diff options
| -rw-r--r-- | .htaccess | 2 | ||||
| -rw-r--r-- | motions.php | 40 |
2 files changed, 34 insertions, 8 deletions
@@ -17,7 +17,7 @@ php_value safe_mode_exec_dir /var/empty -<FilesMatch "^(motion|vote|proxy)\.php$"> +<FilesMatch "^(motions?|vote|proxy)\.php$"> # these files require authentication <IfModule mod_ssl.c> SSLOptions +OptRenegotiate +StdEnvVars +ExportCertData diff --git a/motions.php b/motions.php index 7784e23..ca045ce 100644 --- a/motions.php +++ b/motions.php @@ -3,6 +3,39 @@ $db = new DB(); $db->closeVotes(); $page = is_numeric($_REQUEST['page'])?$_REQUEST['page']:1; + + if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) { + if (!($user = $db->auth())) { + header("HTTP/1.0 302 Redirect"); + header("Location: denied.php"); + exit(); + } + $stmt = $db->getStatement("get decision"); + $stmt->bindParam(":decision",$_REQUEST['id']); + if ($stmt->execute() && ($decision=$stmt->fetch())) { + $name = $user['name']; + $tag = $decision['tag']; + $title = $decision['title']; + $content = $decision['content']; + $body = <<<BODY +Dear Board, + +$name has withdrawn the motion $tag that was as follows: + +$title +$content + +Kind regards, +the voting system +BODY; + $db->notify("Re: $tag - $title - withdrawn",$body); + } + $stmt = $db->getStatement("close decision"); + $status = -2; + $stmt->bindParam(":status",$status); + $stmt->bindParam(":decision",$_REQUEST['id']); + $stmt->execute(); + } ?> <html> <head> @@ -18,13 +51,6 @@ <th>Actions</th> </tr> <?php - if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) { - $stmt = $db->getStatement("close decision"); - $status = -2; - $stmt->bindParam(":status",$status); - $stmt->bindParam(":decision",$_REQUEST['id']); - $stmt->execute(); - } if ($_REQUEST['motion']) { $stmt = $db->getStatement("list decision"); $stmt->execute(array($_REQUEST['motion'])); |