cacert-boardvoting/motion.php

212 lines
7.6 KiB
PHP
Raw Normal View History

<?php
if ($_SERVER['HTTPS'] != 'on') {
header("HTTP/1.0 302 Redirect");
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
$user = $_SERVER['REMOTE_USER'];
require_once("database.php");
$db = new DB();
$stmt = $db->getStatement("get voter");
$stmt->execute(array($user));
if (!($user = $stmt->fetch())) {
header("HTTP/1.0 302 Redirect");
header("Location: denied.php");
exit();
}
$db->getStatement("stats")->execute();
$stats = $db->getStatement("stats")->fetch();
function htmlesc($string) {
$string = preg_replace('/&/',"&amp;",$string);
$string = preg_replace('/</',"&lt;",$string);
$string = preg_replace('/>/',"&gt;",$string);
echo $string;
}
?>
<html>
<head>
<title>CAcert Board Decisions</title>
<meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<?php
if ($_REQUEST['action'] == "store") {
if (is_numeric($_REQUEST['motion'])) {
$stmt = $db->getStatement("update decision");
$stmt->bindParam(":id",$_POST['motion']);
$stmt->bindParam(":proponent",$_POST['proponent']);
$stmt->bindParam(":title",$_POST['title']);
$stmt->bindParam(":content",$_POST['content']);
$stmt->bindParam(":quorum",$_POST['quorum']);
$stmt->bindParam(":majority",$_POST['majority']);
$stmt->bindParam(":due",$_POST['due']);
if ($stmt->execute()) {
?>
<b>The motion has been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<br/>
<br/>
<?php
$decision = $db->getStatement("get decision")->execute(array($_POST['motion']))?$db->getStatement("get decision")->fetch():array();
$name = $user['name'];
$tag = $decision['tag'];
$title = $decision['title'];
$content =$decision['content'];
$due = $decision['due']." UTC";
$quorum = $decision['quorum'];
$majority = $decision['majority'];
$voteurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','vote.php',$_SERVER['REQUEST_URI'])."?motion=".$decision['id'];
$body = <<<BODY
Dear Board,
$name has modified motion $tag to the following:
$title
$content
To pass a minimum of $quorum votes and a $majority% acceptance will be required.
Voting will close $due.
To vote please choose:
Aye: $voteurl&vote=1
Naye: $voteurl&vote=-1
Abstain: $voteurl&vote=0
Please be aware, that if you have voted already your votr is still registered and valid.
If this modification has an impact on how you wish to vote, you are responsible for voting
again.
Kind regards,
the voting system
BODY;
mail($board,"Re: $tag - $title",$body);
} else {
?>
<b>The motion has NOT been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
<br/>
<br/>
<?php
}
} else {
$stmt = $db->getStatement("create decision");
$stmt->bindParam(":proponent",$_POST['proponent']);
$stmt->bindParam(":title",$_POST['title']);
$stmt->bindParam(":content",$_POST['content']);
$stmt->bindParam(":quorum",$_POST['quorum']);
$stmt->bindParam(":majority",$_POST['majority']);
$stmt->bindParam(":due",$_POST['due']);
if ($stmt->execute()) {
$db->getStatement("post create")->execute();
?>
<b>The motion has been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<br/>
<br/>
<?php
$decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
$name = $user['name'];
$tag = $decision['tag'];
$title = $decision['title'];
$content =$decision['content'];
$due = $decision['due']." UTC";
$quorum = $decision['quorum'];
$majority = $decision['majority'];
$voteurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','vote.php',$_SERVER['REQUEST_URI'])."?motion=".$decision['id'];
$body = <<<BODY
Dear Board,
$name has made the following motion:
$title
$content
To pass a minimum of $quorum votes and a $majority% acceptance will be required.
Voting will close $due.
To vote please choose:
Aye: $voteurl&vote=1
Naye: $voteurl&vote=-1
Abstain: $voteurl&vote=0
Kind regards,
the voting system
BODY;
mail($board,"$tag - $title",$body);
} else {
?>
<b>The motion has NOT been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
<br/>
<br/>
<?php
}
}
}
if (is_numeric($_REQUEST['motion'])) {
$stmt = $db->getStatement("get decision");
if ($stmt->execute(array($_REQUEST['motion']))) {
$motion = $stmt->fetch();
}
if (!is_numeric($motion['id'])) {
$motion = array();
foreach (array("title","content","quorum","majority") as $column) {
$motion[$column] = "";
}
$motion["proponent"] = $user['id'];
$motion["proposer"] = $user['name'];
}
} else {
$motion = array();
foreach (array("title","content","quorum","majority") as $column) {
$motion[$column] = "";
}
$motion["proponent"] = $user['id'];
$motion["proposer"] = $user['name'];
}
?>
<form <?php if (is_numeric($_REQUEST['motion'])) { echo(" action=\"?\""); } ?> method="POST">
<input type="hidden" name="action" value="store" />
<?php
if (is_numeric($_REQUEST['motion'])) {
?><input type="hidden" name="motion" value="<?php echo($_REQUEST["motion"]); ?>" /><?php
}
?>
<table>
<tr><td>ID:</td><td><?php htmlesc($motion['tag']); ?></td></tr>
<tr><td>Proponent:</td><td><?php htmlesc($motion['proposer']); ?><input type="hidden" name="proponent" value="<?php htmlesc($user['id']); ?>"></td></tr>
<tr><td>Proposed:</td><td><?php htmlesc($motion['proposed']); ?> UTC</td></tr>
<tr><td>Title:</td><td><input name="title" value="<?php htmlesc($motion['title'])?>"></td></tr>
<tr><td>Text:</td><td><textarea name="content"><?php htmlesc($motion['content'])?></textarea></td></tr>
<tr><td>Quorum:</td><td><select name="quorum">
<option value="<?php echo(ceil($stats["voters"])); ?>" <?php if($motion['quorum'] == $stats["voters"]) { echo(" selected=\"selected\""); } ?>>100% Votes (<?php echo($stats["voters"]); ?>)</option>
<option value="<?php echo(ceil($stats["voters"] / 2)); ?>" <?php if($motion['quorum'] == ceil($stats["voters"] / 2)) { echo(" selected=\"selected\""); } ?>>50% Votes (<?php echo(ceil($stats["voters"] / 2)); ?>)</option>
<option value="2" <?php if($motion['quorum'] == 2) { echo(" selected=\"selected\""); } ?>>2 Votes</option>
<option value="1" <?php if($motion['quorum'] == 1) { echo(" selected=\"selected\""); } ?>>1 Vote</option>
</select></td></tr>
<tr><td>Majority:</td><td><select name="majority">
<option value="50" <?php if($motion['majority'] == 50) { echo(" selected=\"selected\""); } ?>>50%</option>
<option value="67" <?php if($motion['majority'] == 67) { echo(" selected=\"selected\""); } ?>>67%</option>
<option value="75" <?php if($motion['majority'] == 75) { echo(" selected=\"selected\""); } ?>>75%</option>
<option value="100" <?php if($motion['majority'] == 100) { echo(" selected=\"selected\""); } ?>>100%</option>
</td></tr>
<tr><td rowspan="2">Due:</td><td><?php echo($motion['due'])?> UTC</td></tr>
<tr><td><select name="due">
<option value="+3 days">In 3 Days</option>
<option value="+7 days">In 1 Week</option>
<option value="+14 days">In 2 Weeks</option>
</select></td></tr>
<tr><td>&nbsp;</td><td><input type="submit" value="Propose" /></td></tr>
</table>
</form>
<br/>
<a href="motions.php">Back to motions</a>
</body>
</html>