<?php 
ini_set("display_errors","1");
ini_set("display_startup_errors","1");
set_magic_quotes_runtime(0);

include("include/dbcommon.php");
include("include/users_variables.php");


//	check if logged in
if(!@$_SESSION["UserID"] || !CheckSecurity(@$_SESSION["OwnerID"],"Edit"))
{ 
	$_SESSION["MyURL"]=$_SERVER["SCRIPT_NAME"]."?".$_SERVER["QUERY_STRING"];
	header("Location: login.php?message=expired"); 
	return;
}

$filename="";	
$message="";
$error_happened=false;
$readevalues=false;

//connect database
$conn = db_connect();


$keys=array();
$keys["Primary"]=postvalue("editid1");

//	prepare data for saving
if(@$_POST["a"]=="edited")
{
	$strWhere=KeyWhere($keys);
	$strSQL = "update ".AddTableWrappers($strOriginalTableName)." set ";
	$evalues=array();
	$efilename_values=array();
	$files_delete=array();
	$files_move=array();
//	processing Login - start
	$value = postvalue("value_Login");
	$type=postvalue("type_Login");
	$value=prepare_for_db("Login",$value,$type);
	if(!($value===false))
		$evalues["Login"]=$value;


//	processibng Login - end

//	processing Name - start
	$value = postvalue("value_Name");
	$type=postvalue("type_Name");
	$value=prepare_for_db("Name",$value,$type);
	if(!($value===false))
		$evalues["Name"]=$value;


//	processibng Name - end

//	processing Password - start
	$value = postvalue("value_Password");
	$type=postvalue("type_Password");
	$value=prepare_for_db("Password",$value,$type);
	if(!($value===false))
		$evalues["Password"]=$value;


//	processibng Password - end

//	processing User Type - start
	$value = postvalue("value_User_Type");
	$type=postvalue("type_User_Type");
	$value=prepare_for_db("User Type",$value,$type);
	if(!($value===false))
		$evalues["User Type"]=$value;


//	processibng User Type - end


	foreach($efilename_values as $ekey=>$value)
		$evalues[$ekey]=$value;
//	do event
	$retval=true;
	if(function_exists("BeforeEdit"))
		$retval=BeforeEdit($evalues,$strWhere);
	if($retval)
	{		
//	construct SQL string
		foreach($evalues as $ekey=>$value)
			$strSQL.=AddFieldWrappers($ekey)."=".add_db_quotes($ekey,$value).", ";
		if(substr($strSQL,-2)==", ")
			$strSQL=substr($strSQL,0,strlen($strSQL)-2);
		$strSQL.=" where ".$strWhere;
		if(SecuritySQL("Edit"))
			$strSQL .= " and (".SecuritySQL("Edit").")";
		set_error_handler("edit_error_handler");
		db_exec($strSQL,$conn);
		set_error_handler("error_handler");
		if(!$error_happened)
		{
//	delete & move files
			foreach ($files_delete as $file)
			{
				if(file_exists($file))
					@unlink($file);
			}
			foreach ($files_move as $file)
				move_uploaded_file($file[0],$file[1]);
			$message="<div class=message><<< "."Record updated"." >>></div>";
//	after edit event
			if(function_exists("AfterEdit"))
				AfterEdit();
		}
	}
	else
		$readevalues=true;
}

//	get current values and show edit controls

$strSQL = $gstrSQL;

$strWhere=KeyWhere($keys);
$strSQL = AddWhere($strSQL,$strWhere);
//	select only owned records
$strSQL = AddWhere($strSQL,SecuritySQL("Edit"));

LogInfo($strSQL);
$rs=db_query($strSQL,$conn);
$data=db_fetch_array($rs);

if($readevalues)
{
	$data["Login"]=$evalues["Login"];
	$data["Name"]=$evalues["Name"];
	$data["Password"]=$evalues["Password"];
	$data["User Type"]=$evalues["User Type"];
}

include('libs/Smarty.class.php');
$smarty = new Smarty();

//	include files

$includes="";

//	validation stuff
$bodyonload="";
$onsubmit="";
$includes.="<script language=\"JavaScript\" src=\"include/validate.js\"></script>\r\n";
$includes.="<script language=\"JavaScript\">\r\n";
$includes.="var TEXT_FIELDS_REQUIRED='".addslashes("The Following fields are Required")."';\r\n";
$includes.="var TEXT_FIELDS_ZIPCODES='".addslashes("")."';\r\n";
$includes.="var TEXT_FIELDS_EMAILS='".addslashes("The Following fields must be valid Emails")."';\r\n";
$includes.="var TEXT_FIELDS_NUMBERS='".addslashes("The Following fields must be Numbers")."';\r\n";
$includes.="var TEXT_FIELDS_CURRENCY='".addslashes("The Following fields must be currency")."';\r\n";
$includes.="var TEXT_FIELDS_PHONE='".addslashes("The Following fields must be Phone Numbers")."';\r\n";
$includes.="var TEXT_FIELDS_PASSWORD1='".addslashes("The Following fields must be valid Passwords")."';\r\n";
$includes.="var TEXT_FIELDS_PASSWORD2='".addslashes("should be at least 4 characters long")."';\r\n";
$includes.="var TEXT_FIELDS_PASSWORD3='".addslashes("Cannot be 'password'")."';\r\n";
$includes.="var TEXT_FIELDS_STATE='".addslashes("The Following fields must be State Names")."';\r\n";
$includes.="var TEXT_FIELDS_SSN='".addslashes("The Following fields must be Social Security Numbers")."';\r\n";
$includes.="var TEXT_FIELDS_DATE='".addslashes("The Following fields must be valid dates")."';\r\n";
$includes.="var TEXT_FIELDS_TIME='".addslashes("The Following fields must be valid time in 24-hours format")."';\r\n";
$includes.="var TEXT_FIELDS_CC='".addslashes("The Following fields must be valid Credit Card Numbers")."';\r\n";
$includes.="var TEXT_FIELDS_SSN='".addslashes("The Following fields must be Social Security Numbers")."';\r\n";
$includes.="</script>\r\n";
  	$validatetype="";
	$validatetype.="IsRequired";
	if($validatetype)
		$bodyonload.="define('value_Login','".$validatetype."','Login');";
  	$validatetype="";
	$validatetype.="IsRequired";
	if($validatetype)
		$bodyonload.="define('value_Name','".$validatetype."','Name');";
  	$validatetype="";
	$validatetype.="IsRequired";
	if($validatetype)
		$bodyonload.="define('value_Password','".$validatetype."','Password');";
	$validatetype="";
	$validatetype.="IsRequired";
	if($validatetype)
		$bodyonload.="define('value_User_Type','".$validatetype."','User Type');";

if($bodyonload)
{
	$onsubmit="return validate();";
	$bodyonload="onload=\"".$bodyonload."\"";
}

$includes.="<script language=\"JavaScript\" src=\"include/jsfunctions.js\"></script>\r\n";
$includes.="<script language=\"JavaScript\">\r\n".
"var locale_dateformat = ".$locale_info["LOCALE_IDATE"].";\r\n".
"var locale_datedelimiter = \"".$locale_info["LOCALE_SDATE"]."\";\r\n".
"var bLoading=false;\r\n".
"var TEXT_PLEASE_SELECT='".addslashes("Please select")."';\r\n".
"</script>\r\n";



$smarty->assign("includes",$includes);
$smarty->assign("bodyonload",$bodyonload);
if(strlen($onsubmit))
	$onsubmit="onSubmit=\"".$onsubmit."\"";
$smarty->assign("onsubmit",$onsubmit);

$smarty->assign("key1",htmlspecialchars($keys["Primary"]));
	$smarty->assign("show_key1", htmlspecialchars(GetData($data,"Primary", "")));

$smarty->assign("message",$message);


$max_filesize_set=0;

$readonlyfields=array();

$smarty->assign("value_Login",@$data["Login"]);
$smarty->assign("value_Name",@$data["Name"]);
$smarty->assign("value_Password",@$data["Password"]);
$smarty->assign("value_User_Type",@$data["User Type"]);


$linkdata="";
$smarty->assign("linkdata",$linkdata);

$where=$strWhere;

$smarty->display("users_edit.htm");

function edit_error_handler($errno, $errstr, $errfile, $errline)
{
	global $readevalues, $message, $error_happened;
	$message="<div class=message><<< Record was NOT updated >>><br><br>".$errstr."</div>";
	$readevalues=true;
	$error_happened=true;
}

?>