6d4731ff336e8f4dd3e924984fc7681980183f34
[cacert-boardvoting.git] / proxy.php
1 <?php
2 if ($_SERVER['HTTPS'] != 'on') {
3 header("HTTP/1.0 302 Redirect");
4 header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
5 exit();
6 }
7 $user = $_SERVER['REMOTE_USER'];
8 require_once("database.php");
9 $db = new DB();
10 $stmt = $db->getStatement("get voter");
11 $stmt->execute(array($user));
12 if (!($user = $stmt->fetch())) {
13 header("HTTP/1.0 302 Redirect");
14 header("Location: denied.php");
15 exit();
16 }
17 ?>
18 <html>
19 <head>
20 <title>CAcert Board Decisions</title>
21 <meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
22 <link rel="stylesheet" type="text/css" href="styles.css" />
23 </head>
24 <body>
25 <?php
26 if (!is_numeric($_REQUEST['motion'])) {
27 ?>
28 <b>This is not a valid motion!</b><br/>
29 <a href="motions.php">Back to motions</a><br/>
30 <?php
31 } else {
32 $stmt = $db->getStatement("get decision");
33 $stmt->bindParam(":decision",$_REQUEST['motion']);
34 if ($stmt->execute() && ($decision=$stmt->fetch()) && ($decision['status'] == 0)) {
35 if (is_numeric($_POST['voter']) && is_numeric($_POST['vote']) && is_numeric($_REQUEST['motion']) && ($_POST['justification'] != "")) {
36 $stmt = $db->getStatement("del vote");
37 $stmt->bindParam(":voter",$_REQUEST['voter']);
38 $stmt->bindParam(":decision",$_REQUEST['motion']);
39 if ($stmt->execute()) {
40 $stmt = $db->getStatement("do vote");
41 $stmt->bindParam(":voter",$_REQUEST['voter']);
42 $stmt->bindParam(":decision",$_REQUEST['motion']);
43 $stmt->bindParam(":vote",$_REQUEST['vote']);
44 $notes = "Proxy-Vote by ".$user['name']."\n\n".$_REQUEST['justification']."\n\n".$_SERVER['SSL_CLIENT_CERT'];
45 $stmt->bindParam(":notes",$notes);
46 if ($stmt->execute()) {
47 ?>
48 <b>The vote has been registered.</b><br/>
49 <a href="motions.php">Back to motions</a>
50 <?php
51 $stmt = $db->getStatement("get voter by id");
52 $stmt->bindParam(":id",$_REQUEST['voter']);
53 if ($stmt->execute() && ($voter=$stmt->fetch())) {
54 $voter = $voter['name'];
55 } else {
56 $voter = "Voter: ".$_REQUEST['voter'];
57 }
58 $name = $user['name'];
59 $justification = $_REQUEST['justification'];
60 $vote = '';
61 switch($_REQUEST['vote']) {
62 case 1 : $vote='Aye'; break;
63 case -1: $vote='Naye'; break;
64 default: $vote='Abstain'; break;
65 }
66 $tag = $decision['tag'];
67 $title = $decision['title'];
68 $content = $decision['content'];
69 $due = $decision['due']." UTC";
70 $body = <<<BODY
71 Dear Board,
72
73 $name has just registered a proxy vote of $vote for $voter on motion $tag.
74
75 The justification for this was:
76 $justification
77
78 Motion:
79 $title
80 $content
81
82 Kind regards,
83 the vote system
84
85 BODY;
86 mail($board,"Re: $tag - $title",$body,"From: Voting System <returns@caert.org>");
87 } else {
88 ?>
89 <b>The vote has NOT been registered.</b><br/>
90 <a href="motions.php">Back to motions</a>
91 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
92 <?php
93 }
94 } else {
95 ?>
96 <b>The vote has NOT been registered.</b><br/>
97 <a href="motions.php">Back to motions</a>
98 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
99 <?php
100 }
101 } else {
102 $stmt = $db->getStatement("get voters");
103 if ($stmt->execute() && ($voters = $stmt->fetchAll())) {
104 ?>
105 <form method="POST" action="?motion=<?php echo($_REQUEST['motion']); ?>">
106 <table>
107 <tr>
108 <th>Voter</th><th>Vote</th>
109 </tr>
110 <tr>
111 <td><select name="voter"><?php
112 foreach ($voters as $voter) {
113 ?>
114 <option value="<?php echo($voter['id']); ?>"<?php if ($voter['id'] == $_POST['voter']) { echo(" selected=\"selected\""); } ?>><?php echo($voter['name']); ?></option>
115 <?php
116 }
117 ?></select></td>
118 <td><select name="vote">
119 <option value="1"<?php if (1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Aye</option>
120 <option value="0"<?php if (0 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Abstain</option>
121 <option value="-1"<?php if (-1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Naye</option>
122 </select></td>
123 </tr>
124 <tr>
125 <th colspan="2">Justification:</th>
126 </tr>
127 <tr>
128 <td colspan="2"><textarea name="justification"><?php echo($_POST['justification']); ?></textarea></td>
129 </tr>
130 <tr>
131 <td colspan="2"><input type="submit" value="Proxy Vote" /></td>
132 </tr>
133 </table>
134 </form>
135 <?php
136 } else {
137 ?>
138 <b>Could not retrieve voters!</b><br/>
139 <a href="motions.php">Back to motions</a><br/>
140 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
141 <?php
142 }
143 }
144 ?>
145
146 <?php
147 } else {
148 ?>
149 <b>This is not a valid motion!</b><br/>
150 <a href="motions.php">Back to motions</a><br/>
151 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
152 <?php
153 }
154 }
155 ?>
156 </body>
157 </html>