$user_pw_1 = $_POST['user_pw_1'];
$user_pw_2 = $_POST['user_pw_2'];
$GenRandomPw = $_POST['GenRandomPw'];
// check for our form type
if (!empty($_POST['AddUser']) || !empty($_POST['EditUser']) || !empty($_POST['DelUser'])) {
// check for empty variables
if (!empty($user_username) && !empty($user_fname) && !empty($user_lname) && !empty($user_access_level) && !empty($user_group) && !empty($user_department) && !empty($user_fname) && !empty($user_lname) && !empty($user_phone) && !empty($user_email)) {
// do some validation checks on submitted data
if ($val->ValidateAlphaChar($user_username) !== -1 && $val->ValidateString($user_fname) !== -1 && $val->ValidateString($user_lname) !== -1 && $val->ValidateString($user_access_level) !== -1 && $val->ValidateString($user_group) !== -1 && $val->ValidateParagraph($user_department) !== -1 && $val->ValidateString($user_contact) !== -1 && $val->ValidatePhone($user_phone) !== -1 && $val->ValidateEmail($user_email) !== -1) {
// leave the owner assignment alone if owner is not admin
if ($group === "admin") {
$group = $user_group;
}
// generate random password if this is a new user
if (!empty($_POST['AddUser'])) {
$user_password = $val->GenerateRandomPassword("12", "normal");
}
// setup our SQL statements for add, edit and deleting records
$insert = "INSERT INTO `auth_users` ( `username`, `password`, `level`, `group`, `dept`, `first`, `last`, `phone`, `email`, `ip`, `host`, `create_date`, `create_time`, `access_date`, `access_time`, `session`, `reset`, `owner` ) VALUES ( \"" . $user_username . "\", \"" . sha1($user_password) . "\", \"" . $user_access_level . "\", \"" . $user_group . "\", \"" . $user_deptartment . "\", \"" . $user_fname . "\", \"" . $user_lname . "\", \"" . $user_phone . "\", \"" . $user_email . "\", \"" . $user_ip . "\", \"" . $user_host . "\", \"" . $user_create_date . "\", \"" . $user_create_time . "\", \"" . $user_access_date . "\", \"" . $user_access_time . "\", \"" . $user_session . "\", \"TRUE\", \"" . $group . "\" )";
$update = "UPDATE `auth_users` SET `username` = \"" . $user_username . "\", `level` = \"" . $user_access_level . "\", `group` = \"" . $user_group . "\", `dept` = \"" . $user_department . "\", `first` = \"" . $user_fname . "\", `last` = \"" . $user_lname . "\", `phone` = \"" . $user_phone . "\", `email` = \"" . $user_email . "\", `ip` = \"" . $user_ip . "\", `host` = \"" . $user_host . "\", `owner` = \"" . $group . "\" WHERE `id` = \"" . $user_id . "\" LIMIT 1";
$delete = "DELETE FROM `auth_users` WHERE `id` = \"" . $user_id . "\" LIMIT 1";
// now perform a check to see which statement to use
if (!empty($_POST['AddUser'])) {
$sql = $insert;
$send_email = "TRUE";
}
if (!empty($_POST['EditUser'])) {
$sql = $update;
$send_email = "FALSE";
}
if (!empty($_POST['DelUser'])) {
