Changeset 255 for trunk/admin

Timestamp:

Mar 20, 2018, 11:19:10 PM (7 years ago)

Author:

roby

Message:

 

Location:

trunk/admin

Files:

• admin.php (modified) (14 diffs)
• modules/Elezioni/ele.php (modified) (7 diffs)
• modules/Elezioni/ele_affluenze.php (modified) (9 diffs)
• modules/Elezioni/ele_configurazione.php (modified) (1 diff)
• modules/Elezioni/ele_consultazioni.php (modified) (10 diffs)

trunk/admin/admin.php

@@ -21 +21 @@
 // Versione di php
 $phpver = phpversion();
-
+global $dbi;
 // converte superglobal se php e' < 4.1.0
 
@@ -115 +115 @@
 //===================================================================
 session_name('sesadmin');
-session_start();//MODIFICHE PER GESTIONE SESSIONI
+#session_start();//MODIFICHE PER GESTIONE SESSIONI
   // gestione sessione
+$a = session_id();
+if(empty($a)) session_start();
+#echo "SID: ".SID."<br>session_id(): ".session_id()."<br>COOKIE: ".$_COOKIE["PHPSESSID"];
 
 if (file_exists("config.php")){ 
@@ -123 +126 @@
         $install="1";
 }
-
 
 # verifica se effettuata la configurazione
@@ -151 +153 @@
         $sth = $dbi->prepare("select * from ".$prefix."_config");
         $sth->execute();
-        
-        $row = $sth->fetch(PDO::FETCH_ASSOC);   
+        $row = $sth->fetch(PDO::FETCH_ASSOC);
+        #$row = $sth->fetchAll();       
         $siteistat=$row['siteistat'];
 if (!isset($_SESSION['id_comune'])){
@@ -168 +170 @@
         $_SESSION['blocco']=$row['blocco'];
         $_SESSION['testata']=$row['testata'];
-        $_SESSION['logo']=$row['logo'];
+#       $_SESSION['logo']=$row['logo'];
         $_SESSION['fileout']=$row['fileout'];
         $_SESSION['copyright']=$row['copyright'];
@@ -174 +176 @@
         $_SESSION['patch']=$row['patch'];
         $_SESSION['id_comune']=$row['siteistat'];
-        $_SESSION['multicomune']=$multicomune;
-        $_SESSION['flash']=$flash;
-        $_SESSION['displayerrors']=$displayerrors;
-        $_SESSION['editor']=$editor;
-        $_SESSION['tema_on']=$tema_on;
-        $_SESSION['ed_user']=$ed_user;
+        $_SESSION['multicomune']=$row['multicomune'];
+        $_SESSION['flash']=$row['flash'];
+        $_SESSION['displayerrors']=$row['displayerrors'];
+        $_SESSION['editor']=$row['editor'];
+        $_SESSION['tema_on']=$row['tema_on'];
+        $_SESSION['ed_user']=$row['ed_user'];
 } 
 //fine
@@ -214 +216 @@
                         $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune'");
                         $sth->execute();        
-                        $row = $sth->fetch(PDO::FETCH_ASSOC);   
+#                       $row = $sth->fetch(PDO::FETCH_ASSOC);   
                         
                         if ($esiste==1) {
-                                $_SESSION['dbi']=$dbi;
+#                               $_SESSION['dbi']=$dbi;
                                 $_SESSION['aid']="$aid";
                                 $_SESSION['pwd']="$mpwd";
@@ -231 +233 @@
         }
 }else{
-$_SESSION['dbi']=$dbi;
-
-}
+#$_SESSION['dbi']=$dbi;
+
+} 
 if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
 $currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
@@ -240 +242 @@
 //lettura sessione
 $aid=$_SESSION['aid'];
-$dbi=$_SESSION['dbi'];
+#$dbi=$_SESSION['dbi'];
 $prefix=$_SESSION['prefix'];
 $id_comune=$_SESSION['id_comune'];
@@ -247 +249 @@
                         $sth = $dbi->prepare("select id_cons_gen  from ".$prefix."_ele_cons_comune where preferita='1' and (id_comune='$id_comune' or id_comune=0)");
                         $sth->execute();        
-                        $row = $sth->fetch(PDO::FETCH_ASSOC);   
-$id_cons_gen=$row[1];
+                        $row = $sth->fetch(PDO::FETCH_BOTH);    
+$id_cons_gen=$row[0];
 }
 $currentlang=$_SESSION['lang'];
@@ -264 +266 @@
 /*********************************************************/
 function ChiSei($id_cons_gen){
-
+global $dbi;
 
 $aid=$_SESSION['aid'];
-$dbi=$_SESSION['dbi'];
+#$dbi=$_SESSION['dbi'];
 $prefix=$_SESSION['prefix'];
 $pwd=$_SESSION['pwd'];
@@ -334 +336 @@
         if($multicomune=='1'){
                 echo ""._COMUNE."</td><td>";
-                $sqlcomu="select id_comune,descrizione from ".$prefix."_ele_comuni order by descrizione asc";
-                $rescomu= mysql_query("$sqlcomu",$dbi);
-        
+                $row=elenco_comuni();
                 echo "<select name=\"id_comune\">";
-                while (list($id,$descrizione)=mysql_fetch_row($rescomu))
-                {
+                foreach($row as $comuni)
+                {$id=$comuni[0];$descrizione=$comuni[1];
                         $sel=($id == $id_comune) ? "selected":"";
                         echo "<option value=\"$id\" $sel>$descrizione";
@@ -388 +388 @@
 }
 
+
+#echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
 if (isset($param['op'])) get_magic_quotes_gpc() ? $op=$param['op']:$op=addslashes($param['op']); else $op='ele';
 //if (isset($param['op'])) $op=$param['op']; else $op='ele';
@@ -565 +567 @@
 }
 
-
 ?>

trunk/admin/modules/Elezioni/ele.php

@@ -21 +21 @@
     }
 }
-
+global $dbi;
 $aid=$_SESSION['aid'];
-$dbi=$_SESSION['dbi'];
+#$dbi=$_SESSION['dbi'];
 $id_comune=$_SESSION['id_comune'];
 $prefix=$_SESSION['prefix'];
@@ -42 +42 @@
         }       
 }
-
-if ($id_cons_gen) {
-        if ($id_comune and $perms<256)
-                $sql = "SELECT t1.tipo_cons,t1.descrizione,t2.id_cons_gen FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen'";
-        else
-                $sql = "SELECT t1.tipo_cons,t1.descrizione,t1.id_cons_gen FROM ".$prefix."_ele_consultazione as t1 where  t1.id_cons_gen='$id_cons_gen'";
-}else{
-        if($perms>128)
-                $sql = "SELECT tipo_cons,descrizione,id_cons_gen FROM ".$prefix."_ele_consultazione order by data_fine desc limit 0,1 ";
-        else
-                $sql = "SELECT t1.tipo_cons,t1.descrizione,t2.id_cons_gen FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2, ".$prefix."_ele_operatori as t3 where t3.id_comune=$id_comune and t3.id_comune=t2.id_comune and t1.id_cons_gen=t2.id_cons_gen and t2.chiusa='0' and (t3.id_cons=t2.id_cons or t3.id_cons=0) and t3.permessi>0 and t3.aid='$aid' order by t1.data_fine desc limit 0,1 ";
-}
-
-        $res = mysql_query("$sql",$dbi);
-        $espandi=0;
-        if (mysql_num_rows($res))
-                list($tipo_cons,$descr_cons,$id_cons_gen) = mysql_fetch_row($res);
-        $res = mysql_query("SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'" , $dbi);
-        if (mysql_num_rows($res)) list($id_cons) = mysql_fetch_row($res);
-        else    $espandi=1;
-        if(!isset($tipo_cons))$tipo_cons=0;
-        $res = mysql_query("SELECT genere,voto_g,voto_l,voto_c,circo FROM ".$prefix."_ele_tipo where tipo_cons='$tipo_cons' and lingua='$currentlang'" , $dbi);
-        list($genere,$votog,$votol,$votoc,$conscirc) = mysql_fetch_row($res);
+include_once("modules/Elezioni/query.sql");
+
+$row=setconsultazione(); $tipo_cons=$row[0]; $descr_cons=$row[1];$id_cons_gen=$row[2];
+$row=tipocons(); $genere=$row[0];$votog=$row[1];$votol=$row[2];$votoc=$row[3];$conscirc=$row[4];
+
 if (!$perms) $perms=ChiSei($id_cons_gen);
         //include("modules/Elezioni/language/lang-$currentlang.php");
@@ -70 +52 @@
         //        ELE
         //**************************************************************************
-        if(!isset($id_cons))$id_cons=0;
-
-        $res = mysql_query("SELECT t1.limite FROM ".$prefix."_ele_conf as t1 left join ".$prefix."_ele_cons_comune as t2 on t1.id_conf=t2.id_conf where t2.id_cons='$id_cons'" , $dbi);
-        list($limite) = mysql_fetch_row($res);
+
 
 function ele() {
@@ -84 +63 @@
         $bullet_red="<img src=\"temi/$tema/images/bullet_red.gif\" alt =\" \" align=\"left\" border=\"0\">";
         $bgcolor1='#e7e7e7';
-        $sqlcomu="select descrizione from ".$prefix."_ele_comuni where id_comune='$id_comune'";
-        $res = mysql_query($sqlcomu);
-        list($descr_comu)=mysql_fetch_row($res);
+        $row=descr_comune();$descr_comu=$row['descrizione'];
+#       $sqlcomu="select descrizione from ".$prefix."_ele_comuni where id_comune='$id_comune'";
+#       $res = mysql_query($sqlcomu);
+#       list($descr_comu)=mysql_fetch_row($res);
         $sqlcomu="select fascia from ".$prefix."_ele_cons_comune where id_cons='$id_cons'";
         $res = mysql_query($sqlcomu);
@@ -104 +84 @@
         echo "<input type=\"hidden\" name=\"pag_cons\" value=\"admin.php?id_cons_gen=\">";
         echo "<input type=\"hidden\" name=\"op\" value=\"ele\">";
-        
-        if ($perms<128) { 
-                $res = mysql_query("select t3.id_cons, t2.descrizione,t4.genere, t2.id_cons_gen, t3.chiusa from ".$prefix."_ele_operatori as t1, ".$prefix."_ele_consultazione as t2, ".$prefix."_ele_cons_comune as t3, ".$prefix."_ele_tipo as t4 where t4.lingua='$currentlang' and t2.tipo_cons=t4.tipo_cons and t1.aid='$aid' and t3.id_cons_gen=t2.id_cons_gen and (t1.id_cons=t3.id_cons or t1.permessi=64) and t1.id_comune=t3.id_comune and t1.id_comune=$id_comune and t3.chiusa='0' order by t2.data_inizio desc", $dbi);
-        }else{
-                $res = mysql_query("SELECT '', t1.descrizione,t2.genere, t1.id_cons_gen,'' FROM ".$prefix."_ele_consultazione as t1,".$prefix."_ele_tipo as t2 where t2.lingua='$currentlang' and t1.tipo_cons=t2.tipo_cons order by t1.data_inizio desc", $dbi);
-                $sqlcomu="select id_comune,descrizione from ".$prefix."_ele_comuni order by descrizione asc";
-        }
+###########################
+$row=elenco_cons();     
+
+
+##################################
         echo "<font size=-1><b>"._SCELTA_CONS.":</b> </font><select name=\"id_cons_gen\" onChange=\"top.location.href=this.form.pag_cons.value+this.form.id_cons_gen.options[this.form.id_cons_gen.selectedIndex].value;return false\">";
-        while(list($id,$descrizione,$gen2,$idgen,$chiusa) = mysql_fetch_row($res)) { 
+
+        foreach ($row as $riga)
+        {
+        $id=$riga[0];$descrizione=$riga[1];$gen2=$riga[2];$idgen=$riga[3];$chiusa=$riga[4];
+#       while(list() = mysql_fetch_row($res)) { 
                 if (($chiusa==0) OR ($perms>32)) {
                         if (($idgen==$id_cons_gen or !$id_cons_gen)) {
@@ -143 +125 @@
         if ($perms==256) // il superuser puo' scegliere il comune su cui lavorare
         {
-                $rescomu= mysql_query("$sqlcomu",$dbi);
+                $row=elenco_comuni();
                 echo "<select name=\"id_comune\" onChange=\"top.location.href=this.form.pag_cons.value+$id_cons_gen+'&amp;id_comune='+this.form.id_comune.options[this.form.id_comune.selectedIndex].value;return false\"><option value=\"\">";
-                while (list($id,$descrizione)=mysql_fetch_row($rescomu))
+                foreach($row as $riga)
                 {
+                $id=$riga[0];$descrizione=$riga[1];
                 $sel=($id == $id_comune) ? "selected":"";
                 echo "<option value=\"$id\" $sel>$descrizione";
@@ -292 +275 @@
 
         //echo "<hr /><a href=\"../client/modules.php\" target=\"_blank\">$bullet Guarda il sito</a><br /><hr />";
-        echo "<a href=\"admin.php?op=logout\">$bullet "._ESCI."</a>";
+        echo "<a href=\"admin.php?op=logout\">$bullet "._ESCI.$_SESSION['aid']."</a>";
         echo "</td></tr></table>";
         // continua la tabella su ele.voti con le sezioni

trunk/admin/modules/Elezioni/ele_affluenze.php

@@ -15 +15 @@
 }
 
+global $dbi;
 $aid=$_SESSION['aid'];
-$dbi=$_SESSION['dbi'];
+#$dbi=$_SESSION['dbi'];
 $prefix=$_SESSION['prefix'];
 $currentlang=$_SESSION['lang'];
@@ -22 +23 @@
 $perms=ChiSei(0);
 if ($perms<256 or !$id_cons_gen) die("Non hai i permessi per inserire dati, o non hai scelto la consultazione!");
-$res = mysql_query("SELECT t1.tipo_cons,t2.genere,t1.descrizione FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_tipo as t2 where t1.tipo_cons=t2.tipo_cons and t1.id_cons_gen='$id_cons_gen' " , $dbi);
-list($tipo_cons,$genere,$descr_cons) = mysql_fetch_row($res);
+
+#include_once("modules/Elezioni/query.sql");
+include("modules/Elezioni/funzionidata.php");
+include("modules/Elezioni/ele.php");
+$row=descr_cons();$tipo_cons=$row[0];$genere=$row[1];$descr_cons=$row[2];
+
 if (isset($_GET['min'])) $min=intval($_GET['min']); else $min=0;
 if (isset($_GET['do'])) get_magic_quotes_gpc() ? $do=$param['do']:$do=addslashes($param['do']); else $do='';
@@ -36 +41 @@
 if (isset($_GET['help'])) $help=intval($_GET['help']);
 
-include("modules/Elezioni/funzionidata.php");
-include("modules/Elezioni/ele.php");
 $offset=15;
 $hiddenInfo = "<input type=\"hidden\" name=\"min\" value=\"$min\">";
@@ -58 +61 @@
 #               echo "<td bgcolor=\"$bgcolor1\">&nbsp;</td>";
                 echo "<td bgcolor=\"$bgcolor1\">&nbsp;</td></tr>";
-                $res = mysql_query("SELECT * FROM ".$prefix."_ele_rilaff where id_cons_gen=$id_cons_gen order by data,orario", $dbi);
-                $max = mysql_num_rows($res);
-
+                $row=getaffluenze();
+                $max = count($row);
                 echo "<form name=\"rilaff\" action=\"admin.php\">"
                         ."<input type=\"hidden\" name=\"op\" value=\"rec_add_aff\">"
@@ -69 +71 @@
                 echo "<select name= \"mv\" ><option value=\"00\" selected>00</option>"; minuti();
                 echo "</td><td>";
-                $aff = mysql_query("SELECT data_inizio,data_fine FROM ".$prefix."_ele_consultazione where id_cons_gen='$id_cons_gen'", $dbi);
-                list($data,$fine) = mysql_fetch_row($aff);
+                $aff = daticonsultazione();
+                $data=$aff['data_inizio'];$fine=$aff['data_fine'];
                 list ($anno,$mese,$giorno)=explode('-',$data);
                 list ($annof,$mesef,$giornof)=explode('-',$fine);
@@ -84 +86 @@
                 if ($max != "0") {
                         $i=1;
-                        while(list($id_cons2,$orario,$data) = mysql_fetch_row($res)){
+                        foreach($row as $aff) 
+                                {
+                                $id_cons2=$aff[0];
+                                $orario=$aff[1];
+                                $data=$aff[2];
                                 // esplode la data
                                 $bgcolor1=($bgcolor1==$_SESSION['bgcolor1'])?$_SESSION['bgcolor2']:$_SESSION['bgcolor1'];
@@ -108 +114 @@
                                         ."</tr>";
                         }
-                }
+                } 
                 echo "</table>";
         }
@@ -119 +125 @@
                 $data="$av-$msv-$gv";
                 $orario="$ov:$mv:00";
-                $confr = mysql_query("SELECT data_inizio, data_fine FROM ".$prefix."_ele_consultazione WHERE id_cons_gen ='$id_cons_gen'", $dbi);
-list($dadata, $adata) = mysql_fetch_row($confr);
+                $row = daticonsultazione();
+#               mysql_query("SELECT data_inizio, data_fine FROM ".$prefix."_ele_consultazione WHERE id_cons_gen ='$id_cons_gen'", $dbi);
+$dadata=$row['data_inizio']; $adata=$row['data_fine'];
 $dadata=strtotime($dadata);
 $adata=strtotime($adata);
 $cdata=strtotime($data);
                 // verifica se data e ora esiste e fa l'upgrade
-                $res = mysql_query("select * from ".$prefix."_ele_rilaff where id_cons_gen='$id_cons_gen' and data='$data' and orario='$orario'", $dbi);
-                $tipo= mysql_num_rows($res); 
+                $sql = "select * from ".$prefix."_ele_rilaff where id_cons_gen='$id_cons_gen' and data='$data' and orario='$orario'";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();        
+                $row = $sth->fetchAll();
+                $tipo= $sth->rowCount(); 
                 if(($tipo==0) and ($dadata <= $cdata) and ($adata >= $cdata)){
                         if(checkdate(intval($msv),intval($gv),intval($av))){
-                        $result = mysql_query("insert into ".$prefix."_ele_rilaff values ('$id_cons_gen','$orario','$data')", $dbi)|| die("Impossibile inserire i dati! ".mysql_error());
+                        $sql="insert into ".$prefix."_ele_rilaff values ('$id_cons_gen','$orario','$data')";
+                        $sth = $dbi->prepare("$sql");
+                        $sth->execute();        
                         }
                         Header("Location: admin.php?op=rec_add_aff&id_cons_gen=$id_cons_gen");
@@ -142 +154 @@
                                 die();
                         }else{
-                                $res = mysql_query("select id_cons from ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen'", $dbi);
-                                while (list($id_cons2) = mysql_fetch_row($res))
-                                        mysql_query("delete from ".$prefix."_ele_voti_parziale where id_cons='$id_cons2' and data='$data' and orario='$orario'", $dbi)|| die("Impossibile cancellare i dati! ".mysql_error());
-                                mysql_query("delete from ".$prefix."_ele_rilaff where id_cons_gen='$id_cons_gen' and data='$data' and orario='$orario'", $dbi)|| die("Impossibile cancellare i dati! ".mysql_error());
+                                $sql = "select id_cons from ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen'";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();        
+                                $row2 = $sth->fetchAll();
+                                foreach($row2 as $id_cons2) {
+                                        $sql = "delete from ".$prefix."_ele_voti_parziale where id_cons='$id_cons2' and data='$data' and orario='$orario'";
+                                        $sth = $dbi->prepare("$sql");
+                                        $sth->execute();        
+                                }
+                                $sql = "delete from ".$prefix."_ele_rilaff where id_cons_gen='$id_cons_gen' and data='$data' and orario='$orario'";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();        
                                 Header("Location: admin.php?op=rec_add_aff&id_cons_gen=$id_cons_gen&contr=$data");
                         }

trunk/admin/modules/Elezioni/ele_configurazione.php

@@ -26 +26 @@
 
 $id_comune=$_SESSION['id_comune'];
-$res = mysql_query("SELECT t1.tipo_cons,t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune' " , $dbi);
-list($tipo_cons,$id_cons) = mysql_fetch_row($res);
+$row=cur_cons();
+$tipo_cons=$row[0];$id_cons=$row[1];
 
 include("modules/Elezioni/funzionidata.php");

trunk/admin/modules/Elezioni/ele_consultazioni.php

@@ -12 +12 @@
     die ("You can't access this file directly...");
 }
-
+global $dbi;
 $aid=$_SESSION['aid'];
-$dbi=$_SESSION['dbi'];
 $prefix=$_SESSION['prefix'];
 $param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
@@ -20 +19 @@
 //if ($perms<128 or !$id_cons_gen) die("Non hai i permessi per inserire dati, o non hai scelto la consultazione!");
 if ($perms!=256) die("Non hai i permessi per inserire dati, o non hai scelto la consultazione!");
-if (isset($param['id_cons_gen'])){
-         $id_cons_gen=intval($param['id_cons_gen']);
-$res = mysql_query("SELECT tipo_cons FROM ".$prefix."_ele_consultazione where id_cons_gen=$id_cons_gen " , $dbi);
-list($tipo_cons) = mysql_fetch_row($res);
-} else {
-$id_cons_gen=0;
-$tipo_cons=0;
-}
+
 if (isset($param['min'])) $min=intval($param['min']); else $min=0;
 if (isset($param['ok'])) $ok=intval($param['ok']); else $ok=0;
@@ -62 +54 @@
       $offset=10;
       if (!isset($min)) $min=0;
-
+if (isset($param['id_cons_gen'])){
+         $id_cons_gen=intval($param['id_cons_gen']);
+$row=descr_cons();
+$tipo_cons=$row[0];      
+#$res = mysql_query("SELECT tipo_cons FROM ".$prefix."_ele_consultazione where id_cons_gen=$id_cons_gen " , $dbi);
+#list($tipo_cons) = mysql_fetch_row($res);
+} else {
+$id_cons_gen=0;
+$tipo_cons=0;
+}
 /******************************************************/
 /*Funzione di visualizzazione globale                 */
@@ -88 +89 @@
 
         if ($do == "modify") {
-                $res = mysql_query("SELECT * FROM ".$prefix."_ele_consultazione where id_cons_gen='$id_cons_gen'", $dbi);
-                $pro= mysql_fetch_array($res, 3);
-$res_tipo = mysql_query("SELECT * FROM ".$prefix."_ele_tipo where tipo_cons='".$pro['tipo_cons']."' and lingua='$language'", $dbi);
-$tip=mysql_fetch_array($res_tipo, 3);
-
+                $pro = daticonsultazione();
+                $tip = datitipo($pro['tipo_cons'],$language);
                 list($dia1,$dim1,$dig1) = explode("-",$pro['data_inizio']=="0000-00-00" ? "    -  -  ": $pro['data_inizio']) ;
                 list($dfa1,$dfm1,$dfg1) = explode("-",$pro['data_fine']=="0000-00-00" ? "    -  -  ": $pro['data_fine']) ;
@@ -131 +129 @@
                 echo "<option value=\"$dfa1\" selected>$dfa1</option>"; anno();
                 echo "</td></tr><tr>";
-                $resdel = mysql_query("SELECT * FROM ".$prefix."_ele_cons_comune where id_cons_gen='$id_cons_gen'", $dbi);
-                if(mysql_num_rows($resdel)==0)
+                $resdel = daticonscom();
+                if(count($resdel)==0)
                         echo "<td><fieldset><legend>"._SPUNTALABEL1."</legend><label id=\"prov\">"._VIASPUNTAELIMINA." <input type=\"checkbox\" id=\"pwd3\"name=\"pwd3\" value=\"\" onclick=\"del_cons()\"></label></fieldset></td>";
                 else echo "<td></td>";
@@ -145 +143 @@
                 ._ADD." "._CONSULTA."<br><br>";
                 echo _DEFCONS.":</h6><br><table width=\"100%\">";
-
-                $res=mysql_query("SELECT * FROM ".$prefix."_ele_tipo where lingua='$language'", $dbi);
+                $row = elenco_tipi();
                 echo "<tr><td><b>"._TIPO." :</b></td><td>";
                 echo "<select name=\"tipocons\" >";
-                while(list($idtipo,$destipo)= mysql_fetch_row($res)){
+                foreach($row as $res){
+                        $idtipo=$res['tipo_cons'];$destipo=$res['descrizione'];
                         if ($idtipo == $tipo_cons) {
                                 $sel = "selected";
@@ -180 +178 @@
         ."<td bgcolor=\"$bgcolor1\" align=\"center\"><b>"._DATAFINE."</b></td>"
         ."<td bgcolor=\"$bgcolor1\" align=\"center\"><b>"._FUNZIONI."</b></td></tr>";
-        $res = mysql_query("SELECT * FROM ".$prefix."_ele_consultazione  " , $dbi);
-        $max = mysql_num_rows($res);
-        $result = mysql_query("select * from ".$prefix."_ele_consultazione   ORDER BY data_fine desc  LIMIT $min,$offset", $dbi);
-        while(list($id, $descr_cons, $data_inizio, $data_fine,$tipo) = mysql_fetch_row($result)) {
+        $res = elenco_consultazioni();
+        $max = count($res);
+        $sql="select * from ".$prefix."_ele_consultazione ORDER BY data_fine desc LIMIT $min,$offset";
+        $sth = $dbi->prepare("$sql"); 
+        $sth->execute();        
+        $row = $sth->fetchAll();
+        foreach($row as $res) {
+                $id=$res['id_cons_gen']; $descr_cons=$res['descrizione']; $data_inizio=$res['data_inizio']; $data_fine=$res['data_fine'];$tipo=$res['tipo_cons'];
                 $data_inizio=form_data($data_inizio);$data_fine=form_data($data_fine);
                 $bgcolor1=($bgcolor1==$_SESSION['bgcolor1'])?$_SESSION['bgcolor2']:$_SESSION['bgcolor1'];
@@ -222 +224 @@
 if ($perms>=128) {
                 if ($do == "delete") { 
-                                $result = mysql_query("delete from ".$prefix."_ele_rilaff where id_cons_gen='$id_cons_gen'", $dbi);
-                                if (!$result) return;
-                                $result = mysql_query("delete from ".$prefix."_ele_consultazione where id_cons_gen='$id_cons_gen'", $dbi);
-                                if (!$result) return;
+                                $sql="delete from ".$prefix."_ele_rilaff where id_cons_gen='$id_cons_gen'";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();        
+                                $sql="delete from ".$prefix."_ele_consultazione where id_cons_gen='$id_cons_gen'";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();        
                                 Header("Location: admin.php?op=consultazione");
                 }
@@ -246 +250 @@
                                 $data_fine="$dfa-$dfm-$dfg";
                                 $id_consulta=$id_cons_gen;
-                                $result = mysql_query("insert into ".$prefix."_ele_consultazione (descrizione,data_inizio,data_fine,tipo_cons) values ('$descr_cons2','$data_inizio','$data_fine','$tipocons')", $dbi) || die("Errore di inserimento: ".mysql_error());
-/*                              $y=$result;
-                                $res=mysql_query("select id_cons_gen from ".$prefix."_ele_consultazione where descrizione='$descr_cons2'
-                                and data_inizio='$data_inizio' and data_fine='$data_fine' and tipo_cons='$tipocons'", $dbi);
-                                list($idc)=mysql_fetch_row($res);
-                                mkdir("images/consultazioni/$idc",0750);
-                                copy("images/consultazioni/nulla.jpg","images/consultazioni/$idc/nulla.jpg");*/
+                                $sql="insert into ".$prefix."_ele_consultazione (descrizione,data_inizio,data_fine,tipo_cons) values ('$descr_cons2','$data_inizio','$data_fine','$tipocons')";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();        
+
                         } else {
                         OpenTable();
@@ -262 +263 @@
                         $data_inizio="$dia-$dim-$dig";
                         $data_fine="$dfa-$dfm-$dfg";
-                        $result = mysql_query("update  ".$prefix."_ele_consultazione set  descrizione='$descr_cons2',data_inizio='$data_inizio',
-                        data_fine='$data_fine' WHERE id_cons_gen='$id_cons_gen'", $dbi);
+                        $sql="update  ".$prefix."_ele_consultazione set  descrizione='$descr_cons2',data_inizio='$data_inizio',data_fine='$data_fine' WHERE id_cons_gen='$id_cons_gen'";
+                        $sth = $dbi->prepare("$sql");
+                        $sth->execute();        
                         if (!$result) return;
                         Header("Location: admin.php?op=consultazione&id_cons_gen=$id_cons_gen");