From a62b9c265be1758eef6e39d33c7118f2a640de5e Mon Sep 17 00:00:00 2001
From: lars <lars.kermode@caribana.ch>
Date: Tue, 4 Jun 2019 16:14:32 +0200
Subject: [PATCH] Fixed bug that incorrectly chnaged reqName when updatig
 record

---
 accred_form.php | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/accred_form.php b/accred_form.php
index a379eb02..2502f058 100644
--- a/accred_form.php
+++ b/accred_form.php
@@ -115,17 +115,36 @@ if($_POST['btnprocess'] && $isAdmin) {
         $updateStatus = true;
 }
 $reqName = $mysqli->real_escape_string($_POST['demande_pour']);
+$demPour = $mysqli->real_escape_string($_POST['demande_pour']);
 if( $reqName == '') {
 	$reqName = $username;
 }
 // Escape string, mostly in case of quotes
 $d = $mysqli->real_escape_string(serialize($_POST));
 if(!$aid) {
+        // New entry. If no demande_pour provided in form, make current user owner
+	if($demPour=='') {
+		$reqName = $username;
+	}
+	else {
+		$reqName = $demPour;
+	}	
 	$query = "INSERT INTO submissions (uid, status, name, reqname, created, formdata,modified) values('$userid',$status,'$username','$reqName',null,'".$d."',NOW())";
         syslog(LOG_INFO, "Create entry by uid: $userid / $uname from: {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
 }
 else {
-	$query = "UPDATE submissions set reqname='".$reqName."',modifieduid=$userid,formdata='".$d."'";
+	// Modifying existint record
+	if($demPour=='') {
+		// Could have had a value before or already be empty
+		// regardless, set reqName to same as name (This is NOT username or logged in user)
+		// Was a prior bug
+		// Since we don't have the DB values here, we need a different query
+		 $query = "UPDATE submissions set reqname=name,modifieduid=$userid,formdata='".$d."'";
+	}
+	else {
+		// Value for demande_pour non blank, use that for reqName
+		$query = "UPDATE submissions set reqname='".$demPour."',modifieduid=$userid,formdata='".$d."'";
+	}
 	if($updateStatus) {
 		$query .= ",status=$status ";
 	}