Mini Shell

<?php
session_start();
$rootPath = realpath(dirname(__FILE__) . '/..');
require_once $rootPath . '/Portal/config/config.php';
require_once $rootPath . '/Portal/include/auth_validate.php';


/////// Code for new access control on header menu /////////////////////////
$User = $_SESSION['id'];
$UserAccessName="";

$result = mysqli_query( $conn,"SELECT * FROM admin_accounts WHERE id = '$User' ");
        $num = mysqli_num_rows($result);

	        if ($num >0){
				
				$rows = mysqli_fetch_array($result);
                $UserAccessName = $rows['User_Type'];
						}

if ($_SERVER['REQUEST_METHOD'] == 'POST') 
	
{
	$Full_Name = $_POST['Full_Name'];
	$Name = $_POST['user_name'];
	$Phone = $_POST['Phone'];
	$Password = md5($_POST['passwd']);
	$AccessLevel = $_POST['UserAccessName'];
	$StudentID = $_POST['UserID'];
	$User_Type = $_POST['User_Type'];
	
	
	if (empty($Password)){
	$sql = mysqli_query($conn,"UPDATE admin_accounts SET  Full_Name = '$Full_Name', user_name = '$Name', Phone = '$Phone', User_Type = '$User_Type', Access_Level = '$AccessLevel' WHERE id = '$StudentID'"); 
	}else{
	$sql = mysqli_query($conn,"UPDATE admin_accounts SET  Full_Name = '$Full_Name', user_name = '$Name', Phone = '$Phone', passwd =  '$Password', User_Type = '$User_Type', Access_Level = '$AccessLevel' WHERE id = '$StudentID'"); 	
		
	}
	
	//Event Trail
			   date_default_timezone_set('Africa/Blantyre');
				$EventTime = date('d-m-Y H:i', time());
						 
				$Action = $RecordType = $Details = $Date = $User = '';
				$Action = 'Update Record'; 
				$RecordType = 'User Account';
				$Details = "$Full_Name";
				$Date = "$EventTime";
				$User = $_SESSION['Full_Name'];
						 
				 $sql = mysqli_query($conn,"INSERT INTO eventtrail (Action,RecordType,Details,Date,User) 
							VALUES ('$Action','$RecordType','$Details','$Date','$User')");
	
	
 $_SESSION['success'] = "User Record Updated successfully!";
    	header('location: admin_users.php');
    	

   	exit();
 

}

 include_once 'include/footer.php'; ?>