php functions for escaping
[cacert-boardvoting.git] / motion.php
1 <?php
2 if ($_SERVER['HTTPS'] != 'on') {
3 header("HTTP/1.0 302 Redirect");
4 header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
5 exit();
6 }
7 $user = $_SERVER['REMOTE_USER'];
8 require_once("database.php");
9 $db = new DB();
10 $stmt = $db->getStatement("get voter");
11 $stmt->execute(array($user));
12 if (!($user = $stmt->fetch())) {
13 header("HTTP/1.0 302 Redirect");
14 header("Location: denied.php");
15 exit();
16 }
17 $db->getStatement("stats")->execute();
18 $stats = $db->getStatement("stats")->fetch();
19 ?>
20 <html>
21 <head>
22 <title>CAcert Board Decisions</title>
23 <meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
24 <link rel="stylesheet" type="text/css" href="styles.css" />
25 </head>
26 <body>
27 <?php
28 if ($_REQUEST['action'] == "store") {
29 if (is_numeric($_REQUEST['motion'])) {
30 $stmt = $db->getStatement("update decision");
31 $stmt->bindParam(":id",$_POST['motion']);
32 $stmt->bindParam(":proponent",$_POST['proponent']);
33 $stmt->bindParam(":title",$_POST['title']);
34 $stmt->bindParam(":content",$_POST['content']);
35 $stmt->bindParam(":quorum",$_POST['quorum']);
36 $stmt->bindParam(":majority",$_POST['majority']);
37 $stmt->bindParam(":due",$_POST['due']);
38 if ($stmt->execute()) {
39 ?>
40 <b>The motion has been proposed!</b><br/>
41 <a href="motions.php">Back to motions</a><br/>
42 <br/>
43 <br/>
44 <?php
45 $decision = $db->getStatement("get decision")->execute(array($_POST['motion']))?$db->getStatement("get decision")->fetch():array();
46 $name = $user['name'];
47 $tag = $decision['tag'];
48 $title = $decision['title'];
49 $content =$decision['content'];
50 $due = $decision['due']." UTC";
51 $quorum = $decision['quorum'];
52 $majority = $decision['majority'];
53 $voteurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','vote.php',$_SERVER['REQUEST_URI'])."?motion=".$decision['id'];
54 $body = <<<BODY
55 Dear Board,
56
57 $name has modified motion $tag to the following:
58
59 $title
60 $content
61
62 To pass a minimum of $quorum votes and a $majority% acceptance will be required.
63 Voting will close $due.
64
65 To vote please choose:
66
67 Aye: $voteurl&vote=1
68 Naye: $voteurl&vote=-1
69 Abstain: $voteurl&vote=0
70
71 Please be aware, that if you have voted already your vote is still registered and valid.
72 If this modification has an impact on how you wish to vote, you are responsible for voting
73 again.
74
75 Kind regards,
76 the voting system
77 BODY;
78 $db->notify("Re: $tag - $title",$body);
79 } else {
80 ?>
81 <b>The motion has NOT been proposed!</b><br/>
82 <a href="motions.php">Back to motions</a><br/>
83 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
84 <br/>
85 <br/>
86 <?php
87 }
88 } else {
89 $stmt = $db->getStatement("create decision");
90 $stmt->bindParam(":proponent",$_POST['proponent']);
91 $stmt->bindParam(":title",$_POST['title']);
92 $stmt->bindParam(":content",$_POST['content']);
93 $stmt->bindParam(":quorum",$_POST['quorum']);
94 $stmt->bindParam(":majority",$_POST['majority']);
95 $stmt->bindParam(":due",$_POST['due']);
96 if ($stmt->execute()) {
97 $db->getStatement("post create")->execute();
98 ?>
99 <b>The motion has been proposed!</b><br/>
100 <a href="motions.php">Back to motions</a><br/>
101 <br/>
102 <br/>
103 <?php
104 $decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
105 $name = $user['name'];
106 $tag = $decision['tag'];
107 $title = $decision['title'];
108 $content =$decision['content'];
109 $due = $decision['due']." UTC";
110 $quorum = $decision['quorum'];
111 $majority = $decision['majority'];
112 $voteurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','vote.php',$_SERVER['REQUEST_URI'])."?motion=".$decision['id'];
113 $body = <<<BODY
114 Dear Board,
115
116 $name has made the following motion:
117
118 $title
119 $content
120
121 To pass a minimum of $quorum votes and a $majority% acceptance will be required.
122 Voting will close $due.
123
124 To vote please choose:
125
126 Aye: $voteurl&vote=1
127 Naye: $voteurl&vote=-1
128 Abstain: $voteurl&vote=0
129
130 Kind regards,
131 the voting system
132 BODY;
133 $db->notify("$tag - $title",$body);
134 } else {
135 ?>
136 <b>The motion has NOT been proposed!</b><br/>
137 <a href="motions.php">Back to motions</a><br/>
138 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
139 <br/>
140 <br/>
141 <?php
142 }
143 }
144
145 }
146 if (is_numeric($_REQUEST['motion'])) {
147 $stmt = $db->getStatement("get decision");
148 if ($stmt->execute(array($_REQUEST['motion']))) {
149 $motion = $stmt->fetch();
150 }
151 if (!is_numeric($motion['id'])) {
152 $motion = array();
153 foreach (array("title","content","quorum","majority") as $column) {
154 $motion[$column] = "";
155 }
156 $motion["proponent"] = $user['id'];
157 $motion["proposer"] = $user['name'];
158 }
159 } else {
160 $motion = array();
161 foreach (array("title","content","quorum","majority") as $column) {
162 $motion[$column] = "";
163 }
164 $motion["proponent"] = $user['id'];
165 $motion["proposer"] = $user['name'];
166 }
167 ?>
168 <form <?php if (is_numeric($_REQUEST['motion'])) { echo(" action=\"?\""); } ?> method="POST">
169 <input type="hidden" name="action" value="store" />
170 <?php
171 if (is_numeric($_REQUEST['motion'])) {
172 ?><input type="hidden" name="motion" value="<?php echo($_REQUEST["motion"]); ?>" /><?php
173 }
174 ?>
175 <table>
176 <tr><td>ID:</td><td><?php echo htmlentities($motion['tag']); ?></td></tr>
177 <tr><td>Proponent:</td><td><?php echo htmlentities($motion['proposer']); ?><input type="hidden" name="proponent" value="<?php echo htmlentities($user['id']); ?>"></td></tr>
178 <tr><td>Proposed:</td><td><?php echo htmlentities($motion['proposed']); ?> UTC</td></tr>
179 <tr><td>Title:</td><td><input name="title" value="<?php echo htmlentities($motion['title'])?>"></td></tr>
180 <tr><td>Text:</td><td><textarea name="content"><?php echo htmlspecialchars($motion['content'])?></textarea></td></tr>
181 <tr><td>Quorum:</td><td><select name="quorum">
182 <option value="<?php echo(ceil($stats["voters"])); ?>" <?php if($motion['quorum'] == $stats["voters"]) { echo(" selected=\"selected\""); } ?>>100% Votes (<?php echo($stats["voters"]); ?>)</option>
183 <option value="<?php echo(ceil($stats["voters"] / 2)); ?>" <?php if($motion['quorum'] == ceil($stats["voters"] / 2)) { echo(" selected=\"selected\""); } ?>>50% Votes (<?php echo(ceil($stats["voters"] / 2)); ?>)</option>
184 <option value="2" <?php if($motion['quorum'] == 2) { echo(" selected=\"selected\""); } ?>>2 Votes</option>
185 <option value="1" <?php if($motion['quorum'] == 1) { echo(" selected=\"selected\""); } ?>>1 Vote</option>
186 </select></td></tr>
187 <tr><td>Majority:</td><td><select name="majority">
188 <option value="50" <?php if($motion['majority'] == 50) { echo(" selected=\"selected\""); } ?>>50%</option>
189 <option value="67" <?php if($motion['majority'] == 67) { echo(" selected=\"selected\""); } ?>>67%</option>
190 <option value="75" <?php if($motion['majority'] == 75) { echo(" selected=\"selected\""); } ?>>75%</option>
191 <option value="100" <?php if($motion['majority'] == 100) { echo(" selected=\"selected\""); } ?>>100%</option>
192 </td></tr>
193 <tr><td rowspan="2">Due:</td><td><?php echo($motion['due'])?> UTC</td></tr>
194 <tr><td><select name="due">
195 <option value="+3 days">In 3 Days</option>
196 <option value="+7 days">In 1 Week</option>
197 <option value="+14 days">In 2 Weeks</option>
198 </select></td></tr>
199 <tr><td>&nbsp;</td><td><input type="submit" value="Propose" /></td></tr>
200 </table>
201 </form>
202 <br/>
203 <a href="motions.php">Back to motions</a>
204 </body>
205 </html>