59 lines
2.0 KiB
PHP
59 lines
2.0 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
require_once __DIR__ . '/../auth_helper.php';
|
|
require_login();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$election_id = $_POST['election_id'] ?? '';
|
|
$votes = $_POST['votes'] ?? []; // Array of position_id => candidate_id
|
|
$user = get_user();
|
|
|
|
if (!$election_id || empty($votes)) {
|
|
die("Invalid submission.");
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
$pdo->beginTransaction();
|
|
|
|
// 1. Verify election is ongoing
|
|
$eStmt = $pdo->prepare("SELECT status FROM elections WHERE id = ?");
|
|
$eStmt->execute([$election_id]);
|
|
if ($eStmt->fetchColumn() !== 'Ongoing') {
|
|
throw new Exception("Election is not ongoing.");
|
|
}
|
|
|
|
// 2. Verify user hasn't voted yet
|
|
$vCheck = $pdo->prepare("SELECT COUNT(*) FROM votes WHERE election_id = ? AND voter_id = ?");
|
|
$vCheck->execute([$election_id, $user['id']]);
|
|
if ($vCheck->fetchColumn() > 0) {
|
|
throw new Exception("You have already cast your vote for this election.");
|
|
}
|
|
|
|
// 3. Insert votes
|
|
$stmt = $pdo->prepare("INSERT INTO votes (id, election_id, position_id, candidate_id, voter_id, ip_address, user_agent) VALUES (?, ?, ?, ?, ?, ?, ?)");
|
|
|
|
foreach ($votes as $position_id => $candidate_id) {
|
|
$vote_id = uuid();
|
|
$stmt->execute([
|
|
$vote_id,
|
|
$election_id,
|
|
$position_id,
|
|
$candidate_id,
|
|
$user['id'],
|
|
$_SERVER['REMOTE_ADDR'] ?? 'unknown',
|
|
$_SERVER['HTTP_USER_AGENT'] ?? 'unknown'
|
|
]);
|
|
}
|
|
|
|
audit_log('Cast ballot', 'elections', $election_id);
|
|
|
|
$pdo->commit();
|
|
header("Location: ../view_results.php?id=$election_id&success=vote_cast");
|
|
exit;
|
|
} catch (Exception $e) {
|
|
if ($pdo->inTransaction()) $pdo->rollBack();
|
|
die("Error casting vote: " . $e->getMessage());
|
|
}
|
|
}
|