30 lines
836 B
PHP
30 lines
836 B
PHP
<?php
|
|
declare(strict_types=1);
|
|
require_once __DIR__ . '/../auth_helper.php';
|
|
require_login();
|
|
require_role(['Admin', 'Adviser', 'Officer']);
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$election_id = $_POST['election_id'] ?? '';
|
|
$name = $_POST['name'] ?? '';
|
|
$max_votes = (int)($_POST['max_votes'] ?? 1);
|
|
|
|
if (!$election_id || !$name) {
|
|
die("Missing fields");
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$id = uuid();
|
|
$stmt = $pdo->prepare("INSERT INTO positions (id, election_id, name, max_votes) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$id, $election_id, $name, $max_votes]);
|
|
|
|
audit_log('Added position', 'positions', $id);
|
|
|
|
header("Location: ../view_election.php?id=$election_id&success=1");
|
|
exit;
|
|
} catch (Exception $e) {
|
|
die($e->getMessage());
|
|
}
|
|
}
|