voting/vote/vote.wml

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>

<?php
require_once ("include/election-sql.php");

$max_step = 4;

if (!isset ($_POST["step"])) {
  $step = 1;
} else {
  $step = $_POST["step"];
}

if ($step > $max_step || $step < 1) {
  $step = 1;
}

$result = "";
$error = "";

$handle = elec_sql_open ();
if ($handle === FALSE) {
  $error .= "Can not open the database.<br />\n";
  $step = 0;
}

$election_id = -1;
if ($step == 1) {
  if (isset ($_GET["election_id"]) && is_numeric ($_GET["election_id"])) {
    $election_id = $_GET["election_id"];
  } else if (isset ($_GET["id"]) && is_numeric ($_GET["id"])) {
    $election_id = $_GET["id"]; //FIXME: Remove this else path after 2009 elections
  }
} else if ($step >= 1) {
  if (isset ($_POST["election_id"]) && is_numeric ($_POST["election_id"]))
    $election_id = $_POST["election_id"];
}

if ($election_id == -1) {
  $error .= "A menu of elections is not available.  A URL that includes the election id is required.  This should have been given to you when you were asked to vote.<br />\n";
  $step = 0;
} else {
  $election = elec_get_election ($handle, $election_id);
  if ($election === FALSE) {
    $error .= "The specified election/referendum does not exist.<br />\n";
    $step = 0;
  } else if (!elec_election_is_current ($election)) {
    $error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to vote now.<br />\n";
    $step = 0;
  }
}


if ($step > 1) {
  $email = "";
  $tmp_token = "";
  if (isset ($_POST["email"]) && isset ($_POST["tmp_token"])) {
    $email = $_POST["email"];
    $tmp_token = $_POST["tmp_token"];
  }

  if (!elec_verify_email_tmp_token ($handle, $election_id, $email, $tmp_token)) {
    $step = 1;
    $error .= "The e-mail address and token you gave do not match an existing voter, or you have already voted.<br />\n";
  } else {

    $choices = elec_choices_get ($handle, $election_id);

    if (!elec_verify_elections ($choices)) {
      $error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
      $step = 0;
    }

  }
}
?>
  <head>
    <link rel="stylesheet" type="text/css" href="vote.css" />
<?php
if ($step==2)
{
?>
    <style>
.canddata, .prefdata{
width:30%;
height: <?php echo 1.8*count($choices); ?>em;
background: #E0FFD0;
}


.canddata ul{
list-style-type: none;
list-style-position: inside;
}
.prefdata ol{
list-style-position: outside;
}

.canddata ul li:hover, .prefdata ol li:hover{
background: #E0E0E0;
cursor: pointer;
}
    </style>
<?php
}
?>
    <title>Votes</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<?php

function escape_js_var($var) {
    $var = preg_replace("([\\\'\"\/])", "\\$1", $var);
    $var = str_replace("\n", "\\n", $var);
    $var = str_replace("\r", "\\r", $var);

    return $var;
}

if ($step==2)
{
?>
<script type="text/javascript">
//<![CDATA[
// @licstart  The following is the entire license notice for the JavaScript code in this page.
//    The JavaScript code in this page is free software: you can
//    redistribute it and/or modify it under the terms of the GNU
//    General Public License (GNU GPL) as published by the Free Software
//    Foundation, either version 2 of the License, or (at your option)
//    any later version.  The code is distributed WITHOUT ANY WARRANTY;
//    without even the implied warranty of MERCHANTABILITY or FITNESS
//    FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
// @licend  The above is the entire license notice for the JavaScript code in this page.
function addPreference(listItem)
{
var preferenceList = document.getElementById('preferences');
listItem.parentNode.removeChild(listItem);
preferenceList.appendChild(listItem);
listItem.setAttribute('onclick', 'removePreference(this)');
}
function removePreference(listItem)
{
var candidateList = document.getElementById('candidates');
listItem.parentNode.removeChild(listItem);
candidateList.appendChild(listItem);
listItem.setAttribute('onclick', 'addPreference(this)');
}

function populateList(){
  var candidateList = document.getElementById('candidates');
  var listItem;
  var prefInput;
  var listItemText;

<?php
  $index=0;
  foreach ($choices as $choice) {
    $index++;
    echo "  listItem = document.createElement('li');\n";
    echo "  listItem.setAttribute('name', 'vote" . escape_js_var($choice["id"]) . "');\n";
    echo "  listItem.setAttribute('onclick', 'addPreference(this)');\n";
    echo "  listItemText = document.createTextNode('" . escape_js_var($choice["choice"]) . "');\n";
    echo "  listItem.appendChild(listItemText);\n";
    echo "  candidateList.appendChild(listItem);\n\n";

    echo "  prefInput = document.createElement('input');\n";
    echo "  prefInput.value = '';\n";
    echo "  prefInput.name = 'pref$index';\n";
    echo "  prefInput.id = 'pref$index';\n";
    echo "  prefInput.type = 'hidden';\n";
    echo "  document.forms[0].appendChild(prefInput);\n";
    echo "\n";
  }
?>

}

function submitPreferences() {
  // Traverse OL, get name & position of preferences, and for each preference, 
  // set value of hidden input with name prefN to value voteM before submitting
  var preferenceList = document.getElementById('preferences');
  var pref;
  var i = 0;
  var index = 0;

  // Iterate through the list 
  for( i = 0; i < preferenceList.childNodes.length; i++ ) 
  {
    node = preferenceList.childNodes[i];
    // If we have a list item, get its name & set the appropriate hidden input
    if (node.nodeName.toLowerCase() == 'li')
    {
       index++;
       pref=document.getElementById('pref'+index)
       pref.value = node.getAttribute('name');
      // DEBUG: alert(pref.name + '=' + pref.value);
    }
  }
}

//]]>
    </script>
    </head>
    <body onLoad="populateList()">
<?php
 } else { // Here $step!=2
?>
  </head>
  <body>
<?php
 }
?>


<?php


if (isset ($election) && $election !== FALSE) {
  echo "<h1>".htmlspecialchars($election["name"])."</h1>\n";
}

if ($step >= 2) {
    $votes_array = elec_vote_get_votes_from_post ($choices);
    $vote = -1;

  $res = elec_verify_vote_is_valid ($choices, $vote, $votes_array);
  
  if ($res != "") {
    $error .= "The vote you made is not valid: ".htmlspecialchars($res)."<br />\n";
    $step = 2;
  }
}

if ($step == 4) {
  /* vote has been confirmed */
  require ("include/step4-commit.php");

  $result = step4_do ();
} else if ($step == 3) {
  /* confirm vote */
  require ("include/step3-confirm.php");

  $result = step3_do ();
} else if ($step == 2) {
  /* choose vote */
  require ("include/step2-choose.php");

  $result = step2_do ();
} else if ($step == 1) {
  /* login */
  require ("include/step1-login.php");

  $result = step1_do ();
} else {
  if (!isset ($error) || $error == "")
    $error = "Unknown error.<br />\n";
}

if (isset ($handle))
  elec_sql_close ($handle);

global $committee_name;
global $committee_email;

if (isset ($error) && $error != "") {
  echo "<div class=\"error\">".$error."</div>\n";;
  echo "<p>If you don't understand the error, you should probably contact the $committee_name, which can be reached at <a href=\"mailto:$committee_email\">$committee_email</a>.</p>\n";
}

if ($step != $max_step && $step >= 1) {
  echo "<form action=\"".htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES)."\" method=\"post\"";
  if ($step == 2) {
    echo " onsubmit=\"submitPreferences()\"";
  }
  echo ">\n";
}

echo $result; // already HTML escaped

if ($step != $max_step && $step >= 1) {
  if ($step > 1) {
    echo "  <input type=\"hidden\" name=\"email\" value=\"". htmlspecialchars($email)."\" />\n";
    echo "  <input type=\"hidden\" name=\"tmp_token\" value=\"".htmlspecialchars($tmp_token)."\" />\n";
  }
  if ($step > 2) {
      $index=0;

      foreach ($votes_array as $vote) {
  	$index++;
        $name = "pref".$index;
        $value = "vote".$vote;

        echo "  <input type=\"hidden\" name=\"".htmlspecialchars($name)."\" value=\"".htmlspecialchars($value)."\" />\n";
    }
  }
  echo "  <input type=\"hidden\" name=\"election_id\" value=\"".htmlspecialchars($election_id)."\" />\n";
  echo "  <input type=\"hidden\" name=\"step\" value=\"".htmlspecialchars($step + 1)."\" />\n";
  echo "  <input type=\"submit\" value=\"Continue to next step\" />\n";
  echo "</form>\n";
}
?>
</body>
</html>