diff --git a/.htaccess b/.htaccess
index 36336c2..7a803b2 100644
--- a/.htaccess
+++ b/.htaccess
@@ -17,7 +17,7 @@ php_value 	safe_mode_exec_dir	/var/empty
 
 
 
-<FilesMatch "^(motion|vote|proxy)\.php$">
+<FilesMatch "^(motions?|vote|proxy)\.php$">
 	# these files require authentication
 	<IfModule mod_ssl.c>
 	SSLOptions +OptRenegotiate +StdEnvVars +ExportCertData
diff --git a/motions.php b/motions.php
index 7784e23..ca045ce 100644
--- a/motions.php
+++ b/motions.php
@@ -3,6 +3,39 @@
 	$db = new DB();
 	$db->closeVotes();
 	$page = is_numeric($_REQUEST['page'])?$_REQUEST['page']:1;
+
+	if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
+		if (!($user = $db->auth())) {
+	                header("HTTP/1.0 302 Redirect");
+	                header("Location: denied.php");
+	                exit();
+		}
+		$stmt = $db->getStatement("get decision");
+		$stmt->bindParam(":decision",$_REQUEST['id']);
+		if ($stmt->execute() && ($decision=$stmt->fetch())) {
+			$name = $user['name'];
+			$tag = $decision['tag'];
+			$title = $decision['title'];
+			$content = $decision['content'];
+			$body = <<<BODY
+Dear Board,
+
+$name has withdrawn the motion $tag that was as follows:
+
+$title
+$content
+
+Kind regards,
+the voting system
+BODY;
+			$db->notify("Re: $tag - $title - withdrawn",$body);
+		}
+		$stmt = $db->getStatement("close decision");
+		$status = -2;
+		$stmt->bindParam(":status",$status);
+		$stmt->bindParam(":decision",$_REQUEST['id']);
+		$stmt->execute();
+	}
 ?>
 <html>
 	<head>
@@ -18,13 +51,6 @@
 				<th>Actions</th>
 			</tr>
 			<?php
-				if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
-					$stmt = $db->getStatement("close decision");
-					$status = -2;
-					$stmt->bindParam(":status",$status);
-					$stmt->bindParam(":decision",$_REQUEST['id']);
-					$stmt->execute();
-				}
 				if ($_REQUEST['motion']) {
 					$stmt = $db->getStatement("list decision");
 					$stmt->execute(array($_REQUEST['motion']));