Remove ability to modify motions.
[cacert-boardvoting.git] / motions.php
1 <?php
2 require_once("database.php");
3 $db = new DB();
4 $page = is_numeric($_REQUEST['page'])?$_REQUEST['page']:1;
5 $user = $db->auth();
6
7 if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
8 if (!$user) {
9 header("HTTP/1.0 302 Redirect");
10 header("Location: denied.php");
11 exit();
12 }
13 $stmt = $db->getStatement("get decision");
14 $stmt->bindParam(":decision",$_REQUEST['id']);
15 if ($stmt->execute() && ($decision=$stmt->fetch())) {
16 $name = $user['name'];
17 $tag = $decision['tag'];
18 $title = $decision['title'];
19 $content = $decision['content'];
20 $body = <<<BODY
21 Dear Board,
22
23 $name has withdrawn the motion $tag that was as follows:
24
25 $title
26 $content
27
28 Kind regards,
29 the voting system
30 BODY;
31 $db->notify("Re: $tag - $title - withdrawn",$body,$tag);
32 }
33 $stmt = $db->getStatement("close decision");
34 $status = -2;
35 $stmt->bindParam(":status",$status);
36 $stmt->bindParam(":decision",$_REQUEST['id']);
37 $stmt->execute();
38 }
39 ?>
40 <html>
41 <head>
42 <title>CAcert Board Decisions</title>
43 <meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
44 <link rel="stylesheet" type="text/css" href="styles.css" />
45 </head>
46 <body>
47 <?php
48 if ($user) echo '<a href="?unvoted=1">Show my outstanding votes</a><br/>';
49 ?>
50 <table class="list">
51 <tr>
52 <th>Status</th>
53 <th>Motion</th>
54 <th>Actions</th>
55 </tr>
56 <?php
57 if ($_REQUEST['motion']) {
58 $stmt = $db->getStatement("list decision");
59 $stmt->execute(array($_REQUEST['motion']));
60 } else {
61 if ($user && $_REQUEST['unvoted']) {
62 $stmt = $db->getStatement("list my unvoted decisions");
63 $stmt->bindParam(":id",$user['id']);
64 } else {
65 $stmt = $db->getStatement("list decisions");
66 }
67 $stmt->bindParam(":page",$page);
68 $stmt->execute();
69 }
70 $items = 0;
71 $id = -1;
72 while ($row = $stmt->fetch()) {
73 $items++;
74 $id = $row['id'];
75 ?><tr>
76 <td class="<?php switch($row['status']) { case 0: echo "pending"; break; case 1: echo "approved"; break; case -1: echo "declined"; break; case -2: echo "withdrawn"; break; }?>">
77 <?php
78 switch($row['status']) {
79 case 0: echo "Pending<br/><i>".$row['due']." UTC</i>"; break;
80 case 1: echo "Approved<br/><i>".$row['modified']." UTC</i>"; break;
81 case -1: echo "Declined<br/><i>".$row['modified']." UTC</i>"; break;
82 case -2: echo "Withdrawn<br/><i>".$row['modified']." UTC</i>"; break;
83 }
84 ?>
85 </td>
86 <td>
87 <i><a href="motions.php?motion=<?php echo $row['tag'].'">'.$row['tag']; ?></a></i><br/>
88 <b><?php echo htmlspecialchars($row['title']); ?></b><br/>
89 <pre><?php echo wordwrap(htmlspecialchars($row['content'])); ?></pre>
90 <br/>
91 <i>Due: <?php echo($row['due']); ?> UTC</i><br/>
92 <i>Proposed: <?php echo($row['proposer']); ?> (<?php echo($row['proposed']); ?> UTC)</i><br/>
93 <i>Vote type: <?php echo(!$row['votetype']?'motion':'veto'); ?></i><br/>
94 <i>Aye|Naye|Abstain: <?php echo($row['ayes']); ?>|<?php echo($row['nayes']); ?>|<?php echo($row['abstains']); ?></i><br/>
95 <?php
96 if ($row['status'] ==0 || $_REQUEST['showvotes']) {
97 $state = array('Naye','Abstain','Aye');
98 $vstmt = $db->getStatement("list votes");
99 $vstmt->execute(array($row['id']));
100 echo "<i>Votes:</i><br/>";
101 while ($vrow = $vstmt->fetch()) {
102 echo "<i>".$vrow['name'].": ".$state[$vrow['vote']+1]."</i><br/>";
103 }
104 } else {
105 echo '<i><a href="motions.php?motion='.$row['tag'].'&showvotes=1">Show Votes</a></i><br/>';
106 }
107 ?>
108 </td>
109 <td class="actions">
110 <?php
111 if ($row['status'] == 0 && $user ) {
112 ?>
113 <ul>
114 <li><a href="vote.php?motion=<?php echo($row['id']); ?>&amp;vote=1">Aye</a></li>
115 <li><a href="vote.php?motion=<?php echo($row['id']); ?>&amp;vote=0">Abstain</a></li>
116 <li><a href="vote.php?motion=<?php echo($row['id']); ?>&amp;vote=-1">Naye</a></li>
117 <li><a href="proxy.php?motion=<?php echo($row['id']); ?>">Proxy Vote</a></li>
118 <li><a href="motions.php?motion=<?php echo($row['tag']); ?>&amp;withdrawl=1">Withdraw</a></li>
119 </ul>
120 <?php
121 } else {
122 ?>
123 &nbsp;
124 <?php
125 }
126 ?>
127 </td>
128 </tr><?php
129 }
130 ?>
131 <tr>
132 <td colspan="2" class="navigation">
133 <?php if ($page>1) { ?><a href="?page=<?php echo($page-1); ?>">&lt;</a><?php } else { ?>&nbsp;<?php } ?>
134 &nbsp;
135 <?php if ($items>9) { ?><a href="?page=<?php echo($page+1); ?>">&gt;</a><?php } else { ?>&nbsp;<?php } ?>
136 </td>
137 <td class="actions">
138 <?php if ($user) echo('<ul><li><a href="motion.php">New Motion</a></li></ul>'); ?>
139 </td>
140 </tr>
141 <?php
142 if ($_REQUEST['withdrawl']) {
143 ?>
144 <tr>
145 <td colspan="3">
146 <?php
147 if ($_REQUEST['confirm'] && $_REQUEST['id']) {
148 ?>
149 <a href="motions.php">Motion Withdrawn</a>
150 <?php
151 } else {
152 ?>
153 <form action="?withdrawl=1&amp;confirm=1&amp;id=<?php echo $id;?>" method="post">
154 <input type="submit" value="Withdraw">
155 </form>
156 <?php
157 }
158 ?>
159 </td>
160 </tr>
161 <?php
162 }
163 ?>
164 </table>
165 </body>
166 </html>