Username does not exist.";
} else {
$qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . mysql_real_escape_string($_POST['user']) . "'";
$qcheck.= " AND End > UNIX_TIMESTAMP()";
$check = mysql_num_rows(db_query($qcheck, $dbh));
if ($check != 0) {
$error.= "" . htmlentities($_POST['user']) . " already has proposal running for them.
";
}
}
}
if (!empty($_POST['length'])) {
if (!is_numeric($_POST['length'])) {
$error.= "Length must be a number.
";
} else if ($_POST['length'] < 1) {
$error.= "Length must be at least 1.
";
} else {
$len = (60*60*24)*$_POST['length'];
}
} else {
$len = 60*60*24*7;
}
if (empty($_POST['agenda'])) {
$error.= "Proposal cannot be empty.
";
}
}
if (!empty($_POST['addVote']) && empty($error)) {
$q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
$q.= "('" . mysql_real_escape_string($_POST['agenda']) . "', ";
$q.= "'" . mysql_real_escape_string($_POST['user']) . "', ";
$q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . mysql_real_escape_string($len);
$q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";
db_query($q, $dbh);
print "New proposal submitted.
\n";
} else {
?>
Submit a proposal to vote on.
"; } ?>
Back";
} else {
print "You are not allowed to access this area.\n";
}
html_footer(AUR_VERSION);
# vim: ts=2 sw=2 noet ft=php
?>