Changeset 358 for trunk/admin/admin.php

Timestamp:

Feb 22, 2022, 10:40:08 PM (3 years ago)

Author:

roby

Message:

Admin: aggiunta la funzione di gestione dello spoglio per la singola sezione tramite tema per cellulari

File:

• trunk/admin/admin.php (modified) (14 diffs)

trunk/admin/admin.php

@@ -17 +17 @@
 #$LIMITE=3; //fascia di separazione del maggioritario (15.000 abitanti)
 # tempo di sessione: ini_set('session.gc_maxlifetime','3600');
-global $multicomune;
+global $multicomune,$msglogout;
 
 // Adattamento variabili superglobal
@@ -46 +46 @@
 $param=strtolower($_SERVER['REQUEST_METHOD']) == 'get' ? $_GET : $_POST;
 if (isset($param['aid'])) $aid=addslashes($param['aid']); else $aid=''; 
-if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2=''; 
+if (isset($param['pwd'])) $pwd2=addslashes($param['pwd']); else $pwd2='';
+if(isset($param['msglogout'])) $msglogout=intval($param['msglogout']); else $msglogout=0;
+ 
 // Additional security (Union, CLike, XSS)
 
@@ -163 +165 @@
         $_SESSION['startdate']=$row['startdate'];
         $_SESSION['adminmail']=$row['adminmail'];
-        if (isset($tema) and $tema=='facebook')
-                $_SESSION['tema']=$row['tema'];
-        else $_SESSION['tema']='default';
+#       if (isset($tema) and $tema=='facebook')
+#               $_SESSION['tema']=$row['tema'];
         $_SESSION['foot']=$row['foot'];
         $_SESSION['lang']=$row['language'];
@@ -185 +186 @@
 } 
 //fine
+        if (isset($param['tema'])) $_SESSION['tema']=$param['tema'];
+        if (!isset($_SESSION['tema'])) 
+                $_SESSION['tema']='default';
+        $tema=$_SESSION['tema'];
+
 if (isset($param['aid'])) {
-        if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }       
+    if (strlen($aid)>25 ) { die ("Nome utente troppo lungo: $aid"); }   
         if (!isset($param['id_ses']) or $param['id_ses'] != session_id()) logout();
         if (strstr( $aid," ")) { die ("Gli spazi non sono ammessi nel nome utente: $aid"); }
-        if (isset($_SESSION['aid'])){
+        if (isset($_SESSION['aid'])){ 
                 logout();//se hai gia' una sessione aperta non puoi postare 'aid'
         }else{
                 
-        
-              //  $pwd2=$param['pwd'];
-                $mpwd=md5($pwd2);
-
-                // se superUserAdmin 
-########
-        $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
-        $sth->execute();        
-        $row = $sth->fetch(PDO::FETCH_ASSOC);   
-                $adminsuper=$row['adminsuper'];
-                if ($adminsuper==1) $id_comune='0'; 
-                elseif (is_numeric($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']);
-        $sth = $dbi->prepare("select counter,admlanguage from ".$prefix."_authors where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune'");
-        $sth->execute();        
-        $esiste=$sth->rowCount();       
-        
-
-                if ($esiste){ 
-                        $row = $sth->fetch(PDO::FETCH_ASSOC);
+                          //  $pwd2=$param['pwd'];
+                        $mpwd=md5($pwd2);
+
+                        // se superUserAdmin 
+        ########
+        #       $sth = $dbi->prepare("select adminsuper from ".$prefix."_authors where aid='$aid' and pwd='$mpwd'");
+        #       $sth->execute();        
+        #       $row = $sth->fetch(PDO::FETCH_ASSOC);   
+                if (isset($param['id_comune']) and intval($param['id_comune'])>0) $id_comune=intval($param['id_comune']); else $id_comune=0;;
+        #       if ($adminsuper==1) $id_comune2=0; else 
+                $id_comune2=$id_comune;
+                $sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where aid='$aid' and (id_comune='$id_comune2' or adminsuper='1')");
+                $sth->execute();        
+                $esiste=$sth->rowCount();
+        #       $adminsuper=$row['adminsuper'];
+                $row = $sth->fetch(PDO::FETCH_ASSOC);
+                if(!$esiste) {
+                        $msglogout=2;
+                        logout();
+                }else{ 
+                        if ($row['pwd']!=$mpwd) {
+                                $msglogout=3;
+                                logout();                               
+                        }elseif($row['adminop']==1) {
+                                $msglogout=1;
+                                logout();                               
+                        }                               
                         $counter=$row['counter'];
                         $tmplang=$row['admlanguage'];
-                        $counter+=1; 
                         if(strlen($tmplang)==2) $language=$tmplang;
-                        $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune'");
+                        $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune2'");
                         $sth->execute();        
-#                       $row = $sth->fetch(PDO::FETCH_ASSOC);   
-                        
+#                       $row = $sth->fetch(PDO::FETCH_ASSOC);                           
                         if ($esiste==1) {
 #                               $_SESSION['dbi']=$dbi;
@@ -239 +251 @@
 
 } 
+if(!isset($_SESSION['BASE'])) $_SESSION['BASE']=substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['REQUEST_URI'], "/")-16);
+if(!isset($language)) $language=$_SESSION['lang'];
 if (! isset($_SESSION['lang'])) $_SESSION['lang']=$language;
 $currentlang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
-if (isset($_SESSION['aid']))
+
+if (isset($_SESSION['aid'])) 
 {
 //lettura sessione
@@ -248 +263 @@
 $prefix=$_SESSION['prefix'];
 $id_comune=$_SESSION['id_comune'];
+if($id_comune==0) $rifcomune='58047'; else $rifcomune=$id_comune;
 if (isset($_GET['id_cons_gen'])) $id_cons_gen=intval($_GET['id_cons_gen']);
 else {
-                        $sth = $dbi->prepare("select id_cons_gen  from ".$prefix."_ele_cons_comune where preferita='1' and (id_comune='$id_comune' or id_comune=0)");
+                        $sql="SELECT t1.id_cons_gen FROM ".$prefix."_ele_cons_comune as t1, ".$prefix."_ele_comuni as t2 where t1.id_cons=t2.id_cons and  t2.id_comune='$id_comune'";
+                        $sth = $dbi->prepare($sql);
                         $sth->execute();        
                         $row = $sth->fetch(PDO::FETCH_BOTH);
@@ -256 +273 @@
                                 $id_cons_gen=$row[0];
                         else
-                        $id_cons_gen=0;
+                        $id_cons_gen=0; #die("TEST IN CORSO : idconsgen: $id_cons_gen -- sql:select id_cons_gen  from ".$prefix."_ele_cons_comune where preferita='1' and (id_comune='$id_comune' or id_comune=0)");
 }
 $currentlang=$_SESSION['lang'];
-$bgcolor1=$_SESSION['bgcolor1'];
+#$bgcolor1=$_SESSION['bgcolor1'];
 $bgcolor2=$_SESSION['bgcolor2'];
 $bgcolor1='#e7e7e7';
@@ -265 +282 @@
 
 $perms=ChiSei($id_cons_gen);
+if($perms==0) logout();
 }
 
@@ -272 +290 @@
 /*********************************************************/
 function ChiSei($id_cons_gen){
-global $dbi;
+global $dbi, $msglogout;
 
 $aid=$_SESSION['aid'];
@@ -290 +308 @@
 $adminop=$row[2]; 
 
-if (($adminsuper==1 || $admincomune==1 || $adminop==1)) {
+#if (($adminsuper==1 || $admincomune==1 || $adminop==1)) {
         if ($adminsuper==1)
                 return 256;
-        elseif ($adminop==1){
-                $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
-        }elseif ($admincomune==1) {
+        elseif ($admincomune==1){
+                return 64;
+#               $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='0' and aid='$aid' and id_comune='$id_comune'");
+        }else{
                 $sth = $dbi->prepare("select id_cons from ".$prefix."_ele_cons_comune where id_comune='$id_comune' and id_cons_gen='$id_cons_gen'");
-                        $sth->execute();        
-                        $row = $sth->fetch(PDO::FETCH_BOTH);    
-
-                        $id_cons=$row[0];
+                $sth->execute();        
+                $row = $sth->fetch(PDO::FETCH_BOTH);    
+                $id_cons=$row[0];
                 $sth = $dbi->prepare("select permessi from ".$prefix."_ele_operatori where id_cons='$id_cons' and aid='$aid' and id_comune='$id_comune'");
-        }
-                                
-                        $sth->execute();        
-                        $row = $sth->fetch(PDO::FETCH_BOTH);    
-
-        if ($sth->rowCount()==1) $perms=$row[0]; else $perms=0;
+        }       
+        $sth->execute();        
+        $row = $sth->fetch(PDO::FETCH_BOTH);
+                if($row[0]==0) $msglogout=1;
+        if ($sth->rowCount()==1) $perms=$row[0]; else { $msglogout=1; $perms=0; }
         return $perms;
-} else return 0;
+#} else return 0;
 }
 
@@ -321 +338 @@
 
 function login() {
-    global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema;
-    $lang=strlen($_SESSION['lang'])==2 ? $_SESSION['lang']: $language;
+    global $param,$prefix,$dbi,$multicomune,$siteistat,$language,$tema, $id_cons_gen, $perms, $msglogout;
     if (isset($param['id_comune'])) $id_comune=intval($param['id_comune']);
     if (!isset($id_comune)) $id_comune=0;
-    session_regenerate_id();
+        if(isset($_SESSION['aid'])){
+                session_regenerate_id();
+        }
+        $lang=(isset($_SESSION['lang']) and strlen($_SESSION['lang'])==2) ? $_SESSION['lang']: $language;
     $id_ses=session_id();
-#die("test:$tema");
+
     //include("modules/Elezioni/language/lang-$lang.php");
+        if($multicomune==''){
+                $sth = $dbi->prepare("select multicomune from ".$prefix."_config");
+                $sth->execute();
+                list($multicomune) = $sth->fetch(PDO::FETCH_NUM);       
+        }
     include ("header.php");
     echo "<div align=\"middle\"><font class=\"title\"><b>"._GESTIONE."</b></font></center>";
-    echo "<br>";  # method=\"post\"
-    echo "<form name=\"login\" method=\"post\" action=\"admin.php\">"
+    echo "<br>";  # method=\"post\" 
+        if ($msglogout==1) echo "<h1 style=\"color:red;\">Utente non autorizzato</h1><br>";
+        elseif ($msglogout==2) echo "<h1 style=\"color:red;\">Nome Utente non presente in archivio</h1><br>";
+        elseif ($msglogout==3) echo "<h1 style=\"color:red;\">Password Errata</h1><br>";
+    echo "<form name=\"login\" data-ajax=\"false\" method=\"post\" action=\"admin.php\">"
         ."<table class=\"table-menu\">"
         ."<tr><td>"._ADMINID."</td>"
@@ -377 +404 @@
         Header("Location: admin.php?id_comune=$id_comune&language=$lang");
 */
-global $siteistat; 
+global $siteistat,$perms,$msglogout; 
 
 $ref="Location: admin.php?"; 
+#$ref="Location: https://www.eleonline.it/adminmob/admin.php?"; 
 if (isset($_SESSION['id_comune'])) 
 $id_comune=$_SESSION['id_comune']; 
@@ -388 +416 @@
 if (isset($_SESSION['lang'])) 
 $ref=$ref."&language=".$_SESSION['lang']; 
-
+$ref.="&msglogout=$msglogout";
 $_SESSION=array();  
 session_unset(); 
@@ -396 +424 @@
 
 }
-
-
+#include("TEST tema: $tema--");
+#include("modules/Elezioni/language/lang-".$_SESSION['lang'].".php");
+if(isset($id_cons_gen) and isset($id_comune)){
+        if(!isset($id_cons)){
+#               $sql = "SELECT t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
+                $sql = "SELECT id_cons from ".$prefix."_ele_comuni where id_comune='$id_comune'";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();        
+                if ($sth->rowCount()) list($id_cons) = $sth->fetch(PDO::FETCH_NUM);
+                $_SESSION['id_cons']=$id_cons;
+        } 
+        if(isset($id_cons)) {
+                $sql="SELECT id_sez FROM ".$prefix."_ele_operatori where id_cons=$id_cons and aid='$aid' and id_comune=$id_comune";
+                $resmod = $dbi->prepare("$sql");
+                $resmod->execute();                             
+                list($id_sez) = $resmod->fetch(PDO::FETCH_NUM);
+                if($id_sez) $tema='Futura2';#die( "TEST id_cons:$id_cons:");
+                $_SESSION['tema']=$tema;
+        }
+}
 #echo "op:".$param['op']." -- aid:".$_SESSION['aid']."remote:".$_SESSION['remote']."REMOTE:".$_SERVER['REMOTE_ADDR'];
 if (isset($param['op'])) $op=addslashes($param['op']); else $op='ele';
 //if (isset($param['op'])) $op=$param['op']; else $op='ele';
+#die( "OP: $op");
 if (isset($_SESSION['aid']) AND $_SESSION['remote']==$_SERVER['REMOTE_ADDR']) {
+        if($tema=='Futura2' and $op!='logout') 
+        {
+                include("temi/$tema/index.php"); 
+                testata();
+        }else
 switch($op) {
     case "tipo":