From 80c0efa2d9c959d944ac756807f9c4726f0f5b72 Mon Sep 17 00:00:00 2001 From: "Bradley M. Kuhn" Date: Sun, 9 Feb 2014 17:24:32 -0500 Subject: [PATCH] Create a verification page, so that voters can see how they voted online before the election actually ends. --- vote/Makefile.am | 1 + vote/include/election-sql.php | 18 ++++++++ vote/verify.wml | 81 +++++++++++++++++++++++++++++++++++ 3 files changed, 100 insertions(+) create mode 100644 vote/verify.wml diff --git a/vote/Makefile.am b/vote/Makefile.am index e33c403..71bb8ef 100644 --- a/vote/Makefile.am +++ b/vote/Makefile.am @@ -8,6 +8,7 @@ page_SCRIPTS = \ results.php \ votes.php \ vote.php \ + verify.php \ overview.html \ blt.php diff --git a/vote/include/election-sql.php b/vote/include/election-sql.php index a7336a1..a3d6629 100644 --- a/vote/include/election-sql.php +++ b/vote/include/election-sql.php @@ -150,6 +150,24 @@ function elec_verify_email_tmp_token ($handle, $election_id, $email, $tmp_token) return (mysql_result ($result, 0, 0) == 1); } +function elec_verify_voted_token ($handle, $verify_token) { + global $anon_tokens_table; + + if ($handle === FALSE) + return FALSE; + + $escaped_verify_token = mysql_real_escape_string ($verify_token, $handle); + + $query = "SELECT id FROM " . $anon_tokens_table; + $query .= " WHERE anon_token = '". $escaped_verify_token."'"; + + $result = mysql_query ($query, $handle); + if (!$result) + return 0; + + return mysql_result ($result, 0, 0); +} + function elec_choices_get ($handle, $election_id) { global $choices_table; diff --git a/vote/verify.wml b/vote/verify.wml new file mode 100644 index 0000000..a9be761 --- /dev/null +++ b/vote/verify.wml @@ -0,0 +1,81 @@ + + + + + The GNOME Foundation - Vote Verification + + + + + + +\n"; + $step = 0; +} + +$verify_token = ""; + +if (($_POST["verify_token"])) { + $verify_token = $_POST["verify_token"]; +} +$anon_token_id = elec_verify_voted_token ($handle, $verify_token); + +if ($verify_token && $anon_token_id > 0) { + $error .= "The vote verification token provided does not appear in the votes database. Please check that you entered it correctly.
\n"; +} +if (!$verify_token || $error) { + echo "

Verify your ballot

\n"; + echo "

Please enter your ballot verification token.

\n"; + echo "
\n"; + echo "

\n"; + echo "\n"; + echo " \n"; + echo "
\n"; +} else { + $votes = elec_get_votes_for_anon_token ($handle, $anon_token_id); + echo "\n"; + echo "".htmlspecialchars($verify_token)."\n"; + echo ""; + if ($votes === FALSE) { + echo "Can not access votes
for this anonymous token."; + $error .= "Can not get votes for anonymous token ".htmlspecialchars($anon_token["anon_token"])."
\n"; + } else if (count ($votes) == 0) { + echo "This voter chose to vote for
none of the possible choices."; + } else { + echo "
    "; + foreach ($votes as $vote) { + if (array_key_exists ($vote["choice_id"], $choices_name)) + echo "
  1. ".htmlspecialchars($votes["preference"])." ".htmlspecialchars($choices_name[$vote["choice_id"]])."
    2. \n"; + else { + echo "
  2. Unknown value (".htmlspecialchars($vote["choice_id"]).")
    3. \n"; + $error .= "There was an unkown vote for anonymous token ".htmlspecialchars($anon_token["anon_token"]).": ".htmlspecialchars($vote["choice_id"])."
    \n"; + } + } + echo "
"; + } + + echo "\n"; + + echo "\n"; + echo "\n"; +} +global $committee_name; +global $committee_email; + +if (isset ($error) && $error != "") { + echo "
".$error."
\n";; + echo "

If you don't understand the error, you should probably contact the $committee_name, which can be reached at $committee_email.

\n"; +} + +if (isset ($handle)) + elec_sql_close ($handle); + +?>