We're almost finished with the user management. We just need to be able to add a new user. We'll set the stage by adding a 'Add User' link to the bottom of the user management form.

Next we alter our Page_Load() method to catch the addUser option.

So we put this in the GET case statement and just run a method called addUser().

Here I've created my add user form. I've also prepared it for use in actually saving a new user. Basically we're just initializing some variables, then writing out a form. Nothing insanely awesome just yet.

Here we catch our Save New User variable. This is in the Page_Load() method, specifically in the POST case.

And now for the changes to the addUser() method.

This section of code goes directly below the variable initializiation. Please notice that I decided to change the string error into an arraylist called errors. An arraylist is a type of variable, like string and int and bool, but it can hold a series of any other type of variable or object. In this case, I'm having it hold one or more strings. You will need to add the System.Collections namespace to your using list to access the arraylisy type. We'll see how I spit out the results in a moment, but first let's go over the code above. I've removed all references to the error string since we no longer use it.

I create an if block looking to see if option == "Save New User". This lets me execute the new user code when appropriate. I then grab all the passed variables, sanitizing as appropriate. Once I've grabbed the passwords, I immediately make sure they match... if they do not, I add an error to my arraylist. If they do match, I then check to make sure it's not equal to null and that it's at least 6 characters long. I had to check if it's null because I can't use the .Length property on a null string. If I had, the page would throw an exception. If the password is null or too short, I add an error.

Next I make sure the accessLevel is a valid number, in this case 0, 100 or 255. If not I create another error. Following this, I do a series of queries against the user table to verify that the userDisplayname, userUsername and userEmail are not already in use. In each case I add a different error.

After all the error checking, I see if the errors arraylist has a count of 0 (meaning no errors were added) and if so I insert the new user. Once more I use RecordsAffected to make sure the insert worked. There's no reason it shouldn't, of course. If it did succeed, I put a success message into the errors arraylist (because it was convenient) and then wipe out the userUsername, userDisplayname and userEmail fields. By wiping out those three fields, when the add user form is displayed again, it's immediately ready for another new user to be added. That could be very nice if you're trying to add a bunch of users at once.

So how do we spit out the contents of that errors Arraylist?

This is in our form in place of the error string from before. Basically I use the foreach loop to loop through every arraylist item. I've initialized a string variable called error in the loop. Every time the loop executes, the current item in errors gets assigned to the string error. I then spit it out into the form. In most cases this will only be a single error, but it could be any number. This is the advantage of using arraylist and similar variable types.

With this our user management is basically complete. If you wanted to, you could add the ability to selectively reset passwords. However, the basic elements are all in place. We can create, edit and delete users. Following are all the files.

Files To This Point

Next we hit the final portion of our blog, the ability for users and anonymous people to comment.