Why is the 'edit subscriber' page not updating the information?

I am trying to find why admin is having problems updating various subscribers info (subscription dates). After looking through the company’s many php files uploaded to the host, I found this page entitled ‘subscriber_edit.php’ which had this html code within:

<div class="container">
<?php include('include/header.php'); ?>
<div class="body">
    <?php include('include/menu.php'); ?>
    <div class="content">
        <h1>Edit Subscriber</h1>
        <?php if($error==1){echo $errMsg;}?>
        <form method="post" action="subscriber_edit.php">
            <input type="hidden" name="subscriberid" value="<?php echo $id; ?>" />
            <div><label>Company</label>
                <select name="companyid">
                <?php
                    if($companynum==0){
                        echo '<option>no companies</option>';
                    }else{
                        echo '<option>select company</option>';
                        while($companyrow=mysql_fetch_array($companyresult)){
                            $selected = $companyrow['id']==$companyid ? 'selected="selected"' : '';
                            echo '<option value="'.$companyrow['id'].'" '.$selected.'>'.$companyrow['company'].'</option>';
                        }
                    }
                ?>
                </select>
            </div>
            <div><label>Name</label><input type="text" name="name" value="<?php echo $name; ?>" class="text" /></div>
            <div><label>Email</label><input type="text" name="email" value="<?php echo $email; ?>" class="text" /></div>
            <div><label>Extra subscriber?</label><input name="extra" type="radio" value="0" <?php if($extra==0){echo 'checked';}?> />No<input type="radio" name="extra" value="1" <?php if($extra==1){echo 'checked';}?> />Yes</div>
            <div class="clearLeft"><label>&nbsp;</label><button type="submit">Edit Subscriber</button></div>
        </form>
    </div>
</div>

The form style does not match the form shown on the actual website. The url of the ‘edit subscriber’ page is www.__.com/az/admin/subscriber-update/70/352. And by looking at the ‘view page source’ on browser - showed this code for the form:

<form action="/az/admin/index.php?page=**subscriber-update**" method="post"   id="formSubscriber">

So it is using the ‘subscriber-update’ php file, rather than the ‘subscriber-edit’? I found this file (subsciber-update) which is shown below:

<?php

//make sure companyid exists
$companyid = array_key_exists("companyid",$_REQUEST) ? $_REQUEST['companyid'] :            exit('no company id');

// initiate objects
$_SUBSCRIBER = new subscriber();
$_FORMSUBSCRIBER = new formSubscriber();

  // if id exists, get data
  if(array_key_exists('subscriberid',$_REQUEST)){
   $data = $_SUBSCRIBER->getByID($_REQUEST['subscriberid'],$_REQUEST['companyid']);
    $_FORMSUBSCRIBER->setFormValues($data, true);
    $h1 = "Edit Subscriber";
 }else{
$data = array("companyid"=>$companyid);
$_FORMSUBSCRIBER->setFormValues($data, true);
$h1 = "Add Subscriber";
}
?>
<h1><?= $h1; ?></h1>
<?


$_FORMSUBSCRIBER->outputHTML();
echo $_FORMSUBSCRIBER->defaultJavaScriptSetup();

?>

So I am getting confused about where to look for the error. Apologies if this is unclear. Thanks

What’s the code inside /az/admin/index.php ? Presumably that page simply loads the relevant subpage as part of it.

You’re also looking for a class definition for formSubscriber and subscriber… probably somewhere in an ‘includes’ directory.

Here is the code in the index.php file:

<?

set_include_path("../");

// include base functions
require("includes/functions.php");

// set default page
if (! isset($_GET["page"])) {
	$_GET["page"] = "home";
}

//print_r($_GET["page"]);

// set default template
$template = "admin.php";

// set secure to check login status
$securePage = false;

// setup content
switch ($_GET["page"]) {
	
	case 'company-update':
	
		// check if form validates		
		$_FORMCOMPANY = new formCompany();
		if ($_FORMCOMPANY->submitted() && $_FORMCOMPANY->validate($_POST)) {				
			// update deatabase
			$_COMPANY = new company();
			$_COMPANY->update($_POST,array("verifySubmit","reset"));
			header("Location: /az/admin");
			exit;
		}
	
		$content = array('company_update.php');
	break;
	
	case 'subscriber-list':
		$content = array('subscriber_list.php');
	break;
	
	case 'subscriber-update':
	
		// check if form validates		
		$_FORMSUBSCRIBER = new formSubscriber();
		if ($_FORMSUBSCRIBER->submitted() && $_FORMSUBSCRIBER->validate($_POST)) {				
			// update database
			$_SUBSCRIBER = new subscriber();
			$_SUBSCRIBER->update($_FORMSUBSCRIBER->prepareData($_POST),array("verifySubmit","reset"));
			header("Location: /az/admin/subscriber-list/".$_POST['companyid']);
			exit;
		}
	
		$content = array('subscriber_update.php');
	break;
	
	case 'subscriber-delete':
		if(array_key_exists("companyid",$_GET) && array_key_exists("subscriberid",$_GET)){
			$_SUBSCRIBER = new subscriber();
			$_SUBSCRIBER->remove($_GET['subscriberid']);
			header("Location: /az/admin/subscriber-list/".$_GET["companyid"]);
		}		
	break;
	
	case 'stats':
		$content = array('stats.php');
	break;
	
	case 'report-list':
		$content = array('report_list.php');
	break;
	
	case 'report-upload':
		
		// check if form validates		
		$_FORMREPORTUPLOAD = new formReportUpload();
		if ($_FORMREPORTUPLOAD->submitted() && $_FORMREPORTUPLOAD->validate($_POST)) {				
			// update deatabase
			$_REPORT = new report();
			$result = $_REPORT->upload($_POST);
			if($result=='Success'){
				header("Location: /az/admin/report-list");
				exit;
			}
		}
	
		$content = array('report_upload.php');
	break;
	
	case 'report-send':
	
		// check if form validates		
		$_FORMREPORTSEND = new formReportSend();
		if ($_FORMREPORTSEND->submitted() && $_FORMREPORTSEND->validate($_POST)) {				
			// update deatabase
			$_REPORT = new report();
			$result = $_REPORT->send($_POST);
			if($result=='Success'){
				header("Location: /az/admin/report-send-list");
				exit;
			}
		}
	
		$content = array('report_send.php');
	break;
	
	case 'report-send-list':
		$content = array('report_send_list.php');
	break;
	
	case 'email-send':
	
		// check if form validates		
		$_FORMEMAILSEND = new formEmailSend();
		if ($_FORMEMAILSEND->submitted() && $_FORMEMAILSEND->validate($_POST)) {				
			// update deatabase
			$_CUSTOMEMAIL = new customemail();
			$result = $_CUSTOMEMAIL->send($_POST);
			if($result=='Success'){
				header("Location: /az/admin/email-list");
				exit;
			}
			
			$_GET['customid'] = isset($_POST['customid']) ? $_POST['customid'] : 0;
		}		
	
		$content = array('email_send.php');
	break;
	
	case 'email-list':
		$content = array('email_list.php');
	break;
	
	case 'bcic-orders':
		$content = array('bcic-orders.php');
	break;
	
	case 'bcic-order-paid':
		$order_id = array_key_exists("order_id",$_REQUEST) ? $_REQUEST["order_id"] : "";
		$order_paid = array_key_exists("order_paid",$_REQUEST) ? $_REQUEST["order_paid"] : 0;
		
		if($order_id!==""){
		
			$_BCIC = new bcic();
		
			$_BCIC->order_paid($order_id,$order_paid);
		}
		header("Location: /az/admin/index.php?page=bcic-orders");
	break;
	case 'bcic-order-sent':
		$order_id = array_key_exists("order_id",$_REQUEST) ? $_REQUEST["order_id"] : "";
		$order_sent = array_key_exists("order_sent",$_REQUEST) ? $_REQUEST["order_sent"] : 0;
		
		if($order_id!==""){
		
			$_BCIC = new bcic();
		
			$_BCIC->order_sent($order_id,$order_sent);
		}
		header("Location: /az/admin/index.php?page=bcic-orders");
	break;
	case 'bcic-order-delete':
		$order_id = array_key_exists("order_id",$_REQUEST) ? $_REQUEST["order_id"] : "";
		
		if($order_id!==""){
		
			$_BCIC = new bcic();
		
			$_BCIC->order_delete($order_id);
		}
		header("Location: /az/admin/index.php?page=bcic-orders");
	break;

	case 'bcic-orders-detail':
	
		if(array_key_exists("action",$_POST)){
			$_BCIC = new bcic();
			if($_POST["action"]=="savekey"){
				$_BCIC->savekey($_POST["id"],$_POST["key"]);
			}
			if($_POST["action"]=="savepassword"){
				$_BCIC->savepassword($_POST["id"],$_POST["password"]);
			}
			
			$GET["order_id"] = $_POST["id"];
		}
		
		$content = array('bcic-orders-detail.php');
	break;
			
	// default content
	default :
	case 'company-list':
	
		if(array_key_exists("action",$_GET) && $_GET["action"]=="delete-company"){
			$_COMPANY = new company();
			$id = isset($_GET['id']) ? $_GET['id'] : 0;
			$_COMPANY->db->dbSafe($id);
			$_COMPANY->remove($id);
		}
	
		$content = array('company_list.php');
	break;
		
}

// hold request and redirect if user is not logged in
if ($securePage && ! $_SECURITY->isLoggedIn) {
	$_SESSION["securePageRequest"] = serialize($_GET);
	header("location: " . url("index.php?page=login"));
	exit;
}

// include template
require("includes/templates/{$template}");

?>

And here is the class definition for formSubscriber:

<?php

/**
 * Define register form (html isnt used but validation is)
 *
 */
class formSubscriber extends form {
		
	/**
	 * Setup definition
	 *
	 */
	public function __construct()
	{
		$this->action = "/az/admin/index.php?page=" . $_GET["page"];
		$this->formID = "formSubscriber";
		$this->definition = array(
			"id" => array(
				"type" => "hidden",
				//"value" => getVar('id'),
			),
			"companyid" => array(
				"label" => "Company",
				"type" => "select",
				"options" => $this->company->getAllSelect(),
				//"selected" => getVar('companyid'),
			),
			"name" => array(
				"label" => "Name",
				"validationEvents" => array("keyup", "blur"),
				"validation" => array(
					array("type" => "regexp", "rule" => "[a-z 0-9]{2,128}", "error" => "invalid name"),
				),
				//"value" => getVar('name'),
			),
			"email" => array(
				"label" => "Email",
				"validationEvents" => array("keyup", "blur"),
				"validation" => array(
					array("type" => "email"),
				),
				//"value" => getVar('email'),
			),
			"extra" => array(
				"label" => "Extra Subscriber",
				"type" => "select",
				"class" => "input",
				"options" => array("No", "Yes"),
			),
			"datetime_added" => array(
				"label" => "Subscribe Date",
				"type" => "date",
				"class" => "input",
				//"selected" => array(
				//	date("d"),date("m"),date("Y")
				//),
				"style" => array(
					"width:50px;margin-right:3px",
					"width:100px;margin-right:3px",
					"width:80px;margin-right:10px",
					"width:50px;margin-right:3px",
					"width:50px;margin-right:3px",
					"width:50px;margin-right:3px"
				),
			),
			"datetime_expire" => array(
				"label" => "Expiry Date",
				"type" => "date",
				"class" => "input",
				//"selected" => array(
				//	date("d"),date("m"),date("Y")
				//),
				"style" => array(
					"width:50px;margin-right:3px",
					"width:100px;margin-right:3px",
					"width:80px;margin-right:10px",
					"width:50px;margin-right:3px",
					"width:50px;margin-right:3px",
					"width:50px;margin-right:3px"
				),
			),
			"verifySubmit" => array(
				"type" => "submit",
				"value" => "Save",
				"class" => "submit",
				"style" => "margin-left:100px",
			),
			"reset" => array(
				"type" => "reset",
				"value" => "Cancel",
				"class" => "submit",
				"style" => "margin-left:16px",
			)
		);
	}	
}

?>

And finally, here is the the class for subscriber:

<?php



class subscriber extends baseObject {

	

	/**

	 * Database table which holds scramble information

	 *

	 * @var string

	 */

	protected $dbtable = "subscriber";

	

	public function getByID($id, $companyid, $cache = true)

	{

		//$this->checkRequiredProperties("db");

		

		static $data = array();

		settype($id, $this->dbtableKeyType);

		

		if (! $cache || ! array_key_exists($id, $data)) {

			

			$sql = "SELECT * FROM " . $this->dbtable . " WHERE {$this->dbtableKey} = '{$id}' AND companyid = $companyid";

			$result = $this->db->query($sql);

			$data[$id] = $this->db->fetch_array($result);

						

		}

		if (empty($data[$id])) {

			return $sql;

		}

		return $data[$id];

	}

	

	public function getAll($offset = 0, $limit = 20, $where = "", $orderby = "")

	{

		//$this->checkRequiredProperties("db");

		

		$sql = "SELECT s.* FROM " . $this->dbtable . " s JOIN company c ON s.companyid = c.id";		

		// add where clause

		$sql .= $this->db->tidyWhere($where, "WHERE");	

		// add order by clause

		$sql .= $this->db->tidyOrderBy($orderby);	

		// add limit if required

		$sql .= $this->db->tidyLimit($offset, $limit);

				

		$result = $this->db->query($sql);

		$data = $this->db->multi_fetch_array($result);

		

		if ($limit) {

			$this->totalResults = $this->db->totalResults;

		}

		else {

			$this->totalResults = count($data);

		}

		return $data;

	}

	

	public function getStats($id){

		$data = $this->db->multi_fetch_array($this->db->query("SELECT v.*, e.*, r.name as 'report', s.name as 'subscriber' FROM log_view v JOIN log_email e ON v.emailid = e.id JOIN report r ON e.reportid = r.id JOIN subscriber s ON e.subscriberid = s.id WHERE e.subscriberid = $id"));

		return $data;

	}

	

	public function getExpiringSubs($days){

		$expiry = date("Y-m-d",strtotime($days));

		$data = $this->db->multi_fetch_array($this->db->query("SELECT name, email, datetime_expire FROM subscriber WHERE datetime_expire = '".$expiry."'"));

		return $data;

	}

	

	public function sendExpiryEmail($emails){

		foreach($emails as $email){

			$name = $email['name'];

			$emailaddress = $email['email'];

			$expirydate = date('jS F Y',strtotime($email['datetime_expire']));

			

			$subject = "AZ China Report expiry reminder";

			

			$body = '<p><img src="http://az-china.com/images/azchina_logo_email.jpg"></p>

					<p>Dear '.$name.',<br /><br />

					We hope you have been enjoying your subscription to the Black China Report.<br /><br />

					We aim to meet the needs of our readers, by de-mystifying the China market, and by providing accurate, current and pertinent facts and analysis.<br />

					We have some exciting new initiatives planned in the coming months.<br /><br />

					Your Black China Report subscription will expire on '.$expirydate.'.<br /><br />

					<strong>Renewing your subscription is easy.</strong><br /><br />

					Simply send an email to blackchina@az-china.com and we will send you an order form and details on how to pay.<br /><br />

					If we can be any further assistance, please do not hesitate to contact us! <br /><br />

					Yours sincerely, <br /><br />

					Tom Martin<br /><br />

					AZ China</p>';

	

			// multiple recipients

			$to  = $emailaddress;

			//$to = 'c23gooey@gmail.com';

								

			// To send HTML mail, the Content-type header must be set

			$headers  = 'MIME-Version: 1.0' . "\\r\
";

			$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\\r\
";

			

			// Additional headers

			$headers .= 'From: AZ China <tom.martin@az-china.com>' . "\\r\
";

			

			// Mail it

			mail($to, $subject, $body, $headers);

		}

	}

	

}

So, your form calls index, with the subscriber-update GET clause. This will execute the relevant code block


	case 'subscriber-update':
	
		// check if form validates		
		$_FORMSUBSCRIBER = new formSubscriber();
		if ($_FORMSUBSCRIBER->submitted() && $_FORMSUBSCRIBER->validate($_POST)) {				
			// update database
			$_SUBSCRIBER = new subscriber();
[COLOR="#FF0000"]			$_SUBSCRIBER->update($_FORMSUBSCRIBER->prepareData($_POST),array("verifySubmit","reset"));[/COLOR]
			header("Location: /az/admin/subscriber-list/".$_POST['companyid']);
			exit;
		}
	
		$content = array('subscriber_update.php');
	break;

The red line, in particular, is the relevant one.

However, update() isnt a defined function of subscriber. It must be a defined function of the superclass (baseObject). Can you give us the code for this function within baseObject?
Also, the formsubscriber is calling prepareData, which is not defined for it; it must be defined in the superclass (form). Same deal.
Should have everything we need at that point.

Here is the code for the update () function:

public function update($data, $exceptions = array())

	{

		if ($this->hasRequiredPermissions()) {

			if ($this->hasValidKeyData($data)) {

				$this->db->dbUpdate($this->dbtable, $data, $exceptions, "WHERE $this->dbtableKey = '" . $data[$this->dbtableKey] . "'");

			}

			else {

				$data[$this->dbtableKey] = $this->db->dbAdd($this->dbtable, $data, $exceptions);

			}

			return $data[$this->dbtableKey];

		}

		else {

			exit(_PERMISSION_OP_FAIL);

		}

	}

And here is the code for the prepareData() function:

public function prepareData($data, $ignore = array("submit", "image"))
	{
		$tmp = array();
		foreach ($data as $key => $value) {			
			
			// get definition for this data element
			if (array_key_exists($key, $this->definition)) {
				
				$def = $this->definition[$key];			
				
				// handle special types
				if (array_key_exists("type", $def)) {
					
					// ignore these
					if (in_array($def["type"], $ignore)) {
						continue;
					}
							
					// different strokes for different blokes		
					switch ($def["type"]) {
															
						// datetime
						case "datetime" :						
							// if hour == 12 make hour 0 to give standard time
							if ($data[$key][3] == 12) {
								$data[$key][3] = 0;
							}
							// add time period (pm = +12)
							$data[$key][3] += $data[$key][5];
							// format date and return
							$data[$key] = $data[$key][2] . "-" . $data[$key][1] . "-" . $data[$key][0] . " " . $data[$key][3] + ":" . $data[$key][4] . ":00";
						break;
						
						// datetime
						case "date" :						
							// format date and return
							$data[$key] = $data[$key][2] . "-" . $data[$key][1] . "-" . $data[$key][0];
						break;
						
						// time
						case "time" :										
							// if hour == 12 make hour 0 to give standard time
							if ($data[$key][0] == 12) {
								$data[$key][0] = 0;
							}						
							// add time period (pm = +12)
							$data[$key][0] += $data[$key][2];
							// format date and return
							$data[$key] = str_pad($data[$key][0], 2, "0", STR_PAD_LEFT) . ":" . $data[$key][1] . ":00";
						
						break;
											
					}				
				}			
				$tmp[$key] = $data[$key];
			}
			else {
				$tmp[$key] = $data[$key];
			}
		}
		return $tmp;
	}

Thanks for your help!

Any idea of what is going wrong?