proxy.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

<?php
	if ($_SERVER['HTTPS'] != 'on') {
		header("HTTP/1.0 302 Redirect");
		header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
		exit();
	}
	require_once("database.php");
	$db = new DB();
	if (!($user = $db->auth())) {
		header("HTTP/1.0 302 Redirect");
		header("Location: denied.php");
		exit();
	}
?>
<html>
	<head>
		<title>CAcert Board Decisions</title>
		<meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
		<link rel="stylesheet" type="text/css" href="styles.css" />
	</head>
	<body>
<?php
	if (!is_numeric($_REQUEST['motion'])) {
?>
		<b>This is not a valid motion!</b><br/>
		<a href="motions.php">Back to motions</a><br/>
<?php
	} else {
		$stmt = $db->getStatement("get decision");
		$stmt->bindParam(":decision",$_REQUEST['motion']);
		if ($stmt->execute() && ($decision=$stmt->fetch()) && ($decision['status'] == 0)) {
			if (is_numeric($_POST['voter']) && is_numeric($_POST['vote']) && is_numeric($_REQUEST['motion']) && ($_POST['justification'] != "")) {
				$stmt = $db->getStatement("del vote");
				$stmt->bindParam(":voter",$_REQUEST['voter']);
				$stmt->bindParam(":decision",$_REQUEST['motion']);
				if ($stmt->execute()) {
					$stmt = $db->getStatement("do vote");
					$stmt->bindParam(":voter",$_REQUEST['voter']);
					$stmt->bindParam(":decision",$_REQUEST['motion']);
					$stmt->bindParam(":vote",$_REQUEST['vote']);
					$notes = "Proxy-Vote by ".$user['name']."\n\n".$_REQUEST['justification']."\n\n".$_SERVER['SSL_CLIENT_CERT'];
					$stmt->bindParam(":notes",$notes);
					if ($stmt->execute()) {
						?>
							<b>The vote has been registered.</b><br/>
							<a href="motions.php">Back to motions</a>
						<?php
						$stmt = $db->getStatement("get voter by id");
						$stmt->bindParam(":id",$_REQUEST['voter']);
						if ($stmt->execute() && ($voter=$stmt->fetch())) {
							$voter = $voter['name'];
						} else {
							$voter = "Voter: ".$_REQUEST['voter'];
						}
						$name = $user['name'];
						$justification = $_REQUEST['justification'];
						$vote = '';
						switch($_REQUEST['vote']) {
							case 1 : $vote='Aye'; break;
							case -1: $vote='Naye'; break;
							default: $vote='Abstain'; break;
						}
						$tag = $decision['tag'];
						$title = $decision['title'];
						$content = $decision['content'];
						$due = $decision['due']." UTC";
						$body = <<<BODY
Dear Board,

$name has just registered a proxy vote of $vote for $voter on motion $tag.

The justification for this was:
$justification

Motion:
$title
$content

Kind regards,
the vote system

BODY;
						$db->notify("Re: $tag - $title",$body);
					} else {
						?>
						<b>The vote has NOT been registered.</b><br/>
						<a href="motions.php">Back to motions</a>
						<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
						<?php
					}
				} else {
					?>
					<b>The vote has NOT been registered.</b><br/>
					<a href="motions.php">Back to motions</a>
					<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
					<?php
				}
			} else {
			$stmt = $db->getStatement("get voters");
			if ($stmt->execute() && ($voters = $stmt->fetchAll())) {
?>
			<form method="POST" action="?motion=<?php echo($_REQUEST['motion']); ?>">
			<table>
				<tr>
					<th>Voter</th><th>Vote</th>
				</tr>
				<tr>
					<td><select name="voter"><?php
					foreach ($voters as $voter) {
?>
						<option value="<?php echo($voter['id']); ?>"<?php if ($voter['id'] == $_POST['voter']) { echo(" selected=\"selected\""); } ?>><?php echo($voter['name']); ?></option>
<?php
					}
					?></select></td>
					<td><select name="vote">
						<option value="1"<?php if (1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Aye</option>
						<option value="0"<?php if (0 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Abstain</option>
						<option value="-1"<?php if (-1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Naye</option>
					</select></td>
				</tr>
				<tr>
					<th colspan="2">Justification:</th>
				</tr>
				<tr>
					<td colspan="2"><textarea name="justification"><?php echo($_POST['justification']); ?></textarea></td>
				</tr>
				<tr>
					<td colspan="2"><input type="submit" value="Proxy Vote" /></td>
				</tr>
			</table>
			</form>
<?php
			} else {
?>
				<b>Could not retrieve voters!</b><br/>
				<a href="motions.php">Back to motions</a><br/>
				<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
<?php
			}
		}
?>
			
<?php
		} else {
?>
			<b>This is not a valid motion!</b><br/>
			<a href="motions.php">Back to motions</a><br/>
			<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
<?php	
		}
	}
?>
	</body>
</html>