From f4ebd2045b68cf957001be17a05c692fc3fb851e Mon Sep 17 00:00:00 2001
From: lars <lars.kermode@caribana.ch>
Date: Thu, 2 May 2019 15:17:54 +0200
Subject: [PATCH] Fixed setting of demande_pour bug

---
 accred_form.php | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/accred_form.php b/accred_form.php
index 6cfc9602..e38e1201 100644
--- a/accred_form.php
+++ b/accred_form.php
@@ -114,21 +114,13 @@ if($_POST['btnprocess'] && $isAdmin) {
         $status = '3';
         $updateStatus = true;
 }
+$reqName = $mysqli->real_escape_string($_POST['demande_pour']);
+if( $reqName == '') {
+	$reqName = $username;
+}
 // Escape string, mostly in case of quotes
 $d = $mysqli->real_escape_string(serialize($_POST));
 if(!$aid) {
-	// Make sure we set the demande_our value to current user if blank
-    // This would happen upon submission of a new record by non-admin person
-    // Save requestor in serialized data but also as mysql column, we will need to do a sort by later
-	if($_POST['demande_pour']=='') {
-		$m = $_POST;
-		$m['demande_pour'] = $username;
-        $d = $mysqli->real_escape_string(serialize($m));
-        $reqName = $username;
-    }
-    else {
-        $reqName = $mysqli->real_escape_string($_POST['demande_pour']);
-    }
 	$query = "INSERT INTO submissions (uid, status, name, reqname, created, formdata,modified) values('$userid',$status,'$username','$reqName',null,'".$d."',NOW())";
         syslog(LOG_INFO, "Create entry by uid: $userid / $uname from: {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
 }