summaryrefslogtreecommitdiff
path: root/proxy.php
diff options
context:
space:
mode:
Diffstat (limited to 'proxy.php')
-rw-r--r--proxy.php157
1 files changed, 157 insertions, 0 deletions
diff --git a/proxy.php b/proxy.php
new file mode 100644
index 0000000..77bcc89
--- /dev/null
+++ b/proxy.php
@@ -0,0 +1,157 @@
+<?php
+ if ($_SERVER['HTTPS'] != 'on') {
+ header("HTTP/1.0 302 Redirect");
+ header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
+ exit();
+ }
+ $user = $_SERVER['REMOTE_USER'];
+ require_once("database.php");
+ $db = new DB();
+ $stmt = $db->getStatement("get voter");
+ $stmt->execute(array($user));
+ if (!($user = $stmt->fetch())) {
+ header("HTTP/1.0 302 Redirect");
+ header("Location: denied.php");
+ exit();
+ }
+?>
+<html>
+ <head>
+ <title>CAcert Board Decisions</title>
+ <meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
+ <link rel="stylesheet" type="text/css" href="styles.css" />
+ </head>
+ <body>
+<?php
+ if (!is_numeric($_REQUEST['motion'])) {
+?>
+ <b>This is not a valid motion!</b><br/>
+ <a href="motions.php">Back to motions</a><br/>
+<?php
+ } else {
+ $stmt = $db->getStatement("get decision");
+ $stmt->bindParam(":decision",$_REQUEST['motion']);
+ if ($stmt->execute() && ($decision=$stmt->fetch()) && ($decision['status'] == 0)) {
+ if (is_numeric($_POST['voter']) && is_numeric($_POST['vote']) && is_numeric($_REQUEST['motion']) && ($_POST['justification'] != "")) {
+ $stmt = $db->getStatement("del vote");
+ $stmt->bindParam(":voter",$_REQUEST['voter']);
+ $stmt->bindParam(":decision",$_REQUEST['motion']);
+ if ($stmt->execute()) {
+ $stmt = $db->getStatement("do vote");
+ $stmt->bindParam(":voter",$_REQUEST['voter']);
+ $stmt->bindParam(":decision",$_REQUEST['motion']);
+ $stmt->bindParam(":vote",$_REQUEST['vote']);
+ $notes = "Proxy-Vote by ".$user['name']."\n\n".$_REQUEST['justification']."\n\n".$_SERVER['SSL_CLIENT_CERT'];
+ $stmt->bindParam(":notes",$notes);
+ if ($stmt->execute()) {
+ ?>
+ <b>The vote has been registered.</b><br/>
+ <a href="motions.php">Back to motions</a>
+ <?php
+ $stmt = $db->getStatement("get voter by id");
+ $stmt->bindParam(":id",$_REQUEST['voter']);
+ if ($stmt->execute() && ($voter=$stmt->fetch())) {
+ $voter = $voter['name'];
+ } else {
+ $voter = "Voter: ".$_REQUEST['voter'];
+ }
+ $name = $user['name'];
+ $justification = $_REQUEST['justification'];
+ $vote = '';
+ switch($_REQUEST['vote']) {
+ case 1 : $vote='Aye'; break;
+ case -1: $vote='Naye'; break;
+ default: $vote='Abstain'; break;
+ }
+ $tag = $decision['tag'];
+ $title = $decision['title'];
+ $content = $decision['content'];
+ $due = $decision['due']." UTC";
+ $body = <<<BODY
+Dear Board,
+
+$name has just registered a proxy vote of $vote for $voter on motion $tag.
+
+The justification for this was:
+$justification
+
+Motion:
+$title
+$content
+
+Kind regards,
+the vote system
+
+BODY;
+ mail($board,"Re: $tag - $title",$body);
+ } else {
+ ?>
+ <b>The vote has NOT been registered.</b><br/>
+ <a href="motions.php">Back to motions</a>
+ <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
+ <?php
+ }
+ } else {
+ ?>
+ <b>The vote has NOT been registered.</b><br/>
+ <a href="motions.php">Back to motions</a>
+ <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
+ <?php
+ }
+ } else {
+ $stmt = $db->getStatement("get voters");
+ if ($stmt->execute() && ($voters = $stmt->fetchAll())) {
+?>
+ <form method="POST" action="?motion=<?php echo($_REQUEST['motion']); ?>">
+ <table>
+ <tr>
+ <th>Voter</th><th>Vote</th>
+ </tr>
+ <tr>
+ <td><select name="voter"><?php
+ foreach ($voters as $voter) {
+?>
+ <option value="<?php echo($voter['id']); ?>"<?php if ($voter['id'] == $_POST['voter']) { echo(" selected=\"selected\""); } ?>><?php echo($voter['name']); ?></option>
+<?php
+ }
+ ?></select></td>
+ <td><select name="vote">
+ <option value="1"<?php if (1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Aye</option>
+ <option value="0"<?php if (0 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Abstain</option>
+ <option value="-1"<?php if (-1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Naye</option>
+ </select></td>
+ </tr>
+ <tr>
+ <th colspan="2">Justification:</th>
+ </tr>
+ <tr>
+ <td colspan="2"><textarea name="justification"><?php echo($_POST['justification']); ?></textarea></td>
+ </tr>
+ <tr>
+ <td colspan="2"><input type="submit" value="Proxy Vote" /></td>
+ </tr>
+ </table>
+ </form>
+<?php
+ } else {
+?>
+ <b>Could not retrieve voters!</b><br/>
+ <a href="motions.php">Back to motions</a><br/>
+ <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
+<?php
+ }
+ }
+?>
+
+<?php
+ } else {
+?>
+ <b>This is not a valid motion!</b><br/>
+ <a href="motions.php">Back to motions</a><br/>
+ <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
+<?php
+ }
+ }
+?>
+ </body>
+</html>