* encryption settings
*
* @author Magnus Rosenbaum <*****@*****.**>
* @package Basisentscheid
*/
require "inc/common_http.php";
Login::access("member");
if (!GNUPG_SIGN_KEY) error(_("Signing and encryption of emails is not enabled."));
if ($action) {
switch ($action) {
case "save":
action_required_parameters('fingerprint', 'key');
// save fingerprint
$fingerprint = trim($_POST['fingerprint']);
if ( $fingerprint != Login::$member->fingerprint ) {
Login::$member->set_fingerprint($fingerprint);
if ( Login::$member->update(['fingerprint']) ) {
success(_("The PGP public key fingerprint has been saved."));
}
}
// import PGP public key
if ($_POST['key']) {
$gnupg = new_gnupg();
$import = $gnupg->import($_POST['key']);
if (DEBUG) {
warning(_("Ballot assignment has already begun, so ballot applications are not allowed anymore."));
redirect("ballots.php?period=".$period->id);
}
$ballot = new Ballot;
$ballot->period = $period->id;
}
$_SESSION['ngroup'] = $period->ngroup;
if ($action) {
switch ($action) {
case "save":
Login::access_action("member");
action_required_parameters('name', 'agents', 'opening_hour', 'opening_minute', 'ngroup');
if ($period->state=="ballot_preparation") {
warning(_("Ballot preparation has already begun, so ballots can not be changed anymore."));
redirect("ballots.php?period=".$period->id);
}
$ballot->name = trim($_POST['name']);
$ballot->agents = trim($_POST['agents']);
$ballot->opening = sprintf("%02d:%02d:00", $_POST['opening_hour'], $_POST['opening_minute']);
$ballot->ngroup = intval($_POST['ngroup']);
if (!$ballot->name) {
warning(_("The ballot name must not be empty."));
break;
}
if (!$ballot->agents) {
warning(_("The ballot agents must not be empty."));
break;
/**
* confirm mail address
*
* @author Magnus Rosenbaum <*****@*****.**>
* @package Basisentscheid
*/
require "inc/common_http.php";
if (Login::$member) {
if ($action) {
if ($action!="confirm") error(_("Unknown action"));
action_required_parameters('code');
action_confirm_mail($_POST['code']);
}
// link in confirmation request mail clicked
if (isset($_GET['code'])) {
action_confirm_mail($_GET['code']);
}
}
html_head(_("Email address confirmation"));
if (Login::$member) {
<?
/**
*
* @author Magnus Rosenbaum <*****@*****.**>
* @package Basisentscheid
*/
require "inc/common_http.php";
$ngroup = Ngroup::get();
if ($action) {
Login::access_action("member");
action_required_parameters('area');
$area = new Area($_POST['area']);
if (!$area->id) {
warning("The requested area does not exist!");
redirect();
}
switch ($action) {
case "subscribe":
$area->activate_participation();
redirect();
break;
case "unsubscribe":
$area->deactivate_participation();
redirect();
break;
}
warning(_("Unknown action"));
if (!$member) {
warning(_("The code is invalid!"));
}
} else {
$code = "";
$member = false;
}
$password = "";
if ($action) {
switch ($action) {
case "set_password":
action_required_parameters('password', 'password2');
if (!$member) break;
$password = trim($_POST['password']);
$password2 = trim($_POST['password2']);
if ( ! Login::check_password($password, $password2) ) break;
$member->password = crypt($password);
if ( ! $member->update(['password'], 'password_reset_code=NULL, password_reset_code_expiry=NULL') ) break;
success(_("Password has been reset successfully. You can log in with the new password now:"));
redirect("login.php");
break;
default:
if (!$comment->id) {
warning(_("This comment does not exist."));
redirect();
}
if ( !$proposal->allowed_add_comments($comment->rubric) ) {
warning(_("Adding or rating arguments is not allowed in this phase."));
redirect();
}
if ( !$comment->delete_rating() ) redirect();
redirect("#comment".$comment->id);
break;
case "remove_comment":
case "restore_comment":
Login::access_action("admin");
action_required_parameters("id");
$comment = new Comment($_POST['id']);
if (!$comment->id) {
warning(_("This comment does not exist."));
redirect();
}
$comment->removed = ($action=="remove_comment");
$comment->update(["removed"]);
redirect("#comment".$comment->id);
break;
default:
warning(_("Unknown action"));
redirect();
}
}
/**
* member settings
*
* @author Magnus Rosenbaum <*****@*****.**>
* @package Basisentscheid
*/
require "inc/common_http.php";
Login::access("member");
if ($action) {
switch ($action) {
case "save":
action_required_parameters('username', 'password', 'password2', 'mail', 'profile');
$save_fields = array();
$success_msgs = array();
// save username
$username = trim($_POST['username']);
if ( $username != Login::$member->username and Login::check_username($username) ) {
Login::$member->username = $username;
$save_fields[] = "username";
$success_msgs[] = _("The new username has been saved.");
}
// save password
$password = trim($_POST['password']);
$password2 = trim($_POST['password2']);
if ($issue->state == 'finished') {
error(_("The voting on this issue is already closed."));
} elseif ($issue->state != 'voting') {
error(_("The issue is not in voting state."));
}
$token = $issue->vote_token();
if (!$token) {
error(_("You can not vote in this voting period, because you were not yet entitled when the voting started."));
}
if ($action) {
switch ($action) {
case "submit":
action_required_parameters('vote');
$issue->vote($token, $_POST['vote']);
//redirect("proposals.php?ngroup=".$ngroup->id."&filter=voting");
redirect();
break;
default:
warning(_("Unknown action"));
redirect();
}
}
html_head(_("Vote"), true);
?>
<p><?php
/**
* actions
*
* @param string $action
*/
public function action($action) {
// page called without action
if (!$action) return;
switch ($action) {
case "delete":
if (!$this->enable_delete_single) {
error("Action not allowed");
}
action_required_parameters('id');
$this->delete($_POST['id']);
redirect();
case "duplicate":
if (!$this->enable_duplicate) {
error("Action not allowed");
}
action_required_parameters('id');
$this->duplicate($_POST['id']);
redirect();
case "moveup":
case "movedown":
case "movefirst":
case "movelast":
action_required_parameters('id');
$this->action_manualorder($action, $_POST['id']);
redirect();
case "editsubmit":
if ($this->id) {
// update existing record
if (!$this->enable_edit) {
error("Action not allowed");
}
$this->object = new $this->classname($this->id);
if (!$this->object->id) {
warning("The record to be updated does not exist!");
return;
}
$columns = $this->convert_input($this->object, $_POST);
if ($columns===false) return;
if ( $this->object->update($columns) ) {
success(_("The changes have been saved."));
}
$this->redirect_to_list();
}
// insert new record
if (!$this->enable_insert) {
error("Action not allowed");
}
$this->object = new $this->classname;
$columns = $this->convert_input($this->object, $_POST);
if ($columns===false) return;
foreach ($this->global_where as $key => $value) {
$this->object->$key = $value;
$columns[] = $key;
}
if ( $this->object->create($columns) ) {
success($this->msg_strtr($this->msg_record_saved, array('id'=>$this->object->id)));
if ($this->object->id and method_exists($this, "after_create") ) {
$this->after_create($this->object);
}
}
$this->redirect_to_list();
}
// actions on the list page ///////////////////
// handle action from multiple submit buttons
if (is_array($action)) {
// get $action_name from the $_POST['action'] array
// example:
// $_POST => Array (
// ['action'] => Array (
// ['delete_checked'] => 'delete checked'
// )
// )
if (count($action) != 1) {
error("Parameter with invalid value");
}
foreach ( $action as $action_name => $dummy ) {}
/** @noinspection PhpUndefinedVariableInspection */
switch ($action_name) {
case "delete_checked":
if (!$this->enable_delete_checked) {
error("Action not allowed");
}
if (isset($_POST["delete"]) and is_array($_POST["delete"])) {
foreach ( $_POST["delete"] as $id ) {
$this->delete($id);
}
}
redirect();
case "apply_directedit":
if (!$this->enable_edit) {
error("Action not allowed");
}
action_required_parameters('directedit_key');
if (!is_array($_POST['directedit_key'])) {
error("Parameter has wrong type");
}
if (!count($_POST['directedit_key'])) {
redirect();
}
$saved = 0;
$failed = 0;
foreach ( $_POST['directedit_key'] as $id => $columnarray ) {
if ( !is_array($columnarray) or !count($columnarray) ) continue;
$object = new $this->classname($id);
/** @var Relation $object */
if (!$object->id) {
warning(_("One of the records to be updated does not exist!"));
continue;
}
$save_columns = array();
foreach ( $columnarray as $colname => $key_value ) {
$save_columns[] = $colname;
}
$msg_prefix = $this->msg_record." ".$object->id.": ";
$columns = $this->convert_input($object, @$_POST['directedit'][$object->id], $save_columns, $msg_prefix);
if ($columns===false) {
// save the rejected object to fill the direct edit form fields again
$this->directedit_objects[$object->id] = $object;
$failed++;
continue;
}
if ($object->update($save_columns)) $saved++; else $failed++;
}
if ($saved) {
if ($failed) {
success($this->msg_remaining_records_saved);
} else {
success(_("The changes have been saved."));
}
}
redirect();
}
}
warning(_("Unknown action"));
redirect();
}
* Request an email with a link to reset the password
*
* @author Magnus Rosenbaum <*****@*****.**>
* @package Basisentscheid
*/
require "inc/common_http.php";
Login::logout();
if ($action) {
switch ($action) {
case "request_password_reset":
action_required_parameters('username');
if (!$_POST['username']) break;
$sql = "SELECT * FROM member
WHERE username="******"
AND ( password_reset_code IS NULL OR password_reset_code_expiry < now() )";
$result = DB::query($sql);
if ( $member = DB::fetch_object($result, "Member") ) {
if (!$member->mail) {
warning(sprintf(_("Sorry, but there is no confirmed email address for this account. Please contact %s!"), MAIL_SUPPORT), true);
break;
}
$member->password_reset_code = Login::generate_token(24);
/**
* used by proposals.php and proposal.php
*/
function action_proposal_select_period() {
Login::access_action("admin");
action_required_parameters('issue', 'period');
$issue = new Issue($_POST['issue']);
if (!$issue) {
warning("The requested issue does not exist!");
redirect();
}
$period = new Period($_POST['period']);
if (!$period) {
warning("The selected period does not exist!");
redirect();
}
$available =& $issue->available_periods();
if (!isset($available[$period->id])) {
warning("The selected period is not available for the issue!");
redirect();
}
$issue->period = $period->id;
$issue->update(["period"]);
redirect("#issue".$issue->id);
}
}
$period->select_postal();
redirect();
break;
case "unselect":
Login::access_action("entitled", $_SESSION['ngroup']);
if ($period->state=="ballot_preparation") {
warning(_("In ballot preparation phase it is not allowed anymore to change the ballot choice."));
redirect();
}
$period->unselect_ballot();
redirect();
break;
case "save_approved":
Login::access_action("admin");
action_required_parameters('approved_id');
if ($period->state!="ballot_application") {
warning(_("In the current phase of the period it is not allowed anymore to approve ballots."));
redirect();
}
$period->save_approved_ballots();
redirect();
break;
default:
warning(_("Unknown action"));
redirect();
}
}
html_head( sprintf(_("Ballots for <a%s>voting period %d</a>"), ' href="periods.php?ngroup='.$_SESSION['ngroup'].'&hl='.$period->id.'"', $period->id), true );
