From 6d7923c5d54c0781df2bc15100a15f98fbc92697 Mon Sep 17 00:00:00 2001
From: cmaffio <cmaffioletti@esseweb.eu>
Date: Mon, 16 May 2016 15:50:57 +0200
Subject: [PATCH] inserita gestione cambio password utenti proxy

---
 core/function.php             |   2 +-
 core/logout.php               |   2 +-
 proxy/ext/chkpasswd_proxy.php | 153 ++++++++++++++++++++++++++++++++++
 proxy/ext/footer_proxy.php    |  17 ++++
 proxy/ext/function_proxy.php  | 143 +++++++++++++++++++++++++++++++
 proxy/ext/logout_proxy.php    |  10 +++
 proxy/ext/main.php            |  15 ++++
 proxy/ext/top_proxy.php       |  30 +++++++
 proxy/ext/userlogin.php       |  23 +++++
 9 files changed, 393 insertions(+), 2 deletions(-)
 create mode 100755 proxy/ext/chkpasswd_proxy.php
 create mode 100644 proxy/ext/footer_proxy.php
 create mode 100644 proxy/ext/function_proxy.php
 create mode 100644 proxy/ext/logout_proxy.php
 create mode 100644 proxy/ext/main.php
 create mode 100644 proxy/ext/top_proxy.php
 create mode 100644 proxy/ext/userlogin.php
diff --git a/core/function.php b/core/function.php
index e79f841..152b488 100755
--- a/core/function.php
+++ b/core/function.php
@@ -49,7 +49,7 @@ function db_data_connect () {
 
 function login () {
 	global $_SESSION, $_POST, $POP3_Server, $DB_ID, $CONF;
-	session_name("FirewallSW");
+	session_name("SWP");
 	session_start();
 	if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) {
 		if(!db_login ($_SESSION['username'], $_SESSION['passwd'])) {
diff --git a/core/logout.php b/core/logout.php
index 5abf62c..7226380 100755
--- a/core/logout.php
+++ b/core/logout.php
@@ -2,7 +2,7 @@
 include_once ("config.php");
 login();
 logga ("Uscita");
-session_name("AllegatiSW");
+session_name("SWP");
 session_start();
 $_SESSION['auth'] = 0;
 session_destroy();
diff --git a/proxy/ext/chkpasswd_proxy.php b/proxy/ext/chkpasswd_proxy.php
new file mode 100755
index 0000000..7e8d02b
--- /dev/null
+++ b/proxy/ext/chkpasswd_proxy.php
@@ -0,0 +1,153 @@
+<?php
+include_once ("../../core/config.php");
+include_once ("function_proxy.php");
+$UTENTE = login_proxy();
+view_top_proxy();
+
+if (isset ($_POST['id'])) {
+	$modifica = 2;
+	$id 		= $_POST['id'];
+	$utente 	= $_POST['utente'];
+	$password1 	= $_POST['password1'];
+	$password2	= $_POST['password2'];
+
+	if (($password1 != "ahg5t!frtb5@u&^!") && ($password1 == $password2)) {
+		$querypwd = "pass = PASSWORD('$password1'),";
+	} else {
+		$querypwd = "";
+	}
+
+	$testo = "L'utente e' stato correttamente modificato";
+	$query = "UPDATE proxy_utenti SET $querypwd modifica = NOW() WHERE `id`=$id";
+?>
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+	<tr>
+		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""><td>
+	</tr>
+	<tr>
+		<td>
+<?php	if (mysql_query( $query, $DB_ID )) { ?>
+<?php print $testo ?><br>
+<?php	} else { ?>
+Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: <?php print mysql_error() ?><br>
+<?php print $query ?><br>
+<?php	} ?>
+		</td>
+	</tr>
+	<tr>
+		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td>
+	</tr>
+	<tr>
+		<td><input type="button" value="Ok" onclick="location.href = 'main.php';"></button></td>
+	</tr>
+	<tr>
+		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td>
+	</tr>
+</table>
+<?php
+} else {
+
+	$bottone = "Modifica";
+	$modifica = 1;
+	$query = "SELECT * FROM proxy_utenti WHERE user = '".$UTENTE['user']."'";
+	$res = mysql_query( $query, $DB_ID );
+	$dato = mysql_fetch_array ( $res );
+	$dato['password'] = "ahg5t!frtb5@u&^!";
+}
+?>
+
+<?php if (($modifica == 0 || $modifica == 1) && !isset($_GET['rm'])) { ?>
+
+<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.js"></script>
+<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.js"></script>
+<script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.js"></script>
+<link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.css" />
+
+<script type="text/javascript">
+$(document).ready(function() 
+{
+	$("#modulo").validate( {
+		rules: {
+			password1: {
+				password: "#utente",
+				minlength: 0
+			},
+			password2: {
+				equalTo: "#password1"
+			}
+		},
+		messages: {
+			password2: {
+				equalTo: "Le due password devono essere uguali"
+			}
+		},
+
+		errorPlacement: function(error, element) {
+			error.prependTo( element.parent().next() );
+		},
+		success: function(label) {
+			label.html("&nbsp;").addClass("checked");
+		}
+	});
+});
+</script>
+
+<form action="chkpasswd_proxy.php" method="post" id="modulo">
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+<input type="hidden" name="id" value="<?php print $dato['id'] ?>">
+<tr>
+	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
+	<td>Nome Utente</td>
+	<td><?php print $dato['user']?></td>
+	<td class="status" colspan="6"></td>
+</tr>
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
+<tr>
+	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
+	<td class="label"><label id="lmail" for="mail">Indirizzo E-Mail</label></td>
+	<td class="field"><input id="mail" name="mail" type="text" value="<?php print $dato['mail']?>" maxlength="50" /></td>
+	<td class="status" colspan="6"></td>
+</tr>
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
+<tr>
+	<td class="col1" colspan="9">
+	<table cellpadding="0" cellspacing="0" border="0" width="100%">
+		<tr>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="40" height="50" alt=""></td>
+			<td class="label"><label id="lpassword" for="password">Password</label></td>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="10" height="1" alt=""></td>
+			<td class="field" width="30"><input id="password1" name="password1" type="password" size="30" maxlength="32" value="<?php print $dato['password'] ?>" /></td>
+			<td class="status" width="400">
+				<div class="password-meter">
+					<div class="password-meter-message">&nbsp;</div>
+					<div class="password-meter-bg">
+						<div class="password-meter-bar"></div>
+					</div>
+				</div>
+			</td>
+		</tr>
+		<tr>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="40" height="50" alt=""></td>
+			<td class="label"><label id="lpassword_confirm" for="password_confirm">Password</label></td>
+			<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="10" height="1" alt=""></td>
+			<td class="field" width="30"><input id="password2" name="password2" type="password" size="30" maxlength="32" value="<?php print $dato['password'] ?>" /></td>
+			<td class="status" width="400"></td>
+		</tr>
+		<tr><td colspan="9" class="spaziov"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" alt=""></td></tr>
+	</table>
+	</td>
+</tr>
+
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
+<tr><td align="center" colspan="9">
+	<input type="submit" value="<?php print $bottone ?>">
+	&nbsp;&nbsp;&nbsp;
+	<input type="button" value="Annulla" onclick="location.href = 'main.php';"></button>
+</td></tr>
+
+<tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td></tr>
+</table>
+</form>
+<?php } ?>
+
+<?php view_footer_proxy(); ?>
diff --git a/proxy/ext/footer_proxy.php b/proxy/ext/footer_proxy.php
new file mode 100644
index 0000000..b8d7df7
--- /dev/null
+++ b/proxy/ext/footer_proxy.php
@@ -0,0 +1,17 @@
+	</td></tr>
+	<tr><td>
+		<table cellpadding="0" cellspacing="0" border="0" width="100%">
+		<tr bgcolor="#FFC350">
+			<td nowrap class="lbottom">&nbsp;<?php print $CONF['Versione'] ?></td>
+			<td width="500">&nbsp;</td>
+<?php if ($UTENTE['admin']) { ?>
+			<td class="rtop"><a class="rtop" href="main.php">Admin&nbsp;</a></td>
+<?php } else {?>
+			<td>&nbsp;</td>
+<?php } ?>
+		</tr>
+		</table>
+	</td></tr>
+</table>
+</body>
+</html>
diff --git a/proxy/ext/function_proxy.php b/proxy/ext/function_proxy.php
new file mode 100644
index 0000000..ad188e0
--- /dev/null
+++ b/proxy/ext/function_proxy.php
@@ -0,0 +1,143 @@
+<?php
+
+function view_top_proxy () {
+	global $CONF, $UTENTE;
+	include_once ("top_proxy.php");
+}
+
+function view_footer_proxy () {
+	global $CONF, $UTENTE;
+	include_once ("footer_proxy.php");
+}
+
+function db_login_proxy($user,$pass) {
+	global $DB_ID;
+	$query = "SELECT id FROM proxy_utenti WHERE user = '$user' AND pass = PASSWORD('$pass') AND attivo = 1";
+	$res = mysql_query( $query, $DB_ID );
+	$dato = mysql_fetch_array ( $res );
+	$ritorno = $dato['id'];
+	return $ritorno;
+}
+
+function login_proxy () {
+	global $_SESSION, $_POST, $DB_ID, $CONF;
+	session_name("authmail");
+	session_start();
+	if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 >= time())) {
+		if(!db_login_proxy ($_SESSION['username'], $_SESSION['passwd'])) {
+			$tMessage = '<span class="error_msg">Dati di autenticazione errati</span>';
+			$tUsername = $_SESSION['username'];
+			$_SESSION['auth'] = 0;
+			session_destroy();
+			include ("userlogin.php");
+			exit;
+		} else {
+			logga ($_SERVER['REQUEST_URI']);
+			$_SESSION['time'] = time();
+			return carica_utente_proxy ();
+		}
+	} else {
+		if ($_POST['fUsername']) {
+			$fUsername = $_POST['fUsername'];
+	   		$fPassword = $_POST['fPassword'];
+	   		if(db_login_proxy ($fUsername, $fPassword)) {
+		      		$_SESSION = array();
+		      		$_SESSION['passwd'] = $fPassword;
+		      		$_SESSION['username'] = $fUsername;
+		      		$_SESSION['auth'] = 1;
+      				$_SESSION['time'] = time();
+				session_regenerate_id(TRUE);
+      				return carica_utente_proxy ();
+   			} else {
+   				$tMessage = 'Errore';
+        		 	$tUsername = $fUsername;
+				include ("userlogin.php");
+        		 	exit;
+   			}
+		} else {
+			if ($_SESSION['auth'] && ($_SESSION['time']+$CONF['temposessione']*60 < time())) {
+				$tMessage = '<span class="error_msg">Sessione scaduta</span>';
+				$tUsername = $_SESSION['username'];
+				logga ("Sessione scaduta");
+				include ("userlogin.php");
+       			  	exit;
+			} else {
+				include ("userlogin.php");
+       			  	exit;
+			}
+		}
+	}
+}
+
+function carica_utente_proxy () {
+	global $_SESSION, $CONF, $DB_ID;
+	$query = "SELECT * FROM proxy_utenti where user = '".$_SESSION['username']."'";
+	$res = mysql_query( $query, $DB_ID );
+	$dati = mysql_fetch_array ( $res );
+
+	return $dati;
+}
+
+function lista_moduli_proxy () {
+	global $UTENTE, $DB_ID, $CONF;
+
+	$menu[] =	array("Home", "main.php",0,"Home Page",0);
+	$menu[]	=	array("Cambio password", "chkpasswd_proxy.php",0,"Cambio Password");
+
+	$pezzi = preg_split('/\//', $_SERVER["PHP_SELF"], -2);
+	$self = $pezzi[count($pezzi)-1];
+?>
+		<ul id="nav">
+<?php 	for ($i=0; $i<count($menu);$i++) {
+		if ($self == $menu[$i][1]) {
+			$classe = "sel";
+		} else {
+			$classe = "nosel";
+		}
+?>
+			<li>
+				<a class="<?php print $classe ?>" href="<?php print $menu[$i][1]?>"><?php print $menu[$i][0]?></a>
+<?php
+		if ($menu[$i][2] != 0) {
+			$query = "	SELECT 
+						moduli_page.nome AS nome, 
+						moduli_page.pagina AS pagina,
+						moduli.directory AS directory
+					FROM 
+						moduli_page 
+					JOIN
+						moduli
+						ON
+							moduli.id = moduli_page.id_moduli
+					WHERE 
+						moduli_page.attivo = 1 
+						AND
+						moduli_page.livello <= ".$menu[$i][4]."
+					AND 
+						moduli_page.id_moduli = ".$menu[$i][2]." 
+					ORDER BY 
+						moduli_page.ordine
+				";
+
+			$res_page = mysql_query( $query, $DB_ID ); ?>
+				<ul>
+<?php			while ($page = mysql_fetch_array ($res_page)) { ?>
+					<li><a href="<?php print $CONF['base_url']."/".$page['directory']."/".$page['pagina'] ?>"><?php print $page['nome'] ?></a></li>
+<?php			} ?>
+				</ul>
+
+<?php		} ?>
+			</li>
+<?php	} ?>
+		</ul>
+
+<?php
+}
+
+
+
+
+
+
+
+?>
diff --git a/proxy/ext/logout_proxy.php b/proxy/ext/logout_proxy.php
new file mode 100644
index 0000000..35b6ff9
--- /dev/null
+++ b/proxy/ext/logout_proxy.php
@@ -0,0 +1,10 @@
+<?php
+include_once ("../../core/config.php");
+include_once ("function_proxy.php");
+login_proxy();
+session_name("authmail");
+session_start();
+$_SESSION['auth'] = 0;
+session_destroy();
+header('Location: main.php');
+?>
diff --git a/proxy/ext/main.php b/proxy/ext/main.php
new file mode 100644
index 0000000..f09c8f4
--- /dev/null
+++ b/proxy/ext/main.php
@@ -0,0 +1,15 @@
+<?php
+include_once ("../../core/config.php");
+include_once ("function_proxy.php");
+$UTENTE = login_proxy();
+view_top_proxy();
+?>
+
+<META HTTP-EQUIV="Refresh" CONTENT="30" URL="main.php">
+
+<table cellpadding="0" cellspacing="0" border="0" width="90%">
+	<tr><td class="spaziov" colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+</table>
+
+<img src="img/spazio.gif" width="1" height="20" alt="">
+<?php view_footer_proxy(); ?>
diff --git a/proxy/ext/top_proxy.php b/proxy/ext/top_proxy.php
new file mode 100644
index 0000000..bb413a2
--- /dev/null
+++ b/proxy/ext/top_proxy.php
@@ -0,0 +1,30 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<title>Autenticazione Proxy</title>
+</head>
+<body>
+<link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/css/stile.css" />
+<table cellpadding="0" cellspacing="0" border="0" align="center" width="1000">
+<?php 
+	if ($UTENTE['user'] != '') { ?>
+	<tr><td>
+		<table cellpadding="0" cellspacing="0" border="0" width="100%">
+		<tr bgcolor="#FFC350">
+			<td nowrap class="ltop">Utente: <?php print $_SESSION['username'] ?></td>
+			<td width="200">&nbsp;</td>
+			<td class="rtop"><a class="rtop" href="logout_proxy.php">Logout</a></td>
+		</tr>
+		</table>
+	</td></tr>
+	<tr><td class="spaziov" colspan=2><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+	<tr><td align="center">
+<?php
+
+	lista_moduli_proxy();
+	} else {?>
+	<tr bgcolor="#FFC350"><td>&nbsp;</td></tr>
+<?php 	} ?>
+	</td></tr>
+	<tr><td class="spaziov" colspan=2><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif"></td></tr>
+	<tr><td align="center">
diff --git a/proxy/ext/userlogin.php b/proxy/ext/userlogin.php
new file mode 100644
index 0000000..46d54b3
--- /dev/null
+++ b/proxy/ext/userlogin.php
@@ -0,0 +1,23 @@
+<?php view_top_proxy(); ?>
+<form name="login" method="post">
+<table cellpadding="0" cellspacing="10" border="0"  id="login_table">
+   <tr align="center" valign="middle">
+      <td colspan="2"><h4><?php print "Benvenuto" ?></h4></td>
+   </tr>
+   <tr>
+      <td><?php print "Utente:"; ?></td>
+      <td><input type="text" name="fUsername" value="<?php print $tUsername; ?>" /></td>
+   </tr>
+   <tr>
+      <td><?php print "Password:"; ?></td>
+      <td><input type="password" name="fPassword" /></td>
+   </tr>
+   <tr>
+      <td colspan="2" align="center"><input type="submit" name="submit" value="<?php print "Accedi"; ?>" /></td>
+   </tr>
+   <tr>
+      <td colspan="2" align="center"<?php print $tMessage; ?></td>
+   </tr>
+</table>
+</form>
+<?php view_footer_proxy(); ?>

	+
+ + + +Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: + + +