Changeset b8095d1

Timestamp:

Dec 7, 2025, 7:46:01 PM (11 hours ago)

Author:

rgigli <147847165+rgigli@…>

Branches:

main

Parents:

a1f2a9f

Message:

Scheda utenti e modifiche alle altre funzioni

Fatti i collegamenti al db per la scheda utenti e cambio password, inserite modifiche alle precedenti funzioni

Location:

admin

Files:

• includes/query.php (modified) (1 diff)
• login.php (modified) (3 diffs)
• modules/cambio_password.php (modified) (3 diffs)
• modules/elenco_utenti.php (modified) (1 diff)
• modules/gestione_consultazioni.php (modified) (1 diff)
• modules/gestione_utenti.php (modified) (5 diffs)
• modules/modules.php (modified) (3 diffs)
• modules/salva_config_sito.php (modified) (3 diffs)
• modules/salva_utente.php (modified) (3 diffs)
• modules/setup_sito.php (modified) (10 diffs)
• principale.php (modified) (1 diff)

admin/includes/query.php

@@ -4 +4 @@
 else
         require_once 'includes/check_access.php';
-
-function cambio_password($pass)
-{
-        global $id_cons_gen,$id_comune,$prefix,$dbi;
-        $aid=$_SESSION['username'];
-        $mpass=md5($pass);
-        if($_SESSION['ruolo']=='superuser') $id='0'; else $id=$id_comune;
-        $sql="update ".$prefix."_authors set pwd='$mpass' where id_comune=$id and aid='$aid'";
-        $sth = $dbi->prepare("$sql");
-        $sth->execute();
-        $row = $sth->rowCount();
-        return($row);   
-}
 
 function configurazione()

admin/login.php

@@ -4 +4 @@
 
 # Inserimento accesso al db
-
+global $id_comune;
 if (file_exists("config/config.php")){ 
         $install="0"; @require_once("config/config.php"); 
@@ -52 +52 @@
 $sth->execute();
 $row = $sth->fetch(PDO::FETCH_ASSOC);
+$_SESSION['id_comune']=$id_comune;
 $multicomune=$row['multicomune'];
 $_SESSION['multicomune']=$multicomune;
@@ -69 +70 @@
         $mpwd=md5($pwd);
         if (isset($_POST['id_comune']) and intval($_POST['id_comune'])>0) $id_comune=intval($_POST['id_comune']); else $id_comune=$row['siteistat'];
-                $sth = $dbi->prepare("select pwd,adminop,adminsuper,counter,admlanguage from ".$prefix."_authors where binary aid='$aid' and pwd='$mpwd' and (id_comune='$id_comune' or adminsuper='1')");
-                $sth->execute();        
-                $esiste=$sth->rowCount();
-                $row = $sth->fetch(PDO::FETCH_ASSOC);
-                if(!$esiste) {
-                        $_SESSION['msglogout']=2;
-                        header("Location: ../logout.php");
-                }else{ 
-                        if ($row['pwd']!=$mpwd) {
-                                $msglogout=3;
-                                header("Location: ../logout.php");                              
-                        }                               
-                        $counter = $row['counter'];
-                        $counter++;
+        $sth = $dbi->prepare("select pwd,adminop,admincomune,adminsuper,counter,admlanguage from ".$prefix."_authors where binary aid='$aid' and pwd='$mpwd' and (id_comune='$id_comune' or adminsuper='1')");
+        $sth->execute();        
+        $esiste=$sth->rowCount();
+        $row = $sth->fetch(PDO::FETCH_ASSOC);
+        if(!$esiste) {
+                $_SESSION['msglogout']=2;
+                header("Location: ../logout.php");
+        }else{ 
+                if ($row['pwd']!=$mpwd) {
+                        $msglogout=3;
+                        header("Location: ../logout.php");                              
+                }
+                $counter = $row['counter'];
+                $counter++;
 #                       $tmplang=$row['admlanguage'];
 #                       if(strlen($tmplang)==2) $language=$tmplang;
-                        $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune'");
-                        $sth->execute();
-                        $_SESSION['id_comune']=$id_comune;
-                        $id_cons_gen=intval(default_cons());
-                        $_SESSION['id_cons_gen']=$id_cons_gen;
-                }
+                $sth = $dbi->prepare("update ".$prefix."_authors set counter=$counter where aid='$aid' and pwd='$mpwd' and id_comune='$id_comune'");
+                $sth->execute();
+                $_SESSION['id_comune']=$id_comune;
+                $id_cons_gen=intval(default_cons());
+                $_SESSION['id_cons_gen']=$id_cons_gen;
+        }
 if($row['adminsuper']) $role='superuser';
 elseif($row['admincomune']) $role='admin';

admin/modules/cambio_password.php

@@ -3 +3 @@
 
 // Simulazione utente loggato
-$_SESSION['username'] = $_SESSION['username'] ?? 'mario.rossi';
+//$_SESSION['username'] = $_SESSION['username'] ?? 'mario.rossi';
 $username = $_SESSION['username'];
 $messaggio = '';
@@ -9 +9 @@
 // Connessione MySQL con PDO (commentata)
 // require_once '../includes/db_connection.php'; // Assicurati che questo file definisca $pdo
-if (!function_exists('cambio_password')) {
+#if (!function_exists('cambio_password')) {
     function cambio_password($vecchia_password, $nuova_password) {
-        // Esempio con MySQL (decommenta per usare)
-        /*
-        global $pdo;
+                global $prefix,$aid,$dbi,$id_comune;
         $username = $_SESSION['username'];
-
+#               $vecchia_password=md5($vecchia_password);# die("UPDATE ".$prefix."_authors SET pwd = '$hash' WHERE aid = '$username'");
         // Recupero hash corrente
-        $stmt = $pdo->prepare("SELECT password FROM utenti WHERE username = :username");
-        $stmt->execute(['username' => $username]);
+        $stmt = $dbi->prepare("SELECT pwd FROM ".$prefix."_authors WHERE aid = '$username'");
+        $stmt->execute();
         $row = $stmt->fetch(PDO::FETCH_ASSOC);
-        if (!$row || !password_verify($vecchia_password, $row['password'])) {
+        if (!$row || $vecchia_password!=$row['pwd']) {
             return 'Vecchia password errata.';
         }
-
         // Aggiornamento con nuova password
-        $hash = password_hash($nuova_password, PASSWORD_DEFAULT);
-        $stmt = $pdo->prepare("UPDATE utenti SET password = :hash WHERE username = :username");
-        $successo = $stmt->execute(['hash' => $hash, 'username' => $username]);
-        return $successo ? true : 'Errore durante l\'aggiornamento.';
-        */
-
-        // Simulazione: sempre successo
+#        $hash = md5($nuova_password);
+        $stmt = $dbi->prepare("UPDATE ".$prefix."_authors SET pwd = '$nuova_password' WHERE aid = '$username'");
+        $stmt->execute();
+                if($stmt->rowCount())
         return true;
+                else return 'Errore durante l\'aggiornamento.';
+      
     }
-}
+#}
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
@@ -46 +42 @@
         $messaggio = '<div class="alert alert-warning">La nuova password deve contenere almeno 8 caratteri, una maiuscola, una minuscola, un numero e un carattere speciale.</div>';
     } else {
-        $test = cambio_password($vecchia_password, $nuova_password);
+        $test = cambio_password(md5($vecchia_password), md5($nuova_password));
         if ($test === true)
          $messaggio = <<<HTML
-<div id="overlay-success">
-  <div class="overlay-bg"></div>
-  <div class="overlay-msg">
-    ✅ Password aggiornata con successo!
-  </div>
-</div>
-<style>
-#overlay-success {
-  position: fixed;
-  top: 0; left: 0;
-  width: 100vw; height: 100vh;
-  display: flex;
-  align-items: center;
-  justify-content: center;
-  z-index: 9999;
-}
-.overlay-bg {
-  position: absolute;
-  top: 0; left: 0;
-  width: 100%; height: 100%;
-  background: rgba(0, 0, 0, 0.7);
-}
-.overlay-msg {
-  position: relative;
-  background: #fff;
-  padding: 30px 40px;
-  font-size: 1.5rem;
-  font-weight: bold;
-  border-radius: 10px;
-  z-index: 10000;
-  box-shadow: 0 0 10px #000;
-  text-align: center;
-}
-</style>
+         alert(<?= $test ?>)
+
 HTML;
 

admin/modules/elenco_utenti.php

@@ -9 +9 @@
 foreach($row as $key=>$val){
         $key++;
-        echo "<tr id=\"riga$key\"><td id=\"username$key\">".$val['aid']."</td><td style=\"display:none;\" id=\"password$key\">".$val['pwd']."</td><td id=\"email$key\">".$val['email']."</td><td id=\"nominativo$key\">".$val['name']."</td><td><button class=\"btn btn-sm btn-warning me-1\" onclick=\"editUser($key)\">Modifica</button>";
+        echo "<tr id=\"riga$key\"><td id=\"username$key\">".$val['aid']."</td><td style=\"display:none;\" id=\"admin$key\">".$val['admincomune']."</td><td style=\"display:none;\" id=\"password$key\">".$val['pwd']."</td><td id=\"email$key\">".$val['email']."</td><td id=\"nominativo$key\">".$val['name']."</td><td><button class=\"btn btn-sm btn-warning me-1\" onclick=\"editUser($key)\">Modifica</button>";
         if($currentUserRole != 'operatore' and $val['adminsuper']!=1 and $val['admincomune']!='1') echo "<button class=\"btn btn-sm btn-danger\" onclick=\"deleteUser($key)\">Elimina</button>"; echo"</td></tr>";
 } #die("TEST:  --- ".count($row));

admin/modules/gestione_consultazioni.php

@@ -214 +214 @@
         risultato.innerHTML = data; // Mostra la risposta del server
                 myForm.reset();
+                document.getElementById ( "id_cons_gen" ).value = ''
                 document.getElementById ( "submitBtn" ).textContent = "Aggiungi Consultazione"
 

admin/modules/gestione_utenti.php

@@ -21 +21 @@
         <div class="form-group col-md-3">
           <label>Password*</label>
-          <input type="password" class="form-control" id="password" required>
+          <input type="password" class="form-control" id="password"  onfocus="select()" required>
         </div>
         <div class="form-group col-md-3">
@@ -31 +31 @@
                         <input type="text" class="form-control" id="nominativo">
                 </div>
-      </div>
+          <?php if($_SESSION['ruolo']=='superuser') $nascondi=''; else $nascondi="d-none"; ?>
+          <div class="form-group form-check <?= $nascondi ?>" >
+            <input type="checkbox" class="form-check-input" id="admin" name="admin">
+            <label class="form-check-label" for="preferita">Admin</label>
+          </div>
+     </div>
 
 
@@ -63 +68 @@
 
 function editUser(id) {
+        if(document.getElementById ( "admin"+id ).innerText==1)
+                document.getElementById ( "admin" ).checked = true
+        else
+                document.getElementById ( "admin" ).checked = false
   document.getElementById('username').value = document.getElementById('username'+id).innerText;
   document.getElementById('password').value = '********';
@@ -75 +84 @@
     e.preventDefault();
 
+        const admin = document.getElementById('admin').checked;
         const username = document.getElementById ( "username" ).value
         const password = document.getElementById ( "password" ).value
@@ -83 +93 @@
     const formData = new FormData();
     formData.append('funzione', 'salvaUtente');
+    formData.append('admin', admin);
     formData.append('username', username);
     formData.append('password', password);

admin/modules/modules.php

@@ -5 +5 @@
 require_once '../access.php';
 # Inserimento accesso al db
+global $id_comune;
 
 if (file_exists("../config/config.php")){ 
@@ -11 +12 @@
         $install="1";
 }
-
+#if(!isset($_SESSION['id_comune'])) 
+        $_SESSION['id_comune']=$id_comune;
 # verifica se effettuata la configurazione
 if(empty($dbname) || $install=="1") {
@@ -55 +57 @@
 $versione=$row[0]['versione'];
 $patch=$row[0]['patch'];
-if($versione==3) {
+if($versione<4) {
         require_once '../includes/aggiornadbTo4.php';
 }

admin/modules/salva_config_sito.php

@@ -11 +11 @@
 }
 
+global $prefix,$fileout,$aid,$id_cons_gen,$id_comune;
 
+if (isset($_GET['siteIstat'])) $siteIstat=$_GET['siteIstat']; else $siteIstat=$id_comune;
 if (isset($_GET['siteName'])) $siteName=$_GET['siteName']; else $siteName='';
 if (isset($_GET['siteUrl'])) $siteUrl=$_GET['siteUrl']; else $siteUrl='';
@@ -23 +25 @@
 
 
-global $prefix,$fileout,$aid,$id_cons_gen;
 $id_cons=$_SESSION['id_cons'];
 $salvato=1;
 
-$sql="update ".$prefix."_config set sitename='$siteName', siteurl='$siteUrl', adminmail='$emailAdmin', siteistat='$defaultComune', multicomune='$multicomune', googlemaps='$mapsProvider', gkey='$googleApiKey'";
+$sql="update ".$prefix."_config set siteistat='$siteIstat',sitename='$siteName', siteurl='$siteUrl', adminmail='$emailAdmin', multicomune='$multicomune', googlemaps='$mapsProvider', gkey='$googleApiKey'";
 
 try {
@@ -39 +40 @@
         }                  
 if($salvato){
-        echo "<br><button id=\"bottoneStato\" style=\"background-color:aquamarine;\" onfocusout=\"document.getElementById('bottoneStato').style.display='none'\" > Dati salvati correttamente </button>";
+        echo "<br><button id=\"bottoneStato\" style=\"background-color:aquamarine;\" onfocusout=\"document.getElementById('bottoneStato').style.display='none'\" > Dati salvati correttamente $id_comune</button>";
 }else{
         echo "Errore di inserimento dati";

admin/modules/salva_utente.php

@@ -17 +17 @@
 if (isset($param['nominativo'])) $nominativo=addslashes($param['nominativo']); else $nominativo='';
 if (isset($param['op'])) $op=addslashes($param['op']); else $op='';
-
+if (isset($param['admin'])) $admin=addslashes($param['admin']); else $admin='0';
+if($admin == 'true') { $admin=1; $operatore=0;}
+else $operatore=1;
 global $prefix,$aid,$dbi,$id_comune;
 $salvato=0;
@@ -25 +27 @@
 if($res->rowCount()) {
         if($op=='salva') {
-                        if($password=='********') $pass="pwd='$password'"; else $pass="";
+                        if($password!='********') {$password=md5($password); $pass=",pwd='$password'"; }else $pass="";
                         #update
-                        $sql="update ".$prefix."_authors set name='$nominativo',email='$email',$pass where aid='$username'";
+                        $sql="update ".$prefix."_authors set name='$nominativo',adminop='$operatore',admincomune='$admin', email='$email' $pass where aid='$username'";
                         $compl = $dbi->prepare("$sql");
                         $compl->execute(); 
@@ -40 +42 @@
 }else{
         #insert
-                $sql="insert into ".$prefix."_authors values( '$username','$nominativo','$id_comune','$email','$password','','1','0','0','it')";
+                $sql="insert into ".$prefix."_authors values( '$username','$nominativo','$id_comune','$email','$password','0','$operatore','$admin','0','it')";
                 $compl = $dbi->prepare("$sql");
                 $compl->execute(); 

admin/modules/setup_sito.php

@@ -2 +2 @@
 require_once '../includes/check_access.php';
 
-
+global $id_comune;
 $row=configurazione();
 $SITE_NAME = $row[0]['sitename'];
@@ -8 +8 @@
 $EMAIL_ADMIN = $row[0]['adminmail'];
 $MAP_PROVIDER = $row[0]['googlemaps']==='1' ? 'google' : 'openstreetmap' ;
-$MULTICOMUNE = $row[0]['multicomune']; #==='1' ? 'si' : 'no';
+#$SITE_COMUNE = $row[0]['siteistat']>0 ? $row[0]['siteistat'] : $id_comune;
+#$MULTICOMUNE = $row[0]['multicomune']; #==='1' ? 'si' : 'no';
 $gru = [
     'google_api_key' => $row[0]['gkey']
@@ -15 +16 @@
 $GOOGLE_API_KEY = !empty($gru['google_api_key']) ? htmlspecialchars($gru['google_api_key']) : '';
 $GOOGLE_API_KEY = $row[0]['gkey'];
-$SITE_ISTAT=$row[0]['siteistat'];
+$SITE_ISTAT=$row[0]['siteistat']>0 ? $row[0]['siteistat'] : $_SESSION['id_comune'];
 $row=elenco_comuni();
 foreach($row as $key=>$val){
@@ -24 +25 @@
 #$comuni_disponibili = ['Comune di Roma', 'Comune di Milano', 'Comune di Napoli'];
 #$DEFAULT_COMUNE = 'Comune di Roma';
-
+#echo "TEST:$SITE_ISTAT: $id_comune:".$_SESSION['id_comune'];
 
 if(is_file('../logo.jpg')) $SITE_IMAGE = '../logo.jpg';
@@ -38 +39 @@
         <form id="configSitoForm" onsubmit="aggiornaDati(event)">
           <!-- LOGO + ANTEPRIMA -->
+          <input type="hidden" name="siteIstat" id="siteIstat" value="<?= $SITE_ISTAT ?>">
           <div class="mb-3 d-flex align-items-center">
             <div id="previewImageDiv"
@@ -142 +144 @@
   function aggiornaDati(e) {
     e.preventDefault();
+    const siteIstat = document.getElementById('siteIstat').value;
     const siteName = document.getElementById('siteName').value;
     const siteUrl = document.getElementById('siteUrl').value;
@@ -147 +150 @@
     const mapsProvider = document.getElementById('maps_provider').value;
     const googleApiKey = document.getElementById('googleApiKey').value;
-    const multicomune = document.getElementById('multicomune').value;
-    const defaultComune = document.getElementById('defaultComune').value;
 
     // Salvataggio nel DB (commentato)
@@ -158 +159 @@
                 }
     }
-    xmlhttp.open("GET","../principale.php?funzione=salvaConfigSito&siteName="+siteName+"&siteUrl="+siteUrl+"&emailAdmin="+emailAdmin+"&mapsProvider="+mapsProvider+"&googleApiKey="+googleApiKey+"&multicomune="+multicomune+"&defaultComune="+defaultComune,true);
+    xmlhttp.open("GET","../principale.php?funzione=salvaConfigSito&siteIstat="+siteIstat+"&siteName="+siteName+"&siteUrl="+siteUrl+"&emailAdmin="+emailAdmin+"&mapsProvider="+mapsProvider+"&googleApiKey="+googleApiKey,true);
     xmlhttp.send();
   }
@@ -170 +171 @@
 
     toggleApiKeyField();
-    toggleComuneDefault();
   });
 
@@ -194 +194 @@
     document.getElementById('apikey_row').style.display = (provider === 'google') ? '' : 'none';
   }
-
-  // Mostra/nasconde campo Comune default
-  function toggleComuneDefault() {
-    const multicomune = document.getElementById('multicomune').value;
-    document.getElementById('defaultComuneRow').style.display = (multicomune === '1') ? '' : 'none';
-  }
   
   function nascondiElemento() {

admin/principale.php

@@ -11 +11 @@
 define('APP_RUNNING', true);
 #die("Errore");
-global $dbi,$prefix;
+global $dbi,$prefix,$id_comune;
   // gestione sessione
 if (!isset($_SESSION))