Add code from real production environment
[cacert-boardvoting.git] / proxy.php
1 <?php
2 if ($_SERVER['HTTPS'] != 'on') {
3 header("HTTP/1.0 302 Redirect");
4 header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
5 exit();
6 }
7 require_once("database.php");
8 $db = new DB();
9 if (!($user = $db->auth())) {
10 header("HTTP/1.0 302 Redirect");
11 header("Location: denied.php");
12 exit();
13 }
14 ?>
15 <html>
16 <head>
17 <title>CAcert Board Decisions</title>
18 <meta http-equiv="Content-Type" content="text/html; charset='UTF-8'" />
19 <link rel="stylesheet" type="text/css" href="styles.css" />
20 </head>
21 <body>
22 <?php
23 if (!is_numeric($_REQUEST['motion'])) {
24 ?>
25 <b>This is not a valid motion!</b><br/>
26 <a href="motions.php">Back to motions</a><br/>
27 <?php
28 } else {
29 $stmt = $db->getStatement("get decision");
30 $stmt->bindParam(":decision",$_REQUEST['motion']);
31 if ($stmt->execute() && ($decision=$stmt->fetch()) && ($decision['status'] == 0)) {
32 if (is_numeric($_POST['voter']) && is_numeric($_POST['vote']) && is_numeric($_REQUEST['motion']) && ($_POST['justification'] != "")) {
33 $stmt = $db->getStatement("del vote");
34 $stmt->bindParam(":voter",$_REQUEST['voter']);
35 $stmt->bindParam(":decision",$_REQUEST['motion']);
36 if ($stmt->execute()) {
37 $stmt = $db->getStatement("do vote");
38 $stmt->bindParam(":voter",$_REQUEST['voter']);
39 $stmt->bindParam(":decision",$_REQUEST['motion']);
40 $stmt->bindParam(":vote",$_REQUEST['vote']);
41 $notes = "Proxy-Vote by ".$user['name']."\n\n".$_REQUEST['justification']."\n\n".$_SERVER['SSL_CLIENT_CERT'];
42 $stmt->bindParam(":notes",$notes);
43 if ($stmt->execute()) {
44 ?>
45 <b>The vote has been registered.</b><br/>
46 <a href="motions.php">Back to motions</a>
47 <?php
48 $stmt = $db->getStatement("get voter by id");
49 $stmt->bindParam(":id",$_REQUEST['voter']);
50 if ($stmt->execute() && ($voter=$stmt->fetch())) {
51 $voter = $voter['name'];
52 } else {
53 $voter = "Voter: ".$_REQUEST['voter'];
54 }
55 $name = $user['name'];
56 $justification = $_REQUEST['justification'];
57 $vote = '';
58 switch($_REQUEST['vote']) {
59 case 1 : $vote='Aye'; break;
60 case -1: $vote='Naye'; break;
61 default: $vote='Abstain'; break;
62 }
63 $tag = $decision['tag'];
64 $title = $decision['title'];
65 $content = $decision['content'];
66 $due = $decision['due']." UTC";
67 $body = <<<BODY
68 Dear Board,
69
70 $name has just registered a proxy vote of $vote for $voter on motion $tag.
71
72 The justification for this was:
73 $justification
74
75 Motion:
76 $title
77 $content
78
79 Kind regards,
80 the vote system
81
82 BODY;
83 $db->vote_notify("Re: $tag - $title",$body,$tag);
84 } else {
85 ?>
86 <b>The vote has NOT been registered.</b><br/>
87 <a href="motions.php">Back to motions</a>
88 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
89 <?php
90 }
91 } else {
92 ?>
93 <b>The vote has NOT been registered.</b><br/>
94 <a href="motions.php">Back to motions</a>
95 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
96 <?php
97 }
98 } else {
99 $stmt = $db->getStatement("get voters");
100 if ($stmt->execute() && ($voters = $stmt->fetchAll())) {
101 ?>
102 <form method="POST" action="?motion=<?php echo($_REQUEST['motion']); ?>">
103 <table>
104 <tr>
105 <th>Voter</th><th>Vote</th>
106 </tr>
107 <tr>
108 <td><select name="voter"><?php
109 foreach ($voters as $voter) {
110 ?>
111 <option value="<?php echo($voter['id']); ?>"<?php if ($voter['id'] == $_POST['voter']) { echo(" selected=\"selected\""); } ?>><?php echo($voter['name']); ?></option>
112 <?php
113 }
114 ?></select></td>
115 <td><select name="vote">
116 <option value="1"<?php if (1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Aye</option>
117 <option value="0"<?php if (0 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Abstain</option>
118 <option value="-1"<?php if (-1 == $_POST['voter']) { echo(" selected=\"selected\""); } ?>>Naye</option>
119 </select></td>
120 </tr>
121 <tr>
122 <th colspan="2">Justification:</th>
123 </tr>
124 <tr>
125 <td colspan="2"><textarea name="justification"><?php echo($_POST['justification']); ?></textarea></td>
126 </tr>
127 <tr>
128 <td colspan="2"><input type="submit" value="Proxy Vote" /></td>
129 </tr>
130 </table>
131 </form>
132 <?php
133 } else {
134 ?>
135 <b>Could not retrieve voters!</b><br/>
136 <a href="motions.php">Back to motions</a><br/>
137 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
138 <?php
139 }
140 }
141 ?>
142
143 <?php
144 } else {
145 ?>
146 <b>This is not a valid motion!</b><br/>
147 <a href="motions.php">Back to motions</a><br/>
148 <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i>
149 <?php
150 }
151 }
152 ?>
153 </body>
154 </html>