<%@LANGUAGE="VBSCRIPT"%>
<%
' *** Restrict Access To Page: Grant or deny access to this page
MM_authorizedUsers="Administrator"
MM_authFailedURL="../../client_login.asp?l=loginerror"
MM_grantAccess=false
If Session("MM_Username") <> "" Then
  If (false Or CStr(Session("MM_UserAuthorization"))="") Or _
         (InStr(1,MM_authorizedUsers,Session("MM_UserAuthorization"))>=1) Then
    MM_grantAccess = true
  End If
End If
If Not MM_grantAccess Then
  MM_qsChar = "?"
  If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"
  MM_referrer = Request.ServerVariables("URL")
  if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" & Request.QueryString()
  MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" & Server.URLEncode(MM_referrer)
  Response.Redirect(MM_authFailedURL)
End If
%>
<!--#include file="Connections/db.asp" -->
<%
Dim basePath 
basePath = "e:\inetpub\dycon.ca\db\files\"
Dim MM_editRedirectUrl
%>
<%
Dim rsUserFile__MMColParam
rsUserFile__MMColParam = "0"
If (Request.QueryString("u") <> "") Then 
  rsUserFile__MMColParam = Request.QueryString("u")
End If
%>
<%
Dim rsUserFile__MMColParam2
rsUserFile__MMColParam2 = "0"
If (Request.QueryString("del") <> "") Then 
  rsUserFile__MMColParam2 = Request.QueryString("del")
End If
Dim rsUserFile_All
rsUserFile_All = false

If (Request.QueryString("f") = "all") Then 
  rsUserFile_All = true
End If
Dim FilePath
%>
<%
Dim rsUserFile
Dim rsUserFile_numRows

Set rsUserFile = Server.CreateObject("ADODB.Recordset")
rsUserFile.ActiveConnection = MM_db_STRING
rsUserFile.Source = "SELECT *  FROM documents  WHERE username = '" + Replace(rsUserFile__MMColParam, "'", "''") + "'  AND fileID=" + Replace(rsUserFile__MMColParam2, "'", "''") + ""
If rsUserFile_All Then
	rsUserFile.Source = "SELECT *  FROM documents  WHERE username = '" + Replace(rsUserFile__MMColParam, "'", "''") + "'"
End If
rsUserFile.CursorType = 0
rsUserFile.CursorLocation = 2
rsUserFile.LockType = 1
rsUserFile.Open()

rsUserFile_numRows = 0
Dim FileP
If Not rsUserFile.EOF Or Not rsUserFile.BOF Then 

	'execute the delete/update
	Set MM_editCmd = Server.CreateObject("ADODB.Command")
	MM_editCmd.ActiveConnection = MM_db_STRING
	MM_editQuery=""
	' This is where we delete the file before we delete the record!
	'Set File = CreateObject("Scripting.FileSystemObject")
	While (NOT rsUserFile.EOF)
		FilePath = basePath & (rsUserFile.Fields.Item("file_path").Value)
		' check if file exists and if true delete the file
		Set File = Server.CreateObject("Scripting.FileSystemObject")
		If File.fileExists(FilePath) Then
		   Call File.DeleteFile(FilePath) ' Could be not working because the user only has "modify" file permissions. - and i can't delete the test files that were uploaded after doing this...
		End If 
		MM_editQuery = MM_editQuery & "DELETE FROM documents WHERE fileID=" & rsUserFile.Fields.Item("fileID").Value & "; "
		rsUserFile.MoveNext()
	Wend
	'Delete Record.
	If MM_editQuery <> "" Then
		If rsUserFile_All Then
			MM_editQuery = "DELETE FROM documents WHERE username='" & Replace(rsUserFile__MMColParam, "'", "''") & "';"
		End If
		MM_editCmd.CommandText = MM_editQuery
		MM_editCmd.Execute
		MM_editCmd.ActiveConnection.Close
	End If
	MM_editRedirectUrl = "upload.asp?u=" & Request.QueryString("u")

 Else
 	'Document not found.
 	MM_editRedirectUrl = "upload.asp?u=" & Request.QueryString("u") & "&error=1"
 End If ' end Not rsUserFile.EOF Or NOT rsUserFile.BOF ( recordset empty )
 If rsUserFile_All Then
 	MM_editRedirectUrl = "users.asp"
 End If
  %>
<%
'Close Recordset
rsUserFile.Close()
Set rsUserFile = Nothing
%>
<% Response.Redirect(MM_editRedirectUrl) %>