summaryrefslogtreecommitdiffstats
path: root/web/html/addvote.php
blob: a5ec4a1fd2107f8c3f583f66d8c8f1db443f0ae3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php

set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');

include_once("aur.inc.php");
set_lang();
check_sid();
html_header();

if (isset($_COOKIE["AURSID"])) {
  $atype = account_from_sid($_COOKIE["AURSID"]);
} else {
  $atype = "";
}

if ($atype == "Trusted User" OR $atype == "Developer") {
	$dbh = db_connect();

	if (!empty($_POST['addVote']) && !check_token()) {
		$error = __("Invalid token for user action.");
	}

	if (!empty($_POST['addVote']) && check_token()) {
		$error = "";

		if (!empty($_POST['user'])) {
			$qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'";
			$result = db_query($qcheck, $dbh);
			if ($result) {
				$check = mysql_num_rows($result);
			}
			else {
				$check = 0;
			}

			if ($check == 0) {
				$error.= __("Username does not exist.");
			} else {
				$qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'";
				$qcheck.= " AND End > UNIX_TIMESTAMP()";
				$result = db_query($qcheck, $dbh);
				if ($result) {
					$check = mysql_num_rows($result);
				}
				else {
					$check = 0;
				}

				if ($check != 0) {
					$error.= __("%s already has proposal running for them.", htmlentities($_POST['user']));
				}
			}
		}

		if (!empty($_POST['length'])) {
			if (!is_numeric($_POST['length'])) {
				$error.=  __("Length must be a number.") ;
			} else if ($_POST['length'] < 1) {
				$error.= __("Length must be at least 1.");
			} else {
				$len = (60*60*24)*$_POST['length'];
			}
		} else {
			$len = 60*60*24*7;
		}

		if (empty($_POST['agenda'])) {
			$error.= __("Proposal cannot be empty.");
		}
	}

	if (!empty($_POST['addVote']) && empty($error)) {
		$q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES ";
		$q.= "('" . db_escape_string($_POST['agenda']) . "', ";
		$q.= "'" . db_escape_string($_POST['user']) . "', ";
		$q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len);
		$q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")";

		db_query($q, $dbh);
		print "<p class=\"pkgoutput\">" . __("New proposal submitted.") . "</p>\n";
	} else {
?>

<?php if (!empty($error)): ?>
	<p style="color: red;" class="pkgoutput"><?php print $error ?></p>
<?php endif; ?>

<div class="pgbox">
<div class="pgboxtitle"><?php print __("Submit a proposal to vote on.") ?></div>
<div class="pgboxbody">
<form action='addvote.php' method='post'>
<p>
<b><?php print __('Applicant/TU') ?></b>
<input type='text' name='user' value='<?php if (!empty($_POST['user'])) { print htmlentities($_POST['user'], ENT_QUOTES); } ?>' />
<?php print __("(empty if not applicable)") ?>
</p>
<p>
<b><?php print __('Length in days') ?></b>
<input type='text' name='length' value='<?php if (!empty($_POST['length'])) { print htmlentities($_POST['length'], ENT_QUOTES); } ?>' />
<?php print __("(defaults to 7 if empty)") ?>
</p>
<p>
<b><?php print __('Proposal') ?></b><br />
<textarea name='agenda' rows='25' cols='80'><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br />
<input type='hidden' name='addVote' value='1' />
<input type='hidden' name='token' value='<?php print htmlspecialchars($_COOKIE['AURSID']) ?>' />
<input type='submit' class='button' value='<?php print __('Submit'); ?>' />
</p>
</form>
</div>
</div>
<?php
	}
} else {
	print __("You are not allowed to access this area.");
}

html_footer(AUR_VERSION);