withdrawling motions now authenticated and notices send
[cacert-boardvoting.git] / motions.php
index 7784e23..ca045ce 100644 (file)
@@ -3,6 +3,39 @@
        $db = new DB();
        $db->closeVotes();
        $page = is_numeric($_REQUEST['page'])?$_REQUEST['page']:1;
+
+       if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
+               if (!($user = $db->auth())) {
+                       header("HTTP/1.0 302 Redirect");
+                       header("Location: denied.php");
+                       exit();
+               }
+               $stmt = $db->getStatement("get decision");
+               $stmt->bindParam(":decision",$_REQUEST['id']);
+               if ($stmt->execute() && ($decision=$stmt->fetch())) {
+                       $name = $user['name'];
+                       $tag = $decision['tag'];
+                       $title = $decision['title'];
+                       $content = $decision['content'];
+                       $body = <<<BODY
+Dear Board,
+
+$name has withdrawn the motion $tag that was as follows:
+
+$title
+$content
+
+Kind regards,
+the voting system
+BODY;
+                       $db->notify("Re: $tag - $title - withdrawn",$body);
+               }
+               $stmt = $db->getStatement("close decision");
+               $status = -2;
+               $stmt->bindParam(":status",$status);
+               $stmt->bindParam(":decision",$_REQUEST['id']);
+               $stmt->execute();
+       }
 ?>
 <html>
        <head>
                                <th>Actions</th>
                        </tr>
                        <?php
-                               if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
-                                       $stmt = $db->getStatement("close decision");
-                                       $status = -2;
-                                       $stmt->bindParam(":status",$status);
-                                       $stmt->bindParam(":decision",$_REQUEST['id']);
-                                       $stmt->execute();
-                               }
                                if ($_REQUEST['motion']) {
                                        $stmt = $db->getStatement("list decision");
                                        $stmt->execute(array($_REQUEST['motion']));