gest366/index.php

276 lines
10 KiB
PHP
Raw Permalink Normal View History

2021-02-24 20:40:04 +00:00
<?php
$skip_permissions = true;
include_once(__DIR__."/core.php");
$op = filter('op');
$username = filter('username');
// LOGIN
switch ($op) {
case 'login' :
$password = filter('password');
if ($dbo_state == true) {
$query = "SELECT *, (SELECT nome FROM zz_gruppi WHERE id=idgruppo) AS gruppo FROM zz_utenti WHERE username=" . prepare($username) . " AND password=MD5(" . prepare($password) . ")";
$rs = $dbo->fetchArray($query);
$cont = count($rs);
if($cont == 0) {
$rs[0]['idutente'] = 0;
$rs[0]['enabled'] = 0;
$rs[0]['gruppo'] = 0;
}
logaccessi($rs[0]['idutente'], $username, $password, sizeof($rs), $rs[0]['enabled'], $rs[0]['gruppo']);
// loggo gli accessi
if ($cont <= 0) {
array_push($_SESSION['errors'], _("Autenticazione fallita!"));
}
else if ($rs[0]['enabled'] == 0) {
array_push($_SESSION['errors'], _("Utente non abilitato!"));
}
else {
// registo la chiave per mobile
$query_mobile="UPDATE zz_utenti SET chiave_mobile=MD5(CONCAT('".$username."', MD5('".$password."'))) WHERE idutente='".$rs[0]['idutente']."'";
$dbo->query($query_mobile);
if (isset($_POST['keep_alive']) && $_POST['keep_alive'] == 'on') {
$_SESSION['keep_alive'] = true;
}
$_SESSION['idutente'] = $rs[0]['idutente'];
$_SESSION['idanagrafica'] = $rs[0]['idanagrafica'];
$_SESSION['username'] = $rs[0]['username'];
$_SESSION['gruppo'] = $rs[0]['gruppo'];
// ricerco impostazione utente
$rs_profilo = $dbo->fetchArray("SELECT profilo_pannello FROM zz_utenti WHERE idutente=\"".$_SESSION['idutente']."\"");
$_SESSION['profilo_pannello']=$rs_profilo[0]['profilo_pannello'];
if ($rs[0]['gruppo'] == 'Amministratori') {
$_SESSION['is_admin'] = true;
}
// Auto backup del database giornaliero
if (get_var("Backup automatico")) {
$folders = glob($backup_dir . '*');
$regexp = '/' . date('Y\-m\-d') . '/';
// Controllo se esiste già un backup zip o folder creato per oggi
if (! empty($folders)) {
$found = false;
foreach ($folders as $folder) {
if (preg_match($regexp, $folder, $matches)) {
$found = true;
}
}
}
if ($found) {
array_push($_SESSION['infos'], _("Backup saltato perché già esistente!"));
}
else if (do_backup()) {
array_push($_SESSION['infos'], _("Backup automatico eseguito correttamente!"));
}
else if ($backup_dir == "") {
array_push($_SESSION['errors'], _("Non è possibile eseguire i backup poichè la cartella di backup non esiste!!!"));
}
else if (! file_exists($backup_dir)) {
if (mkdir($backup_dir)) {
array_push($_SESSION['infos'], _("La cartella di backup è stata creata correttamente."));
do_backup();
}
else {
array_push($_SESSION['errors'], _("Non è stato possibile creare la cartella di backup!"));
}
}
}
}
}
break;
case 'logout' :
logout();
redirect("index.php", "php");
exit();
break;
}
if (isUserAutenticated() && isset($dbo) && $is_db_installed) {
// Redirect al primo modulo su cui l'utente ha accesso se l'utente è già loggato
if (isAdminAutenticated()) $q = "SELECT id, module_dir, options FROM zz_modules WHERE parent='0' AND enabled='1' ORDER BY `order` ASC";
else $q = "SELECT id, module_dir, options FROM zz_modules WHERE parent='0' AND enabled='1' AND id IN (SELECT idmodule FROM zz_permessi WHERE idgruppo=(SELECT id FROM zz_gruppi WHERE nome=" . prepare($_SESSION['gruppo']) . ") AND permessi IN ('r', 'rw') ) ORDER BY `order` ASC";
$rs = $dbo->fetchArray($q);
if (count($rs) != 0) {
for($i = 0; $i < sizeof($rs); $i ++) {
if ($rs[$i]['options'] != '') {
redirect($rootdir . "/controller.php?id_module=" . $rs[0]['id'], "js");
exit();
}
}
}
else if (! isAdminAutenticated() && $op != 'logout') array_push($_SESSION['errors'], _("L'utente non ha nessun permesso impostato!"));
}
echo '<!DOCTYPE html>
<html class="bg-black">
<head>
<meta charset="UTF-8">
<title>' . _("GEST366") . ' ' . _("Login") . '</title>
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<link href="' . $css . '/AdminLTE.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/_all-skins.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/bootstrap.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/font-awesome.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/jquery-ui.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/jquery.steps.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/parsley.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/style.min.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link href="' . $css . '/switch.css?v=' . $version . '" rel="stylesheet" type="text/css">
<link rel="shortcut icon" href="assets/img/favicon.ico">
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn\'t work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="' . $js . '/html5shiv.min.js?v=' . $version . '"></script>
<script src="' . $js . '/respond.min.js?v=' . $version . '"></script>
<![endif]-->
<script src="' . $js . '/jquery.min.js?v=' . $version . '"></script>
<script src="' . $js . '/jquery-ui.min.js?v=' . $version . '"></script>
<script src="' . $js . '/jquery.steps.min.js?v=' . $version . '"></script>
<script src="' . $js . '/js.cookie.min.js?v=' . $version . '"></script>
<script src="' . $js . '/bootstrap.min.js?v=' . $version . '"></script>
<script src="' . $js . '/jquery.ui.shake.min.js?v=' . $version . '"></script>
<script src="' . $js . '/parsley.min.js?v=' . $version . '"></script>
<script src="' . $js . '/i18n/parsleyjs/it.min.js?v=' . $version . '"></script>
<script src="' . $js . '/app.min.js?v=' . $version . '"></script>
</head>
<body class="hold-transition login-page">
<div class="wrapper">';
include ($docroot . "/update/update_checker.php");
$is_db_installed = $dbo->fetchNum("SHOW TABLES LIKE 'zz_modules'");
// Controllo se è una beta e in caso mostro un warning
if (strpos($version, "beta") !== false) {
echo '
<script>$(document).ready( function(){ $("#beta").addClass("in"); });</script>
<div id="beta" class="alert alert-warning alert-dismissable pull-right fade">
<i class="fa fa-warning"></i>
<button aria-hidden="true" data-dismiss="alert" class="close" type="button">×</button>
<b>' . _("Attenzione!") . '</b> ' . _("Stai utilizzando una versione <b>non stabile</b> di Gestionale 360.") . '
</div>';
}
if (sizeof($_SESSION['infos']) != 0) {
echo '
<div class="box box-center box-success box-solid text-center">
<div class="box-header with-border">
<h3 class="box-title">' . _("Informazioni") . '</h3>
</div>
<div class="box-body">';
for($i = 0; $i < sizeof($_SESSION['infos']); $i ++) {
echo '
<p><i class="fa fa-check"></i> ' . $_SESSION['infos'][$i] . '</p>';
}
echo '
</div>
</div>';
}
if (sizeof($_SESSION['errors']) != 0) {
echo '
<div class="box box-center box-danger box-solid text-center">
<div class="box-header with-border">
<h3 class="box-title">' . _("Errori") . '</h3>
</div>
<div class="box-body">';
for($i = 0; $i < sizeof($_SESSION['errors']); $i ++) {
echo '
<p><i class="fa fa-warning"></i> ' . $_SESSION['errors'][$i] . '</p>';
}
echo '
</div>
</div>
<script> $(document).ready( function(){ $(".login-box").shake(); }); </script>';
}
unset($_SESSION['infos']);
unset($_SESSION['errors']);
// Cerco logo e descrizione
$query_logo="Select * from zz_utenti_logo";
$rs_logo = $dbo->fetchArray($query_logo);
$file_logo=$rootdir."/assets/img/".$rs_logo[0]['immagine'];
$descr_logo=$rs_logo[0]['descrizione'];
$_SESSION['nome_gestonale360'] = $descr_logo;
echo '
<form action="?op=login" method="post" class="login-box box">
<div class="box-header with-border text-center">
<img src="' . $file_logo . '" class="img-thumbnail" alt="' . _("") . '">
</div>
<!-- /.box-header -->
<div class="login-box-body box-body">
<div class="form-group input-group">
<span class="input-group-addon"><i class="fa fa-user"></i> </span>
<input type="text" name="username" autocomplete="off" class="form-control" placeholder="' . _("Nome utente") . '"';
if(isset($username)) echo ' value="' . $username . '"';
echo'>
</div>
<div class="form-group input-group">
<span class="input-group-addon"><i class="fa fa-lock"></i> </span>
<input type="password" name="password" autocomplete="off" class="form-control" placeholder="' . _("Password") . '">
</div>
<div class="form-group">
<input type="checkbox" name="keep_alive"';
if (filter("keep_alive") != null) echo ' checked';
echo '/> ' . _("Mantieni attiva la sessione") . '
</div>
</div>
<!-- /.box-body -->
<div class="box-footer">
<button type="submit" id="login" class="btn btn-danger btn-block">' . _("Accedi") . '</button>
</div>
<!-- box-footer -->
</form>
<!-- /.box -->
</div>
<script>
$(document).ready( function(){
$("#login").click(function(){
$("#login").text(\'';
if (isset($is_db_installed) && $is_db_installed == 1 && get_var("Backup automatico")) echo _("Backup automatico in corso...");
else echo _("Autenticazione...");
echo '\');
});
if( $(\'input[name=username]\').val() == \'\' ){
$(\'input[name=username]\').focus();
}
else{
$(\'input[name=password]\').focus();
}
});
</script>
</body>
</html>';
?>