<% Response.Buffer=true %>
<!--#include file="../admin_includes/checkLogin.asp"-->
<!--#include file="../global_includes/global.asp"-->


<%
dim page_id
dim process
dim redirectString

dim userName
dim userGroup
dim userEmail
dim userID
dim securityLevel
dim password
dim confirmpassword

page_id = request.form("page_id")
process = request.form("process")
userName = request.form("userName")
userGroup = request.form("userGroup")
userEmail = request.form("userEmail")
userID = request.form("userID")
securityLevel = request.form("userSecurityLevel")
password = request.form("userPassword")
confirmpassword = request.form("confirmpassword")

'--Check for single quotes/apostrophes
userName = SQLSafe(userName)
password = SQLSafe(password)
confirmpassword = SQLSafe(confirmpassword)


if process = "update" then
	redirectString = "ia.asp?page_id=" & page_id & "&mode=manageUsers&editType=addItem&user_id=" & userID & "&errorMsg"
else
	redirectString = "ia.asp?page_id=" & page_id & "&mode=manageUsers&editType=addItem&newUserName=" & userName & "&newUserGroup=" & userGroup & "&newUserEmail=" & userEmail & "&newUserSecurityLevel=" & securityLevel & "&errorMsg"
end if

'--Check a username has been added
if len(userName) < 1 then
	Response.Redirect(redirectString & "=UserNameZeroLength")
end if

'--Check an email address has been added
if len(userEmail) < 1 then
	Response.Redirect(redirectString & "=UserEmailZeroLength")
end if

'--Check the email address is valid
if not isValidEmail(userEmail) = true then
	Response.Redirect(redirectString & "=invalidEmail")
end if

'--Check a password has been added
if len(password) < 1 then
	Response.Redirect(redirectString & "=passwordZeroLength")
end if

'--Check the password is alpha numeric
if not IsAlphaNumeric(password) = true then
	Response.Redirect(redirectString & "=invalidPassword")
end if

'--Check the two passwords sibmitted are the same
if not password = confirmpassword then
	Response.Redirect(redirectString & "=passwordUnconfirmed")
end if

'-- Now all the form checking is done
'-- If we are adding a user
'-- Query the database and make sure we don't already have a user with this name
if not process = "update" then
	strSQL = "SELECT * FROM epcms_users where user = '" & userName & "'"
	set rs = LoadRSFromDB(strSQL)
	if not rs.EOF then response.redirect(redirectString & "=userNameInUse")
	rs.close
end if


'--If we're all good, update the record in the users table
if process = "update" then
	strSQL = "UPDATE epcms_users SET "&_
	"user = '" & userName &"',"&_
	"email_address = '" & userEmail &"',"&_
	"security_level = '" & securityLevel & "',"&_
	"group_id = '" & userGroup & "',"&_
	"password='" & password & "'"&_
	"WHERE keyuser = " & userID
else
	strSQL = "INSERT INTO epcms_users "&_
	"(user,email_address,security_level,group_id,password) "&_
	"VALUES ('" & userName & "','" & userEmail & "','" & securityLevel & "','" & userGroup & "','" & password & "');"
end if

RunSQL strSQL


if process = "update" then
	Response.Redirect("ia.asp?mode=manageUsers&page_id=" & page_id & "&editType=view&confirmMsg=User%20info%20updated")
else
	Response.Redirect("ia.asp?mode=manageUsers&page_id=" & page_id & "&editType=view&confirmMsg=User%20added")
end if
%>