From 99b0dc40e6718f0517e9e47b7ee889c017a98388 Mon Sep 17 00:00:00 2001
From: Robert Anderson <randerson@lbsd.net>
Date: Thu, 30 Apr 2009 10:43:10 +0000
Subject: [PATCH] Replaces session handling with $_POST

---
 webui/user-attribute-add.php | 3 ++-
 webui/user-attributes.php    | 7 ++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/webui/user-attribute-add.php b/webui/user-attribute-add.php
index a887590b..66b044af 100644
--- a/webui/user-attribute-add.php
+++ b/webui/user-attribute-add.php
@@ -76,6 +76,7 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "add") {
 			</tr>
 			<tr>
 				<td colspan="2">
+					<input type="hidden" name="user_id" value="<?php echo $_POST['user_id']; ?>" />
 					<input type="submit" />
 				</td>
 			</tr>
@@ -99,7 +100,7 @@ if (isset($_POST['frmaction']) && $_POST['frmaction'] == "add") {
 		$stmt = $db->prepare("INSERT INTO ${DB_TABLE_PREFIX}user_attributes (UserID,Name,Operator,Value) VALUES (?,?,?,?)");
 
 		$res = $stmt->execute(array(
-			$_POST['attr_userid'],
+			$_POST['user_id'],
 			$_POST['attr_name'],
 			$_POST['attr_operator'],
 			$_POST['attr_value'],
diff --git a/webui/user-attributes.php b/webui/user-attributes.php
index 421c2e5f..65bc0eba 100644
--- a/webui/user-attributes.php
+++ b/webui/user-attributes.php
@@ -17,6 +17,7 @@
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 
+
 include_once("includes/header.php");
 include_once("includes/footer.php");
 include_once("includes/db.php");
@@ -60,6 +61,7 @@ printHeader(array(
 			<option disabled="disabled"> - - - - - - - - - - - </option>
 			<option value="change">Change Attribute</option>
 		</select> 
+		<input type="hidden" name="user_id" value="<?php echo $_POST['user_id']; ?>" />
 	</div>
 
 	<p />
@@ -75,6 +77,7 @@ printHeader(array(
 
 <?php
 		if (isset($_POST['user_id'])) {
+
 			# Get old attributes
 			$sql = "
 				SELECT 
@@ -91,7 +94,9 @@ printHeader(array(
 			while ($row = $res->fetchObject()) {
 ?>
 				<tr class="resultsitem">
-					<td><input type="radio" name="attr_id" value="<?php echo $row->id; ?>"/><?php echo $row->id; ?></td>
+					<td>
+						<input type="radio" name="attr_id" value="<?php echo $row->id; ?>"/><?php echo $row->id; ?>
+					</td>
 					<td><?php echo $row->name; ?></td>
 					<td><?php echo $row->operator; ?></td>
 					<td><?php echo $row->value; ?></td>
-- 
GitLab