<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="conexao.asp"-->
<%
dim Fnome, Femail, Fcpf, Farea, Fusr, Fpw, Fpessoa, arrSimbolosNao
Fnome = trim(request.form("nome"))
Femail = trim(request.form("email"))
Fcpf = trim(request.form("cpf"))
Farea = trim(request.form("area"))
Fusr = trim(request.form("usr"))
Fpw = trim(request.form("pw"))
Fpessoa = request.form("pessoa")
arrSimbolosNao = array("&","*","<",">","'","=","%"," and "," or ")

for i=0 to ubound(arrSimbolosNao)
	Fnome = replace(Fnome, arrSimbolosNao(i),"")
	Femail = replace(Femail, arrSimbolosNao(i),"")
	Fcpf = replace(Fcpf, arrSimbolosNao(i),"")
	Farea = replace(Farea, arrSimbolosNao(i),"")
	Fusr = replace(Fusr, arrSimbolosNao(i),"")
	Fpw = replace(Fpw, arrSimbolosNao(i),"")
next

dim sql, rs
sql = "select * from usuarios_comuns where usuario = '"&Fusr&"' OR email = '"&Femail&"'"
call AbreCon
set rs=conexao.execute(sql)
if rs.eof then
	set rs=nothing
	dim acaoCad, codigoUsuario
	acaoCad = request.form("acao")
	if acaoCad = empty then
		codigoUsuario = request.form("codig")
		sql = "insert into usuarios_comuns (usuario, password, nome, email, cpf, atuacao, pessoa) "
		sql = sql & "values('"&Fusr&"','"&Fpw&"','"&Fnome&"','"&Femail&"','"&Fcpf&"','"&Farea&"','"&Fpessoa&"')"
	elseif acaoCad = "editar" then
		sql = "update usuarios_comuns set "
		sql = sql & "usuario = '"&Fusr&"', password='"&Fpw&"', nome='"&Fnome&"', email='"&Femail&"', "
		sql = sql & "cpf='"&Fcpf&"', atuacao='"&Farea&"', pessoa='"&Fpessoa&"' WHERE codigo = "&codigoUsuario
	end if
	set rs=conexao.execute(sql)
	set rs=nothing
	call FechaCon
	session("usuario_comum_login") = Fusr
	session("usuario_comum_nome") = Fnome
	response.redirect("login.asp?log=novo_ok")
else
	response.redirect("login.asp?log=user_exist")
end if
%>