Security Question/Answer on Admin Client Summary Page

[rodeoXtreme]

We are attempting to add the Security Questions and Answers to the Admin side of the Client Summary. I have been able to include the Security Answer but the Security Question seems to be causing us some issue. I am have some trouble putting the Client ID into a mysql query.

 

For example: If I use the following code and use "WHERE tblclients.id=$clientsdetails.userid " it is not putting the Client ID into the query. However; if I change the "tblclients.id=$clientsdetails.userid " to tblclients.id=123456 " (e.g. 123456 is the actual client ID) it is working correctly.

 

Hopefully someone can make a suggestion how to obtain the clientid variable.

 

I have also included the code for the Client Information Section. We need to use this so the Admins that do not have access to "Edit/View Client Details" as an administrator role.

 

Installed Security Question/Answer Code

{php}
$result = mysql_query("SELECT tbladminsecurityquestions.question,tblclients.securityqans 
FROM tblclients,tbladminsecurityquestions 
WHERE tblclients.id=$clientsdetails.userid 
AND tblclients.securityqid = tbladminsecurityquestions.id");
while($row = @mysql_fetch_array( $result )) {
 $question = decrypt($row['question']);
}
if (!$question) {
 echo 'NO QUESTION - please update!';
}else{
 echo $question;
}
{/php}

 

This is the entire Client Information Section of the Client Summary:

<div class="title">Client Information</div>
<table class="clientssummarystats" cellspacing="0" cellpadding="2">
<tr><td width="110"><strong>First Name</strong></td><td><strong>{$clientsdetails.firstname}</strong></td></tr>
<tr class="altrow"><td><strong>Last Name</strong></td><td><strong>{$clientsdetails.lastname}</strong></td></tr>
<tr><td>Company Name</td><td>{$clientsdetails.companyname}</td></tr>
<tr class="altrow"><td><strong>Email Address</strong></td><td><strong>{$clientsdetails.email}</strong></td></tr>
<tr><td>Address 1</td><td>{$clientsdetails.address1}</td></tr>
<tr class="altrow"><td>Address 2</td><td>{$clientsdetails.address2}</td></tr>
<tr><td>City</td><td>{$clientsdetails.city}</td></tr>
<tr class="altrow"><td>State</td><td>{$clientsdetails.state}</td></tr>
<tr><td>Postcode</td><td>{$clientsdetails.postcode}</td></tr>
<tr class="altrow"><td>Country</td><td>{$clientsdetails.country} - {$clientsdetails.countrylong}</td></tr>
<tr><td><strong>Phone Number</strong></td><td><strong>{$clientsdetails.phonenumber}</strong></td></tr>
<tr class="altrow"><td><strong>Secuity Question</strong></td><td><strong>{php}
$result = mysql_query("SELECT tbladminsecurityquestions.question,tblclients.securityqans FROM tblclients,tbladminsecurityquestions WHERE tblclients.id=$clientsdetails.userid AND tblclients.securityqid = tbladminsecurityquestions.id");
while($row = @mysql_fetch_array( $result )) {
 $question = decrypt($row['question']);
}
if (!$question) {
 echo 'NO QUESTION - please update!';
}else{
 echo $question;
}
{/php}</strong></td></tr>
<tr><td><strong>Secuity Answer</strong></td><td><strong>{$clientsdetails.securityqans}</strong></td></tr>
</table>
<br />
<div class="errorbox"><strong> TEXT IN BOLD - ACCOUNT OWNERSHIP INFORMATION - MUST BE VERIFIED!</strong></div>
<ul>
<li><a href="clientssummary.php?userid={$clientsdetails.userid}&resetpw=true"><img src="images/icons/resetpw.png" border="0" align="absmiddle" /> Reset & Send Password</a>
<li><a href="#" onClick="openCCDetails();return false"><img src="images/icons/offlinecc.png" border="0" align="absmiddle" /> Credit Card Information</a>
<li><a href="../dologin.php?username={$clientsdetails.email|urlencode}"><img src="images/icons/clientlogin.png" border="0" align="absmiddle" /> Login as Client</a>
</ul>
</div>