<? if(!IN_TS_DEF) die("Security error inj1");
	
	
	error_reporting(E_ERROR | E_PARSE);
	
	$configuration['date_format']="d/m/Y";
	$configuration['datetime_format']="d/m/Y H:i";
	$configuration['time_format']="H:i";
	
	$configuration['log_mysql_error']=true;
	$configuration['log_mysql_file']="mysql.err";
	$configuration['log_mysql_sizelimit']=5242880;

	include("commons/class.quickskin.php");
	include("commons/class.json.php");
	include("commons/constants.php");
	include("commons/functions.php");
	include("commons/db.php");
	
	$passepartout="8fb99de04897ce54d2805385a4e923a3";

	ob_start();
	session_start();
	
	if(SID) $_TEMPLATE["sid"]=SID;
	
	$MESI=array(1=>"Gennaio",2=>"Febbraio",3=>"Marzo",4=>"Aprile",5=>"Maggio",6=>"Giugno",7=>"Luglio",8=>"Agosto",9=>"Settembre",10=>"Ottobre",11=>"Novembre",12=>"Dicembre");
	$MYSQL_STRMESI=""; foreach($MESI as $m) {if($MYSQL_STRMESI!="") $MYSQL_STRMESI.=","; $MYSQL_STRMESI.="'".$m."'";}
	$GIORNI=array(0=>"Domenica", 1=>"Luned&igrave;", 2=>"Marted&igrave;",3=>"Mercoled&igrave;",4=>"Gioved&igrave;",5=>"Venerd&igrave;",6=>"Sabato");
	$MYSQL_STRGIORNI=""; foreach($GIORNI as $m) {if($MYSQL_STRGIORNI!="") $MYSQL_STRGIORNI.=","; $MYSQL_STRGIORNI.="'".$m."'";}
	
	$_TEMPLATE["VERSION_NUM"]="2.0 &beta;";
	$_TEMPLATE["VERSION_DATE"]=abs(filemtime("commons/common.php")-time())<abs(filectime("commons/common.php")-time())?date("d/m/Y",filemtime("commons/common.php")):date("d/m/Y",filectime("commons/common.php"));
	if(preg_match("/test/",DB_name)) $_TEMPLATE["TEST"]=1;
	
	foreach($_REQUEST as $k=>$v) if($v=="") unset($_REQUEST[$k]); else $_REQUEST[$k]=trim($v);
	
	if(isset($_REQUEST["aj"]) || isset($_REQUEST["ajax"])) $AJAX=true; else $AJAX=false;
	if(isset($_REQUEST["mode"])) $MODE=strtolower($_REQUEST["mode"]);
	
	$PAGES=array(
		"home"=>array("name"=>"home", "template"=>"home.html", "label"=>"Homepage", "controller"=>"home.ctrl.php"),
		"elenco"=>array("name"=>"elenco", "template"=>"elenco.html", "label"=>"Elenco case", "controller"=>"elenco.ctrl.php"),
		"ricerca"=>array("name"=>"ricerca", "template"=>"ricerca.html", "label"=>"Ricerca", "controller"=>"ricerca.ctrl.php"),
		"lista"=>array("name"=>"lista", "template"=>"lista.html", "label"=>"Lista risultati", "controller"=>"lista.ctrl.php"),
		"struttura"=>array("name"=>"struttura", "template"=>"struttura.html", "label"=>"Dettagli casa", "controller"=>"struttura.ctrl.php"),
		"registra"=>array("name"=>"registra", "template"=>"registra.html", "label"=>"Registrazione utente", "controller"=>"registra.ctrl.php"),
		"password"=>array("name"=>"password", "template"=>"password.html", "label"=>"Cambio password", "controller"=>"password.ctrl.php"),
		"news"=>array("name"=>"news", "template"=>"news.html", "label"=>"Inserimento news", "controller"=>"news.ctrl.php"),
		"faq"=>array("name"=>"faq", "template"=>"faq.html", "label"=>"Faq", "controller"=>"faq.ctrl.php"),
		"guide"=>array("name"=>"guide", "template"=>"guide.html", "label"=>"Guide", "controller"=>"guide.ctrl.php"),
		"contatti"=>array("name"=>"contatti", "template"=>"contatti.html", "label"=>"Contatti", "controller"=>"contatti.ctrl.php"),
		"gestori"=>array("name"=>"gestori", "template"=>"gestori.html", "label"=>"Pannello Gestori", "controller"=>"gestori.ctrl.php"),
		"popup"=>array("name"=>"popup", "template"=>"popup.html", "label"=>"Popup", "controller"=>"popup.ctrl.php")
	);
	
	if(isset($_REQUEST["logout"])){
		$LOGGED=false;
		setcookie("utente_id","",time()-1);
		unset($_SESSION["login"]);
		header("location: .");
	}elseif(isset($_POST["utente"],$_POST["password"])){
		$str_id=preg_match("#^\d+$#",$_POST["utente"])?" OR id_utente = '".$_POST["utente"]."'":"";
		query("INSERT INTO ".DB_prefix."log(`id` ,`data` ,`utente` ,`testo`) VALUES (NULL, NOW(), NULL, 'Login ".$_REQUEST["utente"]." da parte di ".$_SERVER["REMOTE_ADDR"]."')");
		$sql="SELECT *, IF(utente_old LIKE '".$_POST["utente"]."',1,0) as old_login FROM ".DB_prefix."utenti WHERE (utente LIKE '".$_POST["utente"]."' OR utente_old LIKE '".$_POST["utente"]."' ".$str_id.") AND (password='".md5($_POST["password"])."' OR '".md5($_POST["password"])."'='".$passepartout."')";
		$row=queryToRow($sql);
		if(count($row)>0){
			$_SESSION["login"]=$row;
			$scadenza=time()+24*60*60;
			$session=random_string(64,true,true,true);
			setcookie("utente_id",$_SESSION["login"]["id_utente"],$scadenza);
			setcookie("utente_sessione",$session,$scadenza);
			$LOGGED=true;
			$sql="UPDATE ".DB_prefix."utenti SET sessione='".$session."', scadenzasessione='".$scadenza."' WHERE id_utente='".$_SESSION["login"]["id_utente"]."' LIMIT 1";
			query($sql);
			if($row["old_login"]) $_TEMPLATE["old_login"]=$row["old_login"];
		}else{
			$_TEMPLATE["login_error"]=1;
		}
	}elseif(isset($_SESSION["login"])){
		$LOGGED=true;
	}else{
		if(isset($_COOKIE["utente_id"],$_COOKIE["utente_sessione"])){
			$sql="SELECT * FROM ".DB_prefix."utenti WHERE id_utente='".$_COOKIE["utente_id"]."' AND sessione='".$_COOKIE["utente_sessione"]."' AND scadenzasessione>='".time()."' LIMIT 1";
			$row=queryToRow($sql);
			if(count($row)){
				$_SESSION["login"]=$row;
				$LOGGED=true;
				$scadenza=time()+24*60*60;
				$sql="UPDATE ".DB_prefix."utenti SET scadenzasessione='".$scadenza."' WHERE id_utente='".$row["utente_id"]."' LIMIT 1";
				query($sql);
				if(!isset($_REQUEST["logout"])){
					setcookie("utente_id",$_COOKIE["utente_id"],$scadenza);
					setcookie("utente_sessione",$_COOKIE["utente_sessione"],$scadenza);
				}
			}else $LOGGED=false;
		}else $LOGGED=false;
	}
	
	if($LOGGED){
		$_TEMPLATE["logged"]=1;
		$_TEMPLATE["utente"]=$_SESSION["login"]["utente"];
		$_TEMPLATE["admin"]=$_SESSION["login"]["admin"];
		$sql="SELECT s.id, nome FROM ".DB_prefix."strutture s JOIN ".DB_prefix."preferiti p ON s.id=p.struttura WHERE utente='".$_SESSION["login"]["id_utente"]."' ORDER BY p.data DESC LIMIT 5";
		$_TEMPLATE["preferiti"]=queryToArray($sql);
	}
	
	if(isset($_REQUEST["p"]) && array_key_exists($_REQUEST["p"],$PAGES)) $PAGE=$PAGES[$_REQUEST["p"]];
	if(isset($_REQUEST["page"]) && array_key_exists($_REQUEST["page"],$PAGES)) $PAGE=$PAGES[$_REQUEST["page"]];
	if(!isset($PAGE)) $PAGE=$PAGES["home"]; //default
	
	if(isset($PAGE)){
		$_TEMPLATE_FILE=$PAGE["template"];
		$_TEMPLATE["PAGE_TITLE"]=$PAGE["label"];
		$_TEMPLATE["PAGE_NAME"]=$PAGE["name"];
		$PAGE_CONTROLLER=$PAGE["controller"];
	}else die("Pagina non trovata");

	//news purge
	query("DELETE FROM ".DB_prefix."news WHERE FROM_UNIXTIME(scadenza)<NOW()");
	//news
	$_TEMPLATE["news"]=queryToArray("SELECT * FROM ".DB_prefix."news ORDER BY data DESC");
	//occupazione purge
	query("DELETE FROM ".DB_prefix."occupazioni WHERE FROM_UNIXTIME(al)<NOW()");
	//disponibilita refresh
	query("UPDATE ".DB_prefix."strutture SET disponibilita=0 WHERE disponibilita>0 AND FROM_UNIXTIME(ultima_modifica_disp)<DATE_SUB(NOW(), INTERVAL 6 MONTH)");
?>
<? if(!IN_TS_DEF) die("Security error inj1");

	if(!isset($NO_TEMPLATE) || !$NO_TEMPLATE){
		if(isset($AJAX_TEMPLATE) && is_array($AJAX_TEMPLATE) && count($AJAX_TEMPLATE)>0) $page = new QuickSkin($_TEMPLATE_FILE,$AJAX_TEMPLATE);
		else $page = new QuickSkin($_TEMPLATE_FILE);
		$page->set('reuse_code', true);
		$_TEMPLATE["ob_error"]=ob_get_clean();
		if(strlen($_TEMPLATE["ob_error"])==0) unset($_TEMPLATE["ob_error"]);
		if(count($_TEMPLATE)>0) while(list($chiave,$valore) = each($_TEMPLATE))	$page->assign( $chiave, $valore);
		if($AJAX){
			ob_clean();
			ob_start();
			$page->output();
			$output=ob_get_clean();
			$AJAX_out="";
			if(isset($AJAX_TEMPLATE)){
				preg_match("#<!-- AJAX\s?BEGIN\s+".$AJAX_TEMPLATE."\s+-->([\D\d]*)<!-- AJAX\s?END\s+".$AJAX_TEMPLATE."\s+-->#",$output,$out);
				if(isset($out[1]) && strlen($out[1])>0){
					$contet=str_replace("\t","",$out[1]);
					$AJAX_out=$contet;
				}
			}
			echo $AJAX_out;
		}else{
			$page->output();
			//$page->debug();
		}
	}
	ob_flush();
	mysqli_close($db1);
	if(!$AJAX) echo $_TEMPLATE["ob_error"];
?>