diff options
Diffstat (limited to 'motions.php')
| -rw-r--r-- | motions.php | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/motions.php b/motions.php index 20b4653..b508385 100644 --- a/motions.php +++ b/motions.php @@ -5,19 +5,21 @@ $user = $db->auth(); if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) { - if (!$user) { + $stmt = $db->getStatement("get decision"); + $stmt->bindParam(":decision",$_REQUEST['id']); + $stmt->execute(); + $decision=$stmt->fetch(); + + if (!$decision || !$user || $user['id'] != $decision['proponent']) { header("HTTP/1.0 302 Redirect"); header("Location: denied.php"); exit(); } - $stmt = $db->getStatement("get decision"); - $stmt->bindParam(":decision",$_REQUEST['id']); - if ($stmt->execute() && ($decision=$stmt->fetch())) { - $name = $user['name']; - $tag = $decision['tag']; - $title = $decision['title']; - $content = $decision['content']; - $body = <<<BODY + $name = $user['name']; + $tag = $decision['tag']; + $title = $decision['title']; + $content = $decision['content']; + $body = <<<BODY Dear Board, $name has withdrawn the motion $tag that was as follows: @@ -28,8 +30,8 @@ $content Kind regards, the voting system BODY; - $db->notify("Re: $tag - $title - withdrawn",$body,$tag); - } + $db->notify("Re: $tag - $title - withdrawn",$body,$tag); + $stmt = $db->getStatement("close decision"); $status = -2; $stmt->bindParam(":status",$status); @@ -115,7 +117,13 @@ BODY; <li><a href="vote.php?motion=<?php echo($row['id']); ?>&vote=0">Abstain</a></li> <li><a href="vote.php?motion=<?php echo($row['id']); ?>&vote=-1">Naye</a></li> <li><a href="proxy.php?motion=<?php echo($row['id']); ?>">Proxy Vote</a></li> + <?php + if ($user && $user['id'] == $row['proponent']) { + ?> <li><a href="motions.php?motion=<?php echo($row['tag']); ?>&withdrawl=1">Withdraw</a></li> + <?php + } + ?> </ul> <?php } else { |