cmaffio/pannello
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix path

Browse Source
This commit is contained in:
cmaffio
2015-10-14 10:59:50 +02:00
parent a158016e78
commit 6c42d75681
53 changed files with 363 additions and 877 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
core/chkpasswd.php
View File

@@ -1,49 +1,30 @@
<?php
include_once ("config.php");
$UTENTE = login();
//isadmin();
?>
<?php include_once ("top.php"); ?>
<?php
if (isset($_GET['id'])) {
$bottone = "Modifica";
$modifica = 1;
$query = "SELECT * FROM utenti WHERE id =".$_GET['id'];
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$dato['password'] = "ahg5t!frtb5@u&^!";
} else if (isset ($_POST['id'])) {
if (isset ($_POST['id'])) {
$modifica = 2;
$id = $_POST['id'];
$utente = $_POST['utente'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$admin = $_POST['admin'];
$attivo = $_POST['attivo'];
$mail = $_POST['mail'];
if (!$admin) $admin = 0;
if (!$attivo) $attivo = 0;
if (($password1 != "ahg5t!frtb5@u&^!") && ($password1 == $password2)) {
$querypwd = "password = MD5('$password1'),";
} else {
$querypwd = "";
}
if ($id > 0) {
$testo = "L'utente e' stato correttamente modificato";
$query = "UPDATE utenti SET $querypwd admin = $admin, attivo=$attivo, modifica = NOW(), mail='$mail' WHERE `id`=$id";
} else {
$testo = "L'utente e' stato correttamente inserito";
$query = "INSERT INTO utenti SET utente = '$utente', $querypwd admin = $admin, attivo=$attivo, modifica = NOW(), creazione = NOW(), mail='$mail'";
}
$testo = "L'utente e' stato correttamente modificato";
$query = "UPDATE utenti SET $querypwd modifica = NOW(), mail='$mail' WHERE `id`=$id";
?>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr>
<td><img src="../img/spazio.gif" width="1" height="10" alt=""><td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""><td>
</tr>
<tr>
<td>
@@ -56,39 +37,40 @@ Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: <?p
</td>
</tr>
<tr>
<td><img src="../img/spazio.gif" width="1" height="5" alt=""></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td>
</tr>
<tr>
<td><input type="button" value="Ok" onclick="location.href = 'utenti.php';"></button></td>
<td><input type="button" value="Ok" onclick="location.href = '<?php print $CONF['base_url'] ?>/index.php';"></button></td>
</tr>
<tr>
<td><img src="../img/spazio.gif" width="1" height="10" alt=""></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td>
</tr>
</table>
<?php
} else {
$bottone = "Aggiungi";
$modifica = 0;
$bottone = "Modifica";
$modifica = 1;
$query = "SELECT * FROM utenti WHERE utente = '".$UTENTE['utente']."'";
$res = mysql_query( $query, $DB_ID );
$dato = mysql_fetch_array ( $res );
$dato['password'] = "ahg5t!frtb5@u&^!";
}
?>
<?php if (($modifica == 0 || $modifica == 1) && !isset($_GET['rm'])) { ?>
<script type="text/javascript" src="../jquery/jquery.js"></script>
<script type="text/javascript" src="../jquery/jquery.validate.js"></script>
<script type="text/javascript" src="../jquery/jquery.validate.password.js"></script>
<link rel="stylesheet" type="text/css" href="../jquery/jquery.validate.password.css" />
<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.js"></script>
<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.js"></script>
<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.js"></script>
<link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.css" />
<script type="text/javascript">
$(document).ready(function()
{
$("#modulo").validate( {
rules: {
utente: {
required: true,
minlength: 4
},
mail: {
required: true,
email: true,
@@ -103,10 +85,6 @@ $(document).ready(function()
}
},
messages: {
utente: {
required: "Inserire uno nome utente",
minlength: jQuery.format("Inserire almeno {0} caratteri")
},
mail: {
required: "Inserire un indirizzo e-mail valido",
},
@@ -133,42 +111,30 @@ $(document).ready(function()
});
</script>
<form action="modutenti.php" method="post" id="modulo">
<form action="chkpasswd.php" method="post" id="modulo">
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<?php if ($modifica == 1) { ?>
<input type="hidden" name="id" value="<?php print $dato['id'] ?>">
<?php } else { ?>
<input type="hidden" name="id" value="-1">
<?php } ?>
<tr>
<td><img src="../img/spazio.gif" width="30" height="1" alt=""></td>
<td class="label"><label id="lusername" for="username">Nome Utente</label></td>
<td class="field"><input id="utente" name="utente" type="text" value="<?php print $dato['utente']?>" maxlength="50" /></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
<td>Nome Utente</td>
<td><?php print $dato['utente']?></td>
<td class="status" colspan="6"></td>
</tr>
<tr><td colspan="9"><img src="../img/spazio.gif" width="1" height="5" alt=""></td></tr>
<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
<tr>
<td><img src="../img/spazio.gif" width="30" height="1" alt=""></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
<td class="label"><label id="lmail" for="mail">Indirizzo E-Mail</label></td>
<td class="field"><input id="mail" name="mail" type="text" value="<?php print $dato['mail']?>" maxlength="50" /></td>
<td class="status" colspan="6"></td>
</tr>
<tr><td colspan="9"><img src="../img/spazio.gif" width="1" height="5" alt=""></td></tr>
<tr>
<td><img src="../img/spazio.gif" width="80" height="1" alt=""></td>
<td>Attivo <input name="attivo" type="checkbox" value=1 <?php if ($dato['attivo']) { print "checked=\"checked\""; } ?>></td>
<td><img src="../img/spazio.gif" width="20" height="1" alt=""></td>
<td>Admin <input name="admin" type="checkbox" value=1 <?php if ($dato['admin']) { print "checked=\"checked\""; } ?>></td>
<td colspan="4"><img src="../img/spazio.gif" width="250" height="1" alt=""></td>
</tr>
<tr><td colspan="9"><img src="../img/spazio.gif" width="1" height="5" alt=""></td></tr>
<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
<tr>
<td class="col1" colspan="9">
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr>
<td><img src="../img/spazio.gif" width="40" height="50" alt=""></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="40" height="50" alt=""></td>
<td class="label"><label id="lpassword" for="password">Password</label></td>
<td><img src="../img/spazio.gif" width="10" height="1" alt=""></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="10" height="1" alt=""></td>
<td class="field" width="30"><input id="password1" name="password1" type="password" size="30" maxlength="32" value="<?php print $dato['password'] ?>" /></td>
<td class="status" width="400">
<div class="password-meter">
@@ -180,25 +146,25 @@ $(document).ready(function()
</td>
</tr>
<tr>
<td><img src="../img/spazio.gif" width="40" height="50" alt=""></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="40" height="50" alt=""></td>
<td class="label"><label id="lpassword_confirm" for="password_confirm">Password</label></td>
<td><img src="../img/spazio.gif" width="10" height="1" alt=""></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="10" height="1" alt=""></td>
<td class="field" width="30"><input id="password2" name="password2" type="password" size="30" maxlength="32" value="<?php print $dato['password'] ?>" /></td>
<td class="status" width="400"></td>
</tr>
<tr><td colspan="9" class="spaziov"><img src="../img/spazio.gif" width="1" alt=""></td></tr>
<tr><td colspan="9" class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" alt=""></td></tr>
</table>
</td>
</tr>
<tr><td colspan="9"><img src="../img/spazio.gif" width="1" height="5" alt=""></td></tr>
<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
<tr><td align="center" colspan="9">
<input type="submit" value="<?php print $bottone ?>">
&nbsp;&nbsp;&nbsp;
<input type="button" value="Annulla" onclick="location.href = 'utenti.php';"></button>
<input type="button" value="Annulla" onclick="location.href = '<?php print $CONF['base_url'] ?>/index.php';"></button>
</td></tr>
<tr><td colspan="9"><img src="../img/spazio.gif" width="1" height="10" alt=""></td></tr>
<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td></tr>
</table>
</form>
<?php } ?>

22
core/conf.php
View File

@@ -6,17 +6,17 @@ isadmin();
include_once ("top.php"); ?>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr><td class="spaziov" colspan=7><img src="../img/spazio.gif"></td></tr>
<tr><td class="spaziov" colspan=7><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
<tr>
<td width="50"><img src="../img/spazio.gif"></td>
<td width="50"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td width="150" class="campo">Campo</td>
<td width="20"><img src="../img/spazio.gif"></td>
<td width="20"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td width="350" class="campo">Valore</td>
<td width="20"><img src="../img/spazio.gif"></td>
<td width="20"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td width="350" class="campo">Nota</td>
<td><img src="../img/spazio.gif"></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
<tr><td class="spaziov" colspan=7><img src="../img/spazio.gif"></td></tr>
<tr><td class="spaziov" colspan=7><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
<?php
$query = "SELECT * FROM conf WHERE vis=1 ORDER BY ordine";
@@ -48,15 +48,15 @@ while ($dato = mysql_fetch_array ( $res )) {
if ($visualizza) {
?>
<tr>
<td width="50"><img src="../img/spazio.gif"></td>
<td width="50"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td width="150" class="valoretxt"><a class="menuatt" href="modconf.php?var=<?php print $dato['variabile'] ?>"><?php print $dato['variabile']?></a></td>
<td width="20" bgcolor="#f3f3f3"><img src="../img/spazio.gif"></td>
<td width="20" bgcolor="#f3f3f3"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td width="350" class="valoretxt"><?php print $riga?></td>
<td width="20" bgcolor="#f3f3f3"><img src="../img/spazio.gif"></td>
<td width="20" bgcolor="#f3f3f3"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td width="350" class="valoretxt"><?php print $dato['Commento']?></td>
<td><img src="../img/spazio.gif"></td>
<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
<tr><td class="spaziov" colspan=7><img src="../img/spazio.gif"></td></tr>
<tr><td class="spaziov" colspan=7><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
<?php }
} ?>
</table>

58
core/function.php
View File

@@ -108,11 +108,11 @@ function carica_conf () {
}
function isadmin () {
global $UTENTE;
global $UTENTE, $CONF;
if ($UTENTE['admin']) {
return;
} else {
header("location: main.php");
header("location: ".$CONF['base_url']."/index.php");
exit;
}
}
@@ -154,7 +154,7 @@ function logga ($testo, $dest="") {
// print "-- $sessione --";
$query = "INSERT INTO accessi_utenti SET utente = '$destinatario', quando = now(), ip = '$ip', cosa = '$testo', sessione = '$sessione'";
$queryuser = "UPDATE utenti SET ultimo = now() WHERE utente = '$destinatario'";
// print "-- $queryuser --";
// print "-- $query --";
$res = mysql_query( $query, $DB_ID );
$res = mysql_query( $queryuser, $DB_ID );
}
@@ -327,4 +327,56 @@ function azioni ($tabella, $idtabella, $stato) {
}
}
function lista_moduli () {
global $UTENTE, $DB_ID, $CONF;
$query = " SELECT
moduli.nome AS nome,
moduli.directory AS directory
FROM
utenti
JOIN
permessi ON utenti.id = permessi.id_utenti
JOIN
moduli ON moduli.id = permessi.id_moduli
WHERE
utenti.utente = '".$_SESSION['username']."'
";
$menu[] = array("Home", $CONF['base_url']."/core/main.php");
if ($UTENTE['admin']) {
$menu[] = array("Configurazione", $CONF['base_url']."/core/conf.php");
$query .= " OR moduli.superadmin = 1";
}
$res = mysql_query( $query, $DB_ID );
while ($dato = mysql_fetch_array ($res)) {
$menu[] = array($dato['nome'], $CONF['base_url']."/".$dato['directory']."/index.php");
}
$menu[] = array("Cambio password", $CONF['base_url']."/core/chkpasswd.php");
$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2);
$self = $pezzi[count($pezzi)-1];
?>
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr bgcolor="#d2f4df">
<?php for ($i=0; $i<count($menu);$i++) {
if ($self == $menu[$i][1]) {
$classe = "menuatt";
} else {
$classe = "menu";
}
?>
<td class="spaziol"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
<td nowrap class="<?php echo $classe?>"><a class="<?php echo $classe?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a></td>
<?php } ?>
<td class="spaziol"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td>
</tr>
</table>
<?php
}
?>

10
core/logout.php Executable file
View File

@@ -0,0 +1,10 @@
<?php
include_once ("config.php");
login();
logga ("Uscita");
session_name("AllegatiSW");
session_start();
$_SESSION['auth'] = 0;
session_destroy();
header('Location: ../index.php');
?>

7
core/main.php
View File

@@ -1,17 +1,14 @@
<?php
include_once ("config.php");
$UTENTE = login();
isadmin();
//isadmin();
?>
<?php include_once ("top.php"); ?>
<META HTTP-EQUIV="Refresh" CONTENT="30" URL="main.php">
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr><td class="spaziov" colspan="9"><img src="../img/spazio.gif"></td></tr>
<tr><td class="spaziov" colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
</table>
<img src="img/spazio.gif" width="1" height="20" alt="">

53
core/top.php
View File

@@ -4,60 +4,27 @@
<title>SpazioFirewall</title>
</head>
<body>
<link rel="stylesheet" type="text/css" href="../css/stile.css" />
<link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/css/stile.css" />
<table cellpadding="0" cellspacing="0" border="0" align="center" width="1000">
<?php if ($_SESSION['auth']) { ?>
<?php
if ($UTENTE['utente'] != '') { ?>
<tr><td>
<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr bgcolor="#FFC350">
<td nowrap class="ltop">Utente: <?php print $_SESSION['username'] ?></td>
<td width="200">&nbsp;</td>
<?php if ($_SESSION['auth']) { ?>
<td class="rtop"><a class="rtop" href="logout.php">Logout</a></td>
<?php } else {?>
<td>&nbsp;</td>
<?php } ?>
<td class="rtop"><a class="rtop" href="<?php print $CONF['base_url'] ?>/core/logout.php">Logout</a></td>
</tr>
</table>
</td></tr>
<tr><td class="spaziov" colspan=2><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
<tr><td align="center">
<?php
if ($UTENTE['admin']) {
$menu = array( array("Home", "main.php"),
array("Configurazione", "conf.php"),
array("Gestione utenti", "utenti.php"),
array("Cambio password", "chkpasswd.php"),
);
} else {
$menu = array( array("Cambio password", "chkpasswd.php"),
);
}
$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -1);
$self = $pezzi[count($pezzi)-1];
?>
<tr><td class="spaziov" colspan=2><img src="../img/spazio.gif"></td></tr>
<tr><td align="center">
<table cellpadding="0" cellspacing="0" border="0" width="90%">
<tr bgcolor="#d2f4df">
<?php for ($i=0; $i<count($menu);$i++) {
if ($self == $menu[$i][1]) {
$classe = "menuatt";
} else {
$classe = "menu";
}
?>
<td class="spaziol"><img src="../img/spazio.gif"></td>
<td nowrap class="<?php echo $classe?>"><a class="<?php echo $classe?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a></td>
<?php } ?>
<td class="spaziol"><img src="../img/spazio.gif"></td>
</tr>
</table>
<?php } else {?>
lista_moduli();
} else {?>
<tr bgcolor="#FFC350"><td>&nbsp;</td></tr>
<?php } ?>
<?php } ?>
</td></tr>
<tr><td class="spaziov" colspan=2><img src="../img/spazio.gif"></td></tr>
<tr><td class="spaziov" colspan=2><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
<tr><td align="center">