Add code from real production environment
[cacert-boardvoting.git] / motion.php
1 <?php
2 if ($_SERVER['HTTPS'] != 'on') {
3 header("HTTP/1.0 302 Redirect");
4 header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
5 exit();
6 }
7 require_once("database.php");
8 $db = new DB();
9 if (!($user = $db->auth())) {
10 header("HTTP/1.0 302 Redirect");
11 header("Location: denied.php");
12 exit();
13 }
14 $db->getStatement("stats")->execute();
15 $stats = $db->getStatement("stats")->fetch();
16 ?>
17 <html>
18 <head>
19 <title>CAcert Board Decisions</title>
20 <meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
21 <link rel="stylesheet" type="text/css" href="styles.css" />
22 </head>
23 <body>
24 <?php
25 if ($_REQUEST['action'] == "store") {
26 if (is_numeric($_REQUEST['motion'])) {
27 $stmt = $db->getStatement("update decision");
28 $stmt->bindParam(":id",$_POST['motion']);
29 $stmt->bindParam(":proponent",$user['id']);
30 $stmt->bindParam(":title",$_POST['title']);
31 $stmt->bindParam(":content",$_POST['content']);
32 $stmt->bindParam(":due",$_POST['due']);
33 $stmt->bindParam(":votetype",$_POST['votetype']);
34 if ($stmt->execute()) {
35 ?>
36 <b>The motion has been proposed!</b><br/>
37 <a href="motions.php">Back to motions</a><br/>
38 <br/>
39 <br/>
40 <?php
41 $decision = $db->getStatement("get decision")->execute(array($_POST['motion']))?$db->getStatement("get decision")->fetch():array();
42 $name = $user['name'];
43 $tag = $decision['tag'];
44 $title = $decision['title'];
45 $content =$decision['content'];
46 $due = $decision['due']." UTC";
47 $votetype = !$decision['votetype'] ? 'motion' : 'veto';
48 $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
49 $voteurl = $baseurl."vote.php?motion=".$decision['id'];
50 $unvoted = $baseurl."motions.php?unvoted=1";
51 $body = <<<BODY
52 Dear Board,
53
54 $name has modified motion $tag to the following:
55
56 $title
57 $content
58
59 Vote type: $votetype
60
61 To vote please choose:
62
63 Aye: $voteurl&vote=1
64 Naye: $voteurl&vote=-1
65 Abstain: $voteurl&vote=0
66
67 Please be aware, that if you have voted already your vote is still registered and valid.
68 If this modification has an impact on how you wish to vote, you are responsible for voting
69 again.
70
71 To see all your outstanding votes : $unvoted
72
73 Kind regards,
74 the voting system
75 BODY;
76 $db->notify("Re: $tag - $title - modified",$body,$tag);
77 } else {
78 ?>
79 <b>The motion has NOT been proposed!</b><br/>
80 <a href="motions.php">Back to motions</a><br/>
81 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
82 <br/>
83 <br/>
84 <?php
85 }
86 } else {
87 $stmt = $db->getStatement("create decision");
88 $stmt->bindParam(":proponent",$user['id']);
89 $stmt->bindParam(":title",$_POST['title']);
90 $stmt->bindParam(":content",$_POST['content']);
91 $stmt->bindParam(":votetype",$_POST['votetype']);
92 $stmt->bindParam(":due",$_POST['due']);
93 if ($stmt->execute()) {
94 ?>
95 <b>The motion has been proposed!</b><br/>
96 <a href="motions.php">Back to motions</a><br/>
97 <br/>
98 <br/>
99 <?php
100 $decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
101 $name = $user['name'];
102 $tag = $decision['tag'];
103 $title = $decision['title'];
104 $content =$decision['content'];
105 $due = $decision['due']." UTC";
106 $votetype = !$decision['votetype'] ? 'motion' : 'veto';
107 $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
108 $voteurl = $baseurl."vote.php?motion=".$decision['id'];
109 $unvoted = $baseurl."motions.php?unvoted=1";
110 $body = <<<BODY
111 Dear Board,
112
113 $name has made the following motion:
114
115 $title
116 $content
117
118 Vote type: $votetype
119
120 Voting will close $due.
121
122 To vote please choose:
123
124 Aye: $voteurl&vote=1
125 Naye: $voteurl&vote=-1
126 Abstain: $voteurl&vote=0
127
128 To see all your outstanding votes : $unvoted
129
130 Kind regards,
131 the voting system
132 BODY;
133 $db->notify("$tag - $title",$body,$tag,TRUE);
134 } else {
135 ?>
136 <b>The motion has NOT been proposed!</b><br/>
137 <a href="motions.php">Back to motions</a><br/>
138 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
139 <br/>
140 <br/>
141 <?php
142 }
143 }
144
145 }
146 if (is_numeric($_REQUEST['motion'])) {
147 $stmt = $db->getStatement("get decision");
148 if ($stmt->execute(array($_REQUEST['motion']))) {
149 $motion = $stmt->fetch();
150 }
151 if (!is_numeric($motion['id'])) {
152 $motion = array();
153 foreach (array("title","content") as $column) {
154 $motion[$column] = "";
155 }
156 $motion["proposer"] = $user['name'];
157 $motion["votetype"] = 0; // defaults to motion
158 }
159 } else {
160 $motion = array();
161 foreach (array("title","content") as $column) {
162 $motion[$column] = "";
163 }
164 $motion["proposer"] = $user['name'];
165 $motion["votetype"] = 0; // defaults to motion
166 }
167 ?>
168 <form <?php if (is_numeric($_REQUEST['motion'])) { echo(" action=\"?\""); } ?> method="POST">
169 <input type="hidden" name="action" value="store" />
170 <?php
171 if (is_numeric($_REQUEST['motion'])) {
172 ?><input type="hidden" name="motion" value="<?php echo($_REQUEST["motion"]); ?>" /><?php
173 }
174 ?>
175 <table>
176 <tr><td>ID:</td><td><?php echo htmlentities($motion['tag']); ?></td></tr>
177 <tr><td>Proponent:</td><td><?php echo htmlentities($motion['proposer']); ?></td></tr>
178 <tr><td>Proposed date/time:</td><td><?php echo htmlentities($motion['proposed'] ? $motion['proposed']." UTC" : '(auto filled to current date/time)'); ?></td></tr>
179 <tr><td>Title:</td><td><input name="title" value="<?php echo htmlentities($motion['title'])?>"></td></tr>
180 <tr><td>Text:</td><td><textarea name="content"><?php echo htmlspecialchars($motion['content'])?></textarea></td></tr>
181 <tr><td>Vote type:</td><td><select name="votetype">
182 <option value="0" <?php if(!$motion['votetype']) { echo(" selected=\"selected\""); } ?>>Motion</option>
183 <option value="1" <?php if($motion['votetype']) { echo(" selected=\"selected\""); } ?>>Veto</option>
184 </select></td></tr>
185 <tr><td rowspan="2">Due:</td><td><?php echo($motion['due'] ? $motion['due'].' UTC' : '(autofilled from option below)')?></td></tr>
186 <tr><td><select name="due">
187 <option value="+3 days">In 3 Days</option>
188 <option value="+7 days">In 1 Week</option>
189 <option value="+14 days">In 2 Weeks</option>
190 <option value="+28 days">In 4 Weeks</option>
191 </select></td></tr>
192 <tr><td>&nbsp;</td><td><input type="submit" value="Propose" /></td></tr>
193 </table>
194 </form>
195 <br/>
196 <a href="motions.php">Back to motions</a>
197 </body>
198 </html>