source: trunk/client/modules.php@ 404

Last change on this file since 404 was 403, checked in by roby, 9 months ago

Segue correzioni alla rev 400

File size: 10.7 KB
RevLine 
[400]1<?php
2
3/************************************************************************/
4/* Eleonline - Raccolta e diffusione dei dati elettorali */
5/* by Luciano Apolito & Roberto Gigli */
6/* http://www.eleonline.it */
7/* info@eleonline.it luciano@aniene.net rgigli@libero.it */
8/************************************************************************/
9
10define('MODULE_FILE', true);
11
12// Additional security (Union, CLike, XSS)
13// We want to use the function stripos,
14// but thats only available since PHP5.
15// So we cloned the function...
16if(!function_exists('stripos')) {
17 function stripos_clone($haystack, $needle, $offset=0) {
18 return strpos(strtoupper($haystack), strtoupper($needle), $offset);
19 }
20} else {
21// But when this is PHP5, we use the original function
22 function stripos_clone($haystack, $needle, $offset=0) {
23 return stripos($haystack, $needle, $offset=0);
24 }
25}
26
27 if(isset($_SERVER['QUERY_STRING']) && (!stripos_clone($_SERVER['QUERY_STRING'], "ad_click") || !stripos_clone($_SERVER['QUERY_STRING'], "url"))) {
28 $queryString = $_SERVER['QUERY_STRING'];
29 if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'..') OR stripos_clone($queryString,'+') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'concat')) {
30 die('Operazione non consentita');
31 }
32 }
33
34foreach ($_GET as $sec_key => $secvalue) {
35 if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
36 (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
37 (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
38 (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
39 (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
40 (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
41 (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
42 (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
43 (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
44 (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
45 (preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) ||
46 (preg_match("/\"/", $secvalue)) ||
47 (preg_match("/inside_mod/i", $sec_key))) {
48 die ("Operazione non consentita");
49 }
50 }
51
52 foreach ($_POST as $secvalue) {
53 if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
54 die ($htmltags);
55 }
56 }
57
58// Posting from other servers in not allowed
59// Fix by Quake
60// Bug found by PeNdEjO
61if ($_SERVER['REQUEST_METHOD'] == "POST") {
62 if (isset($_SERVER['HTTP_REFERER'])) {
63 if (!stripos_clone($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])) {
64 die('Posting da un altro server non consentito!');
65 } else {
66# die('<b>Attenzione:</b> il tuo browser non puo inviare gli header HTTP_REFERER al website.<br/>');
67 }
68 }
69}
70
71
72function jsexist(){ // controlla javascript by l.apolito 2008
73global $op,$name;
74if(!isset($_GET['js'])){
75$querystring= @preg_replace('/'.$_SERVER['DOCUMENT_ROOT'].'/i','http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
76if (preg_match("/modules.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
77if (preg_match("/admin.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
78 echo "<noscript><meta http-equiv=\"refresh\" content=\"0; url=".$querystring."?js=b&amp;$pagina\"/></noscript>";
79 }
80$js=$_GET['js'];
81return $js;
82}
83
84
85
86
87
88
89session_start();//MODIFICHE PER GESTIONE SESSIONI
[403]90if (!count($_SESSION)) $_SESSION['op']='gruppo';
[400]91// apre database
92////////////////////////
93if (file_exists("config.php")) { @require_once("config.php");$install="";}else{ $install="1";}
94
95
96
97# verifica se effettuata la configurazione
98if(empty($dbname) || $install=="1") {
99 die("<html><body><div style=\"text-align:center\"><br /><br /><img src=\"modules/Elezioni/images/logo.jpg\" alt=\"Eleonline\" title=\"Eleonline\"><br /><br /><strong>Sembra che <a href='http://www.eleonline.it' title='Eleonline'>Eleonline</a> non sia stato ancora installato.<br /><br />Puoi procedere <a href='../install/index.php'>cliccando qui</a> per iniziare l'installazione</strong></div></body></html>");
100}
101
102
103$dbi = new PDO("mysql:host=$dbhost;charset=utf8", $dbuname, $dbpass, array(PDO::ATTR_EMULATE_PREPARES => false,
104 PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION));
105$sql = "use $dbname";
106$dbi->exec($sql);
107 $sth = $dbi->prepare("SET SESSION character_set_connection = 'utf8' ");
108 $sth->execute();
109 $sth = $dbi->prepare("SET SESSION character_set_client = 'utf8' ");
110 $sth->execute();
111 $sth = $dbi->prepare("SET SESSION character_set_database = 'utf8' ");
112 $sth->execute();
113 $sth = $dbi->prepare("SET CHARACTER SET utf8");
114 $sth->execute();
115
116 $sth = $dbi->prepare("SET NAMES 'utf8'");
117 $sth->execute();
118
119# protezione csrf ottobre 2012 - by l.apolito
120if (file_exists("inc/csrf-magic/csrf-magic.php")) {
121 include_once 'inc/csrf-magic/csrf-magic.php';
122}
123
124
125 $param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
126 if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']); #else $id_comune=$siteistat;
127 if (isset($param['id_cons_gen'])) $id_cons_gen=intval($param['id_cons_gen']);
128
129# carica i parametri di default sulla tabella
130$sql = $dbi->prepare("SELECT * FROM ".$prefix."_config");
131$sql->execute();
132while($riga = $sql->fetchAll(PDO::FETCH_ASSOC)){$row=$riga[0];
133$sitename = stripslashes($row['sitename']);
134$siteurl = $row['siteurl'];
135$site_logo = $row['site_logo'];
136$startdate = $row['startdate'];
137$adminmail = $row['adminmail'];
138$tema = $row['tema'];
139$temaimpostata=$tema; #per link desktop moblie
140$language = $row['language'];
141$blocco = intval($row['blocco']);
142$fileout = intval($row['fileout']);
143$copyright = $row['copyright'];
144$Versione = $row['versione'];
145$patch = $row['patch'];
146$siteistat = intval($row['siteistat']);
147$multicomune = intval($row['multicomune']);
148$flash = intval($row['flash']);
149$displayerrors = $row['displayerrors'];
150$gkey = $row['gkey'];
151$googlemaps = intval($row['googlemaps']);
152$editor = intval($row['editor']);
153$tema_on = intval($row['tema_on']);
154$ed_user = $row['ed_user'];
155#tema mobile
156}
157
158
159
160# altre config
161$sql = $dbi->prepare("SELECT * FROM ".$prefix."_ele_comuni where id_comune='$siteistat' ");
162$sql->execute();
163$riga = $sql->fetchAll(PDO::FETCH_ASSOC);
164$row=$riga[0];
165$id_cons_pred = intval($row['id_cons']);
166if($id_cons_pred=='0')$id_cons_pred='';
167if(!isset($id_cons_gen)) $id_cons_gen=$id_cons_pred;
168# carica il metodo d'hontd
169##$sql = $dbi->prepare("SELECT * FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen' ");
170##$sql->execute();
171
172$param=strip_tags(strtolower($_SERVER['REQUEST_METHOD'])) == 'get' ? $_GET : $_POST;
173////////////////////
174#funzione di backup
175if (isset($param['op']) and $param['op']=='backup')
176{
177$id_cons_bak=intval($param['id_cons_gen']);
178if (isset($param['id_comune'])) $id_combak=intval($param['id_comune']); else $id_combak=$_SESSION['id_comune'];
179$sql = $dbi->prepare("SELECT id_cons,id_conf FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_bak' and id_comune='$id_combak'");
180$sql->execute();
181list($id_cons,$hondt) = $sql->fetch(PDO::FETCH_NUM);
182
183// incluso in consiglieri.php, ma io carico le vecchie variabili per compatibilit'a all'indietro
184if($hondt>=1){
185# proiezione consiglio
186 $res2 = $dbi->prepare("SELECT * FROM ".$prefix."_ele_conf where id_conf='$hondt'");
187 $res2->execute();
188 $row=$res2->fetch(PDO::FETCH_ASSOC);
189
190 $descrizione_consiglio = $row['descrizione'];
191 $LIMITE = intval($row['limite']);
192 $CONSIN = intval($row['consin']);
193 $INFPREMIO=intval($row['infpremio']);
194 $SUPSBARRAMENTO=intval($row['supsbarramento']);
195 $SUPMINPREMIO=intval($row['supminpremio']);
196 $SUPPREMIO=intval($row['suppremio']);
197 $LISTINFSBAR=intval($row['listinfsbar']);
198 $LISTINFCONTA=intval($row['listinfconta']);
199 $LISTSUPCONTA=intval($row['listsupconta']);
200 $SUPMINPREMIO=intval($row['supminpremio']);
201 $INFMINPREMIO=intval($row['infminpremio']);
202}
203
204
205include("modules/Elezioni/backup.php");
206die();
207}
208///////////////////
209// lingua x demo
210if (isset($param['newl'])){
211 $newl=$param['newl'];
212 if (file_exists("modules/Elezioni/language/lang-$newl.php")){ $lang=$newl;$_SESSION['newl']="$lang";
213 }
214}
215
216// seesioni per flash, blocco e linguaggio, tour
217
218if (isset($param['block'])){
219 $blocco=$param['block'];
220 $_SESSION['newblock']="$blocco";
221 }
222if (isset($_SESSION['newblock'])) $blocco=$_SESSION['newblock'];
223
224
225
226// linguaggio
227if (isset($_SESSION['newl'])) $lang=$_SESSION['newl'];
228//else $lang=$lang;
229if (! isset($lang)) $lang=$language;
230if (strlen($lang)!=2) $lang=$language;
231
232// flash x demo
233if (isset($param['flash'])){
234 $flash=$param['flash'];
235 $_SESSION['newflash']="$flash";
236 }
237if (isset($_SESSION['newflash'])) $flash=$_SESSION['newflash'];
238
239if (isset($param['tema'])){
240 $tema=$param['tema'];
241 $tema=htmlentities($tema); // evita xss
242 if(preg_match("/%/i", $tema)) $tema="default";// evita xss
243 $_SESSION['newtema']="$tema";
244
245 }
246if (isset($_SESSION['newtema'])) {
247 $tema=$_SESSION['newtema'];
248 if (preg_match("/%/i",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
249}
250
251//ritorno disabilita tema cellulare dal file backtoapp e dal footer lo riattiva
252if (isset($param['nocell'])){
253$nocell=$param['nocell'];
254$_SESSION['newcell']="$nocell";
255}
256if (isset($_SESSION['newcell'])) $nocell=$_SESSION['newcell'];
257
258
259
260
261$param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
262$PHP_SELF=$_SERVER['PHP_SELF'];
[402]263$file=(isset($param['file'])) ? htmlentities($param['file']):"index";
264$name=(isset($param['name'])) ? htmlentities($param['name']):"Elezioni";
265$op=(isset($param['op'])) ? htmlentities($param['op']):"gruppo";
266$id_comune=(isset($param['id_comune'])) ? intval($param['id_comune']): $siteistat;
267$op=(isset($param['id_cons_gen'])) ? intval($param['id_cons_gen']):$id_cons_pred;
[400]268
269$modpath = "modules/$name/$file.php";
270if (file_exists($modpath)) {
271 include($modpath);
272} else {
273 die ("Sorry, such file doesn't exist...:$modpath");
274}
275
276
277
278
279
280
281
282?>
Note: See TracBrowser for help on using the repository browser.