vote.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

<?php
	if ($_SERVER['HTTPS'] != 'on') {
		header("HTTP/1.0 302 Redirect");
		header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
		exit();
	}
	require_once("database.php");
	$db = new DB();
	if (!($user = $db->auth())) {
		header("HTTP/1.0 302 Redirect");
		header("Location: denied.php");
		exit();
	}
?>
<html>
	<head>
		<title>CAcert Board Decisions</title>
		<meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
		<link rel="stylesheet" type="text/css" href="styles.css" />
	</head>
	<body>
		<?php
			if (is_numeric($_REQUEST['motion']) && is_numeric($_REQUEST['vote'])) {
				$stmt = $db->getStatement("get decision");
				$stmt->bindParam(":decision",$_REQUEST['motion']);
				if ($stmt->execute() && ($decision=$stmt->fetch())) {
					if ($decision['status'] == 0) {
						$stmt = $db->getStatement("del vote");
						$stmt->bindParam(":voter",$user['id']);
						$stmt->bindParam(":decision",$_REQUEST['motion']);
						if ($stmt->execute()) {
							$stmt = $db->getStatement("do vote");
							$stmt->bindParam(":voter",$user['id']);
							$stmt->bindParam(":decision",$_REQUEST['motion']);
							$stmt->bindParam(":vote",$_REQUEST['vote']);
							$notes="Direct Vote\n\n".$_SERVER['SSL_CLIENT_CERT'];
							$stmt->bindParam(":notes",$notes);
							if ($stmt->execute()) {
								?>
									<b>Your vote has been registered.</b><br/>
									<a href="motions.php">Back to motions</a>
								<?php
								$name = $user['name'];
								$vote = '';
								switch($_REQUEST['vote']) {
									case 1 : $vote='Aye'; break;
									case -1: $vote='Naye'; break;
									default: $vote='Abstain'; break;
								}
								$tag = $decision['tag'];
								$title = $decision['title'];
								$content = $decision['content'];
								$due = $decision['due']." UTC";
								$body = <<<BODY
Dear Board,

$name has just voted $vote on motion $tag.

Motion:
    $title
    $content

Kind regards,
the vote system

BODY;
								$db->vote_notify("Re: $tag - $title",$body,$tag);
							} else {
								?>
								<b>Your vote has NOT been registered.</b><br/>
								<a href="motions.php">Back to motions</a>
								<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
								<?php
							}
						} else {
							?>
							<b>Your vote has NOT been registered.</b><br/>
							<a href="motions.php">Back to motions</a>
							<i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
							<?php
						}
					} else {
						?>
						<b>Your vote has NOT been registered.</b><br/>
						<b>Voting is alread closed!</b><br/>
						<a href="motions.php">Back to motions</a>
						<?php
					}
				} else {
					?>
					<b>Your vote has NOT been registered.</b><br/>
					<b>Could not find the motion to be voted!</b><br/>
					<a href="motions.php">Back to motions</a>
					<?php
				}
			} else {
				?>
				<b>This call is not a valid vote!</b><br/>
				<a href="motions.php">Back to motions</a>
				<?php
			}
		?>
	</body>
</html>