Remove ability to modify motions.
[cacert-boardvoting.git] / motion.php
index 2dec354..536de03 100644 (file)
        <body>
                <?php
                if ($_REQUEST['action'] == "store") {
-                       if (is_numeric($_REQUEST['motion'])) {
-                               $stmt = $db->getStatement("update decision");
-                               $stmt->bindParam(":id",$_POST['motion']);
-                               $stmt->bindParam(":proponent",$user['id']);
-                               $stmt->bindParam(":title",$_POST['title']);
-                               $stmt->bindParam(":content",$_POST['content']);
-                               $stmt->bindParam(":due",$_POST['due']);
-                               $stmt->bindParam(":votetype",$_POST['votetype']);
-                               if ($stmt->execute()) {
-                                       ?>
-                                       <b>The motion has been proposed!</b><br/>
-                                       <a href="motions.php">Back to motions</a><br/>
-                                       <br/>
-                                       <br/>
-                                       <?php
-                                       $decision = $db->getStatement("get decision")->execute(array($_POST['motion']))?$db->getStatement("get decision")->fetch():array();
-                                       $name = $user['name'];
-                                       $tag = $decision['tag'];
-                                       $title = $decision['title'];
-                                       $content =$decision['content'];
-                                       $due = $decision['due']." UTC";
-                                       $votetype = !$decision['votetype'] ? 'motion' : 'veto';
-                                       $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
-                                       $voteurl = $baseurl."vote.php?motion=".$decision['id'];
-                                       $unvoted = $baseurl."motions.php?unvoted=1";
-                                       $body = <<<BODY
-Dear Board,
-
-$name has modified motion $tag to the following:
-
-$title
-$content
-
-Vote type: $votetype
-
-To vote please choose:
-
-Aye: $voteurl&vote=1
-Naye: $voteurl&vote=-1
-Abstain: $voteurl&vote=0
-
-Please be aware, that if you have voted already your vote is still registered and valid.
-If this modification has an impact on how you wish to vote, you are responsible for voting
-again.
-
-To see all your outstanding votes : $unvoted
-
-Kind regards,
-the voting system
-BODY;
-                                       $db->notify("Re: $tag - $title - modified",$body,$tag);
-                               } else {
-                                       ?>
-                                       <b>The motion has NOT been proposed!</b><br/>
-                                       <a href="motions.php">Back to motions</a><br/>
-                                       <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
-                                       <br/>
-                                       <br/>
-                                       <?php
-                               }
-                       } else {
-                               $stmt = $db->getStatement("create decision");
-                               $stmt->bindParam(":proponent",$user['id']);
-                               $stmt->bindParam(":title",$_POST['title']);
-                               $stmt->bindParam(":content",$_POST['content']);
-                               $stmt->bindParam(":votetype",$_POST['votetype']);
-                               $stmt->bindParam(":due",$_POST['due']);
-                               if ($stmt->execute()) {
-                                       ?>
-                                       <b>The motion has been proposed!</b><br/>
-                                       <a href="motions.php">Back to motions</a><br/>
-                                       <br/>
-                                       <br/>
-                                       <?php
-                                       $decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
-                                       $name = $user['name'];
-                                       $tag = $decision['tag'];
-                                       $title = $decision['title'];
-                                       $content =$decision['content'];
-                                       $due = $decision['due']." UTC";
-                                       $votetype = !$decision['votetype'] ? 'motion' : 'veto';
-                                       $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
-                                       $voteurl = $baseurl."vote.php?motion=".$decision['id'];
-                                       $unvoted = $baseurl."motions.php?unvoted=1";
-                                       $body = <<<BODY
+                       $stmt = $db->getStatement("create decision");
+                       $stmt->bindParam(":proponent",$user['id']);
+                       $stmt->bindParam(":title",$_POST['title']);
+                       $stmt->bindParam(":content",$_POST['content']);
+                       $stmt->bindParam(":votetype",$_POST['votetype']);
+                       $stmt->bindParam(":due",$_POST['due']);
+                       if ($stmt->execute()) {
+                               ?>
+                               <b>The motion has been proposed!</b><br/>
+                               <a href="motions.php">Back to motions</a><br/>
+                               <br/>
+                               <br/>
+                               <?php
+                               $decision = $db->getStatement("get new decision")->execute()?$db->getStatement("get new decision")->fetch():array();
+                               $name = $user['name'];
+                               $tag = $decision['tag'];
+                               $title = $decision['title'];
+                               $content =$decision['content'];
+                               $due = $decision['due']." UTC";
+                               $votetype = !$decision['votetype'] ? 'motion' : 'veto';
+                               $baseurl = "https://".$_SERVER['HTTP_HOST'].":".$_SERVER['SERVER_PORT'].preg_replace('/motion\.php/','',$_SERVER['REQUEST_URI']);
+                               $voteurl = $baseurl."vote.php?motion=".$decision['id'];
+                               $unvoted = $baseurl."motions.php?unvoted=1";
+                               $body = <<<BODY
 Dear Board,
 
 $name has made the following motion:
@@ -130,19 +69,18 @@ To see all your outstanding votes : $unvoted
 Kind regards,
 the voting system
 BODY;
-                                       $db->notify("$tag - $title",$body,$tag,TRUE);
-                               } else {
-                                       ?>
-                                       <b>The motion has NOT been proposed!</b><br/>
-                                       <a href="motions.php">Back to motions</a><br/>
-                                       <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
-                                       <br/>
-                                       <br/>
-                                       <?php
-                               }
+                               $db->notify("$tag - $title",$body,$tag,TRUE);
+                       } else {
+                               ?>
+                               <b>The motion has NOT been proposed!</b><br/>
+                               <a href="motions.php">Back to motions</a><br/>
+                               <i><?php echo join("<br/>\n",$stmt->errorInfo()); ?></i><br/>
+                               <br/>
+                               <br/>
+                               <?php
                        }
-                       
                }
+                       
                if (is_numeric($_REQUEST['motion'])) {
                        $stmt = $db->getStatement("get decision");
                        if ($stmt->execute(array($_REQUEST['motion']))) {