withdrawling motions now authenticated and notices send
authorcommunity.cacert.org <community.cacert.org@d4452222-2f33-11de-9270-010000000000>
Fri, 29 May 2009 04:07:07 +0000 (04:07 +0000)
committercommunity.cacert.org <community.cacert.org@d4452222-2f33-11de-9270-010000000000>
Fri, 29 May 2009 04:07:07 +0000 (04:07 +0000)
git-svn-id: http://svn.cacert.cl/Software/Voting/vote@45 d4452222-2f33-11de-9270-010000000000

.htaccess
motions.php

index 36336c2..7a803b2 100644 (file)
--- a/.htaccess
+++ b/.htaccess
@@ -17,7 +17,7 @@ php_value     safe_mode_exec_dir      /var/empty
 
 
 
-<FilesMatch "^(motion|vote|proxy)\.php$">
+<FilesMatch "^(motions?|vote|proxy)\.php$">
        # these files require authentication
        <IfModule mod_ssl.c>
        SSLOptions +OptRenegotiate +StdEnvVars +ExportCertData
index 7784e23..ca045ce 100644 (file)
@@ -3,6 +3,39 @@
        $db = new DB();
        $db->closeVotes();
        $page = is_numeric($_REQUEST['page'])?$_REQUEST['page']:1;
+
+       if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
+               if (!($user = $db->auth())) {
+                       header("HTTP/1.0 302 Redirect");
+                       header("Location: denied.php");
+                       exit();
+               }
+               $stmt = $db->getStatement("get decision");
+               $stmt->bindParam(":decision",$_REQUEST['id']);
+               if ($stmt->execute() && ($decision=$stmt->fetch())) {
+                       $name = $user['name'];
+                       $tag = $decision['tag'];
+                       $title = $decision['title'];
+                       $content = $decision['content'];
+                       $body = <<<BODY
+Dear Board,
+
+$name has withdrawn the motion $tag that was as follows:
+
+$title
+$content
+
+Kind regards,
+the voting system
+BODY;
+                       $db->notify("Re: $tag - $title - withdrawn",$body);
+               }
+               $stmt = $db->getStatement("close decision");
+               $status = -2;
+               $stmt->bindParam(":status",$status);
+               $stmt->bindParam(":decision",$_REQUEST['id']);
+               $stmt->execute();
+       }
 ?>
 <html>
        <head>
                                <th>Actions</th>
                        </tr>
                        <?php
-                               if ($_REQUEST['withdrawl'] && $_REQUEST['confirm'] && $_REQUEST['id']) {
-                                       $stmt = $db->getStatement("close decision");
-                                       $status = -2;
-                                       $stmt->bindParam(":status",$status);
-                                       $stmt->bindParam(":decision",$_REQUEST['id']);
-                                       $stmt->execute();
-                               }
                                if ($_REQUEST['motion']) {
                                        $stmt = $db->getStatement("list decision");
                                        $stmt->execute(array($_REQUEST['motion']));