Add code from real production environment
[cacert-boardvoting.git] / motions.php
index b508385..548731f 100644 (file)
@@ -5,21 +5,19 @@
        $user = $db->auth();
 
        if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
-               $stmt = $db->getStatement("get decision");
-               $stmt->bindParam(":decision",$_REQUEST['id']);
-               $stmt->execute();
-               $decision=$stmt->fetch();
-                       
-               if (!$decision || !$user || $user['id'] != $decision['proponent']) {
+               if (!$user) {
                        header("HTTP/1.0 302 Redirect");
                        header("Location: denied.php");
                        exit();
                }
-               $name = $user['name'];
-               $tag = $decision['tag'];
-               $title = $decision['title'];
-               $content = $decision['content'];
-               $body = <<<BODY
+               $stmt = $db->getStatement("get decision");
+               $stmt->bindParam(":decision",$_REQUEST['id']);
+               if ($stmt->execute() && ($decision=$stmt->fetch())) {
+                       $name = $user['name'];
+                       $tag = $decision['tag'];
+                       $title = $decision['title'];
+                       $content = $decision['content'];
+                       $body = <<<BODY
 Dear Board,
 
 $name has withdrawn the motion $tag that was as follows:
@@ -30,8 +28,8 @@ $content
 Kind regards,
 the voting system
 BODY;
-               $db->notify("Re: $tag - $title - withdrawn",$body,$tag);
-
+                       $db->notify("Re: $tag - $title - withdrawn",$body,$tag);
+               }
                $stmt = $db->getStatement("close decision");
                $status = -2;
                $stmt->bindParam(":status",$status);
@@ -117,13 +115,8 @@ BODY;
                                                                        <li><a href="vote.php?motion=<?php echo($row['id']); ?>&amp;vote=0">Abstain</a></li>
                                                                        <li><a href="vote.php?motion=<?php echo($row['id']); ?>&amp;vote=-1">Naye</a></li>
                                                                        <li><a href="proxy.php?motion=<?php echo($row['id']); ?>">Proxy Vote</a></li>
-                                                               <?php
-                                                               if ($user && $user['id'] == $row['proponent']) {
-                                                               ?>
-                                                                       <li><a href="motions.php?motion=<?php echo($row['tag']); ?>&amp;withdrawl=1">Withdraw</a></li>
-                                                               <?php
-                                                               }
-                                                               ?>
+                                                                       <li><a href="motion.php?motion=<?php echo($row['id']); ?>">Modify</a></li>
+                                                                       <li><a href="motions.php?motion=<?php echo($row['tag']); ?>&amp;withdrawl=1">Withdrawl</a></li>
                                                                </ul>
                                                                <?php
                                                        } else {