<%@LANGUAGE="VBSCRIPT"%> 
<!--#include file="Connections/StudentConn.asp" -->
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="1"
MM_authFailedURL="Login.asp"
MM_grantAccess=false
If Session("MM_UserName") <> "" Then
  If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>
<%
' *** Edit Operations: declare variables

MM_editAction = CStr(Request("URL"))
If (Request.QueryString <> "") Then
  MM_editAction = MM_editAction & "?" & Request.QueryString
End If

' boolean to abort record edit
MM_abortEdit = false

' query string to execute
MM_editQuery = ""
%>
<%
' *** Update Record: set variables

If (CStr(Request("MM_update")) <> "" And CStr(Request("MM_recordId")) <> "") Then

  MM_editConnection = MM_StudentConn_STRING
  MM_editTable = "User"
  MM_editColumn = "id"
  MM_recordId = "" + Request.Form("MM_recordId") + ""
  MM_editRedirectUrl = "UserManage.asp"
  MM_fieldsStr  = "password|value|accesslevel|value"
  MM_columnsStr = "password|',none,''|accesslevel|none,none,NULL"

  ' create the MM_fields and MM_columns arrays
  MM_fields = Split(MM_fieldsStr, "|")
  MM_columns = Split(MM_columnsStr, "|")
  
  ' set the form values
  For i = LBound(MM_fields) To UBound(MM_fields) Step 2
    MM_fields(i+1) = CStr(Request.Form(MM_fields(i)))
  Next

  ' append the query string to the redirect URL
  If (MM_editRedirectUrl <> "" And Request.QueryString <> "") Then
    If (InStr(1, MM_editRedirectUrl, "?", vbTextCompare) = 0 And Request.QueryString <> "") Then
      MM_editRedirectUrl = MM_editRedirectUrl & "?" & Request.QueryString
    Else
      MM_editRedirectUrl = MM_editRedirectUrl & "&" & Request.QueryString
    End If
  End If

End If
%>
<%
' *** Update Record: construct a sql update statement and execute it

If (CStr(Request("MM_update")) <> "" And CStr(Request("MM_recordId")) <> "") Then

  ' create the sql update statement
  MM_editQuery = "update " & MM_editTable & " set "
  For i = LBound(MM_fields) To UBound(MM_fields) Step 2
    FormVal = MM_fields(i+1)
    MM_typeArray = Split(MM_columns(i+1),",")
    Delim = MM_typeArray(0)
    If (Delim = "none") Then Delim = ""
    AltVal = MM_typeArray(1)
    If (AltVal = "none") Then AltVal = ""
    EmptyVal = MM_typeArray(2)
    If (EmptyVal = "none") Then EmptyVal = ""
    If (FormVal = "") Then
      FormVal = EmptyVal
    Else
      If (AltVal <> "") Then
        FormVal = AltVal
      ElseIf (Delim = "'") Then  ' escape quotes
        FormVal = "'" & Replace(FormVal,"'","''") & "'"
      Else
        FormVal = Delim + FormVal + Delim
      End If
    End If
    If (i <> LBound(MM_fields)) Then
      MM_editQuery = MM_editQuery & ","
    End If
    MM_editQuery = MM_editQuery & MM_columns(i) & " = " & FormVal
  Next
  MM_editQuery = MM_editQuery & " where " & MM_editColumn & " = " & MM_recordId

  If (Not MM_abortEdit) Then
    ' execute the update
    Set MM_editCmd = Server.CreateObject("ADODB.Command")
    MM_editCmd.ActiveConnection = MM_editConnection
    MM_editCmd.CommandText = MM_editQuery
    MM_editCmd.Execute
    MM_editCmd.ActiveConnection.Close

    If (MM_editRedirectUrl <> "") Then
      Response.Redirect(MM_editRedirectUrl)
    End If
  End If

End If
%>
<%
Dim Recordset1__MMColParam
Recordset1__MMColParam = "1"
set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_StudentConn_STRING

if (Request.QueryString("id") <> "") then
  Recordset1__MMColParam = Request.QueryString("id")
  Recordset1.Source = "SELECT * FROM User WHERE id = " + Replace(Recordset1__MMColParam, "'", "''") + ""
elseif (Request.QueryString("UserName") <> "") then
  Recordset1__MMColParam = Request.QueryString("UserName")
  Recordset1.Source = "SELECT * FROM User WHERE UserName = '" + Replace(Recordset1__MMColParam, "'", "''") + "'"
end if

Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 3
Recordset1.Open()
Recordset1_numRows = 0
%>
<%
Dim Repeat1__numRows
Repeat1__numRows = -1
Dim Repeat1__index
Repeat1__index = 0
Recordset1_numRows = Recordset1_numRows + Repeat1__numRows
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0048)http://www.cjol.com/headhunting/addexcellent.asp -->
<HTML>
<HEAD>
<TITLE>用户管理&gt;&gt;用户信息修改</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="Microsoft FrontPage 6.0" Name=GENERATOR>
<link href="home.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
function checkpwd(){
if(document.form1.password.value=="")
   {
   alert("密码不能为空！");
   document.form1.password.focus();
   return false;
   }

if (document.form1.password.value != document.form1.confirmpwd.value)
  {
    alert("两次输入的密码不一样！");
    document.form1.confirmpwd.focus();
    return false;
  }
}
</script>
</HEAD>
<BODY text=#000000 bgColor=#ffffff leftMargin=0 topMargin=0>
<!--#include file="toplogo.asp"-->
<TABLE width="760" border=0 align="center" cellPadding=0 cellSpacing=0>
  <TBODY>
    <TR> 
      <TD width=1 background="dotLine_h.gif"><IMG src="shim(1).gif" width=1></TD>
      <TD Width="100" align="center" bgcolor="#EEEEEE">　</TD>
      <td width="10" bgcolor="#F2FBF2"></td>
      <TD bgcolor="#F2FBF2"><a href="UserManage.asp">
		<img src="UserManage_Title.GIF" width="500" height="60" border="0"></a> 
        <% If Not Recordset1.EOF Or Not Recordset1.BOF Then %>
        <form  Name="form1" onsubmit="return checkpwd()" ACTION="<%=MM_editAction%>" METHOD="POST">
          <b>修改用户信息：</b> <br>
          <table width="300"  border="1" cellpadding="5" cellspacing="1" bordercolorlight="#CCCCCC" bordercolordark="#FFFFFF">
            <tr> 
              <td height="30" align="right">用户名：</td>
              <td height="30"><%=(Recordset1.Fields.Item("UserName").Value)%>
              </td>
            </tr>
            <tr> 
              <td height="30" align="right">密&nbsp;&nbsp;码：</td>
              <td height="30"> 
              <input type="password" Name="password" value="<%=(Recordset1.Fields.Item("password").Value)%>" size="20"> 
              </td>
            </tr>
            <tr> 
              <td height="30" align="right">确认密码：</td>
              <td height="30"> 
              <input type="password" Name="confirmpwd" value="<%=(Recordset1.Fields.Item("password").Value)%>" size="20"> 
              </td>
            </tr>
            <tr> 
              <td height="30" align="right">用户权限：</td>
              <td height="30"> <select Name="accesslevel">
                  <%Response.Write "<option value='1' "
				    if Recordset1.Fields.Item("accesslevel").Value=1 then response.Write("selected")
					response.Write ">管理员</option>"
                    response.Write "<option value='2' "
				    if Recordset1.Fields.Item("accesslevel").Value=2 then response.Write("selected")
				    response.Write ">已购设备的正式客户</option>"
			        response.Write "<option value='3' "
				    if Recordset1.Fields.Item("accesslevel").Value=3 then response.Write("selected")
				    response.Write ">准客户（仅查询）</option>"%>
                </select> </td>
            </tr>
            <tr align="center"> 
              <td height="30" colspan="2"><input type="hidden" name="MM_update" value="true"> 
                <input type="hidden" name="MM_recordId" value="<%= Recordset1.Fields.Item("id").Value %>"> 
                <input type="submit" Name="Submit" value="保存修改结果"> 
              </td>
            </tr>
          </table>
          </form><br>
        <% End If ' end Not Recordset1.EOF Or NOT Recordset1.BOF %>
        <% If Recordset1.EOF And Recordset1.BOF Then %>
        <p align="center"><br>
          <br>
          没有任何用户，请添加用户！<br>
          <br>
        </p>
        <% End If ' end Recordset1.EOF And Recordset1.BOF %>
        <p align="center"><a href="UserManage.asp">【返回用户管理主界面】</a></p>
        <br></td>
      <TD width=1 background="dotLine_h.gif"><IMG src="shim(1).gif" width=1></TD>
    </TR>
    <tr> 
      <TD height="1" colspan="7" background="dotLine_w.gif">
		<IMG height=1 src="shim(1).gif" width=100></TD>
    </tr>
  </TBODY>
</TABLE>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td>
		　</td>
  </tr>
</table></BODY>
</HTML>
<%
Recordset1.Close()
%>