cacert-boardvoting/motion.php
Jan Dittberner 47b09aee9c Add code from real production environment
This commit uses the code running on webmail.cacert.org:/var/www/board
2017-04-15 12:04:02 +02:00

198 lines
6.5 KiB
PHP

<?php
if ($_SERVER['HTTPS'] != 'on') {
header("HTTP/1.0 302 Redirect");
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
require_once("database.php");
$db = new DB();
if (!($user = $db->auth())) {
header("HTTP/1.0 302 Redirect");
header("Location: denied.php");
exit();
}
$db->getStatement("stats")->execute();
$stats = $db->getStatement("stats")->fetch();
?>
<html>
<head>
<title>CAcert Board Decisions</title>
<meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<?php
if ($_REQUEST['action'] == "store") {
if (is_numeric($_REQUEST['motion'])) {
$stmt = $db->getStatement("update decision");
$stmt->bindParam(":id",$_POST['motion']);
$stmt->bindParam(":proponent",$user['id']);
$stmt->bindParam(":title",$_POST['title']);
$stmt->bindParam(":content",$_POST['content']);
$stmt->bindParam(":due",$_POST['due']);
$stmt->bindParam(":votetype",$_POST['votetype']);
if ($stmt->execute()) {
?>
<b>The motion has been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<br/>
<br/>
<?php
$decision = $db->getStatement("get decision")->execute(array($_POST['motion']))?$db->getStatement("get decision")->fetch():array();
$name = $user['name'];
$tag = $decision['tag'];
$title = $decision['title'];
$content =$decision['content'];
$due = $decision['due']." UTC";
$votetype = !$decision['votetype'] ? 'motion' : 'veto';
$baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
$voteurl = $baseurl."vote.php?motion=".$decision['id'];
$unvoted = $baseurl."motions.php?unvoted=1";
$body = <<<BODY
Dear Board,
$name has modified motion $tag to the following:
$title
$content
Vote type: $votetype
To vote please choose:
Aye: $voteurl&vote=1
Naye: $voteurl&vote=-1
Abstain: $voteurl&vote=0
Please be aware, that if you have voted already your vote is still registered and valid.
If this modification has an impact on how you wish to vote, you are responsible for voting
again.
To see all your outstanding votes : $unvoted
Kind regards,
the voting system
BODY;
$db->notify("Re: $tag - $title - modified",$body,$tag);
} else {
?>
<b>The motion has NOT been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
<br/>
<br/>
<?php
}
} else {
$stmt = $db->getStatement("create decision");
$stmt->bindParam(":proponent",$user['id']);
$stmt->bindParam(":title",$_POST['title']);
$stmt->bindParam(":content",$_POST['content']);
$stmt->bindParam(":votetype",$_POST['votetype']);
$stmt->bindParam(":due",$_POST['due']);
if ($stmt->execute()) {
?>
<b>The motion has been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<br/>
<br/>
<?php
$decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
$name = $user['name'];
$tag = $decision['tag'];
$title = $decision['title'];
$content =$decision['content'];
$due = $decision['due']." UTC";
$votetype = !$decision['votetype'] ? 'motion' : 'veto';
$baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
$voteurl = $baseurl."vote.php?motion=".$decision['id'];
$unvoted = $baseurl."motions.php?unvoted=1";
$body = <<<BODY
Dear Board,
$name has made the following motion:
$title
$content
Vote type: $votetype
Voting will close $due.
To vote please choose:
Aye: $voteurl&vote=1
Naye: $voteurl&vote=-1
Abstain: $voteurl&vote=0
To see all your outstanding votes : $unvoted
Kind regards,
the voting system
BODY;
$db->notify("$tag - $title",$body,$tag,TRUE);
} else {
?>
<b>The motion has NOT been proposed!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
<br/>
<br/>
<?php
}
}
}
if (is_numeric($_REQUEST['motion'])) {
$stmt = $db->getStatement("get decision");
if ($stmt->execute(array($_REQUEST['motion']))) {
$motion = $stmt->fetch();
}
if (!is_numeric($motion['id'])) {
$motion = array();
foreach (array("title","content") as $column) {
$motion[$column] = "";
}
$motion["proposer"] = $user['name'];
$motion["votetype"] = 0; // defaults to motion
}
} else {
$motion = array();
foreach (array("title","content") as $column) {
$motion[$column] = "";
}
$motion["proposer"] = $user['name'];
$motion["votetype"] = 0; // defaults to motion
}
?>
<form <?php if (is_numeric($_REQUEST['motion'])) { echo(" action=\"?\""); } ?> method="POST">
<input type="hidden" name="action" value="store" />
<?php
if (is_numeric($_REQUEST['motion'])) {
?><input type="hidden" name="motion" value="<?php echo($_REQUEST["motion"]); ?>" /><?php
}
?>
<table>
<tr><td>ID:</td><td><?php echo htmlentities($motion['tag']); ?></td></tr>
<tr><td>Proponent:</td><td><?php echo htmlentities($motion['proposer']); ?></td></tr>
<tr><td>Proposed date/time:</td><td><?php echo htmlentities($motion['proposed'] ? $motion['proposed']." UTC" : '(auto filled to current date/time)'); ?></td></tr>
<tr><td>Title:</td><td><input name="title" value="<?php echo htmlentities($motion['title'])?>"></td></tr>
<tr><td>Text:</td><td><textarea name="content"><?php echo htmlspecialchars($motion['content'])?></textarea></td></tr>
<tr><td>Vote type:</td><td><select name="votetype">
<option value="0" <?php if(!$motion['votetype']) { echo(" selected=\"selected\""); } ?>>Motion</option>
<option value="1" <?php if($motion['votetype']) { echo(" selected=\"selected\""); } ?>>Veto</option>
</select></td></tr>
<tr><td rowspan="2">Due:</td><td><?php echo($motion['due'] ? $motion['due'].' UTC' : '(autofilled from option below)')?></td></tr>
<tr><td><select name="due">
<option value="+3 days">In 3 Days</option>
<option value="+7 days">In 1 Week</option>
<option value="+14 days">In 2 Weeks</option>
<option value="+28 days">In 4 Weeks</option>
</select></td></tr>
<tr><td>&nbsp;</td><td><input type="submit" value="Propose" /></td></tr>
</table>
</form>
<br/>
<a href="motions.php">Back to motions</a>
</body>
</html>