This is probably not the right long-term solution. Ideally, I think it'd be useful if elections could be marked private or public, and elections that are public would be listed automatically, and private ones wouldn't appear. It seems there are some remnants in the code that make it look like someone was going to make a step 0, which would list the elections from the database, but that was never done. So, I've hard-coded what I wanted here, in hopes someone else comes along and does it up right.
305 lines
8.4 KiB
305 lines
8.4 KiB
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
require_once ("include/election-sql.php");
$max_step = 4;
if (!isset ($_POST["step"])) {
$step = 1;
} else {
$step = $_POST["step"];
if ($step > $max_step || $step < 1) {
$step = 1;
$result = "";
$error = "";
$handle = elec_sql_open ();
if ($handle === FALSE) {
$error .= "Can not open the database.<br />\n";
$step = 0;
$election_id = -1;
if ($step == 1) {
if (isset ($_GET["election_id"]) && is_numeric ($_GET["election_id"])) {
$election_id = $_GET["election_id"];
} else if (isset ($_GET["id"]) && is_numeric ($_GET["id"])) {
$election_id = $_GET["id"]; //FIXME: Remove this else path after 2009 elections
} else if ($step >= 1) {
if (isset ($_POST["election_id"]) && is_numeric ($_POST["election_id"]))
$election_id = $_POST["election_id"];
if ($election_id == -1) {
$error .= "A menu of elections is not available. A URL that includes the election id is required. This should have been given to you when you were asked to vote.<br />\n";
$step = 0;
} else {
$election = elec_get_election ($handle, $election_id);
if ($election === FALSE) {
$error .= "The specified election/referendum does not exist.<br />\n";
$step = 0;
} else if (!elec_election_is_current ($election)) {
$error .= "The voting period for the specified ".htmlspecialchars(elec_election_get_type ($election))." starts on ".htmlspecialchars($election["voting_start"])." (UTC) and ends on ".htmlspecialchars($election["voting_end"])." (UTC). It is not possible to vote now.<br />\n";
$step = 0;
if ($step > 1) {
$email = "";
$tmp_token = "";
if (isset ($_POST["email"]) && isset ($_POST["tmp_token"])) {
$email = $_POST["email"];
$tmp_token = $_POST["tmp_token"];
if (!elec_verify_email_tmp_token ($handle, $election_id, $email, $tmp_token)) {
$step = 1;
$error .= "The e-mail address and token you gave do not match an existing voter, or you have already voted.<br />\n";
} else {
$choices = elec_choices_get ($handle, $election_id);
if (!elec_verify_elections ($choices)) {
$error .= "The ".htmlspecialchars(elec_election_get_type ($election))." is not properly set up.\n";
$step = 0;
<link rel="stylesheet" type="text/css" href="vote.css" />
if ($step==2)
.canddata, .prefdata{
height: <?php echo 1.8*count($choices); ?>em;
background: #E0FFD0;
.canddata ul{
list-style-type: none;
list-style-position: inside;
.prefdata ol{
list-style-position: outside;
.canddata ul li:hover, .prefdata ol li:hover{
background: #E0E0E0;
cursor: pointer;
<title>The GNOME Foundation - Votes</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
function escape_js_var($var) {
$var = preg_replace("([\\\'\"\/])", "\\$1", $var);
$var = str_replace("\n", "\\n", $var);
$var = str_replace("\r", "\\r", $var);
return $var;
if ($step==2)
<script type="text/javascript">
// @licstart The following is the entire license notice for the JavaScript code in this page.
// The JavaScript code in this page is free software: you can
// redistribute it and/or modify it under the terms of the GNU
// General Public License (GNU GPL) as published by the Free Software
// Foundation, either version 2 of the License, or (at your option)
// any later version. The code is distributed WITHOUT ANY WARRANTY;
// without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
// @licend The above is the entire license notice for the JavaScript code in this page.
function addPreference(listItem)
var preferenceList = document.getElementById('preferences');
listItem.setAttribute('onclick', 'removePreference(this)');
function removePreference(listItem)
var candidateList = document.getElementById('candidates');
listItem.setAttribute('onclick', 'addPreference(this)');
function populateList(){
var candidateList = document.getElementById('candidates');
var listItem;
var prefInput;
var listItemText;
foreach ($choices as $choice) {
echo " listItem = document.createElement('li');\n";
echo " listItem.setAttribute('name', 'vote" . escape_js_var($choice["id"]) . "');\n";
echo " listItem.setAttribute('onclick', 'addPreference(this)');\n";
echo " listItemText = document.createTextNode('" . escape_js_var($choice["choice"]) . "');\n";
echo " listItem.appendChild(listItemText);\n";
echo " candidateList.appendChild(listItem);\n\n";
echo " prefInput = document.createElement('input');\n";
echo " prefInput.value = '';\n";
echo " prefInput.name = 'pref$index';\n";
echo " prefInput.id = 'pref$index';\n";
echo " prefInput.type = 'hidden';\n";
echo " document.forms[0].appendChild(prefInput);\n";
echo "\n";
function submitPreferences() {
// Traverse OL, get name & position of preferences, and for each preference,
// set value of hidden input with name prefN to value voteM before submitting
var preferenceList = document.getElementById('preferences');
var pref;
var i = 0;
var index = 0;
// Iterate through the list
for( i = 0; i < preferenceList.childNodes.length; i++ )
node = preferenceList.childNodes[i];
// If we have a list item, get its name & set the appropriate hidden input
if (node.nodeName.toLowerCase() == 'li')
pref.value = node.getAttribute('name');
// DEBUG: alert(pref.name + '=' + pref.value);
<body onLoad="populateList()">
} else { // Here $step!=2
if (isset ($election) && $election !== FALSE) {
echo "<h1>".htmlspecialchars($election["name"])."</h1>\n";
if ($step >= 2) {
$votes_array = elec_vote_get_votes_from_post ($choices);
$vote = -1;
$res = elec_verify_vote_is_valid ($choices, $vote, $votes_array);
if ($res != "") {
$error .= "The vote you made is not valid: ".htmlspecialchars($res)."<br />\n";
$step = 2;
if ($step == 4) {
/* vote has been confirmed */
require ("include/step4-commit.php");
$result = step4_do ();
} else if ($step == 3) {
/* confirm vote */
require ("include/step3-confirm.php");
$result = step3_do ();
} else if ($step == 2) {
/* choose vote */
require ("include/step2-choose.php");
$result = step2_do ();
} else if ($step == 1) {
/* login */
require ("include/step1-login.php");
$result = step1_do ();
} else {
if (!isset ($error) || $error == "")
$error = "Unknown error.<br />\n";
if (isset ($handle))
elec_sql_close ($handle);
global $committee_name;
global $committee_email;
if (isset ($error) && $error != "") {
echo "<div class=\"error\">".$error."</div>\n";;
echo "<p>If you don't understand the error, you should probably contact the $committee_name, which can be reached at <a href=\"mailto:$committee_email\">$committee_email</a>.</p>\n";
if ($step != $max_step && $step >= 1) {
echo "<form action=\"".htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES)."\" method=\"post\"";
if ($step == 2) {
echo " onsubmit=\"submitPreferences()\"";
echo ">\n";
echo $result; // already HTML escaped
if ($step != $max_step && $step >= 1) {
if ($step > 1) {
echo " <input type=\"hidden\" name=\"email\" value=\"". htmlspecialchars($email)."\" />\n";
echo " <input type=\"hidden\" name=\"tmp_token\" value=\"".htmlspecialchars($tmp_token)."\" />\n";
if ($step > 2) {
foreach ($votes_array as $vote) {
$name = "pref".$index;
$value = "vote".$vote;
echo " <input type=\"hidden\" name=\"".htmlspecialchars($name)."\" value=\"".htmlspecialchars($value)."\" />\n";
echo " <input type=\"hidden\" name=\"election_id\" value=\"".htmlspecialchars($election_id)."\" />\n";
echo " <input type=\"hidden\" name=\"step\" value=\"".htmlspecialchars($step + 1)."\" />\n";
echo " <input type=\"submit\" value=\"Continue to next step\" />\n";
echo "</form>\n";