From dce402d2ad44d00b1bccf57e17c1996101f06fef Mon Sep 17 00:00:00 2001 From: "Bradley M. Kuhn" Date: Wed, 18 Dec 2013 18:53:50 -0500 Subject: [PATCH] Create election_voters table & adapt code to use it instead of foundationmembers. foundationmembers was a table specific to the GNOME Foundation. This new table, election_voters, allows creation of an electorate based on a list. README is updated to explain how to use this table. --- README | 19 ++++++++++++++++--- vote/include/election-sql.php | 18 +++++++++--------- vote/include/schema.sql | 14 +++++++++++++- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/README b/README index cba7c13..d74b9ca 100644 --- a/README +++ b/README @@ -48,9 +48,22 @@ INSERT INTO election_choices (election_id, choice) (@el_id, 'Candidate 2'), (@el_id, 'Candidate 3'), (@el_id, 'Candidate 4'); -select @el_id; +INSERT INTO election_voters (election_id, email_address) + VALUES + (@el_id, 'voter1@example.org'), + (@el_id, 'voter2@example.org'), + (@el_id, 'voter3@example.com'), + (@el_id, 'voter4@example.net'); -That number you see at the end is your election id. The URL you'll give out + INSERT INTO election_tmp_tokens (election_id, election_voter_id, tmp_token) + SELECT @el_id, id, SUBSTRING(MD5(RAND()) FROM 1 FOR 24) AS tmp_token + FROM election_voters where election_id = @el_id; + + select @el_id; + +That number you see at the end is this election's id. The URL you'll give out is thus something like: - http://example.org/vote?election_id=THAT_NUMBER \ No newline at end of file + http://example.org/vote?election_id=THAT_NUMBER + + diff --git a/vote/include/election-sql.php b/vote/include/election-sql.php index 7d2074c..a7336a1 100644 --- a/vote/include/election-sql.php +++ b/vote/include/election-sql.php @@ -12,7 +12,7 @@ $choices_table = "election_choices"; $anon_tokens_table = "election_anon_tokens"; $tmp_tokens_table = "election_tmp_tokens"; $votes_table = "election_votes"; -$members_table = "foundationmembers"; +$voters_table = "election_voters"; $results_table = "election_results"; $committee_email = "elections@gnome.org"; $committee_name = "the Membership and Elections Committee"; @@ -128,7 +128,7 @@ function elec_get_previous_by_date_desc ($handle) { function elec_verify_email_tmp_token ($handle, $election_id, $email, $tmp_token) { global $tmp_tokens_table; - global $members_table; + global $voters_table; if ($handle === FALSE) return FALSE; @@ -137,11 +137,11 @@ function elec_verify_email_tmp_token ($handle, $election_id, $email, $tmp_token) $escaped_email = mysql_real_escape_string ($email, $handle); $escaped_tmp_token = mysql_real_escape_string ($tmp_token, $handle); - $query = "SELECT COUNT(*) FROM " . $tmp_tokens_table . " AS tt, " . $members_table . " AS mt"; + $query = "SELECT COUNT(*) FROM " . $tmp_tokens_table . " AS tt, " . $voters_table . " AS mt"; $query .= " WHERE tt.election_id = '".$escaped_election_id."'"; $query .= " AND tt.tmp_token = '".$escaped_tmp_token."'"; - $query .= " AND tt.member_id = mt.id"; - $query .= " AND mt.email = '".$escaped_email."'"; + $query .= " AND tt.election_voter_id = mt.id"; + $query .= " AND mt.email_address = '".$escaped_email."'"; $result = mysql_query ($query, $handle); if (!$result) @@ -309,7 +309,7 @@ function elec_insert_new_vote ($handle, $anon_token_id, $vote, $preference) { } function elec_sql_remove_tmp_token ($handle, $election_id, $email, $tmp_token) { - global $members_table; + global $voters_table; global $tmp_tokens_table; if ($handle === FALSE) @@ -321,11 +321,11 @@ function elec_sql_remove_tmp_token ($handle, $election_id, $email, $tmp_token) { /* In MySQL < 4.1, you'd do "DELETE FROM " . $tmp_tokens_table */ $query = "DELETE FROM tt"; - $query .= " USING ". $tmp_tokens_table . " AS tt, " . $members_table . " AS mt"; + $query .= " USING ". $tmp_tokens_table . " AS tt, " . $voters_table . " AS mt"; $query .= " WHERE tt.election_id = '".$escaped_election_id."'"; $query .= " AND tt.tmp_token = '".$escaped_tmp_token."'"; - $query .= " AND tt.member_id = mt.id"; - $query .= " AND mt.email = '".$escaped_email."'"; + $query .= " AND tt.election_voter_id = mt.id"; + $query .= " AND mt.email_address = '".$escaped_email."'"; $result = mysql_query ($query, $handle); if (!$result) diff --git a/vote/include/schema.sql b/vote/include/schema.sql index 8ad476a..17d5dd9 100644 --- a/vote/include/schema.sql +++ b/vote/include/schema.sql @@ -29,8 +29,20 @@ DROP TABLE IF EXISTS `election_tmp_tokens`; `tmp_token` varchar(200) NOT NULL default '' ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/* Not good normal form in election_voters table; there will be duplicates on +** the email_address, but we think of a election_voter_id as a identity tied a +** specific election. */ + +DROP TABLE IF EXISTS `election_voters`; +CREATE TABLE `election_voters` ( + `id` int(11) NOT NULL auto_increment, + `election_id` int(11) NOT NULL default '0', + `email_address` varchar(500) NOT NULL default '' + PRIMARY KEY (`id`)); + + /* -from members database we prepare anon tokens +from each voter we prepare anon tokens then insert those anon tokens to database of course before a new election record should be created since its id is needed for anon_tokens and election_choices are to be inserted