From b364c69dc8a6abf5841cd09441f64e9c268cb514 Mon Sep 17 00:00:00 2001
From: Markines16 <80280295+Markines16@users.noreply.github.com>
Date: Thu, 15 Apr 2021 20:53:01 +0200
Subject: [PATCH] Comprobado toda la logica/seguridad.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

En teoria falta actualizar la estructura a como me dijo oscar esta mañana? algo asi
---
 panel_manager/edit_sessions.php               | 85 ++++++++++---------
 panel_manager/includes/formHall.php           | 10 ++-
 panel_manager/includes/formSession.php        | 40 ++++-----
 panel_manager/includes/session_dao.php        | 50 ++++++-----
 panel_manager/includes/session_dto.php        | 14 +--
 .../includes/session_dto_interface.php        |  2 +
 panel_manager/index.php                       | 11 +--
 panel_manager/manage_rooms.php                | 10 +--
 panel_manager/manage_sessions.php             | 65 ++++++++------
 panel_manager/panel_manager.php               | 12 +--
 panel_manager/validateSession.php             | 41 ++++-----
 11 files changed, 171 insertions(+), 169 deletions(-)
diff --git a/panel_manager/edit_sessions.php b/panel_manager/edit_sessions.php
index b6a3716..f34f630 100644
--- a/panel_manager/edit_sessions.php
+++ b/panel_manager/edit_sessions.php
@@ -1,61 +1,66 @@
 <?php
-	require('./includes/hall_dto.php');
-	require('./includes/session_dto.php');
-	require('../panel_admin/includes/film_dto.php');
+	//General Config File:
+    require_once('../assets/php/config.php');
+
+	include_once('./includes/formHall.php');	
+	require_once('./includes/hall_dto.php');
+	
+	require_once('./includes/session_dto.php');
 	include_once('./includes/session_dao.php');
 	
-	$r1 = new HallDTO(1,20,20,30);	//Esto se deberia cambiar por una llamada a una lista de salas
-	$r2 = new HallDTO(2,10,30,30);
-	$rooms = array($r1, $r2);	
+	require_once('../panel_admin/includes/film_dto.php');
+	include_once('../panel_admin/includes/film_dao.php');
+	$cinema = "1";
+	
+	$formHall = new FormHall();
+	$formHall->processesForm(null, $cinema, null, null, "list");
 	
-	require_once('./includes/listFilms.php');
 	$filmList = new Film_DAO('complucine');
-	$films = $filmList->allFilmData();	
+	if($filmList){
+		$films = $filmList->allFilmData();	
+	}else {
+		$films = null;
+	}
 
 	//DISCLAIMER; sabemos que si se edita la ulr se pueden acceder a datos de una sesion que no pertenece al usuario y que incluso puede hasta editarlas/borrarlas en la base de datos
 	if(isset($_REQUEST['option']) && $_REQUEST['option'] == 'edit') {
-		$bd = new sessionDAO('complucine');
-		if($bd){
-			$session = ($bd->sessionData($_GET["id"]))->fetch_assoc();
-		echo "<h2>Editar/Eliminar Sesion</h2>
-				<form method=\"post\" id=\"edit_ses\" action=\"validate.php\">
+		echo "<div class = \"column middle\">
+				<h2>Editar/Eliminar Sesion</h2>
+				<form method=\"post\" id=\"edit_ses\" action=\"validateSession.php\">
 					<div class=\"row\">
 						<fieldset id=\"datos\">
 							<legend>Datos</legend>
-							<input type=\"hidden\" name=\"cinema\" value =\"1\" />
-							<input type=\"hidden\" name=\"id\" value =\"". $_GET["id"] ." \" />
+							<input  name=\"cinema\" type=\"hidden\" value=\"". $_POST['idcinema']."\">
+							<input  name=\"id\" type=\"hidden\" value=\"". $_POST['id']."\">
 							<div class=\"_price\">
-								<input type=\"number\" name=\"price\" id=\"price\" value=\"". $session['seat_price'] ."\"min=\"0\" placeholder=\"Precio de la entrada\" required/>
+								<input type=\"number\" name=\"price\" id=\"price\" value=\"". $_POST['price'] ."\"min=\"0\" placeholder=\"Precio de la entrada\" required/>
 							</div>
 							<select name=\"hall\" class=\"button large\">";
-							foreach($rooms as $r){ 
-								if($r->getNumber() == $session['idhall']){
+							foreach($formHall->getReply() as $r){ 
+								if($r->getNumber() == $_POST['hall']){
 									echo "<option value=\"". $r->getNumber() ." \"selected> Sala ". $r->getNumber() . "</option>";
 								}else{
 									echo "<option value=\"". $r->getNumber() ." \"> Sala ". $r->getNumber() . "</option>";
 									}
 							}
-							echo "<div class=\"_format\">
-								<input type=\"text\" name=\"format\" id=\"format\" value=\"". $session['format'] ."\" placeholder=\"Formato\" required/>
+							echo "
+								<div class=\"_format\">
+								<input type=\"text\" name=\"format\" id=\"format\" value=\"". $_POST['format'] ."\" placeholder=\"Formato\" required/>
 							</div>
 						</fieldset>
 						<fieldset id=\"Horario\">
 							<legend>Horario</legend>
 							<div class=\"_start_time\">
-								<input type=\"time\" name=\"start\" id=\"start_time\" value=\"". $session['start_time'] ."\" placeholder=\"Hora de inicio\" required/>
+								<input type=\"time\" name=\"start\" id=\"start_time\" value=\"". $_POST['start'] ."\" placeholder=\"Hora de inicio\" required/>
 							</div>
 							<div class=\"_date\">
-								<input type=\"date\" name=\"date\" id=\"date\" value=\"". $session['date'] ."\"Fecha de inicio\" required/>
-							</div>
-							<div class=\"_repeat\">
-								<br> Introducir un numero para añadir esta sesion a los futuros X dias 
-								<input type=\"number\" name=\"repeat\" id=\"repeat\" title=\"Repetir esta sesion durante X dias\" min=\"0\" max=\"31\" placeholder=\"Repetir X dias\"/>
+								<input type=\"date\" name=\"date\" id=\"date\" value=\"". $_POST['date'] ."\"Fecha de inicio\" required/>
 							</div>
 						</fieldset>
 						<div class=\"actions\"> 
-							<input type=\"submit\" name=\"edit\" value=\"Editar\" class=\"primary\" />
+							<input type=\"submit\" name=\"edit\" value=\"Editar\" class=\"button\"  />
 							<input type=\"reset\" id=\"reset\" value=\"Limpiar\" />
-							<input type=\"submit\" name=\"del\" value=\"Eliminar\" class=\"primary\" />							
+							<input type=\"submit\" name=\"del\" value=\"Eliminar\" class=\"button\"  />							
 						</div>
 					</div>
 				</form>
@@ -63,17 +68,18 @@
 			<div class=\"column side\">
 				<select name=\"film\" form=\"edit_ses\" class=\"button large\">";
 				foreach($films as $f){ 
-					if($f->getId() == $session['idfilm']){
+					if($f->getId() == $_POST['idfilm']){
 						echo "<option value=\"". $f->getId() ." \"selected> " . $f->getId() . "|" . $f->getTittle() ." Idioma: " . $f->getLanguage() . "</option>";
 					}else{
 						echo "<option value=\"". $f->getId() ." \"> " . $f->getId() . "|" . $f->getTittle() ." Idioma: " . $f->getLanguage() . "</option>";
 					}
 				}
 			echo "</div>";
-		}
 	}
+	
     else{
-		echo "<h2>Crear Sesion</h2>
+		echo "<div class = \"column middle\">
+				<h2>Crear Sesion</h2>
 				<form method=\"post\" id=\"new_ses\" action=\"validateSession.php\">
 					<div class=\"row\">
 						<fieldset id=\"datos\">
@@ -83,14 +89,17 @@
 								<input type=\"number\" name=\"price\" id=\"price\" min=\"0\" placeholder=\"Precio de la entrada\" required/>
 							</div>
 							<select name=\"hall\" class=\"button large\">";
-							foreach($rooms as $r){ 
-								if($r->getid() == $_POST['hall']){
-									echo "<option value=\"". $r->getid() ." \"selected> Sala ". $r->getid() . "</option>";
-								}else{
-									echo "<option value=\"". $r->getid() ." \"> Sala ". $r->getid() . "</option>";
+							foreach($formHall->getReply() as $r){ 
+									if($r->getNumber() == $_POST['hall']){
+										echo "
+														<option value=\"". $r->getNumber() ." \"selected> Sala ". $r->getNumber() . "</option>";
+									}else{
+										echo "
+														<option value=\"". $r->getNumber() ." \"> Sala ". $r->getNumber() . "</option>";
 									}
-							}
-							echo "<div class=\"_format\">
+								}
+							echo "
+							<div class=\"_format\">
 								<input type=\"text\" name=\"format\" id=\"format\" value=\"\" placeholder=\"Formato\" required/>
 							</div>
 						</fieldset>
diff --git a/panel_manager/includes/formHall.php b/panel_manager/includes/formHall.php
index 1da2ee0..d8e580a 100644
--- a/panel_manager/includes/formHall.php
+++ b/panel_manager/includes/formHall.php
@@ -5,8 +5,8 @@ include_once('../assets/php/form.php');
 class FormHall extends Form {
 
     //Atributes:
-    private $correct;  // Indicates if the session is correct.
-    private $reply; // Validation response
+    private $correct;  
+    private $reply; 
 	private $option;
 	private $halls;
 	
@@ -20,7 +20,8 @@ class FormHall extends Form {
 
     //Returns validation response:
     public function getReply() {
-		//Habria que comprobar si realmente se ha validado la respuesta antes de escribir una respuesta correcta
+		
+		echo "<p> se va a devolver una respuesta </p>";
 		if($this->correct){
 			if($this->option == "new"){
 				$this->reply = "<h1> Operacion realizada con exito </h1><hr />
@@ -35,6 +36,7 @@ class FormHall extends Form {
 						<p> Se ha eliminado la sala correctamente en la base de datos.</p>
 						<a href='../panel_manager/index.php'><button>Panel Gerente</button></a>";
 			}else if($this->option == "list"){
+								echo "<p> se va a devolver la lista </p>";
 								$this->reply = $this->halls;
 			}
 		} else {
@@ -56,7 +58,7 @@ class FormHall extends Form {
 			if($option == "list"){
 				$this->halls = $bd->getAllHalls($cinema);
 			}else {
-				/*
+				/* TODO
 				$start = date('H:i:s', strtotime( $start ) );
 				
 				if($option == "new"){
diff --git a/panel_manager/includes/formSession.php b/panel_manager/includes/formSession.php
index c27804b..aab2439 100644
--- a/panel_manager/includes/formSession.php
+++ b/panel_manager/includes/formSession.php
@@ -2,25 +2,22 @@
 include_once('session_dao.php');
 include_once('../assets/php/form.php');
 
+//Receive data from froms and prepare the correct response
 class FormSession extends Form {
-
-    //Atributes:
-    private $correct;  // Indicates if the session is correct.
-    private $reply; // Validation response
+	//Atributes
+    private $correct;
+    private $reply; 
 	private $option;
 	private $sessions;
 	
-    //Constructor:
+//Constructor:	
     public function __construct() {
         parent::__construct('formSession');
         $this->reply = array();
     }
-
-    //Methods:
-
-    //Returns validation response:
+	
+	//Methods:
     public function getReply() {
-		//Habria que comprobar si realmente se ha validado la respuesta antes de escribir una respuesta correcta
 		if($this->correct){
 			if($this->option == "new"){
 				$this->reply = "<h1> Operacion realizada con exito </h1><hr />
@@ -45,46 +42,39 @@ class FormSession extends Form {
         return $this->reply;
     }
 
-    //Process form:
     public function processesForm($id, $film, $hall, $cinema, $date, $start, $price, $format, $repeat, $option) {
 		$this->option = $option;
 		$this->correct = true;
+
 		$bd = new sessionDAO('complucine');
-		
-		$date = date('Y-m-d', strtotime( $date ) ); 
-		
+				
 		if($bd ){
 			if($option == "list"){
-				$this->sessions = $bd->getAllSessionsFromDateHallAndCinema($cinema, $hall, $date);
+				$this->sessions = $bd->getAllSessionsFromACinemaHallDate($cinema, $hall, $date);
+				
 			}else {
-				
-				$start = date('H:i:s', strtotime( $start ) );
-				
 				if($option == "new"){
-					
-					$selectSession = $bd->selectSession($cinema, $hall, $start, $date);
-					if($selectSession && $selectSession->num_rows >= 1)	{
+					$searchSession = $bd->searchSession($cinema, $hall, $start, $date);
+					if($searchSession)	{
 						$this->correct = false;
 					} else{	
 						$bd->createSession(null, $film, $hall,$cinema, $date, $start, $price, $format);
 					}
-					
-				mysqli_free_result($selectSession);
 				
 				} else if ($option == "del"){
 					$bd->deleteSession($id);
 					
 				} else if ($option == "edit"){
 					$bd->editSession($id, $film, $hall, $cinema, $date, $start, $price, $format);
+		
 				}
 				
 				if($repeat > "0"){
 					$repeat--;
 					$date = date('Y-m-d', strtotime( $date. ' +1 day') );
-					$this->processesForm($film, $hall, $cinema, $date, $start, $price, $format, $repeat);
+					$this->processesForm($id, $film, $hall, $cinema, $date, $start, $price, $format, $repeat, $option);
 				}		
 			}		
-			
 		} else {$this->correct = false;}	
     }
 }
diff --git a/panel_manager/includes/session_dao.php b/panel_manager/includes/session_dao.php
index 66bfd80..a304030 100644
--- a/panel_manager/includes/session_dao.php
+++ b/panel_manager/includes/session_dao.php
@@ -3,16 +3,16 @@
 	include_once('session_dto.php');
 
     class SessionDAO extends DAO {
-
 		//Constructor:
         function __construct($bd_name){
 			parent::__construct($bd_name);
         }
-
 		//Methods:
-
-        //Create a new Session.
+		
 		public function createSession($id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
+			$format = $this->mysqli->real_escape_string($format);	
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			$startTime = date('H:i:s', strtotime( $startTime ) );
 			
 			$sql = sprintf( "INSERT INTO `session` (`id`, `idfilm`, `idhall`, `idcinema`, `date`, `start_time`, `seat_price`, `format`) 
 				VALUES ('%d', '%d', '%d', '%d', '%s', '%s', '%d', '%s')",
@@ -29,25 +29,30 @@
 			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database en sessionData con la id '. $id);
 
 			return $resul;
-		}
+		}	
 		
-		//Returns a query to check if the session in this cinema, hall and scheudle exists.
-		public function selectSession($cinema, $hall, $start, $date){
-			if($start == null){	
-				$sql = sprintf( "SELECT * FROM session WHERE 
-							idcinema = '%s' AND idhall = '%s' AND date = '%s'", 
-							$cinema, $hall, $date);			
-			}else{
-				$sql = sprintf( "SELECT * FROM session WHERE 
+		//Returns the count of the session searched
+		public function searchSession($cinema, $hall, $startTime, $date){
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			$startTime = date('H:i:s', strtotime( $startTime ) );
+			
+			$sql = sprintf( "SELECT COUNT(*) FROM session WHERE 
 							idcinema = '%s' AND idhall = '%s' AND date = '%s' AND start_time = '%s'", 
-							$cinema, $hall, $date, $start);	
-			}
+							$cinema, $hall, $date, $startTime);	
 			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
-			return $resul;
+			
+			$session = null;
+			$session = mysqli_fetch_array($resul);
+			
+			mysqli_free_result($resul);
+			
+			return $session[0];
 		}
 		
-		
-		public function getAllSessionsFromDateHallAndCinema($cinema, $hall, $date){
+		//Returns a query to get all the session's data.
+		public function getAllSessionsFromACinemaHallDate($cinema, $hall, $date){
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			
 			$sql = sprintf( "SELECT * FROM session WHERE 
 							idcinema = '%s' AND idhall = '%s' AND date = '%s'", 
 							$cinema, $hall, $date);	
@@ -58,15 +63,16 @@
 			while($fila=mysqli_fetch_array($resul)){
 				$sessions[] = $this->loadSession($fila["id"], $fila["idfilm"], $fila["idhall"], $fila["idcinema"], $fila["date"], $fila["start_time"], $fila["seat_price"], $fila["format"]);
 			}
-			
 			mysqli_free_result($resul);
 			
 			return $sessions;
 		}
 		
-		//Edit Session.
         public function editSession($id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
-
+			$format = $this->mysqli->real_escape_string($format);
+			$date = date('Y-m-d', strtotime( $date ) ); 
+			$startTime = date('H:i:s', strtotime( $startTime ) );
+			
             $sql = sprintf( "UPDATE `session`
                              SET `idfilm` = '%d' , `idhall` = '%d', `idcinema` = '%d', `date` = '%s',
                                   `start_time` = '%s', `seat_price` = '%d', `format` = '%s'
@@ -78,7 +84,6 @@
             return $resul;
         }
 
-        //Delete Session.
         public function deleteSession($id){
 
             $sql = sprintf( "DELETE FROM `session` WHERE `session`.`id` = '%d';",$id);
@@ -88,7 +93,6 @@
             return $resul;
         }
 		
-		
 		//Create a new Session Data Transfer Object.
 		public function loadSession( $id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
 			return new SessionDTO( $id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format);
diff --git a/panel_manager/includes/session_dto.php b/panel_manager/includes/session_dto.php
index 24f1d04..99ade75 100644
--- a/panel_manager/includes/session_dto.php
+++ b/panel_manager/includes/session_dto.php
@@ -4,14 +4,14 @@
     class SessionDTO  implements SessionsDTO {
 
         //Attributes:
-        private $_id;           //Session Id.
-        private $_idfilm;       //Film Id  -> deberia ser un objeto tipo pelicula? para poder sacar el nombre de la pelicula en cuestion
-        private $_idhall;       //Hall id  -> deberia ser un objeto tipo room/hall/sala de cine por lo mismo
+        private $_id;          
+        private $_idfilm;
+        private $_idhall;
 		private $_idcinema;			
-        private $_date;         //Session date.
-        private $_startTime;    //Session start time.
-        private $_seatPrice;    //Seat price.
-        private $_format;       //Type of film: 3D | 4D | normal | subtitle | mute.
+        private $_date;
+        private $_startTime;
+        private $_seatPrice;
+        private $_format;
 
 		//Constructor:
         function __construct($id, $idfilm, $idhall, $idcinema, $date, $startTime, $seatPrice, $format){
diff --git a/panel_manager/includes/session_dto_interface.php b/panel_manager/includes/session_dto_interface.php
index 7095583..651716f 100644
--- a/panel_manager/includes/session_dto_interface.php
+++ b/panel_manager/includes/session_dto_interface.php
@@ -6,6 +6,8 @@
 		public function getIdfilm();
         public function setIdhall($film);
 		public function getIdhall();
+		public function setIdcinema($cinema);
+		public function getIdcinema();
 		public function setDate($date);
 		public function getDate();
 		public function setStartTime($startTime);
diff --git a/panel_manager/index.php b/panel_manager/index.php
index 8957579..610e158 100644
--- a/panel_manager/index.php
+++ b/panel_manager/index.php
@@ -1,16 +1,13 @@
 <!DOCTYPE HTML>
 <?php 
-    session_start();
-
-    require_once('../assets/php/template.php');
-	$template = new Template();
-	$prefix = $template->get_prefix();
+	//General Config File:
+    require_once('../assets/php/config.php');
 	
 	include_once('panel_manager.php');
 	
     $login = false;
 
-    if(isset($_SESSION["login"]) && $_SESSION["nombre"] == "manager") $login = true;
+    if(isset($_SESSION["login"]) && $_SESSION["rol"] == "manager") $login = true;
 
 	if(isset($_REQUEST['state'])) {
         $panel = new Panel($_REQUEST['state'],$login); 
@@ -18,8 +15,6 @@
     else { 
         $panel = new Panel('',$login); 
     }
-    // IMPORTANTE:
-    //  VERIFICAR QUE ES MANAGER(GERENTE), SI NO, MOSTRAR MENSAJE DE "ERROR"
 ?>
 <!--
     Práctica 2 - Sistemas Web | Grupo D
diff --git a/panel_manager/manage_rooms.php b/panel_manager/manage_rooms.php
index 718e8df..f24095d 100644
--- a/panel_manager/manage_rooms.php
+++ b/panel_manager/manage_rooms.php
@@ -8,7 +8,7 @@
 	$rooms = array($r1, $r2, $r3, $r4);							
 
 	function drawHalls($ros){
-		echo "
+		echo " <p> Esta vista esta en desarrollo <p>
 	<div class=\"column middle\">
 		<table class='alt'>
 			<thead>
@@ -21,17 +21,13 @@
 		foreach($ros as $r){ 
 		echo "
 			<tr>
-				<!-- AUN NO HEMOS VISTO JAVASCRIPT -->
-				<!-- ADEMÁS, AUNQUE USÁSEMOS JS, ESO NO SE HARÍA CON UN WINDOWS.LOCATION.HREF, DE MOMENTO, USAD LOS BOTONES COMO OS PONGO EL DE AÑADIR -->
-				<!--<td> <button type=\"button\"> Sala ". $r->getNumber() ."</button> </td> -->
 				<td><a href=\"\" class='button'>Sala". $r->getNumber() ."</a></td>
-				<!--<td> <button type=\"button\" onClick=\"Javascript:window.location.href = 'index.php?edit_rooms=true';\")\">Editar</button> </td> MAL, POR LO MISMO-->
-				<td><a href=\"index.php?edit_rooms=true\" class='button'>Editar</a></td>
+				<td><a href=\"index.php?state=rooms\" class='button'>Editar</a></td>
 			</tr>";
 		}
 		echo "<tbody>
 		</table>\n";
-	echo "<a href=\"index.php?edit_sessions=true\" class='button large'>Añadir</a>
+	echo "<a href=\"index.php?state=rooms\" class='button large'>Añadir</a>
 	</div>";
 	}
 	drawHalls($rooms);
diff --git a/panel_manager/manage_sessions.php b/panel_manager/manage_sessions.php
index 7818f25..e9ebf1f 100644
--- a/panel_manager/manage_sessions.php
+++ b/panel_manager/manage_sessions.php
@@ -1,16 +1,15 @@
 <?php
-	require('./includes/hall_dto.php');
-	require('./includes/formHall.php');	
+	//General Config File:
+    require_once('../assets/php/config.php');
 	
-	require('./includes/session_dto.php');
-	require('./includes/formSession.php');	
-
-	require_once('../assets/php/template.php');
-    $template = new Template();
-    $prefix = $template->get_prefix();
+	include_once('./includes/hall_dto.php');
+	include_once('./includes/formHall.php');	
 	
-	require($prefix.'panel_admin/includes/film_dto.php');
-	require($prefix.'/panel_admin/includes/film_dao.php');
+	include_once('./includes/session_dto.php');
+	include_once('./includes/formSession.php');	
+	
+	include_once('../panel_admin/includes/film_dto.php');
+	include_once('../panel_admin/includes/film_dao.php');
 	
 	$formSession = new FormSession();	
 	$formHall = new FormHall();
@@ -27,9 +26,10 @@
 	$formHall->processesForm(null, $cinema, null, null, "list");
 	$formSession->processesForm(null, null, $placeholder_hall, $cinema, $placeholder_date, null, null, null, null, "list");
 		
-	echo"				<form method=\"post\">	
-					<!--Session Filter -->
-					<div class = \"column left\"> 
+	echo"				
+				<!--Session Filter -->
+				<div class = \"column middle\"> 
+					<form method=\"post\" id=\"addfilter\">	
 						<input type=\"date\" name=\"date\" value=\"". $placeholder_date . "\" min=\"2021-01-01\" max=\"2031-12-31\">
 						<select name=\"hall\" class=\"button large\">";
 	
@@ -44,11 +44,14 @@
 	}
 			
 	echo "
+						</select>
 						<input type=\"submit\" name=\"filter\" value=\"Filtrar\" class=\"button large\" /> 
-					</div>";
+					</form>
+				</div>";
+				
 	function drawSessions($sessions,$bd){
 	echo "			<!--Session List -->
-					<div class=\"column right\">
+					<div class=\"column side\">
 						<table class='alt'>
 							<thead>
 								<tr>
@@ -67,13 +70,25 @@
 									<td> " . str_replace('_', ' ', $film["tittle"])  . "</a></td>
 									<td> " . $s->getFormat() . "</a></td>
 									<td> " . $s->getSeatPrice() . "</a></td>
-									<td> <input type=\"submit\" name=\"submit\" value=\"Editar\" class=\"button\" formaction=\"./?state=edit_session&option=edit&id=". $s->getid() ."\"/> </td>
+									<form method=\"post\" action=\"./?state=edit_session&option=edit\">
+									
+										<input  name=\"id\" type=\"hidden\" value=\"".$s->getId()."\">
+										<input  name=\"idfilm\" type=\"hidden\" value=\"".$s->getIdfilm()."\">
+										<input  name=\"idhall\" type=\"hidden\" value=\"".$s->getIdhall()."\">
+										<input  name=\"idcinema\" type=\"hidden\" value=\"".$s->getIdcinema()."\">
+										<input  name=\"date\" type=\"hidden\" value=\"".$s->getDate()."\">
+										<input  name=\"start\" type=\"hidden\" value=\"".$s->getStartTime()."\">
+										<input  name=\"price\" type=\"hidden\" value=\"".$s->getSeatPrice()."\">
+										<input  name=\"format\" type=\"hidden\" value=\"".$s->getFormat()."\">
+										
+									<td> <input type=\"submit\" id=\"submit\" value=\"Editar\" class=\"button\" > </td>
+									</form>
 								</tr>"; 
 		} 
 		echo "
 							<tbody>
 						</table>
-						<input type=\"submit\" name=\"submit\" value=\"Añadir\" class=\"button large\" formaction=\"./?state=edit_session&option=new\">
+						<input type=\"submit\" name=\"submit\" form=\"addfilter\"  value=\"Añadir\" class=\"button large\" formaction=\"./?state=edit_session&option=new\">
 					</div>";	
 		
 	}
@@ -87,13 +102,11 @@
 				</div>";
 		}
 	} else {
-		echo "<div class=\"column side\">
-				<p> No hay ninguna session en la sala ". $placeholder_hall . " el dia ". $placeholder_date . "</p>
-				<input type=\"submit\" name=\"submit\" value=\"Añadir\" class=\"button large\" formaction=\"./?state=edit_session&option=new\">
-		</div>";
+		echo "
+		
+				<div class=\"column side\">
+					<p> No hay ninguna session en la sala ". $placeholder_hall . " el dia ". $placeholder_date . "</p>
+					<input type=\"submit\" name=\"submit\" form=\"addfilter\"  value=\"Añadir\" class=\"button large\" formaction=\"./?state=edit_session&option=new\">
+				</div>";
 	}
-	echo "	
-					
-				</form>";
-?>	
-				
+?>	
\ No newline at end of file
diff --git a/panel_manager/panel_manager.php b/panel_manager/panel_manager.php
index 0eadbc0..c242059 100644
--- a/panel_manager/panel_manager.php
+++ b/panel_manager/panel_manager.php
@@ -12,16 +12,16 @@
         function showPanel() {
             if($this->login){
                 switch($this->state) {
-                    case 'us_u': require('user_unregistered_view.php'); break;
-                    case 'us_r': require('user_registered_view.php'); break;
-                    case 'rooms': require('manage_rooms.php');  break;
-                    case 'sessions': require('manage_sessions.php'); break;
-                    case 'edit_session': require('edit_sessions.php'); break;
+                    case 'us_u': echo "<p> Esta vista no esta implementada </p>"; break;
+                    case 'us_r': echo "<p> Esta vista no esta implementada </p>"; break;
+                    case 'rooms': require_once('manage_rooms.php');  break;
+                    case 'sessions': require_once('manage_sessions.php'); break;
+                    case 'edit_session': require_once('edit_sessions.php'); break;
                     default: require('hello_panel.php'); break;
                 }
             }
             else{
-                require('no_permisions_panel.php');
+                echo "<h1> Error no tienes los permisos necesarios de gerente</h1>";
             }
         }
     }
diff --git a/panel_manager/validateSession.php b/panel_manager/validateSession.php
index 1d55f6d..18921a6 100644
--- a/panel_manager/validateSession.php
+++ b/panel_manager/validateSession.php
@@ -1,31 +1,22 @@
 <?php
-    session_start();
-
-    //Depuración (BORRAR):
-    ini_set('display_errors', 1);
-    ini_set('display_startup_errors', 1);
-    error_reporting(E_ALL);
-    
-    //HTML template:
-    require_once('../assets/php/template.php');
-    $template = new Template();
-	$action ="";
-	$id = null;
-	if(isset($_POST['new'])){
-		$action = "new";
-	} else if (isset($_POST['edit'])){
-		$action = "edit";
-		$id = $_POST["id"];
-	} else if (isset($_POST['del'])){
-		$action = "del";
-		$id = $_POST["id"];
-	}
-	
-    //Login form validate:
+	//General Config File:
+    require_once('../assets/php/config.php');
     require_once('./includes/formSession.php');
     $session = new FormSession();
-    $session->processesForm($id, $_POST["film"], $_POST["hall"], $_POST["cinema"],$_POST["date"],$_POST["start"],$_POST["price"],$_POST["format"],$_POST["repeat"], $action);
-    $reply = $session->getReply();
+	$reply = "<p> ERROR DE ACCESO </p>" ;
+	
+	if(isset($_POST['new'])){
+		$session->processesForm(null, $_POST["film"], $_POST["hall"], $_POST["cinema"],$_POST["date"],$_POST["start"],$_POST["price"],$_POST["format"],$_POST["repeat"], "new");
+		$reply = $session->getReply();
+		
+	} else if (isset($_POST['edit'])){
+		$session->processesForm($_POST["id"], $_POST["film"], $_POST["hall"], $_POST["cinema"],$_POST["date"],$_POST["start"],$_POST["price"],$_POST["format"],"0", "edit");
+		$reply = $session->getReply();
+		 
+	} else if (isset($_POST['del'])){
+		$session->processesForm($_POST["id"], $_POST["film"], $_POST["hall"], $_POST["cinema"],$_POST["date"],$_POST["start"],$_POST["price"],$_POST["format"],"0", "del");
+		$reply = $session->getReply();
+	}
 
 ?>
 <!DOCTYPE HTML>
