diff options
Diffstat (limited to 'web/html/addvote.php')
| -rw-r--r-- | web/html/addvote.php | 83 |
1 files changed, 31 insertions, 52 deletions
diff --git a/web/html/addvote.php b/web/html/addvote.php index a5ec4a1f..d3bd7d4b 100644 --- a/web/html/addvote.php +++ b/web/html/addvote.php @@ -5,16 +5,19 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib'); include_once("aur.inc.php"); set_lang(); check_sid(); -html_header(); + +$title = __("Add Proposal"); + +html_header($title); if (isset($_COOKIE["AURSID"])) { $atype = account_from_sid($_COOKIE["AURSID"]); + $uid = uid_from_sid($_COOKIE["AURSID"]); } else { $atype = ""; } -if ($atype == "Trusted User" OR $atype == "Developer") { - $dbh = db_connect(); +if ($atype == "Trusted User" || $atype == "Developer") { if (!empty($_POST['addVote']) && !check_token()) { $error = __("Invalid token for user action."); @@ -24,29 +27,11 @@ if ($atype == "Trusted User" OR $atype == "Developer") { $error = ""; if (!empty($_POST['user'])) { - $qcheck = "SELECT * FROM Users WHERE Username = '" . db_escape_string($_POST['user']) . "'"; - $result = db_query($qcheck, $dbh); - if ($result) { - $check = mysql_num_rows($result); - } - else { - $check = 0; - } - - if ($check == 0) { + if (!valid_user($_POST['user'])) { $error.= __("Username does not exist."); } else { - $qcheck = "SELECT * FROM TU_VoteInfo WHERE User = '" . db_escape_string($_POST['user']) . "'"; - $qcheck.= " AND End > UNIX_TIMESTAMP()"; - $result = db_query($qcheck, $dbh); - if ($result) { - $check = mysql_num_rows($result); - } - else { - $check = 0; - } - if ($check != 0) { + if (open_user_proposals($_POST['user'])) { $error.= __("%s already has proposal running for them.", htmlentities($_POST['user'])); } } @@ -70,13 +55,8 @@ if ($atype == "Trusted User" OR $atype == "Developer") { } if (!empty($_POST['addVote']) && empty($error)) { - $q = "INSERT INTO TU_VoteInfo (Agenda, User, Submitted, End, SubmitterID) VALUES "; - $q.= "('" . db_escape_string($_POST['agenda']) . "', "; - $q.= "'" . db_escape_string($_POST['user']) . "', "; - $q.= "UNIX_TIMESTAMP(), UNIX_TIMESTAMP() + " . db_escape_string($len); - $q.= ", " . uid_from_sid($_COOKIE["AURSID"]) . ")"; + add_tu_proposal($_POST['agenda'], $_POST['user'], $len, $uid); - db_query($q, $dbh); print "<p class=\"pkgoutput\">" . __("New proposal submitted.") . "</p>\n"; } else { ?> @@ -85,29 +65,28 @@ if ($atype == "Trusted User" OR $atype == "Developer") { <p style="color: red;" class="pkgoutput"><?php print $error ?></p> <?php endif; ?> -<div class="pgbox"> -<div class="pgboxtitle"><?php print __("Submit a proposal to vote on.") ?></div> -<div class="pgboxbody"> -<form action='addvote.php' method='post'> -<p> -<b><?php print __('Applicant/TU') ?></b> -<input type='text' name='user' value='<?php if (!empty($_POST['user'])) { print htmlentities($_POST['user'], ENT_QUOTES); } ?>' /> -<?php print __("(empty if not applicable)") ?> -</p> -<p> -<b><?php print __('Length in days') ?></b> -<input type='text' name='length' value='<?php if (!empty($_POST['length'])) { print htmlentities($_POST['length'], ENT_QUOTES); } ?>' /> -<?php print __("(defaults to 7 if empty)") ?> -</p> -<p> -<b><?php print __('Proposal') ?></b><br /> -<textarea name='agenda' rows='25' cols='80'><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br /> -<input type='hidden' name='addVote' value='1' /> -<input type='hidden' name='token' value='<?php print htmlspecialchars($_COOKIE['AURSID']) ?>' /> -<input type='submit' class='button' value='<?php print __('Submit'); ?>' /> -</p> -</form> -</div> +<div class="box"> + <h2><?php print __("Submit a proposal to vote on.") ?></h2> + + <form action="addvote.php" method="post"> + <p> + <b><?php print __("Applicant/TU") ?></b> + <input type="text" name="user" value="<?php if (!empty($_POST['user'])) { print htmlentities($_POST['user'], ENT_QUOTES); } ?>" /> + <?php print __("(empty if not applicable)") ?> + </p> + <p> + <b><?php print __("Length in days") ?></b> + <input type="text" name="length" value="<?php if (!empty($_POST['length'])) { print htmlentities($_POST['length'], ENT_QUOTES); } ?>" /> + <?php print __("(defaults to 7 if empty)") ?> + </p> + <p> + <b><?php print __("Proposal") ?></b><br /> + <textarea name="agenda" rows="15" cols="80"><?php if (!empty($_POST['agenda'])) { print htmlentities($_POST['agenda']); } ?></textarea><br /> + <input type="hidden" name="addVote" value="1" /> + <input type="hidden" name="token" value="<?php print htmlspecialchars($_COOKIE['AURSID']) ?>" /> + <input type="submit" class="button" value="<?php print __("Submit"); ?>" /> + </p> + </form> </div> <?php } |