 | # proiezione consiglio
|
---|
| 178 | $res = mysql_query("SELECT * FROM ".$prefix."_ele_conf where id_conf='$hondt'", $dbi);
|
---|
| 179 | $row = mysql_fetch_array($res);
|
---|
| 180 | $descrizione_consiglio = $row['descrizione'];
|
---|
| 181 | $LIMITE = intval($row['limite']);
|
---|
| 182 | $CONSIN = intval($row['consin']);
|
---|
| 183 | $INFPREMIO=intval($row['infpremio']);
|
---|
| 184 | $SUPSBARRAMENTO=intval($row['supsbarramento']);
|
---|
| 185 | $SUPMINPREMIO=intval($row['supminpremio']);
|
---|
| 186 | $SUPPREMIO=intval($row['suppremio']);
|
---|
| 187 | $LISTINFSBAR=intval($row['listinfsbar']);
|
---|
| 188 | $LISTINFCONTA=intval($row['listinfconta']);
|
---|
| 189 | $LISTSUPCONTA=intval($row['listsupconta']);
|
---|
| 190 | $SUPMINPREMIO=intval($row['supminpremio']);
|
---|
| 191 | $INFMINPREMIO=intval($row['infminpremio']);
|
---|
| 192 | }
|
---|
| 193 |
|
---|
| 194 |
|
---|
| 195 | include("modules/Elezioni/backup.php");
|
---|
| 196 | die();
|
---|
| 197 | }
|
---|
| 198 | ///////////////////
|
---|
| 199 | // lingua x demo
|
---|
| 200 | if (isset($param['newl'])){
|
---|
| 201 | $newl=$param['newl'];
|
---|
| 202 | if (file_exists("modules/Elezioni/language/lang-$newl.php")){ $lang=$newl;$_SESSION['newl']="$lang";
|
---|
| 203 | }
|
---|
| 204 | }
|
---|
| 205 |
|
---|
| 206 | // seesioni per flash, blocco e linguaggio, tour
|
---|
| 207 |
|
---|
| 208 | if (isset($param['block'])){
|
---|
| 209 | $blocco=$param['block'];
|
---|
| 210 | $_SESSION['newblock']="$blocco";
|
---|
| 211 | }
|
---|
| 212 | if (isset($_SESSION['newblock'])) $blocco=$_SESSION['newblock'];
|
---|
| 213 |
|
---|
| 214 |
|
---|
| 215 |
|
---|
| 216 | // linguaggio
|
---|
| 217 | if (isset($_SESSION['newl'])) $lang=$_SESSION['newl'];
|
---|
| 218 | //else $lang=$lang;
|
---|
| 219 | if (! isset($lang)) $lang=$language;
|
---|
| 220 | if (strlen($lang)!=2) $lang=$language;
|
---|
| 221 |
|
---|
| 222 | // flash x demo
|
---|
| 223 | if (isset($param['flash'])){
|
---|
| 224 | $flash=$param['flash'];
|
---|
| 225 | $_SESSION['newflash']="$flash";
|
---|
| 226 | }
|
---|
| 227 | if (isset($_SESSION['newflash'])) $flash=$_SESSION['newflash'];
|
---|
| 228 |
|
---|
| 229 | if (isset($param['tema'])){
|
---|
| 230 | $tema=$param['tema'];
|
---|
[12] | 231 | $tema=htmlentities($tema); // evita xss
|
---|
[23] | 232 | if(preg_match("/%/i", $tema)) $tema="default";// evita xss
|
---|
[2] | 233 | $_SESSION['newtema']="$tema";
|
---|
[230] | 234 |
|
---|
[2] | 235 | }
|
---|
[29] | 236 | if (isset($_SESSION['newtema'])) {
|
---|
| 237 | $tema=$_SESSION['newtema'];
|
---|
| 238 | if (preg_match("/%/i",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
|
---|
| 239 | }
|
---|
[230] | 240 |
|
---|
| 241 | //ritorno disabilita tema cellulare dal file backtoapp e dal footer lo riattiva
|
---|
| 242 | if (isset($param['nocell'])){
|
---|
| 243 | $nocell=$param['nocell'];
|
---|
| 244 | $_SESSION['newcell']="$nocell";
|
---|
| 245 | }
|
---|
| 246 | if (isset($_SESSION['newcell'])) $nocell=$_SESSION['newcell'];
|
---|
| 247 |
|
---|
| 248 |
|
---|
| 249 |
|
---|
| 250 |
|
---|
| 251 |
|
---|
[2] | 252 | $PHP_SELF=$_SERVER['PHP_SELF'];
|
---|
[80] | 253 | $file=(isset($_GET['file'])) ? htmlentities($_GET['file']):"index";
|
---|
| 254 | $name=(isset($_GET['name'])) ? htmlentities($_GET['name']):"Elezioni";
|
---|
[153] | 255 | $op=(isset($_GET['op'])) ? htmlentities($_GET['op']):"gruppo";
|
---|
[80] | 256 | if (!isset($_GET['op'])) $_GET['op']="gruppo";
|
---|
[10] | 257 |
|
---|
[2] | 258 | $modpath = "modules/$name/$file.php";
|
---|
| 259 | if (file_exists($modpath)) {
|
---|
| 260 | include($modpath);
|
---|
| 261 | } else {
|
---|
| 262 | die ("Sorry, such file doesn't exist...:$modpath");
|
---|
| 263 | }
|
---|
| 264 |
|
---|
| 265 |
|
---|
| 266 |
|
---|
| 267 |
|
---|
| 268 |
|
---|
| 269 |
|
---|
| 270 |
|
---|
| 271 | ?>
|
---|