<!--#include file="DBconn.asp"-->
<!--#include file="authCheck.asp"-->
<%
Sub Script_Error(message) 'shouldnt ever be needed if the ui provided is used
 Response.Redirect "ui_index.asp?msg=" & message
 Response.End 'just to be sure :)
End Sub

Function zCreateEncKey()
Dim zintKey,counter
zintKey = ""
For counter = 1 To 8
 Rnd 1
 Randomize
 zintKey = zintKey & Int(9 * Rnd)
Next
zCreateEncKey = zintKey
End Function

Sub zAdd_User()
If z1_AccessLevel < 2 Then
 Exit Sub
End If
zobjRS.Open "userInfo",zobjConn,adOpenForwardOnly,adLockOptimistic,adCmdTable
zobjRS.AddNew
zobjRS("Username") = zstrUsername
zobjRS("Email") = zstrEmail
zobjRS("Password") = zstrPass1
zobjRS("AccessLevel") = zintAccessLevel
zobjRS("EncCode") = zCreateEncKey()
zobjRS.Update
zobjRS.Close
End Sub

Sub zEdit_User()
Dim zstrSQL
zstrSQL = "SELECT * FROM userInfo WHERE userInfo.UserID LIKE " & zintUserID
zobjRS.Open zstrSQL,zobjConn,adOpenForwardOnly,adLockOptimistic,adCmdText
zobjRS("Username").Value = zstrUsername
zobjRS("Email").Value = zstrEmail
zobjRS("AccessLevel").Value = zintAccessLevel
If zstrPass1 <> "" Then 'password is to be changed
 zobjRS("Password").Value = zstrPass1
End If
zobjRS("EncCode") = zCreateEncKey() 'changes the users encryption code
zobjRS.Update
zobjRS.Close
End Sub

Dim zstrUpdateAction
zstrUpdateAction = LCase(Trim(Request.Form("updateaction")))
If zstrUpdateAction = "edit" Then
 Dim zintUserID
 zintUserID = CInt(Trim(Request.Form("userid")))
 If zintUserID = "" Or Not IsNumeric(zintUserID) Then
  Call Script_Error("invalid userid submitted for editing")
 End If
 If z1_AccessLevel < 2 And zintUserID <> z1_UserID Then
  Call Script_Error("You may only edit your own profile details")
 End If
End If

Dim zstrUsername,zstrEmail,zintAccessLevel,zstrPass1,zstrPass2
zstrUsername = Trim(Request.Form("username"))
zstrEmail = Trim(Request.Form("email"))
zintAccessLevel = Trim(Request.Form("accesslevel"))
zstrPass1 = Trim(Request.Form("pass1"))
zstrPass2 = Trim(Request.Form("pass2"))

'-- validate stuff --
If zstrUsername = "" Or Len(zstrUsername) > 50 Then
 Call Script_Error("Username either not present or too long")
End If
If zstrEmail = "" Or Len(zstrEmail) > 50 Then
 Call Script_Error("Email either not present or too long")
End If
If zintAccessLevel <> "" And IsNumeric(zintAccessLevel) Then
 zintAccessLevel = CInt(zintAccessLevel)
 If zintAccessLevel < 0 Or zintAccessLevel > z1_AccessLevel Then
  zintAccessLevel = z1_AccessLevel 'if accesslevel is invalid or higher than their own, defaults to users level
 End If
End If
If zstrPass1 <> "" And zstrPass1 <> zstrPass2 Then 'passwords sent, but do not match
 Call Script_Error("password and check do not match")
Else
 If Len(zstrPass1) > 8 Then
  Call Script_Error("password must be 8 characters or less")
 Else
'-- check that password is only letters or numbers --
  Dim zobjRegExp
  Set zobjRegExp = New RegExp
  zobjRegExp.IgnoreCase = True
  zobjRegExp.Global = True
  zobjRegExp.Pattern = "[^a-z\d]"
  If zobjRegExp.Test(zstrPass1) Then
   Call Script_Error("Password can only contain letters and numbers")
  End If
  Set zobjRegExp = Nothing
 End If
End If

'-- brain --
Dim zobjRS
Set zobjRS = Server.CreateObject("ADODB.Recordset")

If zstrUpdateAction = "add" And zstrPass1 <> "" Then 'makes sure password has been sent
 Call zAdd_User()
ElseIf zstrUpdateAction = "edit" Then
 Call zEdit_User()
End If

Set zobjRS = Nothing
zobjConn.Close
Set zobjConn = Nothing
Response.Redirect "ui_index.asp?msg=database updated"
%>