Asked by:
Classic ASP Search Functionality
Question
-
User-1251059536 posted
Hi All,
I have a application which searches based upon Family Name , Given Name and Email .
The Issue is the filter is not retained on all the pages. When I move to the next page , the filter is nothing, it returns all the records.
I have tried a lot but somehow its not happening
<% checkUser "error.asp", 31, "admin" %> <% 'DEBUG 'response.write "0 - passed - " & Now & "<br>" 'response.flush %> <script type="text/Javascript" language="Javascript" src="functions/userslist.js"></script> <% 'Get PageAction information pageAction = Request.QueryString("ac") If NOT(checkForID(pageAction)) AND pageAction <> "" then pageAction = "" End If If pageAction = "" then pageAction = 1 End If 'SubSubMenu setup subsubMenuEmptyTable = pageAction subsubMenuEmptyTable = subsubMenuEmptyTable * 90 Dim arrsubsubMenuItems(1) arrsubsubMenuItems(0) = "View Users" arrsubsubMenuItems(1) = "Add User" '####### DEBUG '####### DEBUG '####### DEBUG 'Session("usertype") = Array(1) '####### DEBUG '####### DEBUG '####### DEBUG mySQL = "SELECT * FROM TB_USER_TYPE" ' ORDER BY USER_TYPE_ID" myWhere = "" superAdmin = false regionAdmin = false regionCarCarrierAdmin = false sAccessRegionAdmin = false sAccessAppAdmin = false for uI="0" to Ubound(Session("usertype")) step 1 'DEBUG 'response.write "Session(""usertype"")(" & uI & ") = " & Session("usertype")(uI) & "<br>" & vbCRLF Select Case Session("usertype")(uI) Case 1 'admins superAdmin = true myWhere = "" exit for Case 2 'regional admins regionAdmin = true sAccessRegionAdmin = true if (myWhere <> "") then myWhere = myWhere & " OR REGIONAL_OPTION = 1" else myWhere = " WHERE REGIONAL_OPTION = 1" end if Case 3 'regional car carrier admins regionCarCarrierAdmin = true if (myWhere <> "") then myWhere = myWhere & " OR CAR_CARRIER_OPTION = 1" else myWhere = " WHERE CAR_CARRIER_OPTION = 1" end if Case 4 'application admins if (NOT (regionAdmin AND superAdmin)) then myWhere = "" sAccessAppAdmin = true end if end select next mySQL = mySQL & myWhere & " ORDER BY USER_TYPE_ID" rs.open mySQL, dbconnection typeArray = rs.GetRows() Session("typeArray_mul") = typeArray rs.close if IsArray(Session("appArray_mul")) then appArray = Session("appArray_mul") else mySQL = "SELECT * FROM TB_APP ORDER BY APP_DSC" rs.open mySQL, dbconnection appArray = rs.GetRows() Session("appArray_mul") = appArray rs.close end if if NOT IsArray(Session("countryArray_mul")) then SQLGetCountries = "Select Country_CD, Country_DSC FROM MG_COUNTRY ORDER BY COUNTRY_DSC" Set GetCountries = klineconnection.execute(SQLGetCountries) Session("countryArray_mul") = GetCountries.GetRows() end if Select Case pageaction Case 1 'Check if it's a new search isNewSearch = Request.Form("hiddenSearch") If (NOT(CheckGoodValues(isNewSearch,15,2)) OR NOT(validate_string(isNewSearch)) OR NOT(noSpamText(isNewSearch))) AND isNewSearch <> "" then isNewSearch = "newSearch" End If If Request.QueryString("ac") = "" OR Request.QueryString("ac") = "1" then isNewSearch = "newSearch" End If 'If new search retrieve information and fill sessions If isNewSearch = "newSearch" then thisFilter = Request.Form("selFilter") If (NOT(CheckGoodValues(thisFilter, "no,Given_Name,Family_Name,Email,Office_ID", 1)) OR NOT(validate_string(thisFilter)) OR NOT(noSpamText(thisFilter)) AND thisFilter <> "") then thisFilter = "" End If filterKeyword = Request.Form("txtFilterKeyword") If NOT(CheckGoodValues(filterKeyword, 20, 2)) OR NOT(validate_string(filterKeyword)) OR NOT(noSpamText(filterKeyword)) then filterKeyword = "" End If filterCriteria = Request.Form("radioCriteria") If NOT(checkForID(filterCriteria)) AND filterCriteria <> "" then filterCriteria = "" End If Session("filterKeyWord") = filterKeyword Session("filterCriteria") = filterCriteria Session("thisFilter") = thisFilter End If %> <form name="frmFilter" method="post" action="index.asp?pageid=2&sub=1&ac=1"> <!-- #include file="../users/subsubtitlemenu.asp"--> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center"> <tr> <td class="adminFormTitle" height="20"> View Users</td> </tr> </table> <% If isNewSearch = "newSearch" then typeIDs = "" for i="0" to Ubound(typeArray, 2) step 1 typeIDs = typeIDs & trim(typeArray(0,i)) & "," next typeIDs = CleanListString(typeIDs) SQLGetAllIDs = "SELECT DISTINCT alchemy.TB_STAFF.STAFF_ID " &_ "FROM dbo.TB_USER_APP_LOOKUP RIGHT OUTER JOIN " &_ "alchemy.TB_STAFF LEFT OUTER JOIN " &_ "dbo.TB_USER_TYPE_LOOKUP ON alchemy.TB_STAFF.STAFF_ID = dbo.TB_USER_TYPE_LOOKUP.STAFF_ID ON " &_ "dbo.TB_USER_APP_LOOKUP.STAFF_ID = alchemy.TB_STAFF.STAFF_ID LEFT OUTER JOIN " &_ "dbo.TB_APP_LEVELS INNER JOIN " &_ "dbo.TB_USER_APPLEVEL_LOOKUP ON dbo.TB_APP_LEVELS.APP_LEVEL_ID = dbo.TB_USER_APPLEVEL_LOOKUP.APP_LEVEL_ID ON " &_ "alchemy.TB_STAFF.STAFF_ID = dbo.TB_USER_APPLEVEL_LOOKUP.STAFF_ID " &_ "INNER JOIN Alchemy.TB_OFFICE ON alchemy.TB_STAFF.OFFICE_ID = Alchemy.TB_OFFICE.OFFICE_ID" sWhereClause = " WHERE alchemy.TB_STAFF.Active = 1" If thisFilter = "Given_Name" OR thisFilter = "Family_Name" OR thisFilter = "Email" then sWhereClause = sWhereClause & " AND " & thisFilter Select Case filterCriteria Case 1 sWhereClause = sWhereClause & " = '" & filterKeyWord & "'" Case 2 sWhereClause = sWhereClause & " LIKE '%" & filterKeyWord & "%'" Case 3 sWhereClause = sWhereClause & " LIKE '" & filterKeyWord & "%'" Case 4 sWhereClause = sWhereClause & " LIKE '%" & filterKeyWord & "'" End Select elseIf Trim(thisFilter) = "Office_ID" then sWhereClause = sWhereClause & " AND Alchemy.TB_OFFICE.OFFICE_ID = '" & Request.Form("selOfficeCD") & "' " End If 'if (sWhereClause <> "") then ' sWhereClause = sWhereClause & " AND ACTIVE = 1 AND USER_TYPE_ID IN (" & typeIDs & ")" 'else ' sWhereClause = " WHERE ACTIVE = 1 AND USER_TYPE_ID IN (" & typeIDs & ")" 'end if if (sWhereClause <> "") then sWhereClause = sWhereClause & " AND USER_TYPE_ID IN (" & typeIDs & ")" else sWhereClause = " WHERE USER_TYPE_ID IN (" & typeIDs & ")" end if '#### '### Application users can view all users so no need to restrict the users ### '#### ' sAppClause = "" ' if (IsArray(Session("userAppID"))) then ' for uI="0" to Ubound(Session("userAppID")) ' if (Session("app" & Session("userAppID")(uI) & "level") <> "") then ' rs.open "alchemy.sp_GetAppLevelId " & Session("app" & Session("userAppID")(uI) & "level"), dbconnection ' appLevel = rs(0) ' rs.close ' ' if (appLevel = 1) then ' if (sAppClause <> "") then ' sAppClause = sAppClause & " OR (TB_APP_LEVELS.APP_ID = " & Session("userAppID")(uI) & " AND TB_APP_LEVELS.LEVEL_ID > 1)" ' else ' sAppClause = "(TB_APP_LEVELS.APP_ID = " & Session("userAppID")(uI) & " AND TB_APP_LEVELS.LEVEL_ID > 1)" ' end if ' end if ' end if ' next ' end if ' ' if (sAppClause <> "") then ' sWhereClause = sWhereClause & " AND (" & sAppClause & ")" ' end if if (Session("userRegion") <> "" AND regionAdmin) then sWhereClause = sWhereClause & " AND Alchemy.TB_OFFICE.LOCATION_CD LIKE '" & Session("userRegion") & "%'" end if SQLGetAllIDs = SQLGetAllIDs & sWhereClause & " Order by alchemy.TB_STAFF.Staff_ID" 'Response.Write SQLGetAllIDs 'response.end 'DEBUG 'Response.Write SQLGetAllIDs 'Response.flush Set GetAllIDs = dbconnection.execute(SQLGetAllIDs) End If If isNewSearch = "newSearch" then If NOT(GetAllIDs.EOF) then Dim arrAllIDs() arrcounter = 1 While NOT(GetAllIDs.EOF) Redim Preserve arrAllIDs(arrcounter) arrAllIDs(arrcounter - 1) = GetAllIDs("Staff_ID") GetAllIDs.MoveNext arrcounter = arrcounter + 1 Wend Session("arrAllIDs") = arrAllIDs noRecords = Ubound(arrAllIDs) chkRemainder = noRecords MOD 20 lastRecordID = Ubound(arrAllIDs) - 1 noPages = int(noRecords / 20) 'response.Write "npages: " & noPages If chkRemainder <> 0 AND noRecords > 20 then noPages = noPages + 1 End If currPageNo = Request.QueryString("cp") If NOT(checkForID(currPageNo)) AND currPageNo <> "" then currPageNo = "" End If If currPageNo = "" then currPageNo = 1 End If If noPages = 0 then noPages = 1 End If startRecordID = (currPageNo - 1) * 20 If lastRecordID < startRecordID + 19 then endRecordID = lastRecordID Else endRecordID = startRecordID + 19 End If 'Response.Write startRecordID & endRecordID 'Response.End pageRecordNumber = 0 For pageidcounter = startRecordID to endRecordID If pageRecordNumber <> 0 then PageIDList = PageIDList & "," End If PageIDList = PageIDList & arrAllIDs(pageidcounter) pageRecordNumber = pageRecordNumber + 1 Next 'Response.Write "PageIDList" & PageIDList & " " & pageidcounter MOD 20 'Response.End SQLGetPage = "Select Staff_ID, Given_Name, Family_Name, Email FROM alchemy.TB_STAFF WHERE Staff_ID IN (" & PageIDList & ")" Set GetPage = dbconnection.execute(SQLGetPage) GetAllIDs.MoveFirst End If Else arrAllIDs = Session("arrAllIDs") noRecords = Ubound(arrAllIDs) chkRemainder = noRecords MOD 20 lastRecordID = Ubound(arrAllIDs) - 1 noPages = int(noRecords / 20) If chkRemainder <> 0 AND noRecords > 20 then noPages = noPages + 1 End If currPageNo = Request.QueryString("cp") If NOT(checkForID(currPageNo)) AND currPageNo <> "" then currPageNo = "" End If If currPageNo = "" then currPageNo = 1 End If If noPages = 0 then noPages = 1 End If 'Response.Write " currPageNo = " & currPageNo 'response.write "lastRecord:" & lastRecordID startRecordID = (currPageNo - 1) * 20 If lastRecordID < startRecordID + 19 then endRecordID = lastRecordID Else endRecordID = startRecordID + 19 End If 'Response.Write startRecordID & endRecordID 'Response.End pageRecordNumber = 0 For pageidcounter = startRecordID to endRecordID If pageRecordNumber <> 0 then PageIDList = PageIDList & "," End If PageIDList = PageIDList & arrAllIDs(pageidcounter) pageRecordNumber = pageRecordNumber + 1 Next 'Response.Write "PageIDList" & PageIDList & " " & pageidcounter MOD 20 'Response.End SQLGetPage = "Select Staff_ID, Given_Name, Family_Name, Email FROM alchemy.TB_STAFF WHERE Staff_ID IN (" & PageIDList & ") AND ACTIVE = 1" Set GetPage = dbconnection.execute(SQLGetPage) 'GetAllIDs.MoveFirst End If %> <table width="100%" height="20" cellpadding="0" cellspacing="1" border="0" align="center" id="filterTable"> <tr bgcolor="#8A96A5"> <td class="adminFormTitle" height="20" width="130"> Filter: <select name="selFilter" onchange="showCriterias();"> <option value="no">No filter</option> <option value="Given_Name" <%If Session("thisFilter") = "Given_Name" then Response.Write "Selected"%>>Given Name</option> <option value="Family_Name" <%If thisFilter = "Family_Name" then Response.Write "Selected"%>>Family Name</option> <option value="Email" <%If thisFilter = "Email" then Response.Write "Selected"%>>Email</option> <option value="Office_ID" <%If thisFilter = "Office_ID" then Response.Write "Selected"%>>Office Code</option> </select> </td> <td align="left" valign="middle" id="officecdCriterias"> Office Code: <% SQLGetOfficeCD = "Select Office_ID, Office_CD FROM Alchemy.TB_OFFICE ORDER BY Office_CD" Set GetOfficeCD = dbconnection.execute(SQLGetOfficeCD) %> <select name="selOfficeCD"> <% While NOT(GetOfficeCD.EOF) %> <option value="<%=GetOfficeCD("Office_ID")%>" <%If cint(Request.Form("selOfficeCD")) = GetOfficeCD("Office_ID") then Response.Write "selected"%>><%=GetOfficeCD("Office_CD")%></option> <% GetOfficeCD.MoveNext Wend %> </select> </td> <td align="center" valign="middle" id="filterCriterias" style="color: #FFFFFF;"> <input type="radio" name="radioCriteria" value="1" style="border-width: 0px;" <%If Session("filterCriteria") = 1 OR Session("filterCriteria") = "" then Response.Write "checked"%>/>match <input type="radio" name="radioCriteria" value="2" style="border-width: 0px;" <%If Session("filterCriteria") = 2 then Response.Write "checked"%>/>contains <input type="radio" name="radioCriteria" value="3" style="border-width: 0px;" <%If Session("filterCriteria") = 3 then Response.Write "checked"%>/>starts <input type="radio" name="radioCriteria" value="4" style="border-width: 0px;" <%If Session("filterCriteria") = 4 then Response.Write "checked"%>/>ends <input type="text" size="10" name="txtFilterKeyword" style="width: 100px;" <%If Session("filterKeyword") <> "" then Response.Write "value=" & Session("filterKeyword")%> /> </td> <td align="right"> <input type="submit" value="Search" class="searchButton" style="border-width: 0px;"/> <input type="hidden" name="hiddenSearch" value="newSearch"/> </td> </tr> </table> <script language="JavaScript" type = "text/javascript"> <% If Session("thisFilter") = "Given_Name" OR thisFilter = "Family_Name" OR thisFilter = "Email" then Response.Write "showCriterias('Name');" End If If Session("thisFilter") = "Office_ID" then Response.Write "showCriterias('Office_CD');" End If If Session("thisFilter") = "no" OR Session("thisFilter") = "" then Response.Write "showCriterias('no');" End If %> </script> <% If isNewSearch <> "newSearch" then %> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="100" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Given Name</h4></td> <td width="100" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Family Name</h4></td> <td width="250" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Email</h4></td> <td width="100" bgcolor="#D0D6DF" colspan="3"> </td> </tr> <% While NOT(GetPage.EOF) %> <tr id="r<%=GetPage("Staff_ID")%>" onmouseover="this.style.backgroundColor='#FFFFDD';" onmouseout="this.style.backgroundColor='#FFFFFF';"> <td width="100"><%=GetPage("Given_Name")%></td> <td width="125"><%=GetPage("Family_Name")%></td> <td width="250"><%=GetPage("Email")%></td> <td width="25"><a href="index.asp?pageid=2&sub=1&ac=5&id=<%=GetPage("Staff_ID")%>" onmouseover="self.status='View <%=GetPage("Given_Name")%>\'s details';return true;" onmouseout="self.status='';return true;"><img src="images/userview.gif" alt="View <%=GetPage("Given_Name")%>'s details" border="0"/></a></td> <td width="25"><a href="index.asp?pageid=2&sub=1&ac=6&id=<%=GetPage("Staff_ID")%>" onmouseover="self.status='Edit <%=GetPage("Given_Name")%>\'s details';return true;" onmouseout="self.status='';return true;"><img src="images/useredit.gif" alt="Edit <%=GetPage("Given_Name")%>'s details" border="0"/></a></td> <td width="25"> <% if (sAccessRegionAdmin OR superAdmin OR NOT sAccessAppAdmin) then %> <a href="index.asp?pageid=2&sub=1&ac=7&id=<%=GetPage("Staff_ID")%>" onmouseover="self.status='Delete <%=GetPage("Given_Name")%>\'s details';return true;" onmouseout="self.status='';return true;"><img src="images/userdelete.gif" alt="Delete <%=GetPage("Given_Name")%>'s details" border="0"/></a> <% else response.write " " end if %> </td> </tr> <% GetPage.MoveNext Wend %> <tr> <td colspan="3"> <% For xpagedisplay = 1 to noPages if (CStr(xpagedisplay) <> CStr(currPageNo)) then Response.Write "<a href=index.asp?pageid=2&sub=1&ac=1&cp=" & xpagedisplay & ">" & xpagedisplay & "</a> " else Response.Write "<b>" & xpagedisplay & "</b> " end if 'Response.Write "<a href=index.asp?pageid=2&sub=1&ac=1&cp=" & xpagedisplay & ">" & xpagedisplay & "</a> " Next %> </td> <td width="100" align="right" colspan="4">Page <%=currPageNo%> of <%=noPages%></td> </tr> </table> <% Else If NOT(GetAllIDs.EOF) then If NOT(GetPage.EOF) then %> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="100" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Given Name</h4></td> <td width="100" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Family Name</h4></td> <td width="250" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Email</h4></td> <td width="100" bgcolor="#D0D6DF" colspan="3"> </td> </tr> <% While NOT(GetPage.EOF) %> <tr id="r<%=GetPage("Staff_ID")%>" onmouseover="this.style.backgroundColor='#FFFFDD';" onmouseout="this.style.backgroundColor='#FFFFFF';"> <td width="100"><%=GetPage("Given_Name")%></td> <td width="125"><%=GetPage("Family_Name")%></td> <td width="250"><%=GetPage("Email")%></td> <td width="25"><a href="index.asp?pageid=2&sub=1&ac=5&id=<%=GetPage("Staff_ID")%>" onmouseover="self.status='View <%=GetPage("Given_Name")%>\'s details';return true;" onmouseout="self.status='';return true;"><img src="images/userview.gif" alt="View <%=GetPage("Given_Name")%>'s details" border="0"/></a></td> <td width="25"><a href="index.asp?pageid=2&sub=1&ac=6&id=<%=GetPage("Staff_ID")%>" onmouseover="self.status='Edit <%=GetPage("Given_Name")%>\'s details';return true;" onmouseout="self.status='';return true;"><img src="images/useredit.gif" alt="Edit <%=GetPage("Given_Name")%>'s details" border="0"/></a></td> <td width="25"> <% if (sAccessRegionAdmin OR superAdmin OR NOT sAccessAppAdmin) then %> <a href="index.asp?pageid=2&sub=1&ac=7&id=<%=GetPage("Staff_ID")%>" onmouseover="self.status='Delete <%=GetPage("Given_Name")%>\'s details';return true;" onmouseout="self.status='';return true;"><img src="images/userdelete.gif" alt="Delete <%=GetPage("Given_Name")%>'s details" border="0"/></a> <% else response.write " " end if %> </td> </tr> <% GetPage.MoveNext Wend %> <tr> <td colspan="3"> <% For xpagedisplay = 1 to noPages If xpagedisplay mod 50 = 0 then Response.Write "<br>" End If if (CStr(xpagedisplay) <> CStr(currPageNo)) then Response.Write "<a href=index.asp?pageid=2&sub=1&ac=1&cp=" & xpagedisplay & " onmouseover=""self.status='Go to page " & xpagedisplay & "';return true;"" onmouseout=""self.status='';return true;"">" & xpagedisplay & "</a> " 'Response.Write "<a href=index.asp?pageid=2&sub=1&ac=1&cp=" & xpagedisplay & ">" & xpagedisplay & "</a> " else Response.Write "<b>" & xpagedisplay & "</b> " end if 'If xpagedisplay mod 50 = 0 then ' Response.Write "<br>" 'End If 'Response.Write "<a href=index.asp?pageid=2&sub=1&ac=1&cp=" & xpagedisplay & " onmouseover=""self.status='Go to page " & xpagedisplay & "';return true;"" onmouseout=""self.status='';return true;"">" & xpagedisplay & "</a> " Next %> </td> <td width="100" align="right" colspan="4">Page <%=currPageNo%> of <%=noPages%></td> </tr> </table> <% Else %> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td>There are no records in the database.</td> </tr> </table> <% End If Else %> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td>There are no records in the database.</td> </tr> </table> <% End If End If %> </form> <% '############################### '### Form to insert new user ### '############################### Case 2 cuAuth = false cuAdmin = false cuRegionAdmin = false cuRegionCar = false cuAppUser = false cuBasicUser = false cuCarUser = false for cuI="0" to Ubound(Session("usertype")) step 1 Select Case Session("usertype")(cuI) Case 1 cuAdmin = true cuAuth = true Case 2 cuRegionAdmin = true Case 3 cuRegionCar = true Case 4 cuAppUser = true Case 5 cuBasicUser = true Case 6 cuCarUser = true End Select next 'DEBUG 'response.write "1 - passed - " & Now & "<br>" 'response.flush if (cuAdmin OR cuRegionAdmin OR cuRegionCar) then %> <form name="frmNewStaff" method="post" action="index.asp?pageid=2&sub=1&ac=3" onsubmit="return validateUserForm();" enctype="multipart/form-data"> <!-- #include file="../users/subsubtitlemenu.asp"--> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center"> <tr> <td class="adminFormTitle" height="20"> Add a new user</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <% If Request.QueryString("err") = "dup" then %> <tr> <td colspan="2" width="100%"><font color="#FF0000">It appears this Username is already used. Please change the Username and submit again.</font></td> </tr> <% End If %> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="200" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Title</h4></td> <td style="border-width: 0px;" colspan="2"> <% SQLGetTitles = "exec Alchemy.sp_GETALL @outputTable = 'alchemy.tb_Staff_Title'" Set GetTitles = dbconnection.execute(SQLGetTitles) %> <select name="selTitle" style="width: 140px;"> <% While NOT(GetTitles.EOF) %> <option value="<%=GetTitles("Title_ID")%>" <% If Session("insertTitle") <> "" then If CStr(Session("insertTitle")) = CStr(GetTitles("Title_ID")) then Response.Write "Selected" End If %>><%=GetTitles("Title")%></option> <% GetTitles.MoveNext Wend %> </select> </td> </tr> <% 'DEBUG 'response.write "2 - passed - " & Now & "<br>" 'response.flush %> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Given Name</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtGivenName" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertGivenName")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Family Name</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtFamilyName" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertFamilyName")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Office</h4></td> <td style="border-width: 0px;" colspan="2"> <% if (Session("userRegion") <> "" AND regionAdmin) then SQLGetOfficeCD = "Select Office_ID, Office_CD FROM alchemy.tb_office WHERE LOCATION_CD LIKE '" & Session("userRegion") & "%' ORDER BY OFFICE_CD" else SQLGetOfficeCD = "Select Office_ID, Office_CD FROM alchemy.tb_office ORDER BY OFFICE_CD" end if Set GetOfficeCD = dbconnection.execute(SQLGetOfficeCD) %> <select name="selOfficeCD" style="width: 140px;"> <% While NOT(GetOfficeCD.EOF) %> <option value="<%=GetOfficeCD("Office_ID")%>" <%If Session("insertOfficeID") <> "" then If CStr(Session("insertOfficeID")) = CStr(GetOfficeCD("Office_ID")) then Response.Write "Selected" End If %>><%=GetOfficeCD("Office_CD")%></option> <% GetOfficeCD.MoveNext Wend %> </select> </td> </tr> <% 'DEBUG 'response.write "3 - passed - " & Now & "<br>" 'response.flush %> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Department</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtDepartment" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertDepartment")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Position</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtPosition" size="20" maxlength="100" style="width: 300px;" value="<%=Session("insertPosition")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">1st Responsibility</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtResponsibility1" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertResponsibility1")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">2nd Responsibility</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtResponsibility2" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertResponsibility2")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">3rd Responsibility</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtResponsibility3" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertResponsibility3")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Email</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtEmail" size="20" maxlength="100" style="width: 300px;" value="<%=Session("insertEmail")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Phone Number</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtPhoneNumber" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertPhoneNumber")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Alternate Phone Number</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtHomeNumber" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertHomeNumber")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Fax Number</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtFaxNumber" size="20" maxlength="50" style="width: 300px;" value="<%=Session("insertFaxNumber")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">User image</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="file" name="userimage"/> <% If thisuserimage <> "" then If NOT(validate_string(thisuserimage)) OR NOT(noSpamText(thisuserimage)) then thisuserimage = "" End If Set GetAttachment = dbconnection.execute("Select * From TB_USER_IMAGE Where ATTACHMENT_ID = " & int(thisUserimage)) If NOT(GetAttachment.EOF) then %> <input type="hidden" name="hiddenatid" value="<%=GetAttachment("ATTACHMENT_ID")%>"/> <br/> To overwrite the existing Related file <a href="../attachments_view.asp?tp=vsp&id=<%=trim(GetAttachment("ATTACHMENT_ID"))%>"><%=trim(GetAttachment("ATTACHMENT_NAME"))%></a> - (<%=trim(GetAttachment("ATTACHMENT_SIZE"))%>Kb) just chose a different file with the "Browse" button.<br/> Alternatively click <a href="index.asp?pageid=""2""&sub=1&ac=6&id=<%=viewStaffID%>& atid=<%=GetAttachment("ATTACHMENT_ID")%>">here</a> to remove the existing file. <% End If End If %> </td> </tr> <tr> <td colspan="3" class="accessTitle">User profile</td> </tr> <tr> <td bgcolor="#D0D6DF" valign="top"><h4 style="color: #23364F;">Site access</h4></td> <td style="border-width: 0px;" colspan="2"> <table width="100%" border="0" cellpadding="2" cellspacing="2"> <tr> <% If isArray(Session("newUserTypes")) then arrClickedSiteAccess = Session("newUserTypes") For z = 0 to Ubound(arrClickedSiteAccess) Response.Write arrClickedSiteAccess(z) Next End If 'response.write "superAdmin = " & superAdmin & "<br>" & vbCRLF 'response.write "sAccessAppAdmin = " & sAccessAppAdmin & "<br>" & vbCRLF 'response.write "regionCarCarrierAdmin = " & regionCarCarrierAdmin & "<br>" & vbCRLF 'response.write "regionAdmin = " & regionAdmin & "<br>" & vbCRLF for i="0" to Ubound(typeArray, 2) step 1 if (superAdmin) then accessDisplay = "block" else accessDisplay = "none" 'DEBUG 'response.write "CInt(typeArray(0," & i & ")) = " & CInt(typeArray(0,i)) & " = " & typeArray(1,i) & "<br>" & vbCRLF if (sAccessAppAdmin AND CInt(typeArray(0,i)) = 4) then 'NEED TO CHECK THAT THE USER IS AN ADMINISTRATOR OF THE APPLICATION if IsArray(userAppID) then for j="0" to Ubound(userAppID) currAppLevelID = Session("app" & userAppID(j) & "level") if (IsNumeric(currAppLevelID) AND currAppLevelID <> "") then rsLevelID = dbconnection.execute("alchemy.sp_GetAppLevelId " & currAppLevelID) if rsLevelID(0,0) = 1 then accessDisplay = "block" end if end if next end if end if if (regionCarCarrierAdmin AND CInt(typeArray(0,i)) = 6) then accessDisplay = "block" end if if (regionAdmin AND CInt(typeArray(0,i)) = 5) then accessDisplay = "block" end if end if %> <td style="display: <%=accessDisplay%>;"><input type="checkbox" id="type<%=trim(typeArray(0,i))%>" name="type<%=trim(typeArray(0,i))%>" value="<%=trim(typeArray(0,i))%>" onclick="showOptions(userTypeArray);" <% If isArray(Session("newUserTypes")) then arrClickedSiteAccess = Session("newUserTypes") For z = 0 to Ubound(arrClickedSiteAccess) If trim(typeArray(0,i)) = arrClickedSiteAccess(z) then Response.Write "checked" End If Next End If %> /></td> <td style="display: <%=accessDisplay%>;" onclick="frmNewStaff.type<%=trim(typeArray(0,i))%>.checked = !frmNewStaff.type<%=trim(typeArray(0,i))%>.checked;showOptions(userTypeArray);"><%=trim(typeArray(1,i))%></td> <% if (i Mod 2 = 1) then %> </tr><tr> <% end if next ' userTypeArray = "" ' for i="0" to Ubound(typeArray, 2) step 1 ' userTypeArray = userTypeArray & trim(typeArray(0,i)) & "," ' next %> <script language="JavaScript" type ="text/javascript" > userTypeArray = Array(<%=Ubound(typeArray, 2)+1%>); <% for i="0" to Ubound(typeArray, 2) step 1 %> userTypeArray[<%=i%>] = <%=trim(typeArray(0,i))%>; <% next %> </script> </tr> </table> </td> </tr> <% 'DEBUG 'response.write "4 - passed - " & Now & "<br>" 'response.flush %> <tr id="regionalAdmin"> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Regional administrator area</h4> <%Response.Write "regionalAdmin:" & Session("insertregionalAdminAreaDetails")%></td> <td style="border-width: 0px;" colspan="2"> <select name="selregionalCountry" style="width: 300px;"> <% for x="0" to Ubound(Session("countryArray_mul"), 2) %> <option value="<%=Session("countryArray_mul")(0,x)%>" <%If cStr(Session("insertregionalAdminAreaDetails")) = cStr(Session("countryArray_mul")(0,x)) then Response.Write "selected"%>><%=Session("countryArray_mul")(1,x)%></option> <% next %> </select> </td> </tr> <% 'DEBUG 'response.write "5 - passed - " & Now & "<br>" 'response.flush %> <tr id="appAdmin"> <td bgcolor="#D0D6DF" valign="top"><h4 style="color: #23364F;">Application</h4></td> <td style="border-width: 0px;" colspan="2"> <% mySQL = "SELECT APP_LEVEL_ID, APP_ID, LEVEL_ID, LEVEL_DSC FROM TB_APP_LEVELS ORDER BY APP_ID, LEVEL_ID" rs.open mySQL, dbconnection myApplevels = rs.GetRows() rs.close for i="0" to Ubound(appArray, 2) step 1 if (IsArray(Session("userAppID")) AND NOT superAdmin) then showApp = false for j="0" to Ubound(Session("userAppID")) if (trim(appArray(0,i)) = Session("userAppID")(j) AND Session("app" & trim(appArray(0,i)) & "level") <> "") then rs.open "alchemy.sp_GetAppLevelId " & Session("app" & trim(appArray(0,i)) & "level"), dbconnection appLevel = rs(0) rs.close if (appLevel = 1) then showApp = true exit for end if end if next else showApp = true end if 'DEBUG 'response.write "5.1." & i & " - passed - " & Now & "<br>" 'response.flush if (showApp) then %> <table border="0" cellpadding="2" cellspacing="2"> <tr> <td> <% ' If isArray(Session("newAppID")) then ' arrAppsClicked = Session("newAppID") ' For z = 0 to Ubound(arrAppsClicked) ' Response.Write arrAppsClicked(z) ' Next ' End If %> <input type="checkbox" name="app<%=trim(appArray(0,i))%>" value="<%=trim(appArray(0,i))%>" onclick="if (app<%=trim(appArray(0,i))%>.checked){ level<%=trim(appArray(0,i))%>.style.display = 'block';}else{ level<%=trim(appArray(0,i))%>.style.display = 'none';}" <% If isArray(Session("newAppID")) then arrAppsClicked = Session("newAppID") For z = 0 to Ubound(arrAppsClicked) If trim(appArray(0,i)) = arrAppsClicked(z) then Response.Write "checked" End If Next End If %>/></td> <td ><%=trim(appArray(1,i))%></td> <% 'DEBUG 'response.write "5.1as." & i & " - passed - " & Now & "<br>" 'response.flush ' rs.open "alchemy.sp_GetAppAccess " & trim(appArray(0,i)), dbconnection 'DEBUG 'response.write "5.1as." & i & " - query02 executed - passed - " & Now & "<br>" & vbCRLF 'response.write "<!-- alchemy.sp_GetAppAccess " & trim(appArray(0,i)) & " -->" & vbCRLF 'response.flush ' if NOT rs.EOF then ' appLevels = rs.GetRows() accessLevelDsc = "" if (Session("app" & trim(appArray(0,i)) & "level") <> "") then rs.open "alchemy.sp_GetAppLevelDsc " & Session("app" & trim(appArray(0,i)) & "level"), dbconnection accessLevelDsc = trim(rs(0)) rs.close end if 'DEBUG 'response.write "5.1bs." & i & " - passed - " & Now & "<br>" 'response.flush %> <td id="level<%=trim(appArray(0,i))%>" style="display: none;"> <select name="applevel<%=trim(appArray(0,i))%>"> <% for x="0" to Ubound(myApplevels, 2) if (trim(myApplevels(1, x)) = trim(appArray(0,i))) then if (accessLevelDsc = "Administrator") then if (trim(myApplevels(3, x)) <> accessLevelDsc) then %> <option value="<%=myApplevels(0, x)%>"><%=myApplevels(3, x)%></option> <% end if else %> <option value="<%=myApplevels(0, x)%>"><%=myApplevels(3, x)%></option> <% end if end if next %> </select> </td> <% 'DEBUG 'response.write "5.1be." & i & " - passed - " & Now & "<br>" 'response.flush ' else %> <!-- <td id="level<%=trim(appArray(0,i))%>" style="display: none;"></td> --> <% ' end if ' rs.close 'DEBUG 'response.write "5.1ae." & i & " - passed - " & Now & "<br>" 'response.flush %> </tr> </table> <% end if 'DEBUG 'response.write "5.2." & i & " - passed - " & Now & "<br>" 'response.flush next %> </td> </tr> <% 'DEBUG 'response.write "6 - passed - " & Now & "<br>" 'response.flush %> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Username</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="text" name="txtUsername" size="15" maxlength="20" style="width: 200px;" value="<%=Session("insertUsername")%>"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Password</h4></td> <td style="border-width: 0px;" colspan="2"> <input type="password" name="txtPassword" size="15" maxlength="20" style="width: 200px;" value="<%=Session("insertPassword")%>"/> </td> </tr> <tr> <td width="150" style="border-width: 0px;"> </td> <td align="right" style="border-width: 0px;" colspan="2"> <input type="button" value="« Back" class="adminFormButton" onclick="history.back();"/> <input type="reset" value="Reset" class="adminFormButton"/> <input type="submit" value="Submit »" class="adminFormButton"/> <input type="hidden" name="hiddeninsertupdate" value="ins"/> </td> </tr> <tr> <td width="200" style="height: 1px; border-width: 0px;"><img src="../images/spacer.gif" width="200" height="1" alt=""/></td> <td width="150" style="height: 1px; border-width: 0px;"><img src="../images/spacer.gif" width="150" height="1" alt=""/></td> <td width="200" style="height: 1px; border-width: 0px;"><img src="../images/spacer.gif" width="200" height="1" alt=""/></td> </tr> </table> </form> <script language="JavaScript" type ="text/javascript" > hideRegional(); // hideregionaldetails(); showOptions(userTypeArray); </script> <% Session("insertTitle") = "" Session("insertGivenName") = "" Session("insertFamilyName") = "" Session("insertOfficeID") = "" Session("insertDepartment") = "" Session("insertPosition") = "" Session("insertResponsibility1") = "" Session("insertResponsibility2") = "" Session("insertResponsibility3") = "" Session("insertEmail") = "" Session("insertPhoneNumber") = "" Session("insertHomeNumber") = "" Session("insertFaxNumber") = "" Session("insertUsername") = "" Session("insertPassword") = "" Session("insertupdate") = "" Session("insertSiteAccess") = "" Session("insertregionalAdminArea") = "" Session("insertuserimage") = "" %> <% else %> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="100%" id="adminContent" valign="top"> <h2>You do not have sufficient rights to add a user.</h2> <br /><br /> You can only edit users. </td> </tr> </table> <% end if %> <% '########################################### '### Preview insert new user/update user ### '########################################### Case 3 Set Upload = Server.CreateObject("Persits.Upload.1") Upload.save insertTitle = Upload.Form("selTitle") If NOT(validate_string(insertTitle)) OR NOT(noSpamText(insertTitle)) then insertTitle = "" End If insertGivenName = Upload.Form("txtGivenName") If NOT(validate_string(insertGivenName)) OR NOT(noSpamText(insertGivenName)) then insertGivenName = "" End If insertFamilyName = Upload.Form("txtFamilyName") If NOT(validate_string(insertFamilyName)) OR NOT(noSpamText(insertFamilyName)) then insertFamilyName = "" End If insertOfficeID = Upload.Form("selOfficeCD") If NOT(validate_string(insertOfficeID)) OR NOT(noSpamText(insertOfficeID)) then insertOfficeID = "" End If insertDepartment = Upload.Form("txtDepartment") If NOT(validate_string(insertDepartment)) OR NOT(noSpamText(insertDepartment)) then insertDepartment = "" End If insertPosition = Upload.Form("txtPosition") If NOT(validate_string(insertPosition)) OR NOT(noSpamText(insertPosition)) then insertPosition = "" End If insertResponsibility1 = Upload.Form("txtResponsibility1") If NOT(validate_string(insertResponsibility1)) OR NOT(noSpamText(insertResponsibility1)) then insertResponsibility1 = "" End If insertResponsibility2 = Upload.Form("txtResponsibility2") If NOT(validate_string(insertResponsibility2)) OR NOT(noSpamText(insertResponsibility2)) then insertResponsibility2 = "" End If insertResponsibility3 = Upload.Form("txtResponsibility3") If NOT(validate_string(insertResponsibility3)) OR NOT(noSpamText(insertResponsibility3)) then insertResponsibility3 = "" End If insertEmail = Upload.Form("txtEmail") If NOT(validate_string(insertEmail)) OR NOT(noSpamText(insertEmail)) then insertEmail = "" End If insertPhoneNumber = Upload.Form("txtPhoneNumber") If NOT(validate_string(insertPhoneNumber)) OR NOT(noSpamText(insertPhoneNumber)) then insertPhoneNumber = "" End If insertHomeNumber = Upload.Form("txtHomeNumber") If NOT(validate_string(insertHomeNumber)) OR NOT(noSpamText(insertHomeNumber)) then insertHomeNumber = "" End If insertFaxNumber = Upload.Form("txtFaxNumber") If NOT(validate_string(insertFaxNumber)) OR NOT(noSpamText(insertFaxNumber)) then insertFaxNumber = "" End If insertUsername = Upload.Form("txtUsername") If NOT(validate_string(insertUsername)) OR NOT(noSpamText(insertUsername)) then insertUsername = "" End If insertPassword = Upload.Form("txtPassword") If NOT(validate_string(insertPassword)) OR NOT(noSpamText(insertPassword)) then insertPassword = "" End If insertupdate = Upload.Form("hiddeninsertupdate") If NOT(validate_string(insertupdate)) OR NOT(noSpamText(insertupdate)) then insertupdate = "" End If insertSiteAccess = Upload.Form("selSiteAccess") If NOT(validate_string(insertSiteAccess)) OR NOT(noSpamText(insertSiteAccess)) then insertSiteAccess = "" End If insertregionalAdminArea = Upload.Form("selregionalAdminArea") If NOT(validate_string(insertregionalAdminArea)) OR NOT(noSpamText(insertregionalAdminArea)) then insertregionalAdminArea = "" End If insertuserimage = Upload.Form("userimage") If NOT(validate_string(insertuserimage)) OR NOT(noSpamText(insertuserimage)) then insertuserimage = "" End If filesAttached = false set myFile = Upload.files("userimage") if (Not myFile Is Nothing) then Session("fileName") = myFile.FileName Session("fileSize") = myFile.Size Session("hash") = myFile.MD5Hash mySQL = "INSERT INTO TB_USER_IMAGE (ATTACHMENT_NAME, ATTACHMENT, ATTACHMENT_SIZE, ATTACHMENT_HASH) VALUES (" &_ "'" & Session("fileName") & "'," &_ "?," &_ "'" & Session("fileSize") & "'," &_ "'" & Session("hash") & "')" 'Response.Write mySQL 'response.end %><!-- #include file="../../connections/uploadconnection.asp" --> <% ' Connect = "Driver={SQL Server};Server=100.10.10.27; Trusted_Connection=no; Database=WebSite;Uid=alchemy;Pwd=ALch3mY!;" myFile.ToDatabase Connect, mySQL rs.open "SELECT MAX(ATTACHMENT_ID) AS NEW_ID FROM TB_USER_IMAGE", dbconnection if not rs.EOF then attachlastID = trim(rs("NEW_ID")) end if rs.close Set GetName = dbconnection.execute("Select ATTACHMENT_NAME From TB_USER_IMAGE Where ATTACHMENT_ID = " & attachLastID) if NOT(GetName.EOF) then attachmentName = GetName("ATTACHMENT_NAME") end if If Upload.Form("hiddenatid") <> "" then dbconnection.execute("Delete From TB_USER_IMAGE Where ATTACHMENT_ID = " & Upload.Form("hiddenatid")) End If end if If insertregionalAdminArea <> "" then If insertregionalAdminArea = 0 then insertregionalAdminAreaDetails = Upload.Form("selregionalOffice") End If If insertregionalAdminArea = 1 then insertregionalAdminAreaDetails = Upload.Form("selregionalCountry") End If If insertregionalAdminArea = 2 then insertregionalAdminAreaDetails = Upload.Form("selregionalContinent") End If End If newUserTypes = "" for x="0" to Ubound(Session("typeArray_mul"), 2) if (Upload.form("type" & Session("typeArray_mul")(0, x)) <> "") then 'newUserTypes = newUserTypes & x & "," newUserTypes = newUserTypes & Upload.form("type" & Session("typeArray_mul")(0, x)) & "," end if next newUserTypes = CleanListString(newUserTypes) if (newUserTypes <> "") then Session("newUserTypes") = split(newUserTypes, ",") end if Session("regioncode") = Upload.form("selregionalCountry") newAppID = "" for x="0" to Ubound(Session("appArray_mul"), 2) if (Upload.form("app" & Session("appArray_mul")(0, x)) <> "") then 'newAppID = newAppID & x & "," newAppID = newAppID & Upload.form("app" & Session("appArray_mul")(0, x)) & "," end if next newAppID = CleanListString(newAppID) if (newAppID <> "") then Session("newAppID") = split(newAppID, ",") end if if (IsArray(Session("newAppID"))) then for x="0" to Ubound(Session("newAppID")) if (Upload.form("applevel" & Session("newAppID")(x)) <> "") then Session("applevel" & Session("newAppID")(x)) = Upload.form("applevel" & Session("newAppID")(x)) end if next end if If Request.QueryString("id") <> "" then If Upload.Form("hiddenOKUsername") <> insertUsername then If NOT(validate_string(insertUsername)) OR NOT(noSpamText(insertUsername)) then insertUsername = "" End If SQLCheckDuplicate = "Select USERNAME From alchemy.TB_STAFF_USER Where Username = '" & insertUsername & "'" Set CheckDuplicate = dbconnection.execute(SQLCheckDuplicate) 'If NOT(CheckDuplicate.EOF) OR lcase(insertUsername) = "select" OR lcase(insertUsername) = "insert" OR lcase(insertUsername) = "update" OR lcase(insertUsername) = "delete" OR lcase(insertUsername) = "drop" then If NOT(CheckDuplicate.EOF) then Session("insertTitle") = Upload.Form("selTitle") If NOT(validate_string(Session("insertTitle"))) OR NOT(noSpamText(Session("insertTitle"))) then Session("insertTitle") = "" End If Session("insertGivenName") = Upload.Form("txtGivenName") If NOT(validate_string(Session("insertGivenName"))) OR NOT(noSpamText(Session("insertGivenName"))) then Session("insertGivenName") = "" End If Session("insertFamilyName") = Upload.Form("txtFamilyName") If NOT(validate_string(Session("insertFamilyName"))) OR NOT(noSpamText(Session("insertFamilyName"))) then Session("insertFamilyName") = "" End If Session("insertOfficeID") = Upload.Form("selOfficeCD") If NOT(validate_string(Session("insertOfficeID"))) OR NOT(noSpamText(Session("insertOfficeID"))) then Session("insertOfficeID") = "" End If Session("insertDepartment") = Upload.Form("txtDepartment") If NOT(validate_string(Session("insertDepartment"))) OR NOT(noSpamText(Session("insertDepartment"))) then Session("insertDepartment") = "" End If Session("insertPosition") = Upload.Form("txtPosition") If NOT(validate_string(Session("insertPosition"))) OR NOT(noSpamText(Session("insertPosition"))) then Session("insertPosition") = "" End If Session("insertResponsibility1") = Upload.Form("txtResponsibility1") If NOT(validate_string(Session("insertResponsibility1"))) OR NOT(noSpamText(Session("insertResponsibility1"))) then Session("insertResponsibility1") = "" End If Session("insertResponsibility2") = Upload.Form("txtResponsibility2") If NOT(validate_string(Session("insertResponsibility2"))) OR NOT(noSpamText(Session("insertResponsibility2"))) then Session("insertResponsibility2") = "" End If Session("insertResponsibility3") = Upload.Form("txtResponsibility3") If NOT(validate_string(Session("insertResponsibility3"))) OR NOT(noSpamText(Session("insertResponsibility3"))) then Session("insertResponsibility3") = "" End If Session("insertEmail") = Upload.Form("txtEmail") If NOT(validate_string(Session("insertEmail"))) OR NOT(noSpamText(Session("insertEmail"))) then Session("insertEmail") = "" End If Session("insertPhoneNumber") = Upload.Form("txtPhoneNumber") If NOT(validate_string(Session("insertPhoneNumber"))) OR NOT(noSpamText(Session("insertPhoneNumber"))) then Session("insertPhoneNumber") = "" End If Session("insertHomeNumber") = Upload.Form("txtHomeNumber") If NOT(validate_string(Session("insertHomeNumber"))) OR NOT(noSpamText(Session("insertHomeNumber"))) then Session("insertHomeNumber") = "" End If Session("insertFaxNumber") = Upload.Form("txtFaxNumber") If NOT(validate_string(Session("insertFaxNumber"))) OR NOT(noSpamText(Session("insertFaxNumber"))) then Session("insertFaxNumber") = "" End If Session("insertUsername") = Upload.Form("txtUsername") If NOT(validate_string(Session("insertUsername"))) OR NOT(noSpamText(Session("insertUsername"))) then Session("insertUsername") = "" End If Session("insertPassword") = Upload.Form("txtPassword") If NOT(validate_string(Session("insertPassword"))) OR NOT(noSpamText(Session("insertPassword"))) then Session("insertPassword") = "" End If Session("insertupdate") = Upload.Form("hiddeninsertupdate") If NOT(validate_string(Session("insertupdate"))) OR NOT(noSpamText(Session("insertupdate"))) then Session("insertupdate") = "" End If Session("insertSiteAccess") = Upload.Form("selSiteAccess") Session("insertregionalAdminArea") = Upload.Form("selregionalAdminArea") If NOT(validate_string(Session("insertregionalAdminArea"))) OR NOT(noSpamText(Session("insertregionalAdminArea"))) then Session("insertregionalAdminArea") = "" End If Session("insertuserimage") = Upload.Form("userimage") errRedirector = "index.asp?pageid=2&sub=1&ac=6&id=" & Request.QueryString("id") & "&err=dup" %> <script language="JavaScript" type ="text/javascript" > document.location.href = '<%=errRedirector%>' </script> <% End If End If Else If NOT(validate_string(insertUsername)) OR NOT(noSpamText(insertUsername)) then insertUsername = "" End If SQLCheckDuplicate = "Select USERNAME From alchemy.TB_STAFF_USER Where Username = '" & insertUsername & "'" Set CheckDuplicate = dbconnection.execute(SQLCheckDuplicate) 'If NOT(CheckDuplicate.EOF) OR lcase(insertUsername) = "select" OR lcase(insertUsername) = "insert" OR lcase(insertUsername) = "update" OR lcase(insertUsername) = "delete" OR lcase(insertUsername) = "drop" then If NOT(CheckDuplicate.EOF) then Session("insertTitle") = Upload.Form("selTitle") If NOT(validate_string(Session("insertTitle"))) OR NOT(noSpamText(Session("insertTitle"))) then Session("insertTitle") = "" End If Session("insertGivenName") = Upload.Form("txtGivenName") If NOT(validate_string(Session("insertGivenName"))) OR NOT(noSpamText(Session("insertGivenName"))) then Session("insertGivenName") = "" End If Session("insertFamilyName") = Upload.Form("txtFamilyName") If NOT(validate_string(Session("insertFamilyName"))) OR NOT(noSpamText(Session("insertFamilyName"))) then Session("insertFamilyName") = "" End If Session("insertOfficeID") = Upload.Form("selOfficeCD") If NOT(validate_string(Session("insertOfficeID"))) OR NOT(noSpamText(Session("insertOfficeID"))) then Session("insertOfficeID") = "" End If Session("insertDepartment") = Upload.Form("txtDepartment") If NOT(validate_string(Session("insertDepartment"))) OR NOT(noSpamText(Session("insertDepartment"))) then Session("insertDepartment") = "" End If Session("insertPosition") = Upload.Form("txtPosition") If NOT(validate_string(Session("insertPosition"))) OR NOT(noSpamText(Session("insertPosition"))) then Session("insertPosition") = "" End If Session("insertResponsibility1") = Upload.Form("txtResponsibility1") If NOT(validate_string(Session("insertResponsibility1"))) OR NOT(noSpamText(Session("insertResponsibility1"))) then Session("insertResponsibility1") = "" End If Session("insertResponsibility2") = Upload.Form("txtResponsibility2") If NOT(validate_string(Session("insertResponsibility2"))) OR NOT(noSpamText(Session("insertResponsibility2"))) then Session("insertResponsibility2") = "" End If Session("insertResponsibility3") = Upload.Form("txtResponsibility3") If NOT(validate_string(Session("insertResponsibility3"))) OR NOT(noSpamText(Session("insertResponsibility3"))) then Session("insertResponsibility3") = "" End If Session("insertEmail") = Upload.Form("txtEmail") If NOT(validate_string(Session("insertEmail"))) OR NOT(noSpamText(Session("insertEmail"))) then Session("insertEmail") = "" End If Session("insertPhoneNumber") = Upload.Form("txtPhoneNumber") If NOT(validate_string(Session("insertPhoneNumber"))) OR NOT(noSpamText(Session("insertPhoneNumber"))) then Session("insertPhoneNumber") = "" End If Session("insertHomeNumber") = Upload.Form("txtHomeNumber") If NOT(validate_string(Session("insertHomeNumber"))) OR NOT(noSpamText(Session("insertHomeNumber"))) then Session("insertHomeNumber") = "" End If Session("insertFaxNumber") = Upload.Form("txtFaxNumber") If NOT(validate_string(Session("insertFaxNumber"))) OR NOT(noSpamText(Session("insertFaxNumber"))) then Session("insertFaxNumber") = "" End If Session("insertUsername") = Upload.Form("txtUsername") If NOT(validate_string(Session("insertUsername"))) OR NOT(noSpamText(Session("insertUsername"))) then Session("insertUsername") = "" End If Session("insertPassword") = Upload.Form("txtPassword") If NOT(validate_string(Session("insertPassword"))) OR NOT(noSpamText(Session("insertPassword"))) then Session("insertPassword") = "" End If Session("insertupdate") = Upload.Form("hiddeninsertupdate") If NOT(validate_string(Session("insertupdate"))) OR NOT(noSpamText(Session("insertupdate"))) then Session("insertupdate") = "" End If Session("insertSiteAccess") = Upload.Form("selSiteAccess") If NOT(validate_string(Session("insertSiteAccess"))) OR NOT(noSpamText(Session("insertSiteAccess"))) then Session("insertSiteAccess") = "" End If Session("insertuserimage") = Upload.Form("userimage") Session("insertregionalAdminAreaDetails") = Upload.Form("selregionalCountry") If NOT(validate_string(Session("insertregionalAdminAreaDetails"))) OR NOT(noSpamText(Session("insertregionalAdminAreaDetails"))) then Session("insertregionalAdminAreaDetails") = "" End If errRedirector = "index.asp?pageid=2&sub=1&ac=2&err=dup" %> <script language="JavaScript" type="text/javascript"> document.location.href = '<%=errRedirector%>' </script> <% End If End If %> <form name="frmPreviewNewStaff" method="post" action="index.asp?pageid=2&sub=1&ac=4"> <!-- #include file="../users/subsubtitlemenu.asp"--> <table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" > <tr> <td class="adminFormTitle" height="20"> Add/Update User (Preview)</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="200" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Title</h4></td> <td colspan="2"> <% SQLShowTitle = "Select Title FROM alchemy.tb_Staff_Title WHERE Title_ID = " & insertTitle Set ShowTitle = dbconnection.execute(SQLShowTitle) TitleOutput = ShowTitle("Title") %> <input type="hidden" name="hiddenTitle" value="<%=insertTitle%>"/><%=TitleOutput%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Given Name</h4></td> <td colspan="2"> <input type="hidden" name="hiddenGivenName" value="<%=insertGivenName%>"/><%=insertGivenName%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Family Name</h4></td> <td colspan="2"> <input type="hidden" name="hiddenFamilyName" value="<%=insertFamilyName%>"/><%=insertFamilyName%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Office</h4></td> <td colspan="2"> <% SQLShowOfficeCD = "Select Office_CD FROM alchemy.tb_Office WHERE Office_ID = " & insertOfficeID Set ShowOfficeCD = dbconnection.execute(SQLShowOfficeCD) OfficeOutput = ShowOfficeCD("Office_CD") %> <input type="hidden" name="hiddenOfficeID" value="<%=insertOfficeID%>"/><%=OfficeOutput%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Department</h4></td> <td colspan="2"> <input type="hidden" name="hiddenDepartment" value="<%=insertDepartment%>"/><%=insertDepartment%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Position</h4></td> <td colspan="2"> <input type="hidden" name="hiddenPosition" value="<%=insertPosition%>"/><%=insertPosition%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">1st Responsibility</h4></td> <td colspan="2"> <input type="hidden" name="hiddenResponsibility1" value="<%=insertResponsibility1%>"/><%=insertResponsibility1%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">2nd Responsibility</h4></td> <td colspan="2"> <input type="hidden" name="hiddenResponsibility2" value="<%=insertResponsibility2%>"/><%=insertResponsibility2%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">3rd Responsibility</h4></td> <td colspan="2"> <input type="hidden" name="hiddenResponsibility3" value="<%=insertResponsibility3%>"/><%=insertResponsibility3%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Email</h4></td> <td colspan="2"> <input type="hidden" name="hiddenEmail" value="<%=insertEmail%>"/><%=insertEmail%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Phone Number</h4></td> <td colspan="2"> <input type="hidden" name="hiddenPhoneNumber" value="<%=insertPhoneNumber%>"/><%=insertPhoneNumber%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Alternate Phone Number</h4></td> <td colspan="2"> <input type="hidden" name="hiddenHomeNumber" value="<%=insertHomeNumber%>"/><%=insertHomeNumber%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Fax Number</h4></td> <td colspan="2"> <input type="hidden" name="hiddenFaxNumber" value="<%=insertFaxNumber%>"/><%=insertFaxNumber%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">User image</h4></td> <td colspan="2"> <%=attachmentName%><input type="hidden" name="hiddenuserimage" value="<%=attachlastID%>"/> </td> </tr> <tr> <td width="500" colspan="3" class="accessTitle">User profile</td> </tr> <tr> <td bgcolor="#D0D6DF" valign="top"><h4 style="color: #23364F;">Site access</h4></td> <td colspan="2"> <% regionalAdmin = false appAdmin = false for x="0" to Ubound(Session("typeArray_mul"), 2) for y="0" to Ubound(Session("newUserTypes")) if (CInt(Session("newUserTypes")(y)) = Session("typeArray_mul")(0, x)) then response.write Session("typeArray_mul")(1, x) & "<br>" & vbCRLF Select Case Session("typeArray_mul")(0, x) Case 2, 3 regionalAdmin = true Case 4, 7 appAdmin = true End Select end if next next %> </td> </tr> <% If regionalAdmin then %> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Region Responsibility</h4></td> <td colspan="2"> <% for x="0" to Ubound(Session("countryArray_mul"), 2) if (Session("countryArray_mul")(0, x) = Session("regioncode")) then response.write Session("countryArray_mul")(1, x) exit for end if next %> </td> </tr> <% End If If appAdmin then %> <tr> <td bgcolor="#D0D6DF" valign="top"><h4 style="color: #23364F;">Application Responsibility</h4></td> <td colspan="2"> <% for x="0" to Ubound(Session("appArray_mul"), 2) for y="0" to Ubound(Session("newAppID")) if (CInt(Session("newAppID")(y)) = Session("appArray_mul")(0, x)) then response.write Session("appArray_mul")(1, x) if (Session("applevel" & Session("newAppID")(y)) <> "") then rs.open "Alchemy.sp_GetAppLevelDsc " & Session("applevel" & Session("newAppID")(y)), dbconnection if not rs.EOF then response.write " - " & trim(rs(0)) end if rs.close end if response.write "<br>" & vbCRLF exit for end if next next %> </td> </tr> <% End If %> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Username</h4></td> <td colspan="2"> <input type="hidden" name="hiddenUsername" value="<%=insertUsername%>"/> <% if (NOT sAccessAppAdmin) then %> <%=insertUsername%> <% else response.write "********" end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Password</h4></td> <td colspan="2"> <input type="hidden" name="hiddenPassword" value="<%=insertPassword%>"/> <% 'if (NOT sAccessAppAdmin) then %> <%'=insertPassword%> <% 'else response.write "********" 'end if %> </td> </tr> <tr> <td width="150" style="border-width: 0px;"> </td> <td align="right" colspan="2" style="border-width: 0px;"> <input type="button" value="« Back" class="adminFormButton" onclick="history.back();"/> <input type="submit" value="Save »" class="adminFormButton"/> <input type="hidden" name="hiddeninsertupdate" value="<%=insertupdate%>"/> <input type="hidden" name="hiddenStaffID" value="<%=Upload.Form("hiddenStaffID")%>"/> </td> </tr> <tr> <td width="200" style="height: 1px; border-width: 0px;"><img src="../images/spacer.gif" width="200" height="1" alt=""/></td> <td width="150" style="height: 1px; border-width: 0px;"><img src="../images/spacer.gif" width="150" height="1" alt=""/></td> <td width="200" style="height: 1px; border-width: 0px;"><img src="../images/spacer.gif" width="200" height="1" alt=""/></td> </tr> </table> </form> <% '############################################# '### Insert/Update staff into the database ### '############################################# Case 4 %> <!-- #include file="../users/subsubtitlemenu.asp"--> <% insertTitle = Request.Form("hiddenTitle") If NOT(validate_string(insertTitle)) OR NOT(noSpamText(insertTitle)) then insertTitle = "" End If insertGivenName = CleanForInput(Request.Form("hiddenGivenName")) If NOT(validate_string(insertGivenName)) OR NOT(noSpamText(insertGivenName)) then insertGivenName = "" End If insertFamilyName = CleanForInput(Request.Form("hiddenFamilyName")) If NOT(validate_string(insertFamilyName)) OR NOT(noSpamText(insertFamilyName)) then insertFamilyName = "" End If insertOfficeID = Request.Form("hiddenOfficeID") If NOT(validate_string(insertOfficeID)) OR NOT(noSpamText(insertOfficeID)) then insertOfficeID = "" End If insertDepartment = CleanForInput(Request.Form("hiddenDepartment")) If NOT(validate_string(insertDepartment)) OR NOT(noSpamText(insertDepartment)) then insertDepartment = "" End If insertPosition = CleanForInput(Request.Form("hiddenPosition")) If NOT(validate_string(insertPosition)) OR NOT(noSpamText(insertPosition)) then insertPosition = "" End If insertResponsibility1 = CleanForInput(Request.Form("hiddenResponsibility1")) If NOT(validate_string(insertResponsibility1)) OR NOT(noSpamText(insertResponsibility1)) then insertResponsibility1 = "" End If insertResponsibility2 = CleanForInput(Request.Form("hiddenResponsibility2")) If NOT(validate_string(insertResponsibility2)) OR NOT(noSpamText(insertResponsibility2)) then insertResponsibility2 = "" End If insertResponsibility3 = CleanForInput(Request.Form("hiddenResponsibility3")) If NOT(validate_string(insertResponsibility3)) OR NOT(noSpamText(insertResponsibility3)) then insertResponsibility3 = "" End If insertEmail = CleanForInput(Request.Form("hiddenEmail")) If NOT(validate_string(insertEmail)) OR NOT(noSpamText(insertEmail)) then insertEmail = "" End If insertPhoneNumber = CleanForInput(Request.Form("hiddenPhoneNumber")) If NOT(validate_string(insertPhoneNumber)) OR NOT(noSpamText(insertPhoneNumber)) then insertPhoneNumber = "" End If insertHomeNumber = CleanForInput(Request.Form("hiddenHomeNumber")) If NOT(validate_string(insertHomeNumber)) OR NOT(noSpamText(insertHomeNumber)) then insertHomeNumber = "" End If insertFaxNumber = CleanForInput(Request.Form("hiddenFaxNumber")) If NOT(validate_string(insertFaxNumber)) OR NOT(noSpamText(insertFaxNumber)) then insertFaxNumber = "" End If insertUsername = CleanForInput(Request.Form("hiddenUsername")) If NOT(validate_string(insertUsername)) OR NOT(noSpamText(insertUsername)) then insertUsername = "" End If insertPassword = CleanForInput(Request.Form("hiddenPassword")) If NOT(validate_string(insertPassword)) OR NOT(noSpamText(insertPassword)) then insertPassword = "" End If insertupdate = Request.Form("hiddeninsertupdate") If NOT(validate_string(insertupdate)) OR NOT(noSpamText(insertupdate)) then insertupdate = "" End If insertStaffID = Request.Form("hiddenStaffID") If NOT(checkForID(insertStaffID)) AND insertStaffID <> "" then insertStaffID = "" End If insertSiteAccess = Request.Form("hiddenSiteAccess") If NOT(validate_string(insertSiteAccess)) OR NOT(noSpamText(insertSiteAccess)) then insertSiteAccess = "" End If insertregionalAdminArea = Request.Form("hiddenregionalAdminArea") If NOT(validate_string(insertregionalAdminArea)) OR NOT(noSpamText(insertregionalAdminArea)) then insertregionalAdminArea = "" End If If insertregionalAdminArea = "" then insertregionalAdminArea = 0 End If insertregionalAdminAreaDetails = Request.Form("hiddenregionalAdminAreaDetails") If insertregionalAdminAreaDetails = "" then insertregionalAdminAreaDetails = 0 End If insertuserimage = Request.Form("hiddenuserimage") insertToday = date() 'dayToday = Mid(insertToday, 1, 2) 'monthToday = Mid(insertToday, 4, 2) 'yearToday = Mid(insertToday, 7, 4) 'insertToday = dayToday & "/" & monthToday & "/" & yearToday If insertupdate = "ins" then 'Insert staff information SQLInsertStaff = "INSERT INTO alchemy.tb_Staff " SQLInsertStaff = SQLInsertStaff & "(Title, Given_Name, Family_Name, Office_ID, Department, Position_Info, Responsibility_1, Responsibility_2, Responsibility_3, Email, Tel_Number, Home_Number, Fax_Number,User_Image, Active)" SQLInsertStaff = SQLInsertStaff & "VALUES " SQLInsertStaff = SQLInsertStaff & "(" & insertTitle & ", '" & insertGivenName & "', '" & insertFamilyName & "' , " & insertOfficeID & ", '" & insertDepartment & "', '" & insertPosition & "', '" & insertResponsibility1 & "', '" & insertResponsibility2 & "', '" & insertResponsibility3 & "', '" & insertEmail & "', '" & insertPhoneNumber & "', '" & insertHomeNumber & "', '" & insertFaxNumber & "', '" & insertuserimage & "', 1)" 'DEBUG Response.Write SQLInsertStaff dbconnection.execute(SQLInsertStaff) Set GetLastID = dbconnection.execute("Select @@identity AS LastID FROM alchemy.tb_Staff") insertLastID = GetLastID("LastID") 'Response.Write insertLastID 'Insert User information SQLInsertUser = "INSERT INTO alchemy.tb_Staff_User " SQLInsertUser = SQLInsertUser & "(Staff_ID, Username, Password, Date_Assigned, New_Password) " SQLInsertUser = SQLInsertUser & "VALUES " SQLInsertUser = SQLInsertUser & "(" & insertLastID & ",'" & insertUsername & "', '" & insertPassword & "', '" & insertToday & "', 0)" 'Response.Write SQLinsertUser 'Response.End dbconnection.execute(SQLInsertUser) 'Insert Access information 'SQLInsertUserAccess = "INSERT INTO tb_Staff_User_Access " 'SQLInsertUserAccess = SQLInsertUserAccess & "(Staff_ID, Site_Access, Regional_Administration_Area, Regional_Administration_Area_DSC) " 'SQLInsertUserAccess = SQLInsertUserAccess & " VALUES " 'SQLInsertUserAccess = SQLInsertUserAccess & "(" & insertLastID & ", " & insertSiteAccess & ", " & insertRegionalAdminArea & ", '" & insertRegionalAdminAreaDetails & "')" 'dbconnection.execute(SQLInsertUserAccess) regionalAdmin = false appAdmin = false for x="0" to Ubound(Session("newUserTypes")) mySQL = "INSERT INTO TB_USER_TYPE_LOOKUP (STAFF_ID, USER_TYPE_ID) VALUES (" & insertLastID & ", " & Session("newUserTypes")(x) & ")" dbconnection.execute(mySQL) Select Case Session("newUserTypes")(x) Case 2, 3 regionalAdmin = true Case 4, 7 appAdmin = true End Select next if (regionalAdmin) then mySQL = "INSERT INTO TB_USER_REGION_LOOKUP (STAFF_ID, COUNTRY_CD) VALUES (" & insertLastID & ", '" & Session("regioncode") & "')" dbconnection.execute(mySQL) end if if (appAdmin) then for x="0" to Ubound(Session("newAppID")) mySQL = "INSERT INTO dbo.TB_USER_APP_LOOKUP (STAFF_ID, APP_ID) VALUES (" & insertLastID & ", " & Session("newAppID")(x) & ")" dbconnection.execute(mySQL) if (Session("applevel" & Session("newAppID")(x)) <> "") then mySQL = "INSERT INTO dbo.TB_USER_APPLEVEL_LOOKUP (STAFF_ID, APP_LEVEL_ID) VALUES (" & insertLastID & ", " & Session("applevel" & Session("newAppID")(x)) & ")" dbconnection.execute(mySQL) end if next end if Session("newAppID") = "" Session("regioncode") = "" Session("newUserTypes") = "" 'Response.Write SQLInsertUserAccess 'Response.End Else 'Update Staff information SQLUpdateStaff = "UPDATE Alchemy.tb_Staff " SQLUpdateStaff = SQLUpdateStaff & "SET Title = " & insertTitle & ", Given_Name = '" & insertGivenName & "'" & ", Family_Name = '" & insertFamilyName & "'" & ", Office_ID = " & insertOfficeID & "" & ", Department = '" & insertDepartment & "'" & ", Position_Info = '" & insertPosition & "'" & ", Responsibility_1 = '" & insertResponsibility1 & "'" & ", Responsibility_2 = '" & insertResponsibility2 & "'" & ", Responsibility_3 = '" & insertResponsibility3 & "'" & ", Email = '" & insertEmail & "'" & ", Tel_Number = '" & insertPhoneNumber & "'" & ", Home_Number = '" & insertHomeNumber & "'"& ", Fax_Number = '" & insertFaxNumber & "', User_Image = '" & insertUserImage & "' " SQLUpdateStaff = SQLUpdateStaff & "WHERE Staff_ID = " & (insertStaffID) dbconnection.execute(SQLUpdateStaff) 'Update User information SQLUpdateUser = "Update Alchemy.tb_Staff_User " SQLUpdateUser = SQLUpdateUser & "SET Username = '" & insertUsername & "', Password = '" & insertPassword & "'" SQLUpdateUser = SQLUpdateUser & " WHERE Staff_ID = " & (insertStaffID) dbconnection.execute(SQLUpdateUser) 'Update User Access information 'SQLUpdateUserAccess = "Update tb_Staff_User_Access " 'SQLUpdateUserAccess = SQLUpdateUserAccess & "SET Site_Access = '" & insertSiteAccess & "', Regional_Administration_Area = '" & insertregionalAdminArea & "', Regional_Administration_Area_DSC = '" & insertregionalAdminAreaDetails & "'" 'SQLUpdateUserAccess = SQLUpdateUserAccess & " WHERE Staff_ID = " & insertStaffID 'dbconnection.execute(SQLUpdateUserAccess) mySQL = "DELETE FROM TB_USER_REGION_LOOKUP WHERE STAFF_ID = " & insertStaffID dbconnection.execute(mySQL) if (superAdmin) then mySQL = "DELETE FROM TB_USER_TYPE_LOOKUP WHERE STAFF_ID = " & insertStaffID dbconnection.execute(mySQL) mySQL = "DELETE FROM TB_USER_APP_LOOKUP WHERE STAFF_ID = " & insertStaffID dbconnection.execute(mySQL) mySQL = "DELETE FROM TB_USER_APPLEVEL_LOOKUP WHERE STAFF_ID = " & insertStaffID dbconnection.execute(mySQL) else 'Build a list of user type ids that the current user has access to userTypeIds = "" for i="0" to Ubound(Session("typeArray_mul"), 2) userTypeIds = userTypeIds & Session("typeArray_mul")(0, i) & "," next userTypeIds = CleanListString(userTypeIds) userAppIds = "" userAppLevelIds = "" if (IsArray(Session("userAppID"))) then 'Build a list of user application ids that the current user has access to for i="0" to Ubound(Session("userAppID")) userAppIds = userAppIds & Session("userAppID")(i) & "," next userAppIds = CleanListString(userAppIds) 'Build a list of user level ids that the current user has access to mySQL = "SELECT APP_LEVEL_ID FROM TB_APP_LEVELS WHERE APP_ID IN (" & userAppIds & ")" rs.open mySQL, dbconnection appLevIds = rs.GetRows rs.close for i="0" to Ubound(appLevIds, 2) userAppLevelIds = userAppLevelIds & appLevIds(0,i) & "," next userAppLevelIds = CleanListString(userAppLevelIds) end if if (sAccessAppAdmin) then mySQL = "DELETE FROM TB_USER_TYPE_LOOKUP WHERE STAFF_ID = " & int(insertStaffID) & " AND USER_TYPE_ID = 4" dbconnection.execute(mySQL) mySQL = "DELETE FROM TB_USER_APP_LOOKUP WHERE STAFF_ID = " & int(insertStaffID) & " AND APP_ID IN (" & userAppIds & ")" dbconnection.execute(mySQL) mySQL = "DELETE FROM TB_USER_APPLEVEL_LOOKUP WHERE STAFF_ID = " & int(insertStaffID) & " AND APP_LEVEL_ID IN (" & userAppLevelIds & ")" dbconnection.execute(mySQL) else mySQL = "DELETE FROM TB_USER_TYPE_LOOKUP WHERE STAFF_ID = " & int(insertStaffID) & " AND USER_TYPE_ID IN (" & userTypeIds & ")" dbconnection.execute(mySQL) if (userAppIds <> "") then mySQL = "DELETE FROM TB_USER_APP_LOOKUP WHERE STAFF_ID = " & int(insertStaffID) & " AND APP_ID IN (" & userAppIds & ")" dbconnection.execute(mySQL) end if if (userAppLevelIds <> "") then mySQL = "DELETE FROM TB_USER_APPLEVEL_LOOKUP WHERE STAFF_ID = " & int(insertStaffID) & " AND APP_LEVEL_ID IN (" & userAppLevelIds & ")" dbconnection.execute(mySQL) end if end if end if regionalAdmin = false appAdmin = false for x="0" to Ubound(Session("newUserTypes")) mySQL = "INSERT INTO TB_USER_TYPE_LOOKUP (STAFF_ID, USER_TYPE_ID) VALUES (" & insertStaffID & ", " & Session("newUserTypes")(x) & ")" dbconnection.execute(mySQL) Select Case Session("newUserTypes")(x) Case 2, 3 regionalAdmin = true Case 4, 7 appAdmin = true End Select next if (regionalAdmin) then mySQL = "INSERT INTO TB_USER_REGION_LOOKUP (STAFF_ID, COUNTRY_CD) VALUES (" & insertStaffID & ", '" & Session("regioncode") & "')" dbconnection.execute(mySQL) end if if (appAdmin) then for x="0" to Ubound(Session("newAppID")) mySQL = "INSERT INTO TB_USER_APP_LOOKUP (STAFF_ID, APP_ID) VALUES (" & insertStaffID & ", " & Session("newAppID")(x) & ")" dbconnection.execute(mySQL) if (Session("applevel" & Session("newAppID")(x)) <> "") then mySQL = "INSERT INTO TB_USER_APPLEVEL_LOOKUP (STAFF_ID, APP_LEVEL_ID) VALUES (" & insertStaffID & ", " & Session("applevel" & Session("newAppID")(x)) & ")" dbconnection.execute(mySQL) end if next end if End If 'Response.Write SQLInsertStaff If insertupdate = "ins" then OutputTitle = "Confirmation of User insertion" OutputText = "The User has been added to the database." Else OutputTitle = "Confirmation of User update" OutputText = "The User information has been updated in database." End If %> <table width="100%" height="20" cellpadding="0" cellspacing="0" border="0" align="center"> <tr> <td class="adminFormTitle" height="20"> <%=OutputTitle%></td> </tr> </table> <table width="100%" height="100" cellpadding="0" cellspacing="0" border="0" id="insertTable" align="center"> <tr> <td height="100" valign="top"> <br/><br/> <%=OutputText%><br/><br/> <% If insertupdate = "ins" then %> <a href="index.asp?pageid=2&sub=1&ac=2" onmouseover="self.status='Add another User';return true;" onmouseout="self.status='';return true;">>> Add another User</a><br/> <% End If %> <a href="index.asp?pageid=2&sub=1" onmouseover="self.status='View User list';return true;" onmouseout="self.status='';return true;">>> View User list</a> </td> </tr> </table> <% Case 5 'View Staff details detailsID = Request.QueryString("id") If NOT(checkForID(detailsID)) AND detailsID <> "" then detailsID = "" End If SQLGetDetails = "Select * from alchemy.tb_Staff where Staff_ID = " & int(detailsID) GetDetails = dbconnection.execute(SQLGetDetails) viewTitle = GetDetails("Title") If NOT(validate_string(viewTitle)) OR NOT(noSpamText(viewTitle)) then viewTitle = "" End If viewGivenName = GetDetails("Given_Name") If NOT(validate_string(viewGivenName)) OR NOT(noSpamText(viewGivenName)) then viewGivenName = "" End If viewFamilyName = GetDetails("Family_Name") If NOT(validate_string(viewFamilyName)) OR NOT(noSpamText(viewFamilyName)) then viewFamilyName = "" End If viewOfficeID = GetDetails("Office_ID") If NOT(checkForID(viewOfficeID)) AND viewOfficeID <> "" then viewOfficeID = "" End If viewDepartment = GetDetails("Department") If NOT(validate_string(viewDepartment)) OR NOT(noSpamText(viewDepartment)) then viewDepartment = "" End If viewPosition = GetDetails("Position_Info") If NOT(validate_string(viewPosition)) OR NOT(noSpamText(viewPosition)) then viewPosition = "" End If viewResponsibility1 = GetDetails("Responsibility_1") If NOT(validate_string(viewResponsibility1)) OR NOT(noSpamText(viewResponsibility1)) then viewResponsibility1 = "" End If viewResponsibility2 = GetDetails("Responsibility_2") If NOT(validate_string(viewResponsibility2)) OR NOT(noSpamText(viewResponsibility2)) then viewResponsibility2 = "" End If viewResponsibility3 = GetDetails("Responsibility_3") If NOT(validate_string(viewResponsibility3)) OR NOT(noSpamText(viewResponsibility3)) then viewResponsibility3 = "" End If viewEmail = GetDetails("Email") If NOT(validate_string(viewEmail)) OR NOT(noSpamText(viewEmail)) then viewEmail = "" End If viewPhoneNumber = GetDetails("Tel_Number") If NOT(validate_string(viewPhoneNumber)) OR NOT(noSpamText(viewPhoneNumber)) then viewPhoneNumber = "" End If viewHomeNumber = GetDetails("Home_Number") If NOT(validate_string(viewHomeNumber)) OR NOT(noSpamText(viewHomeNumber)) then viewHomeNumber = "" End If viewFaxNumber = GetDetails("Fax_Number") If NOT(validate_string(viewFaxNumber)) OR NOT(noSpamText(viewFaxNumber)) then viewFaxNumber = "" End If viewuserimage = GetDetails("User_Image") 'Get user details SQLGetUserDetails = "Select * from alchemy.tb_Staff_User where Staff_ID = " & int(detailsID) Set GetUserDetails = dbconnection.execute(SQLGetUserDetails) If NOT(GetUserDetails.EOF) then viewUsername = GetUserDetails("Username") viewPassword = GetUserDetails("Password") End If 'Get user access details 'SQLGetUserAccess = "Select * from tb_Staff_User_Access where Staff_ID = " & detailsID 'Set GetUserAccess = dbconnection.execute(SQLGetUserAccess) 'If NOT(GetUserAccess.EOF) then ' viewSiteAccess = GetUserAccess("Site_Access") ' viewRegionalAdminArea = GetUserAccess("Regional_Administration_Area") ' viewRegionalAdminAreaDetails = GetUserAccess("Regional_Administration_Area_DSC") 'End If Session("newUserTypes") = "" Session("regioncode") = "" Session("newAppID") = "" regionAdmin = false appAdmin = false mySQL = "SELECT * FROM TB_USER_TYPE_LOOKUP WHERE STAFF_ID = " & int(detailsID) rs.open mySQL, dbconnection if NOT rs.EOF then typeIDs = "" while NOT rs.EOF typeIDs = typeIDs & trim(rs("USER_TYPE_ID")) & "," Select Case trim(rs("USER_TYPE_ID")) Case 2, 3 regionAdmin = true Case 4, 7 appAdmin = true End Select rs.MoveNext wend Session("newUserTypes") = split(CleanListString(typeIDs), ",") end if rs.close if (regionAdmin) then mySQL = "SELECT * FROM TB_USER_REGION_LOOKUP WHERE STAFF_ID = " & int(detailsID) rs.open mySQL, dbconnection if NOT rs.EOF then typeIDs = "" Session("regioncode") = trim(rs("COUNTRY_CD")) end if rs.close end if if (appAdmin) then mySQL = "SELECT * FROM TB_USER_APP_LOOKUP WHERE STAFF_ID = " & int(detailsID) rs.open mySQL, dbconnection if NOT rs.EOF then appIDs = "" while NOT rs.EOF appIDs = appIDs & trim(rs("APP_ID")) & "," rs.MoveNext wend Session("newAppID") = split(CleanListString(appIDs), ",") end if rs.close mySQL = "SELECT * FROM TB_USER_APPLEVEL_LOOKUP JOIN TB_APP_LEVELS ON TB_USER_APPLEVEL_LOOKUP.APP_LEVEL_ID = TB_APP_LEVELS.APP_LEVEL_ID WHERE STAFF_ID = " & detailsID rs.open mySQL, dbconnection if NOT rs.EOF then while NOT rs.EOF Session("app" & trim(rs("APP_ID")) & "level") = trim(rs("APP_LEVEL_ID")) rs.MoveNext wend end if rs.close end if %> <form name="frmPreviewNewStaff" method="post" action="index.asp?pageid=2&sub=1&ac=6&id=<%=detailsID%>"> <!-- #include file="../users/subsubtitlemenu.asp"--> <table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" height="20"> <tr> <td class="adminFormTitle" height="20"> View details</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="200" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Title</h4></td> <td> <% SQLShowTitle = "Select Title FROM alchemy.tb_Staff_Title WHERE Title_ID = " & viewTitle Set ShowTitle = dbconnection.execute(SQLShowTitle) TitleOutput = ShowTitle("Title") %> <input type="hidden" name="hiddenTitle" value="<%=viewTitle%>"/><%=TitleOutput%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Given Name</h4></td> <td> <input type="hidden" name="hiddenGivenName" value="<%=viewGivenName%>"/><%=viewGivenName%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Family Name</h4></td> <td> <input type="hidden" name="hiddenFamilyName" value="<%=viewFamilyName%>"/><%=viewFamilyName%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Office</h4></td> <td> <% SQLShowOfficeCD = "Select Office_CD FROM alchemy.tb_Office WHERE Office_ID = " & viewOfficeID Set ShowOfficeCD = dbconnection.execute(SQLShowOfficeCD) OfficeOutput = ShowOfficeCD("Office_CD") %> <input type="hidden" name="hiddenOfficeID" value="<%=viewOfficeID%>"/><%=OfficeOutput%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Department</h4></td> <td> <input type="hidden" name="hiddenDepartment" value="<%=viewDepartment%>"/><%=viewDepartment%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Position</h4></td> <td> <input type="hidden" name="hiddenPosition" value="<%=viewPosition%>"/><%=viewPosition%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">1st Responsibility</h4></td> <td> <input type="hidden" name="hiddenResponsibility1" value="<%=viewResponsibility1%>"/><%=viewResponsibility1%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">2nd Responsibility</h4></td> <td> <input type="hidden" name="hiddenResponsibility2" value="<%=viewResponsibility2%>"/><%=viewResponsibility2%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">3rd Responsibility</h4></td> <td> <input type="hidden" name="hiddenResponsibility3" value="<%=viewResponsibility3%>"/><%=viewResponsibility3%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Email</h4></td> <td> <input type="hidden" name="hiddenEmail" value="<%=viewEmail%>"/><%=viewEmail%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Phone Number</h4></td> <td> <input type="hidden" name="hiddenPhoneNumber" value="<%=viewPhoneNumber%>"/><%=viewPhoneNumber%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Alternate Phone Number</h4></td> <td> <input type="hidden" name="hiddenHomeNumber" value="<%=viewHomeNumber%>"/><%=viewHomeNumber%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Fax Number</h4></td> <td> <input type="hidden" name="hiddenFaxNumber" value="<%=viewFaxNumber%>"/><%=viewFaxNumber%> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">User image</h4></td> <td> <% If viewuserimage <> "" AND viewuserimage <> 0 then Set GetAttachment = dbconnection.execute("Select * From TB_USER_IMAGE Where ATTACHMENT_ID = " & int(viewuserimage)) If NOT(GetAttachment.EOF) then %> <a href="../attachments_view.asp?tp=usrim&id=<%=trim(GetAttachment("ATTACHMENT_ID"))%>"><%=trim(GetAttachment("ATTACHMENT_NAME"))%></a> - (<%=trim(GetAttachment("ATTACHMENT_SIZE"))%>b)<br/> <% End If Else Response.Write " " End If %> </td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center"> <tr> <td width="100%" colspan="2" class="accessTitle">User profile</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="200" bgcolor="#D0D6DF" valign="top"><h4 style="color: #23364F;">Site access</h4></td> <td colspan="2"> <% regionalAdmin = false appAdmin = false for x="0" to Ubound(Session("typeArray_mul"), 2) for y="0" to Ubound(Session("newUserTypes")) if (CInt(Session("newUserTypes")(y)) = Session("typeArray_mul")(0, x)) then response.write Session("typeArray_mul")(1, x) & "<br>" & vbCRLF Select Case Session("typeArray_mul")(0, x) Case 2, 3 regionalAdmin = true Case 4, 7 appAdmin = true End Select end if next next %> </td> </tr> <% If regionalAdmin then %> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Region Responsibility</h4></td> <td colspan="2"> <% for x="0" to Ubound(Session("countryArray_mul"), 2) if (Session("countryArray_mul")(0, x) = Session("regioncode")) then response.write Session("countryArray_mul")(1, x) exit for end if next %> </td> </tr> <% End If If appAdmin then %> <tr> <td bgcolor="#D0D6DF" valign="top"><h4 style="color: #23364F;">Application Responsibility</h4></td> <td colspan="2"> <% for x="0" to Ubound(Session("appArray_mul"), 2) for y="0" to Ubound(Session("newAppID")) if (CInt(Session("newAppID")(y)) = Session("appArray_mul")(0, x)) then response.write Session("appArray_mul")(1, x) if (Session("applevel" & Session("newAppID")(y)) <> "") then rs.open "Alchemy.sp_GetAppLevelDsc " & Session("applevel" & Session("newAppID")(y)), dbconnection if not rs.EOF then response.write " - " & trim(rs(0)) end if rs.close end if response.write "<br>" & vbCRLF exit for end if next next %> </td> </tr> <% End If %> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="200" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Username</h4></td> <td> <input type="hidden" name="hiddenUsername" value="<%=viewUsername%>"/> <% if (superAdmin) then response.write viewUsername else response.write "********" end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Password</h4></td> <td> <input type="hidden" name="hiddenPassword" value="<%=viewPassword%>"/> <% 'if (superAdmin) then ' response.write viewPassword 'else response.write "********" 'end if %> </td> </tr> <tr> <td width="150" style="border-width: 0px;"> </td> <td align="right" style="border-width: 0px;"> <input type="button" value="« Back" class="adminFormButton" onclick="history.back();"/> <input type="submit" value="Edit »" class="adminFormButton"/> </td> </tr> </table> </form> <% Case 6 '###################### '# Edit staff details # '###################### If Request.QueryString("atid") <> "" then atid = request("atid") If NOT(checkForID(atid)) AND atid <> "" then atid = "" End If dbconnection.execute("Delete From TB_USER_IMAGE Where ATTACHMENT_ID = " & int(atid)) thisID = request("id") If NOT(checkForID(thisID)) AND thisID <> "" then thisID = "" End If dbconnection.execute("Update alchemy.TB_STAFF SET User_Image = NULL WHERE STAFF_ID = " & int(thisID)) End If detailsID = Request.QueryString("id") thisID = request("id") If NOT(checkForID(detailsID)) AND detailsID <> "" then detailsID = "" End If SQLGetDetails = "Select * from alchemy.tb_Staff where Staff_ID = " & int(detailsID) GetDetails = dbconnection.execute(SQLGetDetails) viewStaffID = GetDetails("Staff_ID") viewTitle = GetDetails("Title") viewGivenName = GetDetails("Given_Name") viewFamilyName = GetDetails("Family_Name") viewOfficeID = GetDetails("Office_ID") viewDepartment = GetDetails("Department") viewPosition = GetDetails("Position_Info") viewResponsibility1 = GetDetails("Responsibility_1") viewResponsibility2 = GetDetails("Responsibility_2") viewResponsibility3 = GetDetails("Responsibility_3") viewEmail = GetDetails("Email") viewPhoneNumber = GetDetails("Tel_Number") viewHomeNumber = GetDetails("Home_Number") viewFaxNumber = GetDetails("Fax_Number") viewuserimage = GetDetails("User_Image") SQLGetUserDetails = "Select * from alchemy.tb_Staff_User where Staff_ID = " & int(detailsID) 'Response.Write SQLGetUserDetails 'Response.End Set GetUserDetails = dbconnection.execute(SQLGetUserDetails) If NOT(GetUserDetails.EOF) then viewUsername = GetUserDetails("Username") viewPassword = GetUserDetails("Password") End If 'Get user access details 'SQLGetUserAccess = "Select * from tb_Staff_User_Access where Staff_ID = " & detailsID 'Set GetUserAccess = dbconnection.execute(SQLGetUserAccess) 'If NOT(GetUserAccess.EOF) then ' viewSiteAccess = GetUserAccess("Site_Access") ' viewRegionalAdminArea = GetUserAccess("Regional_Administration_Area") ' viewRegionalAdminAreaDetails = GetUserAccess("Regional_Administration_Area_DSC") 'End If Session("newUserTypes") = "" Session("regioncode") = "" Session("newAppID") = "" regionAdmin = false appAdmin = false mySQL = "SELECT * FROM TB_USER_TYPE_LOOKUP WHERE STAFF_ID = " & int(detailsID) 'DEBUG 'response.write "mySQL = " & mySQL & "<br>" & vbCRLF rs.open mySQL, dbconnection if NOT rs.EOF then typeIDs = "" while NOT rs.EOF typeIDs = typeIDs & trim(rs("USER_TYPE_ID")) & "," Select Case trim(rs("USER_TYPE_ID")) Case 2, 3 regionAdmin = true Case 4, 7 appAdmin = true End Select rs.MoveNext wend Session("newUserTypes") = split(CleanListString(typeIDs), ",") 'DEBUG 'response.write "typeIDs = " & typeIDs & "<br>" & vbCRLF end if rs.close if (regionAdmin) then mySQL = "SELECT * FROM TB_USER_REGION_LOOKUP WHERE STAFF_ID = " & int(detailsID) rs.open mySQL, dbconnection if NOT rs.EOF then typeIDs = "" Session("regioncode") = trim(rs("COUNTRY_CD")) end if rs.close end if if (appAdmin) then mySQL = "SELECT * FROM TB_USER_APP_LOOKUP WHERE STAFF_ID = " & int(detailsID) rs.open mySQL, dbconnection if NOT rs.EOF then appIDs = "" while NOT rs.EOF appIDs = appIDs & trim(rs("APP_ID")) & "," rs.MoveNext wend Session("newAppID") = split(CleanListString(appIDs), ",") end if rs.close mySQL = "SELECT * FROM TB_USER_APPLEVEL_LOOKUP JOIN TB_APP_LEVELS ON TB_USER_APPLEVEL_LOOKUP.APP_LEVEL_ID = TB_APP_LEVELS.APP_LEVEL_ID WHERE STAFF_ID = " & int(detailsID) rs.open mySQL, dbconnection if NOT rs.EOF then while NOT rs.EOF ' Session("app" & trim(rs("APP_ID")) & "level") = trim(rs("APP_LEVEL_ID")) Session("app" & trim(rs("APP_ID")) & "level") = trim(rs("APP_LEVEL_ID")) rs.MoveNext wend end if rs.close end if %> <% Session("alreadyUsername") = viewUsername 'DEBUG 'response.write "sAccessAppAdmin = " & sAccessAppAdmin & "<br>" & vbCRLF 'response.write "regionAdmin = " & regionAdmin & "<br>" & vbCRLF 'response.write "appAdmin = " & appAdmin & "<br>" & vbCRLF %> <form name="frmNewStaff" method="post" action="index.asp?pageid=2&sub=1&ac=3&id=<%=detailsID%>" onsubmit="return validateUserForm();" enctype="multipart/form-data"> <!-- #include file="../users/subsubtitlemenu.asp"--> <table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" height="20"> <tr> <td class="adminFormTitle" height="20"> Edit details</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <% If Request.QueryString("err") = "dup" then %> <tr> <td colspan="2" width="100%"><font color="#FF0000">It appears this Username is already used. Please change the Username and submit again.</font></td> </tr> <% End If %> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="200" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Title</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then SQLGetTitles = "exec alchemy.sp_GETALL @outputTable = 'alchemy.tb_Staff_Title'" Set GetTitles = dbconnection.execute(SQLGetTitles) %> <select name="selTitle" style="width: 140px;"> <% While NOT(GetTitles.EOF) %> <option value="<%=GetTitles("Title_ID")%>" <%If cint(viewTitle) = GetTitles("Title_ID") then Response.Write "Selected"%>><%=GetTitles("Title")%></option> <% GetTitles.MoveNext Wend %> </select> <% else SQLGetTitles = "exec Alchemy.sp_GETALL @outputTable = 'alchemy.tb_Staff_Title'" Set GetTitles = dbconnection.execute(SQLGetTitles) While NOT(GetTitles.EOF) If (cint(viewTitle) = GetTitles("Title_ID")) then %> <input type="hidden" name="selTitle" value="<%=GetTitles("Title_ID")%>" size="20" maxlength="50" style="width: 300px;"/> <%=GetTitles("Title")%> <% end if GetTitles.MoveNext Wend end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Given Name</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtGivenName" value="<%=viewGivenName%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtGivenName" value="<%=viewGivenName%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewGivenName%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Family Name</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtFamilyName" value="<%=viewFamilyName%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtFamilyName" value="<%=viewFamilyName%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewFamilyName%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Office</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then SQLGetOfficeCD = "Select Office_ID, Office_CD FROM alchemy.tb_office ORDER BY OFFICE_CD" Set GetOfficeCD = dbconnection.execute(SQLGetOfficeCD) %> <select name="selOfficeCD"> <% While NOT(GetOfficeCD.EOF) %> <option value="<%=GetOfficeCD("Office_ID")%>" <%If cint(viewOfficeID) = GetOfficeCD("Office_ID") then Response.Write "Selected"%>><%=GetOfficeCD("Office_CD")%></option> <% GetOfficeCD.MoveNext Wend %> </select> <% else SQLGetOfficeCD = "Select Office_ID, Office_CD FROM alchemy.tb_office ORDER BY OFFICE_CD" Set GetOfficeCD = dbconnection.execute(SQLGetOfficeCD) While NOT(GetOfficeCD.EOF) If cint(viewOfficeID) = GetOfficeCD("Office_ID") then %> <input type="hidden" name="selOfficeCD" value="<%=GetOfficeCD("Office_ID")%>" size="20" maxlength="50" style="width: 300px;"/> <%=GetOfficeCD("Office_CD")%> <% end if GetOfficeCD.MoveNext Wend end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Department</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtDepartment" value="<%=viewDepartment%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtDepartment" value="<%=viewDepartment%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewDepartment%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Position</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtPosition" value="<%=viewPosition%>" size="20" maxlength="100" style="width: 300px;"/> <% else %> <input type="hidden" name="txtPosition" value="<%=viewPosition%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewPosition%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">1st Responsibility</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtResponsibility1" value="<%=viewResponsibility1%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtResponsibility1" value="<%=viewResponsibility1%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewResponsibility1%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">2nd Responsibility</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtResponsibility2" value="<%=viewResponsibility2%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtResponsibility2" value="<%=viewResponsibility2%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewResponsibility2%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">3rd Responsibility</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtResponsibility3" value="<%=viewResponsibility3%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtResponsibility3" value="<%=viewResponsibility3%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewResponsibility3%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Email</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtEmail" value="<%=viewEmail%>" size="20" maxlength="100" style="width: 300px;"/> <% else %> <input type="hidden" name="txtEmail" value="<%=viewEmail%>" size="20" maxlength="100" style="width: 300px;"/> <%=viewEmail%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Phone Number</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtPhoneNumber" value="<%=viewPhoneNumber%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtPhoneNumber" value="<%=viewPhoneNumber%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewPhoneNumber%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Alternate Phone Number</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtHomeNumber" value="<%=viewHomeNumber%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtHomeNumber" value="<%=viewHomeNumber%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewHomeNumber%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Fax Number</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtFaxNumber" value="<%=viewFaxNumber%>" size="20" maxlength="50" style="width: 300px;"/> <% else %> <input type="hidden" name="txtFaxNumber" value="<%=viewFaxNumber%>" size="20" maxlength="50" style="width: 300px;"/> <%=viewFaxNumber%> <% end if %> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">User image</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="file" name="userimage"/> <% If viewuserimage <> "" then Set GetAttachment = dbconnection.execute("Select * From TB_USER_IMAGE Where ATTACHMENT_ID = " & viewuserimage) If NOT(GetAttachment.EOF) then %> <input type="hidden" name="hiddenatid" value="<%=GetAttachment("ATTACHMENT_ID")%>"/> <br/> To overwrite the existing Related file <a href="../attachments_view.asp?tp=usrim&id=<%=trim(GetAttachment("ATTACHMENT_ID"))%>"><%=trim(GetAttachment("ATTACHMENT_NAME"))%></a> - (<%=trim(GetAttachment("ATTACHMENT_SIZE"))%>Kb) just chose a different file with the "Browse" button.<br/> Alternatively click <a href="index.asp?pageid=2&sub=1&ac=6&id=<%=viewStaffID%>&atid=<%=GetAttachment("ATTACHMENT_ID")%>">here</a> to remove the existing file. <% End If End If %> <% else %> <input type="file" name="userimage"/> <% If viewuserimage <> "" then Set GetAttachment = dbconnection.execute("Select * From TB_USER_IMAGE Where ATTACHMENT_ID = " & int(viewuserimage)) If NOT(GetAttachment.EOF) then %> <input type="hidden" name="hiddenatid" value="<%=GetAttachment("ATTACHMENT_ID")%>"/> <br/> To overwrite the existing Related file <a href="../attachments_view.asp?tp=vsp&id=<%=trim(GetAttachment("ATTACHMENT_ID"))%>"><%=trim(GetAttachment("ATTACHMENT_NAME"))%></a> - (<%=trim(GetAttachment("ATTACHMENT_SIZE"))%>Kb) just chose a different file with the "Browse" button.<br/> Alternatively click <a href="index.asp?pageid=2&sub=1&ac=6&id=<%=editID%>&atid=<%=GetAttachment("ATTACHMENT_ID")%>">here</a> to remove the existing file. <% End If End If %> <% end if %> </td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center"> <tr> <td width="500" colspan="2" class="accessTitle">User profile</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td bgcolor="#D0D6DF" valign="top" width="200"><h4 style="color: #23364F;">Site access</h4></td> <td style="border-width: 0px;" colspan="2"> <table width="100%" border="0" cellpadding="2" cellspacing="2"> <tr> <% for i="0" to Ubound(typeArray, 2) step 1 checked = "" disabled = "" for j="0" to Ubound(Session("newUserTypes")) if (CInt(Session("newUserTypes")(j)) = CInt(trim(typeArray(0,i)))) then checked = " checked" end if next if (checked <> "" AND (sAccessAppAdmin AND (NOT superAdmin) AND (NOT sAccessRegionAdmin))) then disabled = " disabled" end if ' if (sAccessAppAdmin OR trim(typeArray(0,i)) = 4) then if (superAdmin) then accessDisplay = "block" else accessDisplay = "none" 'DEBUG 'response.write "CInt(typeArray(0," & i & ")) = " & CInt(typeArray(0,i)) & " = " & typeArray(1,i) & "<br>" & vbCRLF if (sAccessAppAdmin AND CInt(typeArray(0,i)) = 4) then 'NEED TO CHECK THAT THE USER IS AN ADMINISTRATOR OF THE APPLICATION 'DEBUG 'response.write "HELLO WORLD001<br>" & VBCRLF 'response.write "Ubound(Session(userAppID)) = " & Ubound(Session("userAppID")) & "<br>" & vbCRLF if IsArray(Session("userAppID")) then 'DEBUG 'response.write "HELLO WORLD002<br>" & VBCRLF for j="0" to Ubound(Session("userAppID")) currAppLevelID = Session("app" & Session("userAppID")(j) & "level") 'DEBUG 'response.write "currAppLevelID = " & currAppLevelID & "<br>" & vbCRLF if (IsNumeric(currAppLevelID) AND currAppLevelID <> "") then rsLevelID = dbconnection.execute("Alchemy.sp_GetAppLevelId " & currAppLevelID) if rsLevelID(0) = 1 then accessDisplay = "block" end if end if next end if end if if (regionCarCarrierAdmin AND CInt(typeArray(0,i)) = 6) then accessDisplay = "block" end if if (sAccessRegionAdmin AND CInt(typeArray(0,i)) = 5) then accessDisplay = "block" end if end if %> <td style="display: <%=accessDisplay%>;"><input type="checkbox" id="type<%=trim(typeArray(0,i))%>" name="type<%=trim(typeArray(0,i))%>" value="<%=trim(typeArray(0,i))%>" onclick="showOptions(userTypeArray);"<%=checked%><%=disabled%>/></td> <td style="display: <%=accessDisplay%>;" <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> onclick="frmNewStaff.type<%=trim(typeArray(0,i))%>.checked = !frmNewStaff.type<%=trim(typeArray(0,i))%>.checked; showOptions(userTypeArray);" <% end if %> ><%=trim(typeArray(1,i))%></td> <% ' end if if (i Mod 2 = 1) then %> </tr><tr> <% end if next %> </tr> </table> <script language="JavaScript" type="text/javascript"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> userTypeArray = Array(<%=Ubound(typeArray, 2)+1%>); <% for i="0" to Ubound(typeArray, 2) step 1 %> userTypeArray[<%=i%>] = <%=trim(typeArray(0,i))%>; <% next else %> userTypeArray = Array(1); userTypeArray[0] = 4; <% end if %> </script> </td> </tr> <tr id="regionalAdmin"> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;"><nobr>Regional administrator area</nobr></h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <select name="selregionalCountry" style="width: 300px;"> <% for x="0" to Ubound(Session("countryArray_mul"), 2) selected = "" if (regionAdmin) then if (Session("countryArray_mul")(0,x) = Session("regioncode")) then selected = " selected" end if end if %> <option value="<%=Session("countryArray_mul")(0,x)%>"<%=selected%>><%=Session("countryArray_mul")(1,x)%></option> <% next %> </select> <% else for x="0" to Ubound(Session("countryArray_mul"), 2) selected = "" if (regionAdmin) then if (Session("countryArray_mul")(0,x) = Session("regioncode")) then %> <input type=hidden name="selregionalCountry" value="<%=Session("countryArray_mul")(0,x)%>"/> <% response.write Session("countryArray_mul")(1,x) end if end if next %> <% end if %> </td> </tr> <tr id="appAdmin"> <td bgcolor="#D0D6DF" valign="top"><h4 style="color: #23364F;">Application</h4></td> <td style="border-width: 0px;" colspan="2"> <table border="0" cellpadding="2" cellspacing="2"> <tr> <% mySQL = "SELECT APP_LEVEL_ID, APP_ID, LEVEL_ID, LEVEL_DSC FROM TB_APP_LEVELS ORDER BY APP_ID, LEVEL_ID" rs.open mySQL, dbconnection myApplevels = rs.GetRows() rs.close for i="0" to Ubound(appArray, 2) step 1 checked = "" ' 'if (CInt(trim(appArray(0,i))) = 18) then ' response.write "CLAIMS FOUND - " 'end if if (appAdmin) then for j="0" to Ubound(Session("newAppID")) if (CInt(Session("newAppID")(j)) = CInt(trim(appArray(0,i)))) then checked = " checked" end if next end if if (IsArray(Session("userAppID")) AND NOT superAdmin) then showApp = false for j="0" to Ubound(Session("userAppID")) if (trim(appArray(0,i)) = Session("userAppID")(j)) then for k="0" to Ubound(myApplevels, 2) 'response.write "<br>CStr(Session(app" & Session("userAppID")(j) & "level)) = " & CStr(Session("app" & Session("userAppID")(j) & "level")) ' if (CStr(myApplevels(0, k)) = CStr(Session("app" & Session("userAppID")(j) & "level"))) then if (CStr(myApplevels(2, k)) = "1") then showApp = true exit for end if ' end if next end if next else showApp = true end if if (showApp) then %> <tr> <td><input type="checkbox" name="app<%=trim(appArray(0,i))%>" value="<%=trim(appArray(0,i))%>"<%=checked%> onclick="if (app<%=trim(appArray(0,i))%>.checked){ level<%=trim(appArray(0,i))%>.style.display = 'block';}else{ level<%=trim(appArray(0,i))%>.style.display = 'none';}"/></td> <td ><%=trim(appArray(1,i))%></td> <% ' rs.open "alchemy.sp_GetAppAccess " & trim(appArray(0,i)), dbconnection ' if NOT rs.EOF then ' appLevels = rs.GetRows() if (checked <> "") then optionDisplay = "block" else optionDisplay = "none" end if %> <td id="level<%=trim(appArray(0,i))%>" style="display: <%=optionDisplay%>;"> <select name="applevel<%=trim(appArray(0,i))%>"> <% for x="0" to Ubound(myAppLevels, 2) if (CInt(Session("app" & trim(appArray(0,i)) & "level")) = CInt(myAppLevels(0, x))) then accUserAppLevelID = myAppLevels(2, x) end if next 'DEBUG 'response.write "accUserAppLevelID = " & accUserAppLevelID & "<br>" & vbCRLF ' if (accUserAppLevelID = 1) then ' 'admin ' end if for x="0" to Ubound(myAppLevels, 2) if (trim(myApplevels(1, x)) = trim(appArray(0,i))) then if (NOT superAdmin AND trim(myApplevels(2, x)) = 1) then 'don't show showOption = false else 'show showOption = true end if if (CInt(Session("app" & trim(appArray(0,i)) & "level")) = CInt(myAppLevels(0, x))) then selected = " selected" else selected = "" end if if (showOption) then %> <option value="<%=myAppLevels(0, x)%>" <%=selected%> /><%=myAppLevels(3, x)%> <% end if end if next %> </select> </td> <% ' else %> <!-- <td id="level<%=trim(appArray(0,i))%>" style="display: none;"></td> --> <% ' end if ' rs.close %> </tr> <% else %> <tr style="display: none;"> <td><input type="checkbox" name="app<%=trim(appArray(0,i))%>" value="<%=trim(appArray(0,i))%>"<%=checked%>/></td> </tr> <% end if next %> </tr> </table> </td> </tr> </table> <script language="JavaScript" type="text/javascript"> hideRegional(); showOptions(userTypeArray); </script> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td width="200" bgcolor="#D0D6DF"><h4 style="color: #23364F;">Username</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="text" name="txtUsername" value="<%=viewUsername%>" maxlength="20" style="width: 200px;"/> <% else %> <input type="hidden" name="txtUsername" value="<%=viewUsername%>" maxlength="20" style="width: 200px;"/> ******** <% end if %> <input type="hidden" name="hiddenOKUsername" value="<%=viewUsername%>" maxlength="20" style="width: 200px;"/> </td> </tr> <tr> <td bgcolor="#D0D6DF"><h4 style="color: #23364F;">Password</h4></td> <td style="border-width: 0px;" colspan="2"> <% if ((NOT sAccessAppAdmin) OR superAdmin OR sAccessRegionAdmin) then %> <input type="password" name="txtPassword" value="<%=viewPassword%>" maxlength="20" style="width: 200px;"/> <% else %> <input type="hidden" name="txtPassword" value="<%=viewPassword%>" maxlength="20" style="width: 200px;"/> ******** <% end if %> </td> </tr> <tr> <td style="border-width: 0px;"> </td> <td align="right" style="border-width: 0px;" colspan="2"> <input type="button" value="« Back" class="adminFormButton" onclick="history.back();"/> <input type="submit" class="adminFormButton" value="Save »"/> <input type="hidden" name="hiddenStaffID" value="<%=viewStaffID%>"/> <input type="hidden" name="hiddeninsertupdate" value="update"/> </td> </tr> </table> </form> <% Session("insertTitle") = "" Session("insertGivenName") = "" Session("insertFamilyName") = "" Session("insertOfficeID") = "" Session("insertDepartment") = "" Session("insertPosition") = "" Session("insertResponsibility1") = "" Session("insertResponsibility2") = "" Session("insertResponsibility3") = "" Session("insertEmail") = "" Session("insertPhoneNumber") = "" Session("insertHomeNumber") = "" Session("insertFaxNumber") = "" Session("insertUsername") = "" Session("insertPassword") = "" Session("insertupdate") = "" Session("insertSiteAccess") = "" Session("insertregionalAdminArea") = "" Session("OKUsername") = "" %> <% Case 7 'Delete staff form deleteID = Request.QueryString("id") If NOT(checkForID(deleteID)) AND deleteID <> "" then deleteID = "" End If SQLGetStaff = "Select Given_Name, Family_Name from alchemy.tb_Staff where Staff_ID = " & int(deleteID) Set GetStaff = dbconnection.execute(SQLGetStaff) %> <form name="frmDelete" method="post" action="index.asp?pageid=2&sub=1&ac=8"> <!-- #include file="../users/subsubtitlemenu.asp"--> <table width="100%" height="20" cellpadding="0" cellspacing="1" border="0" align="center"> <tr> <td class="adminFormTitle" height="20"> Delete User</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td> <br/> By clicking "Delete" you confirm to delete following User from the database: <b><%=GetStaff("Given_Name")%> <%=GetStaff("Family_Name")%></b><br/> <input type="hidden" name="hiddenID" value="<%=deleteID%>"/> <input type="hidden" name="hiddendeleteName" value="<%=GetStaff("Given_Name")%> <%=GetStaff("Family_Name")%>"/> <br/> <div align="right"> <input type="button" value="« Back" class="adminFormButton" onclick="history.back();"/> <input type="submit" value="Delete »" class="adminFormButton"/> </div> </td> </tr> </table> </form> <% Case 8 'Delete staff now deleteID = Request.Form("hiddenID") If NOT(checkForID(deleteID)) AND deleteID <> "" then deleteID = "" End If deleteName = Request.Form("hiddendeleteName") 'dbconnection.execute("DELETE FROM alchemy.TB_USER_APP_LOOKUP WHERE STAFF_ID = " & deleteID) 'dbconnection.execute("DELETE FROM TB_USER_TYPE_LOOKUP WHERE STAFF_ID = " & deleteID) 'dbconnection.execute("DELETE FROM alchemy.TB_USER_REGION_LOOKUP WHERE STAFF_ID = " & deleteID) 'dbconnection.execute("DELETE FROM TB_STAFF_USER WHERE STAFF_ID = " & deleteID) 'dbconnection.execute("DELETE FROM TB_STAFF WHERE STAFF_ID = " & deleteID) dbconnection.execute("UPDATE alchemy.TB_STAFF SET ACTIVE = 0 WHERE STAFF_ID = " & int(deleteID)) %> <!-- #include file="../users/subsubtitlemenu.asp"--> <table width="100%" height="20" cellpadding="0" cellspacing="1" border="0" align="center"> <tr> <td class="adminFormTitle" height="20"> Delete User confirmed</td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="1" border="0" align="center" id="insertTable"> <tr> <td> <br/> <b><%=deleteName%></b> has been deleted. <br/><br/> <a href="index.asp?pageid=2&sub=1">>> View User list</a> <br/> </td> </tr> </table> <% End Select %> <!-- #include file="../../connections/klineclose.asp"--> <!-- #include file="../../connections/dbclose.asp"-->Tuesday, October 25, 2016 12:59 PM
All replies
-
User-460007017 posted
Hi Ritu12345,
I'm sorry that classic asp is not my specialty.
This forum is mainly focus on the hosting of classic asp, I recommend you post the code to asp.net forum. It is a forum dedicatedly for code discussion.
Best Regards,
Yuk Ding
Wednesday, October 26, 2016 10:16 AM
