cacert-boardvoting/proxy.php
Philipp Dunkel 99ee040752 Voting Tool
git-svn-id: http://svn.cacert.cl/Software/Voting/vote@34 d4452222-2f33-11de-9270-010000000000
2009-05-21 11:20:15 +00:00

157 lines
4.7 KiB
PHP

<?php
if ($_SERVER['HTTPS'] != 'on') {
header("HTTP/1.0 302 Redirect");
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
$user = $_SERVER['REMOTE_USER'];
require_once("database.php");
$db = new DB();
$stmt = $db->getStatement("get voter");
$stmt->execute(array($user));
if (!($user = $stmt->fetch())) {
header("HTTP/1.0 302 Redirect");
header("Location: denied.php");
exit();
}
?>
<html>
<head>
<title>CAcert Board Decisions</title>
<meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<?php
if (!is_numeric($_REQUEST['motion'])) {
?>
<b>This is not a valid motion!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<?php
} else {
$stmt = $db->getStatement("get decision");
$stmt->bindParam(":decision",$_REQUEST['motion']);
if ($stmt->execute() && ($decision=$stmt->fetch()) && ($decision['status'] == 0)) {
if (is_numeric($_POST['voter']) && is_numeric($_POST['vote']) && is_numeric($_REQUEST['motion']) && ($_POST['justification'] != "")) {
$stmt = $db->getStatement("del vote");
$stmt->bindParam(":voter",$_REQUEST['voter']);
$stmt->bindParam(":decision",$_REQUEST['motion']);
if ($stmt->execute()) {
$stmt = $db->getStatement("do vote");
$stmt->bindParam(":voter",$_REQUEST['voter']);
$stmt->bindParam(":decision",$_REQUEST['motion']);
$stmt->bindParam(":vote",$_REQUEST['vote']);
$notes = "Proxy-Vote by ".$user['name']."\n\n".$_REQUEST['justification']."\n\n".$_SERVER['SSL_CLIENT_CERT'];
$stmt->bindParam(":notes",$notes);
if ($stmt->execute()) {
?>
<b>The vote has been registered.</b><br/>
<a href="motions.php">Back to motions</a>
<?php
$stmt = $db->getStatement("get voter by id");
$stmt->bindParam(":id",$_REQUEST['voter']);
if ($stmt->execute() && ($voter=$stmt->fetch())) {
$voter = $voter['name'];
} else {
$voter = "Voter: ".$_REQUEST['voter'];
}
$name = $user['name'];
$justification = $_REQUEST['justification'];
$vote = '';
switch($_REQUEST['vote']) {
case 1 : $vote='Aye'; break;
case -1: $vote='Naye'; break;
default: $vote='Abstain'; break;
}
$tag = $decision['tag'];
$title = $decision['title'];
$content = $decision['content'];
$due = $decision['due']." UTC";
$body = <<<BODY
Dear Board,
$name has just registered a proxy vote of $vote for $voter on motion $tag.
The justification for this was:
$justification
Motion:
$title
$content
Kind regards,
the vote system
BODY;
mail($board,"Re: $tag - $title",$body);
} else {
?>
<b>The vote has NOT been registered.</b><br/>
<a href="motions.php">Back to motions</a>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
<?php
}
} else {
?>
<b>The vote has NOT been registered.</b><br/>
<a href="motions.php">Back to motions</a>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
<?php
}
} else {
$stmt = $db->getStatement("get voters");
if ($stmt->execute() && ($voters = $stmt->fetchAll())) {
?>
<form method="POST" action="?motion=<?php echo($_REQUEST['motion']); ?>">
<table>
<tr>
<th>Voter</th><th>Vote</th>
</tr>
<tr>
<td><select name="voter"><?php
foreach ($voters as $voter) {
?>
<option value="<?php echo($voter['id']); ?>"<?php if ($voter['id'] == $_POST['voter']) { echo(" selected=\"selected\""); } ?>><?php echo($voter['name']); ?></option>
<?php
}
?></select></td>
<td><select name="vote">
<option value="1"<?php if (1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Aye</option>
<option value="0"<?php if (0 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Abstain</option>
<option value="-1"<?php if (-1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Naye</option>
</select></td>
</tr>
<tr>
<th colspan="2">Justification:</th>
</tr>
<tr>
<td colspan="2"><textarea name="justification"><?php echo($_POST['justification']); ?></textarea></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Proxy Vote" /></td>
</tr>
</table>
</form>
<?php
} else {
?>
<b>Could not retrieve voters!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
<?php
}
}
?>
<?php
} else {
?>
<b>This is not a valid motion!</b><br/>
<a href="motions.php">Back to motions</a><br/>
<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
<?php
}
}
?>
</body>
</html>