From 7422d5c89b3d9ee313f06177240f543d4d21c768 Mon Sep 17 00:00:00 2001
From: Daniel Tartavel <dtux@free.fr>
Date: Wed, 19 Oct 2022 15:51:41 +0200
Subject: [PATCH] update

---
 gestion/envoiMailing.php    |  27 ++++++---
 gestion/index.php           |   2 +-
 gestion/saisieCandidats.php |   9 ++-
 include/config.inc.php      |   1 +
 include/db.class.php        | 112 +++++++++++++++++++++++++++++++++---
 include/fonctions.inc.php   |   2 +-
 vote.form.php               |  12 ++--
 vote.php                    |  50 ++++++++++------
 vote.resultat.php           |  77 +------------------------
 9 files changed, 173 insertions(+), 119 deletions(-)

diff --git a/gestion/envoiMailing.php b/gestion/envoiMailing.php
index 9aefeb9..b83f7d8 100644
--- a/gestion/envoiMailing.php
+++ b/gestion/envoiMailing.php
@@ -3,8 +3,9 @@ require_once '../session_init.php';
 require_once 'config.inc.php';
 require_once 'db.class.php';
 require_once 'entete.php';
+require_once 'fonctions.inc.php';
 
-$idVotation = $_GET["idVotation"];
+$idVotation = getpost("idVotation");
 
 print('<br><br>
 	<!-- lalis Grid Section -->
@@ -17,6 +18,7 @@ print('<br><br>
 
 $db = new db();
 $dolibarr = new dbDolibarr();
+$status = getpost("status");
 
 if (empty($idVotation))
 {
@@ -27,7 +29,7 @@ if (empty($idVotation))
 		$db->query("SELECT *, UNIX_TIMESTAMP( DATE_ADD(dateFin, INTERVAL 1 DAY)) as tf,  UNIX_TIMESTAMP(dateFin) as df,  UNIX_TIMESTAMP(dateDebut) as dd FROM liste_votations WHERE id=" . $idVotation);
 		$votation = $db->result->fetch_array();
 
-	if(empty($_GET['status']))
+	if(empty($status))
 	{
 		print('<form  method="get" action="envoiMailing.php">
 				<input type="hidden" name="idVotation" value="' . $idVotation . '">
@@ -40,7 +42,7 @@ if (empty($idVotation))
 						</div>
 					</form>
 		');
-	}elseif($_GET['status'] == 'Oui' OR $_GET['status'] == 'Test')
+	}elseif($status == 'Oui' OR $status == 'Test')
 	{
 		// message
 
@@ -54,20 +56,25 @@ if (empty($idVotation))
 		$textFin = "\n\nNous vous rappelons que pour pouvoir voter, vous devez être à jour de cotisation à la date du vote.\nLes résultats seront visibles dès le " . formatteDate('fr', $votation['tf'], 'Europe/Paris') . " par le lien suivant : https://lalis69.ddns.net:10443/vote/vote.resultat.php?id=" . $idVotation . "\nAttention: ce lien contient votre identifiant de vote, ne le transmettez pas car la personne pourra voter à votre place.\n\nEn cas de problème appeler le 09 53 00 03 20 ou le 06 52 34 07 60\n\nVous pouvez voter par procuration en envoyant un courriel avec vos nom, prénom, et le nom de la personne à laquelle vous donnez procuration (voir modèle ci-dessous). Si vous ne précisez pas le nom du bénéficiaire de la procuration, celle-ci sera assignée aléatoirement à une personne ayant voté.\n\n";
 		$textFin .= "Modèle de procuration\n\nJe soussigné (nom, prénom)................................. demeurant à ........................... donne pouvoir à (nom, prénom)................... pour me représenter et prendre part aux votes en mon nom lors de l'Assemblée Générale Ordinaire de l'association .... du .... (date).\nDate et signature\n\n";
 		$textFin .= "Pour Lalis, Le Président, David Larochette.";
-		if ($_GET['status'] == 'Oui')
+		if ($status == 'Oui')
 		{
 			foreach($adherents as $adherent)
 			{
 				$text = $textDebut . base64_encode($adherent['login']) . $textFin;
 				print '<pre>' . $adherent['email'] . ' ' . $adherent['firstname'] . ' ' . $adherent['lastname'] . EOLH . nl2br($text) . '</pre>';
 				//print $text;
-				envoiMail($adherent['email'], $sujet, $text, $html=false, $cc='', $bcc='');
-				//envoiMail('dtux@free.fr', $sujet, $text, $html=false, $cc='', $bcc='');
+				if (!empty($adherent['email']))
+				{
+					if (envoiMail($adherent['email'], $sujet, $text, $html=false, $cc='', $bcc='') == false)
+					{
+						$erreurEnvoiMail[] = $adherent["firstname"] . " " . $adherent['lastname'];
+					}
+				}
 			}
 		}else
 		{
 			//print $text;
-			$text = $textDebut . base64_encode("login") . $textFin;
+			$text = $textDebut . base64_encode($dolibarrAdmin) . $textFin;
 			envoiMail($admin, $sujet, $text, $html=false, $cc='', $bcc='');
 		}
 	}else
@@ -75,7 +82,11 @@ if (empty($idVotation))
 			print("<pre><h4>Annulation de l'envoi du Mailing pour la votation : " . $votation['libelle'] . "</h4>
 				</pre><br>");
 	}
-
+	print('Liste des envoi en erreur: ' . EOLH);
+	foreach ($erreurEnvoiMail as $adherent)
+	{
+		print ($adherent . EOLH);
+	}
 	print('			</div>
 				</div>
 			</div>
diff --git a/gestion/index.php b/gestion/index.php
index 67c60f8..5c64546 100644
--- a/gestion/index.php
+++ b/gestion/index.php
@@ -5,7 +5,7 @@ require_once 'entete.php';
 
 if (!empty($_SERVER["PHP_AUTH_USER"]))
 
-/*print('	<br><br>
+print('	<br><br>
 	<!-- lalis Grid Section -->
 
 	<section id="content">
diff --git a/gestion/saisieCandidats.php b/gestion/saisieCandidats.php
index 92b20ad..6d72d0b 100644
--- a/gestion/saisieCandidats.php
+++ b/gestion/saisieCandidats.php
@@ -1,5 +1,5 @@
 <?php
-require_once 'session_init.php';
+require_once '../session_init.php';
 require_once 'config.inc.php';
 require_once 'db.class.php';
 require_once 'fonctions.inc.php';
@@ -12,9 +12,8 @@ $idVote = getpost("idVote");
 $candidat = getpost("candidat");
 $idCandidat = getpost("idCandidat");
 $libelle = getpost("libelle");
-$action = getpost("action");
 
-if (!empty($candidat) and $action != "modif")
+if (!empty($candidat))
 {
 	$query = "INSERT INTO liste_candidats VALUES (0, " . $db->protect($idVotation) . ", " . $db->protect($idVote) . ",'" . $db->protect($libelle) . "', '". $db->protect($candidat) . "')";
 	$db->query($query);
@@ -36,7 +35,7 @@ if (!empty($candidat) and $action != "modif")
 	}elseif (empty($idVote))
 	{
 		choixVote($path, $idVotation);
-	}elseif ($action == "modif" and !empty($idCandidat))
+	}elseif (!empty($idCandidat))
 	{
 
 	}else
@@ -54,8 +53,8 @@ if (!empty($candidat) and $action != "modif")
 			print('<h4>Liste des candidats</h4>');
 			foreach($candidatsList as $line)
 			{
-				print("<b><u>" . $line["candidat"] . "</u></b><br>");
 				print(nl2br($line["libelle"]) . EOLH);
+				print("<b><u>" . $line["candidat"] . "</u></b><br>");
 			}
 		}
 		candidatsForm($path, $idVotation, $idVote);
diff --git a/include/config.inc.php b/include/config.inc.php
index 828e80f..0566462 100644
--- a/include/config.inc.php
+++ b/include/config.inc.php
@@ -14,6 +14,7 @@ define( "DATE_MYSQL", "Y-m-d H:i:s" );
 
 //environment variables
 $admin 			= "dtux@free.fr";
+$dolibarrAdmin	= "dtartavel";
 $webmaster		= "contact@lalis.fr";
 $site 			= "Lalis";
 $dossier 		= "/sftp";
diff --git a/include/db.class.php b/include/db.class.php
index 50487ac..12c5a3d 100644
--- a/include/db.class.php
+++ b/include/db.class.php
@@ -79,12 +79,13 @@ class dbcore
 	function vote($idVotation, $idVotant, $idVote, $idCandidat)
 	{
 		$flag = 0;
-		$query='SELECT IF(identifiant="' . $idVotant . '" AND idVotation="' . $idVotation .'" AND INSTR(idVote, "' . $idVote .'"),TRUE,FALSE) as r FROM liste_votants';
+		/*$query='SELECT IF(identifiant="' . $idVotant . '" AND idVotation="' . $idVotation .'" AND INSTR(idVote, "' . $idVote .'"),TRUE,FALSE) as r FROM liste_votants';
 		$this->query($query);
 		if ( ($r = $this->result->fetch_array(MYSQLI_ASSOC)))
-		{
+		{*/
 			$query='SELECT IF ( id="' . $idVotation .'",TRUE,FALSE) as r FROM liste_votations';
 			$this->query($query);
+			echo "resultat " . $r . EOLH;
 			if ( ($r = $this->result->fetch_array(MYSQLI_ASSOC)))
 			{
 				$query='SELECT IF( idVotation="' . $idVotation .'" AND id="' . $idVote .'",TRUE,FALSE) as r FROM liste_votes';
@@ -98,21 +99,118 @@ class dbcore
 						$query='INSERT INTO votes (idVotant, idVotation, idVote, idCandidat) VALUES ("' . $this->protect($idVotant) .'", "' . $this->protect($idVotation) .'", "'  . $this->protect($idVote) .'", "'. $this->protect($idCandidat) .'")';
 						$error = $this->query($query);
 						return $error;
+					}else
+					{
+						$error = "Le candidat n'existe pas" . EOLH;
 					}
+				}else
+				{
+					$error= "La votation ou le vote n'existe pas" . EOLH;
 				}
+
 			}
-		}
-		return 'Error ';
+		//}
+		return $error;
 	}
 
-	function resultat()
+	function resultats($idVotation)
 	{
-		for($i=1;i>$n;$n++)
+		$query = 'SELECT *, UNIX_TIMESTAMP(DATE_ADD(dateFin, INTERVAL 1 DAY)) as tf FROM liste_votations WHERE id = ' . $this->protect($idVotation);
+		$result = $this->query($query);
+		$votation = $this->result->fetch_array(MYSQLI_ASSOC);
+		if ($result === FALSE)
 		{
-			$query='SELECT idVotant, COUNT(value) as resultat FROM lalis_vote WHERE value="' . $value . '" AND idVote="' . $i . '"  ';
+			print "Votation non trouvée" . EOLH;
+		}else
+		{
+			$now = date('Y-m-d');
+			if ( time() > $votation['tf'] )
+			{
+				echo $votation["libelle"] . "</h4>";
+				$listeAdherents = listeAdherents();
+				print ('				<hr class="star-primary">
+									</div>
+								</div>
+								<div class="row">');
+
+				$query='SELECT * FROM liste_votes WHERE idVotation="' .$this->protect( $idVotation) .'"';
+				$result = $this->query($query);
+				$votes = $this->result->fetch_all(MYSQLI_ASSOC);
+				foreach ($votes as $vote)
+				{
+					switch ($vote["methode"])
+					{
+						case 1:
+							$total = 0;
+							echo "<div><h5>" . $vote["libelle"] . "</h5><br>";
+							$query='SELECT * FROM liste_candidats WHERE idVotation=' . $idVotation . ' AND idVote=' . $vote["id"];
+							$result = $this->query($query);
+							$candidats = $this->result->fetch_all(MYSQLI_ASSOC);
+							echo "<pre>";
+							//$resultatCandidats = '';
+
+							$query='SELECT COUNT(*) as n FROM votes WHERE idVotation=' . $this->protect($idVotation) . ' AND idVote=' . $vote["id"] .' AND idCandidat=0';
+							$result = $this->query($query);
+							$resultat = $this->result->fetch_array(MYSQLI_ASSOC);
+							$blanc = $resultat["n"];
+							echo 'Votes blancs&nbsp;: ' . $blanc . '<br>';
+							foreach($candidats as $candidat)
+							{
+								$query='SELECT COUNT(*) as n FROM votes WHERE idVotation=' . $this->protect($idVotation) . ' AND idVote=' . $vote["id"] .' AND idCandidat=' . $candidat["id"];
+								$result = $this->query($query);
+								$resultat = $this->result->fetch_array(MYSQLI_ASSOC);
+								echo $candidat["candidat"] . '&nbsp;:' . $resultat["n"]  . '<br>';
+								$resultatCandidats[$candidat['candidat']] = $resultat["n"];
+								$total += $resultat["n"];
+							}
+							array_multisort($resultatCandidats, SORT_DESC, SORT_NUMERIC);
+							reset($resultatCandidats);
+							if ($total != 0)
+							{
+								if ($total >= $blanc)
+								{
+									print("<h5>Remporte le vote : " . key($resultatCandidats));
+									unset($resultatCandidats);
+									print("</h5>");
+								}else
+								{
+									print("<h5>Aucun candidat n'emporte le vote, car il y a plus de 50% de votes blancs.</h5>");
+								}
+								listeVotants($idVotation, $vote["id"], $listeAdherents);
+							}else
+							{
+								print("<h5>Aucun votant, le vote est annulé.</h5>");
+							}
+							print("</pre></div><br>" . EOLH);
+							break;
+						default:
+							break;
+					}
+				}
+			}else
+			{
+				print "Bonjour, vous pourrez consulter les résultats à partir du " . formattedate('fr', $votation['tf'] , "Europe/Paris") . "</h4>";
+			}
 		}
 	}
 
+	function liste_votants($idVotation)
+	{
+		$query = 'SELECT DISTINCT idVotant FROM liste_votes WHERE idVotation=' . $idVotation;
+		$this->query($query);
+		$votants = $this->result->fetch_all(MYSQLI_ASSOC);
+		$doliDB = new dbDolibarr();
+		foreach($votants as $votant)
+		{
+			$query ="SELECT login, firstname, lastname FROM llx_adherent WHERE login='" . $votant . "'";
+			$dolibarr->query($query);
+			$r = mysqli_fetch_array();
+			$listeVotants[$votant]["nom"] = $r["lastname"];
+			$listeVotants[$votant]["prenom"] = $r["firstname"];
+		}
+		return $listeVotants;
+	}
+
 	function queryVotationList()
 	{
 		$query = "SELECT * FROM liste_votations";
diff --git a/include/fonctions.inc.php b/include/fonctions.inc.php
index f864efb..144ca1c 100644
--- a/include/fonctions.inc.php
+++ b/include/fonctions.inc.php
@@ -248,7 +248,7 @@ function listeVotants($idVotation, $idVote, $listeAdherents)
 {
 	$nv = 0;
 	$text = '';
-
+	$db = new db();
 	$db->open();
 
 	$query = "SELECT DISTINCT idVotant FROM votes WHERE idVotation=" . $idVotation . ' AND idVote=' . $idVote;
diff --git a/vote.form.php b/vote.form.php
index 06c5d3d..6bce81c 100644
--- a/vote.form.php
+++ b/vote.form.php
@@ -5,14 +5,15 @@ require_once 'config.inc.php';
 require_once 'db.class.php';
 require_once "log.php";
 require_once 'entete.php';
+require_once 'fonctions.inc.php';
 
-$idVotant = trim(base64_decode(urldecode($_GET["id"])), " \n\r");
-$idVotation = $_GET["v"];
+$idVotant = trim(base64_decode(urldecode(getpost("id")), " \n\r"));
+$idVotation = getpost("v");
 
 $dolibarr = new dbDolibarr();
 
 $query = "SELECT * FROM llx_adherent as a LEFT JOIN llx_adherent_type as t ON a.fk_adherent_type=t.rowid WHERE a.login='" . $dolibarr->protect($idVotant) . "' AND (DATE(a.datefin)>=CURDATE() OR t.subscription=0) AND t.vote=1";
-print $query . EOLH;
+//print $query . EOLH;
 $result = $dolibarr->query($query);
 //print_r($dolibarr);
 $votant = $dolibarr->result->fetch_array();
@@ -46,7 +47,7 @@ if ($dolibarr->result->num_rows == 0)
 	{
 		if ( time() >= $votation['td'] AND time() <= $votation['tf'] )
 		{
-			$query = "SELECT * FROM votes WHERE idVotant='" . $db->protect($idVotant) ."'";
+			$query = "SELECT * FROM votes WHERE idVotant='" . $db->protect($idVotant) ."' AND idVotation=" . $idVotation;
 			$db->query($query);
 			if ($db->result->num_rows == 0)
 			{
@@ -70,8 +71,9 @@ if ($dolibarr->result->num_rows == 0)
 					echo "<pre>";
 					foreach($candidats as $candidat)
 					{
-						echo '<input type="radio" name="vote[' . $vote["id"] . ']" value="' . $candidat["id"] . '"> ' . $candidat["candidat"] . '&nbsp;<br>';
 						echo nl2br($candidat["libelle"]) . EOLH;
+						echo '<input type="radio" name="vote[' . $vote["id"] . ']" value="' . $candidat["id"] . '"> ' . $candidat["candidat"] . '&nbsp;<br>';
+
 					}
 					echo '<input type="radio" name="vote[' . $vote["id"] . ']" value="0"> Vote blanc&nbsp;<br>';
 					print "</pre>
diff --git a/vote.php b/vote.php
index 2807006..8575c7e 100644
--- a/vote.php
+++ b/vote.php
@@ -8,6 +8,30 @@ if (array_key_exists("id", $_GET))	$idVotant = $_GET["id"];
 if (array_key_exists("v", $_GET))	$votation = $_GET["v"];
 if (array_key_exists("vote", $_GET))	$vote = $_GET["vote"];
 
+function voter($idVotant, $votation, $vote)
+{
+	foreach ($vote as $key => $value)
+	{
+		$result = $db->vote($votation, $idVotant, $key, $value );
+		if ($result == '')
+		{
+			$idVote = array_search($key, array_column($listeVotes, 'id'));
+			echo '<h4>' . $listeVotes[$idVote]['libelle'] . ' : vote pris en compte</h4>' .EOLH;
+			log_write($idVotant . ' a voté');
+		}else
+		{
+			print ('<h4>ERREUR: vote non pris en compte</h4>') . EOLH;
+			if (strpos($result, 'Duplicate') !== false)
+			{
+				print ("<h5>L'erreur est normale si vous avez essayé de recharger la page");
+			}
+			print("<h5>Adressez-vous aux responsables de l'association, ils ont déjà été averti de l'erreur</h5>" . EOLH);
+			log_error( "vote non pris en compte : idVotant=$idVotant, id_Votation=$votation, key=$key, value=$value");
+		}
+		//echo "$key => $value";
+	}
+}
+
 $db = new db();
 
 print('<br><br>
@@ -23,26 +47,18 @@ $query = 'SELECT * FROM liste_votes WHERE idVotation="' . $db->protect( $votatio
 $result = $db->query($query);
 $listeVotes = $db->result->fetch_all(MYSQLI_ASSOC);
 
-foreach ($vote as $key => $value)
-{
-	$result = $db->vote($votation, $idVotant, $key, $value );
+voter($idVotant, $votation, $vote);
 
-	if ($result == '')
+$query = "SELECT idprocurant FROM procurations WHERE idvotant='" . $db->protect(idVotant) . "' AND idvotation=" . $db->protect(idVotation);
+$result = $db->query($query);
+$listProcurants = $db->result->fetch_all(MYSQLI_ASSOC);
+
+if (count($listProcurants) != 0)
+{
+	foreach($listProcurants as $procurant)
 	{
-		$idVote = array_search($key, array_column($listeVotes, 'id'));
-		echo '<h4>' . $listeVotes[$idVote]['libelle'] . ' : vote pris en compte</h4>' .EOLH;
-		log_write($idVotant . ' a voté');
-	}else
-	{
-		print ('<h4>ERREUR: vote non pris en compte</h4>') . EOLH;
-		if (strpos($result, 'Duplicate') !== false)
-		{
-			print ("<h5>L'erreur est normale si vous avez essayé de recharger la page");
-		}
-		print("<h5>Adressez-vous aux responsables de l'association, ils ont déjà été averti de l'erreur</h5>" . EOLH);
-		log_error( "vote non pris en compte : idVotant=$idVotant, id_Votation=$votation, key=$key, value=$value");
+		voter($procurant, $votation, $vote);
 	}
-	//echo "$key => $value";
 }
 $db->close();
 print('				</div>
diff --git a/vote.resultat.php b/vote.resultat.php
index 4fc2065..95d2541 100644
--- a/vote.resultat.php
+++ b/vote.resultat.php
@@ -17,7 +17,6 @@ print '<script type="text/javascript">
 			document.getElementById(object+idVote).style.display = "none";
 			document.getElementById("button"+idVote).innerText = "Voir la liste des votants"
 		}
-
 	}
 </script>';
 
@@ -40,80 +39,8 @@ if (empty($idVotation))
 	print('
 						<h3>VOTE</h3>
 						<h4>');
-
-	$query = 'SELECT *, UNIX_TIMESTAMP(DATE_ADD(dateFin, INTERVAL 1 DAY)) as tf FROM liste_votations WHERE id = ' . $db->protect($idVotation);
-	$result = $db->query($query);
-	$votation = $db->result->fetch_array(MYSQLI_ASSOC);
-	if ($result === FALSE)
-	{
-		print "Votation non trouvée" . EOLH;
-	}else
-	{
-		$now = date('Y-m-d');
-		if ( time() > $votation['tf'] )
-		{
-			echo $votation["libelle"] . "</h4>";
-			$listeAdherents = listeAdherents();
-			print ('				<hr class="star-primary">
-								</div>
-							</div>
-							<div class="row">');
-
-			$query='SELECT * FROM liste_votes WHERE idVotation="' .$db->protect( $idVotation) .'"';
-			$result = $db->query($query);
-			$votes = $db->result->fetch_all(MYSQLI_ASSOC);
-			foreach ($votes as $vote)
-			{
-				switch ($vote["method"])
-				{
-					case 1:
-						$total = 0;
-						echo "<div><h5>" . $vote["libelle"] . "</h5><br>";
-						$query='SELECT * FROM liste_candidats WHERE idVotation=' . $idVotation . ' AND idVote=' . $vote["id"];
-						$result = $db->query($query);
-						$candidats = $db->result->fetch_all(MYSQLI_ASSOC);
-						echo "<pre>";
-						//$resultatCandidats = '';
-
-						$query='SELECT COUNT(*) as n FROM votes WHERE idVotation=' . $db->protect($idVotation) . ' AND idVote=' . $vote["id"] .' AND idCandidat=0';
-						$result = $db->query($query);
-						$resultat = $db->result->fetch_array(MYSQLI_ASSOC);
-						$blanc = $resultat["n"];
-						echo 'Votes blancs&nbsp;: ' . $blanc . '<br>';
-						foreach($candidats as $candidat)
-						{
-							$query='SELECT COUNT(*) as n FROM votes WHERE idVotation=' . $db->protect($idVotation) . ' AND idVote=' . $vote["id"] .' AND idCandidat=' . $candidat["id"];
-							$result = $db->query($query);
-							$resultat = $db->result->fetch_array(MYSQLI_ASSOC);
-							echo $candidat["candidat"] . '&nbsp;:' . $resultat["n"]  . '<br>';
-							$resultatCandidats[$candidat['candidat']] = $resultat["n"];
-							$total += $resultat["n"];
-						}
-						array_multisort($resultatCandidats, SORT_DESC, SORT_NUMERIC);
-						reset($resultatCandidats);
-						if ($total >= $blanc)
-						{
-							print("<h5>Remporte le vote : " . key($resultatCandidats));
-							unset($resultatCandidats);
-							print("</h5>");
-						}else
-						{
-							print("<h5>Aucun candidat n'emporte le vote, car il y a plus de 50% de votes blancs.</h5>");
-						}
-						listeVotants($idVotation, $vote["id"], $listeAdherents);
-						print("</pre></div><br>" . EOLH);
-						break;
-					default:
-						break;
-				}
-			}
-		}else
-		{
-			print "Bonjour, vous pourrez consulter les résultats à partir du " . formattedate('fr', $votation['tf'] , "Europe/Paris") . "</h4>";
-		}
-	}
-
-		print ('				<div>
+	$db->resultats($idVotation);
+	print ('				<div>
 							</div>
 						</div>
 				</div>