From 154a5e7b82842656bca2615c428301f3a482a2d2 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.bloess@googlemail.com>
Date: Mon, 27 Jan 2020 22:05:58 +0100
Subject: [PATCH] fixed userinfo variable override (#148)

---
 bill-pos-edit.php                   | 96 ++++++++++++++---------------
 include/management/userbillinfo.php |  8 +--
 mng-edit.php                        |  8 +--
 3 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/bill-pos-edit.php b/bill-pos-edit.php
index 982fd8256..5fbcf706a 100644
--- a/bill-pos-edit.php
+++ b/bill-pos-edit.php
@@ -34,50 +34,50 @@
     isset($_POST['reassignplanprofiles']) ? $reassignplanprofiles = $_POST['reassignplanprofiles'] : $reassignplanprofiles = "";
     
 
-        isset($_POST['bi_contactperson']) ? $bi_contactperson = $_POST['bi_contactperson'] : $bi_contactperson = "";
-        isset($_POST['bi_company']) ? $bi_company = $_POST['bi_company'] : $bi_company = "";
-        isset($_POST['bi_email']) ? $bi_email = $_POST['bi_email'] : $bi_email = "";
-        isset($_POST['bi_phone']) ? $bi_phone = $_POST['bi_phone'] : $bi_phone = "";
-        isset($_POST['bi_address']) ? $bi_address = $_POST['bi_address'] : $bi_address = "";
-        isset($_POST['bi_city']) ? $bi_city = $_POST['bi_city'] : $bi_city = "";
-        isset($_POST['bi_state']) ? $bi_state = $_POST['bi_state'] : $bi_state = "";
-        isset($_POST['bi_country']) ? $bi_country = $_POST['bi_country'] : $bi_country = "";
-        isset($_POST['bi_zip']) ? $bi_zip = $_POST['bi_zip'] : $bi_zip = "";
-        isset($_POST['bi_paymentmethod']) ? $bi_paymentmethod = $_POST['bi_paymentmethod'] : $bi_paymentmethod = "";
-        isset($_POST['bi_cash']) ? $bi_cash = $_POST['bi_cash'] : $bi_cash = "";
-        isset($_POST['bi_creditcardname']) ? $bi_creditcardname = $_POST['bi_creditcardname'] : $bi_creditcardname = "";
-        isset($_POST['bi_creditcardnumber']) ? $bi_creditcardnumber = $_POST['bi_creditcardnumber'] : $bi_creditcardnumber = "";
-        isset($_POST['bi_creditcardverification']) ? $bi_creditcardverification = $_POST['bi_creditcardverification'] : $bi_creditcardverification = "";
-        isset($_POST['bi_creditcardtype']) ? $bi_creditcardtype = $_POST['bi_creditcardtype'] : $bi_creditcardtype = "";
-        isset($_POST['bi_creditcardexp']) ? $bi_creditcardexp = $_POST['bi_creditcardexp'] : $bi_creditcardexp = "";
-        isset($_POST['bi_notes']) ? $bi_notes = $_POST['bi_notes'] : $bi_notes = "";
-        isset($_POST['bi_lead']) ? $bi_lead = $_POST['bi_lead'] : $bi_lead = "";
-        isset($_POST['bi_coupon']) ? $bi_coupon = $_POST['bi_coupon'] : $bi_coupon = "";
-        isset($_POST['bi_ordertaker']) ? $bi_ordertaker = $_POST['bi_ordertaker'] : $bi_ordertaker = "";
-        isset($_POST['bi_billstatus']) ? $bi_billstatus = $_POST['bi_billstatus'] : $bi_billstatus = "";
-        isset($_POST['bi_lastbill']) ? $bi_lastbill = $_POST['bi_lastbill'] : $bi_lastbill = "";
-        isset($_POST['bi_nextbill']) ? $bi_nextbill = $_POST['bi_nextbill'] : $bi_nextbill = "";
-		isset($_POST['bi_nextinvoicedue']) ? $bi_nextinvoicedue = $_POST['bi_nextinvoicedue'] : $bi_nextinvoicedue = "";
-		isset($_POST['bi_billdue']) ? $bi_billdue = $_POST['bi_billdue'] : $bi_billdue = "";
-        isset($_POST['bi_postalinvoice']) ? $bi_postalinvoice = $_POST['bi_postalinvoice'] : $bi_postalinvoice = "";
-        isset($_POST['bi_faxinvoice']) ? $bi_faxinvoice = $_POST['bi_faxinvoice'] : $bi_faxinvoice = "";
-        isset($_POST['bi_emailinvoice']) ? $bi_emailinvoice = $_POST['bi_emailinvoice'] : $bi_emailinvoice = "";
-        isset($_POST['changeUserBillInfo']) ? $bi_changeuserbillinfo = $_POST['changeUserBillInfo'] : $bi_changeuserbillinfo = "0";
-
-        isset($_POST['firstname']) ? $firstname = $_POST['firstname'] : $firstname = "";
-        isset($_POST['lastname']) ? $lastname = $_POST['lastname'] : $lastname = "";
-        isset($_POST['email']) ? $email = $_POST['email'] : $email = "";
-        isset($_POST['department']) ? $department = $_POST['department'] : $department = "";
-        isset($_POST['company']) ? $company = $_POST['company'] : $company = "";
-        isset($_POST['workphone']) ? $workphone = $_POST['workphone'] : $workphone = "";
-        isset($_POST['homephone']) ? $homephone = $_POST['homephone'] :  $homephone = "";
-        isset($_POST['mobilephone']) ? $mobilephone = $_POST['mobilephone'] : $mobilephone = "";
-        isset($_POST['address']) ? $address = $_POST['address'] : $address = "";
-        isset($_POST['city']) ? $city = $_POST['city'] : $city = "";
-        isset($_POST['state']) ? $state = $_POST['state'] : $state = "";
-        isset($_POST['zip']) ? $zip = $_POST['zip'] : $zip = "";
-        isset($_POST['notes']) ? $notes = $_POST['notes'] : $notes = "";
-        isset($_POST['changeUserInfo']) ? $ui_changeuserinfo = $_POST['changeUserInfo'] : $ui_changeuserinfo = "0";
+    isset($_POST['bi_contactperson']) ? $bi_contactperson = $_POST['bi_contactperson'] : $bi_contactperson = "";
+    isset($_POST['bi_company']) ? $bi_company = $_POST['bi_company'] : $bi_company = "";
+    isset($_POST['bi_email']) ? $bi_email = $_POST['bi_email'] : $bi_email = "";
+    isset($_POST['bi_phone']) ? $bi_phone = $_POST['bi_phone'] : $bi_phone = "";
+    isset($_POST['bi_address']) ? $bi_address = $_POST['bi_address'] : $bi_address = "";
+    isset($_POST['bi_city']) ? $bi_city = $_POST['bi_city'] : $bi_city = "";
+    isset($_POST['bi_state']) ? $bi_state = $_POST['bi_state'] : $bi_state = "";
+    isset($_POST['bi_country']) ? $bi_country = $_POST['bi_country'] : $bi_country = "";
+    isset($_POST['bi_zip']) ? $bi_zip = $_POST['bi_zip'] : $bi_zip = "";
+    isset($_POST['bi_paymentmethod']) ? $bi_paymentmethod = $_POST['bi_paymentmethod'] : $bi_paymentmethod = "";
+    isset($_POST['bi_cash']) ? $bi_cash = $_POST['bi_cash'] : $bi_cash = "";
+    isset($_POST['bi_creditcardname']) ? $bi_creditcardname = $_POST['bi_creditcardname'] : $bi_creditcardname = "";
+    isset($_POST['bi_creditcardnumber']) ? $bi_creditcardnumber = $_POST['bi_creditcardnumber'] : $bi_creditcardnumber = "";
+    isset($_POST['bi_creditcardverification']) ? $bi_creditcardverification = $_POST['bi_creditcardverification'] : $bi_creditcardverification = "";
+    isset($_POST['bi_creditcardtype']) ? $bi_creditcardtype = $_POST['bi_creditcardtype'] : $bi_creditcardtype = "";
+    isset($_POST['bi_creditcardexp']) ? $bi_creditcardexp = $_POST['bi_creditcardexp'] : $bi_creditcardexp = "";
+    isset($_POST['bi_notes']) ? $bi_notes = $_POST['bi_notes'] : $bi_notes = "";
+    isset($_POST['bi_lead']) ? $bi_lead = $_POST['bi_lead'] : $bi_lead = "";
+    isset($_POST['bi_coupon']) ? $bi_coupon = $_POST['bi_coupon'] : $bi_coupon = "";
+    isset($_POST['bi_ordertaker']) ? $bi_ordertaker = $_POST['bi_ordertaker'] : $bi_ordertaker = "";
+    isset($_POST['bi_billstatus']) ? $bi_billstatus = $_POST['bi_billstatus'] : $bi_billstatus = "";
+    isset($_POST['bi_lastbill']) ? $bi_lastbill = $_POST['bi_lastbill'] : $bi_lastbill = "";
+    isset($_POST['bi_nextbill']) ? $bi_nextbill = $_POST['bi_nextbill'] : $bi_nextbill = "";
+	isset($_POST['bi_nextinvoicedue']) ? $bi_nextinvoicedue = $_POST['bi_nextinvoicedue'] : $bi_nextinvoicedue = "";
+	isset($_POST['bi_billdue']) ? $bi_billdue = $_POST['bi_billdue'] : $bi_billdue = "";
+    isset($_POST['bi_postalinvoice']) ? $bi_postalinvoice = $_POST['bi_postalinvoice'] : $bi_postalinvoice = "";
+    isset($_POST['bi_faxinvoice']) ? $bi_faxinvoice = $_POST['bi_faxinvoice'] : $bi_faxinvoice = "";
+    isset($_POST['bi_emailinvoice']) ? $bi_emailinvoice = $_POST['bi_emailinvoice'] : $bi_emailinvoice = "";
+    isset($_POST['changeUserBillInfo']) ? $bi_changeuserbillinfo = $_POST['changeUserBillInfo'] : $bi_changeuserbillinfo = "0";
+
+    isset($_POST['firstname']) ? $firstname = $_POST['firstname'] : $firstname = "";
+    isset($_POST['lastname']) ? $lastname = $_POST['lastname'] : $lastname = "";
+    isset($_POST['email']) ? $email = $_POST['email'] : $email = "";
+    isset($_POST['department']) ? $department = $_POST['department'] : $department = "";
+    isset($_POST['company']) ? $company = $_POST['company'] : $company = "";
+    isset($_POST['workphone']) ? $workphone = $_POST['workphone'] : $workphone = "";
+    isset($_POST['homephone']) ? $homephone = $_POST['homephone'] :  $homephone = "";
+    isset($_POST['mobilephone']) ? $mobilephone = $_POST['mobilephone'] : $mobilephone = "";
+    isset($_POST['address']) ? $address = $_POST['address'] : $address = "";
+    isset($_POST['city']) ? $city = $_POST['city'] : $city = "";
+    isset($_POST['state']) ? $state = $_POST['state'] : $state = "";
+    isset($_POST['zip']) ? $zip = $_POST['zip'] : $zip = "";
+    isset($_POST['notes']) ? $notes = $_POST['notes'] : $notes = "";
+    isset($_POST['changeUserInfo']) ? $ui_changeuserinfo = $_POST['changeUserInfo'] : $ui_changeuserinfo = "0";
 	isset($_POST['enableUserPortalLogin']) ? $ui_enableUserPortalLogin = $_POST['enableUserPortalLogin'] : $ui_enableUserPortalLogin = "0";
 	isset($_POST['portalLoginPassword']) ? $ui_PortalLoginPassword = $_POST['portalLoginPassword'] : $ui_PortalLoginPassword = "";
 
@@ -502,10 +502,10 @@ function addUserProfiles($dbSocket, $username, $planName, $oldplanName, $groups,
         $bi_faxinvoice = $row['faxinvoice'];
         $bi_emailinvoice = $row['emailinvoice'];
         $bi_changeuserbillinfo = $row['changeuserbillinfo'];
-        $ui_creationdate = $row['creationdate'];
-        $ui_creationby = $row['creationby'];
-        $ui_updatedate = $row['updatedate'];
-        $ui_updateby = $row['updateby'];
+        $bi_creationdate = $row['creationdate'];
+        $bi_creationby = $row['creationby'];
+        $bi_updatedate = $row['updatedate'];
+        $bi_updateby = $row['updateby'];
 
 
 	include 'library/closedb.php';
diff --git a/include/management/userbillinfo.php b/include/management/userbillinfo.php
index 1800869da..9bb5fb5b0 100644
--- a/include/management/userbillinfo.php
+++ b/include/management/userbillinfo.php
@@ -181,19 +181,19 @@
         
 	<br/>
 	<label for='creationdate' class='form'>".t('all','CreationDate')."</label>
-	<input disabled value='"; if (isset($ui_creationdate)) echo $ui_creationdate; echo "' tabindex=414 />
+	<input disabled value='"; if (isset($bi_creationdate)) echo $bi_creationdate; echo "' tabindex=414 />
         <br/>
 
 	<label for='creationby' class='form'>".t('all','CreationBy')."</label>
-	<input disabled value='"; if (isset($ui_creationby)) echo $ui_creationby; echo "' tabindex=415 />
+	<input disabled value='"; if (isset($bi_creationby)) echo $bi_creationby; echo "' tabindex=415 />
         <br/>
 
 	<label for='updatedate' class='form'>".t('all','UpdateDate')."</label>
-	<input disabled value='"; if (isset($ui_updatedate)) echo $ui_updatedate; echo "' tabindex=416 />
+	<input disabled value='"; if (isset($bi_updatedate)) echo $bi_updatedate; echo "' tabindex=416 />
         <br/>
 
 	<label for='updateby' class='form'>".t('all','UpdateBy')."</label>
-	<input disabled value='"; if (isset($ui_updateby)) echo $ui_updateby; echo "' tabindex=417 />
+	<input disabled value='"; if (isset($bi_updateby)) echo $bi_updateby; echo "' tabindex=417 />
         <br/>
 
 	<br/>
diff --git a/mng-edit.php b/mng-edit.php
index cba60633f..5593d6065 100644
--- a/mng-edit.php
+++ b/mng-edit.php
@@ -648,10 +648,10 @@ function addPlanProfile($dbSocket, $username, $planName, $oldplanName) {
     $bi_faxinvoice = $row['faxinvoice'];
     $bi_emailinvoice = $row['emailinvoice'];
 	$bi_changeuserbillinfo = $row['changeuserbillinfo'];
-	$ui_creationdate = $row['creationdate'];
-	$ui_creationby = $row['creationby'];
-	$ui_updatedate = $row['updatedate'];
-	$ui_updateby = $row['updateby'];
+	$bi_creationdate = $row['creationdate'];
+	$bi_creationby = $row['creationby'];
+	$bi_updatedate = $row['updatedate'];
+	$bi_updateby = $row['updateby'];
 
 	include 'library/closedb.php';