ge-aerospace/shopdb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add USB checkout system and SSO profile page

Browse Source 
New Features:
- USB Device checkout/check-in system with barcode scanning
  - displayusb.asp: List all USB devices with status
  - addusb.asp: Add new USB devices via barcode scan
  - checkout_usb.asp/savecheckout_usb.asp: Check out USB to SSO
  - checkin_usb.asp/savecheckin_usb.asp: Check in with wipe confirmation
  - usb_history.asp: Full checkout history with filters
  - api_usb.asp: JSON API for AJAX lookups
- displayprofile.asp: SSO profile page showing user info and USB history
- Date/time format changed to 12-hour (MM/DD/YYYY h:mm AM/PM)
- SSO links in USB history now link to profile page via search

Database:
- New machinetypeid 44 for USB devices
- New usb_checkouts table for tracking checkouts

Cleanup:
- Removed v2 folder (duplicate/old files)
- Removed old debug/test files
- Removed completed migration documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
cproudlock
2025-12-07 11:16:14 -05:00
parent c7834d4b99
commit 65b622c361
1061 changed files with 19034 additions and 213120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
displaypc.asp
View File

@@ -27,8 +27,9 @@
' NOTE: This handles both database ID and machine number for flexibility
'=============================================================================
Dim machineid, machinenumber, paramValue
' Note: Using machineid variable but accepting pcid parameter for PC pages
machineid = GetSafeInteger("QS", "pcid", 0, 1, 999999)
' Accept both machineid and pcid parameters for backwards compatibility
machineid = GetSafeInteger("QS", "machineid", 0, 1, 999999)
If machineid = 0 Then machineid = GetSafeInteger("QS", "pcid", 0, 1, 999999)
' If machineid not provided, try machinenumber parameter
IF machineid = 0 THEN
@@ -81,10 +82,11 @@
strSQL = "SELECT machines.machineid, machines.machinenumber, machines.alias, machines.hostname, " & _
"machines.serialnumber, machines.machinenotes, machines.mapleft, machines.maptop, " & _
"machines.modelnumberid, machines.businessunitid, machines.printerid, machines.pctypeid, " & _
"machines.loggedinuser, machines.osid, machines.machinestatusid, " & _
"machines.loggedinuser, machines.osid, machines.machinestatusid, machines.isvnc, machines.iswinrm, " & _
"machines.controllertypeid, machines.controllerosid, machines.requires_manual_machine_config, " & _
"machines.lastupdated, " & _
"machinetypes.machinetype, machinetypes.machinetypeid, " & _
"machinestatus.machinestatus, " & _
"models.modelnumber, models.image, models.modelnumberid, " & _
"businessunits.businessunit, businessunits.businessunitid, " & _
"functionalaccounts.functionalaccount, functionalaccounts.functionalaccountid, " & _
@@ -94,11 +96,12 @@
"FROM machines " & _
"INNER JOIN models ON machines.modelnumberid = models.modelnumberid " & _
"LEFT JOIN machinetypes ON models.machinetypeid = machinetypes.machinetypeid " & _
"LEFT JOIN machinestatus ON machines.machinestatusid = machinestatus.machinestatusid " & _
"INNER JOIN businessunits ON machines.businessunitid = businessunits.businessunitid " & _
"LEFT JOIN functionalaccounts ON machinetypes.functionalaccountid = functionalaccounts.functionalaccountid " & _
"INNER JOIN vendors ON models.vendorid = vendors.vendorid " & _
"LEFT JOIN printers ON machines.printerid = printers.printerid " & _
"WHERE machines.machineid = " & CLng(machineid) & " AND machines.pctypeid IS NOT NULL"
"WHERE machines.machineid = " & CLng(machineid) & " AND machines.machinetypeid IN (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)"
Set rs = objConn.Execute(strSQL)
@@ -197,7 +200,7 @@
<a href="javascript:void();" data-target="#applications" data-toggle="pill" class="nav-link"><i class="zmdi zmdi-apps"></i> <span class="hidden-xs">Applications</span></a>
</li>
<li class="nav-item">
<a href="./editpc.asp?pcid=<%=Server.HTMLEncode(machineid)%>" class="nav-link" style="background: linear-gradient(45deg, #667eea 0%, #764ba2 100%); color: white;"><i class="zmdi zmdi-edit"></i> <span class="hidden-xs">Edit PC</span></a>
<a href="./editpc.asp?machineid=<%=Server.HTMLEncode(machineid)%>" class="nav-link" style="background: linear-gradient(45deg, #667eea 0%, #764ba2 100%); color: white;"><i class="zmdi zmdi-edit"></i> <span class="hidden-xs">Edit PC</span></a>
</li>
</ul>
<div class="tab-content p-3">
@@ -205,6 +208,9 @@
<h5 class="mb-3">Configuration</h5>
<div class="row">
<div class="col-md-3">
<p class="mb-2"><strong>Serial Number:</strong></p>
<p class="mb-2"><strong>Hostname:</strong></p>
<p class="mb-2"><strong>Status:</strong></p>
<p class="mb-2"><strong>Location:</strong></p>
<p class="mb-2"><strong>Vendor:</strong></p>
<p class="mb-2"><strong>Model:</strong></p>
@@ -212,7 +218,8 @@
<p class="mb-2"><strong>BU:</strong></p>
<p class="mb-2"><strong>IP Address:</strong></p>
<p class="mb-2"><strong>MAC Address:</strong></p>
<p class="mb-2"><strong>Controlling PC:</strong></p>
<p class="mb-2"><strong>VNC:</strong></p>
<p class="mb-2"><strong>Controlled Equipment:</strong></p>
<p class="mb-2"><strong>Printer:</strong></p>
<p>
@@ -220,9 +227,18 @@
</div>
<div class="col-md-5">
<%
Dim machineNumVal, vendorValM, modelValM, machineTypeVal, buVal
Dim machineNumVal, vendorValM, modelValM, machineTypeVal, buVal, serialNumVal, hostnameVal, statusVal
' Get values and default to N/A if empty
serialNumVal = rs("serialnumber") & ""
If serialNumVal = "" Then serialNumVal = "N/A"
hostnameVal = rs("hostname") & ""
If hostnameVal = "" Then hostnameVal = "N/A"
statusVal = rs("machinestatus") & ""
If statusVal = "" Then statusVal = "N/A"
machineNumVal = rs("machinenumber") & ""
If machineNumVal = "" Then machineNumVal = "N/A"
@@ -238,6 +254,9 @@ If machineTypeVal = "" Then machineTypeVal = "N/A"
buVal = rs("businessunit") & ""
If buVal = "" Then buVal = "N/A"
%>
<p class="mb-2"><%=Server.HTMLEncode(serialNumVal)%></p>
<p class="mb-2"><%=Server.HTMLEncode(hostnameVal)%></p>
<p class="mb-2"><%=Server.HTMLEncode(statusVal)%></p>
<p class="mb-2">
<%
If machineNumVal <> "N/A" Then
@@ -305,24 +324,78 @@ Else
Response.Write("<p class='mb-2'><span class='text-muted'>N/A</span></p>")
End If
' Get controlling PC from relationships
Dim rsControlPC, strControlPCSQL, controlPCHostname, controlPCID
strControlPCSQL = "SELECT m.machineid, m.hostname, m.machinenumber FROM machinerelationships mr " & _
"JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _
"JOIN machines m ON mr.machineid = m.machineid " & _
"WHERE mr.related_machineid = ? AND rt.relationshiptype = 'Controls' AND mr.isactive = 1 LIMIT 1"
Set rsControlPC = ExecuteParameterizedQuery(objConn, strControlPCSQL, Array(machineid))
' Display VNC status and link
Dim hasVncEnabled, vncHostname
hasVncEnabled = False
If Not IsNull(rs("isvnc")) Then
If rs("isvnc") = True Or rs("isvnc") = 1 Or rs("isvnc") = -1 Then
hasVncEnabled = True
End If
End If
If Not rsControlPC.EOF Then
controlPCHostname = rsControlPC("hostname") & ""
controlPCID = rsControlPC("machineid")
If controlPCHostname = "" Then controlPCHostname = rsControlPC("machinenumber") & ""
Response.Write("<p class='mb-2'><a href='./displaymachine.asp?machineid=" & controlPCID & "'>" & Server.HTMLEncode(controlPCHostname) & "</a></p>")
' Check WinRM status
Dim hasWinRMEnabled
hasWinRMEnabled = False
If Not IsNull(rs("iswinrm")) Then
If rs("iswinrm") = True Or rs("iswinrm") = 1 Or rs("iswinrm") = -1 Then
hasWinRMEnabled = True
End If
End If
' Use hostname with FQDN for VNC connection
vncHostname = ""
If hostnameVal <> "N/A" And hostnameVal <> "" Then
vncHostname = hostnameVal & ".logon.ds.ge.com"
End If
If hasVncEnabled And vncHostname <> "" Then
Response.Write("<p class='mb-2'><a href='vnc://" & Server.HTMLEncode(vncHostname) & "' title='Connect via VNC'>" & Server.HTMLEncode(vncHostname) & "</a></p>")
ElseIf hasVncEnabled Then
Response.Write("<p class='mb-2'><span class='text-muted'>VNC Enabled (No hostname)</span></p>")
Else
Response.Write("<p class='mb-2'><span class='text-muted'>VNC: N/A</span></p>")
End If
' Display WinRM status
If hasWinRMEnabled Then
Response.Write("<p class='mb-2'><span class='badge badge-success'>WinRM Enabled</span></p>")
Else
Response.Write("<p class='mb-2'><span class='badge badge-secondary'>WinRM: N/A</span></p>")
End If
' Get controlled equipment from relationships - check both directions
' Direction 1: This PC (machineid) controls equipment (related_machineid)
' Direction 2: Equipment (machineid) is controlled by this PC (related_machineid)
Dim rsControlledEquip, strControlledEquipSQL, controlledEquipName, controlledEquipID
' First check: This PC controls equipment (standard direction)
strControlledEquipSQL = "SELECT m.machineid, m.machinenumber FROM machinerelationships mr " & _
"JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _
"JOIN machines m ON mr.related_machineid = m.machineid " & _
"WHERE mr.machineid = ? AND rt.relationshiptype = 'Controls' AND mr.isactive = 1 " & _
"AND m.machinetypeid < 33 LIMIT 1"
Set rsControlledEquip = ExecuteParameterizedQuery(objConn, strControlledEquipSQL, Array(machineid))
If rsControlledEquip.EOF Then
rsControlledEquip.Close
' Second check: Equipment has relationship to this PC (reverse direction)
strControlledEquipSQL = "SELECT m.machineid, m.machinenumber FROM machinerelationships mr " & _
"JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _
"JOIN machines m ON mr.machineid = m.machineid " & _
"WHERE mr.related_machineid = ? AND rt.relationshiptype = 'Controls' AND mr.isactive = 1 " & _
"AND m.machinetypeid < 33 LIMIT 1"
Set rsControlledEquip = ExecuteParameterizedQuery(objConn, strControlledEquipSQL, Array(machineid))
End If
If Not rsControlledEquip.EOF Then
controlledEquipName = rsControlledEquip("machinenumber") & ""
controlledEquipID = rsControlledEquip("machineid")
Response.Write("<p class='mb-2'><a href='./displaymachine.asp?machineid=" & controlledEquipID & "'>" & Server.HTMLEncode(controlledEquipName) & "</a></p>")
Else
Response.Write("<p class='mb-2'><span class='text-muted'>N/A</span></p>")
End If
rsControlPC.Close
Set rsControlPC = Nothing
rsControlledEquip.Close
Set rsControlledEquip = Nothing
' SECURITY: HTML encode printer data to prevent XSS
' Printer data - check if exists (LEFT JOIN may return NULL)
@@ -421,25 +494,17 @@ End If
</thead>
<tbody>
<%
' Query machines that THIS PC controls (including dualpath partners)
' UNION: directly controlled machines + dualpath partners of controlled machines
' Query machines that THIS PC controls
' Check both directions - the equipment is identified by machinetypeid NOT IN (33-43)
strSQL2 = "SELECT m.machineid, m.machinenumber, mt.machinetype, mo.modelnumber, 'Controls' as relationshiptype " & _
"FROM machinerelationships mr " & _
"JOIN machines m ON mr.machineid = m.machineid " & _
"JOIN machines m ON (mr.machineid = m.machineid OR mr.related_machineid = m.machineid) " & _
"LEFT JOIN models mo ON m.modelnumberid = mo.modelnumberid " & _
"LEFT JOIN machinetypes mt ON mo.machinetypeid = mt.machinetypeid " & _
"WHERE mr.related_machineid = ? AND mr.relationshiptypeid = 3 AND mr.isactive = 1 " & _
"UNION " & _
"SELECT m.machineid, m.machinenumber, mt.machinetype, mo.modelnumber, 'Controls (Dualpath)' as relationshiptype " & _
"FROM machinerelationships mr_control " & _
"JOIN machinerelationships mr_dual ON mr_control.machineid = mr_dual.machineid " & _
"JOIN machines m ON mr_dual.related_machineid = m.machineid " & _
"LEFT JOIN models mo ON m.modelnumberid = mo.modelnumberid " & _
"LEFT JOIN machinetypes mt ON mo.machinetypeid = mt.machinetypeid " & _
"WHERE mr_control.related_machineid = ? AND mr_control.relationshiptypeid = 3 " & _
" AND mr_dual.relationshiptypeid = 1 AND mr_control.isactive = 1 AND mr_dual.isactive = 1 " & _
"WHERE (mr.machineid = ? OR mr.related_machineid = ?) AND mr.relationshiptypeid = 3 " & _
" AND m.machinetypeid NOT IN (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43) AND m.machineid <> ? AND mr.isactive = 1 " & _
"ORDER BY machinenumber"
Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid, machineid))
Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid, machineid, machineid))
If rs2.EOF Then
Response.Write("<tr><td colspan='4' class='text-muted text-center'>This PC does not control any machines</td></tr>")
@@ -605,10 +670,18 @@ End If
'=============================================================================
' SECURITY: Use parameterized query for installed applications
'=============================================================================
strSQL2 = "SELECT * FROM installedapps, applications WHERE installedapps.appid = applications.appid AND installedapps.isactive = 1 AND installedapps.machineid = ? ORDER BY appname ASC"
Dim appDisplay, appVer, appId
strSQL2 = "SELECT a.appid, a.appname, av.version FROM installedapps ia " & _
"JOIN applications a ON ia.appid = a.appid " & _
"LEFT JOIN appversions av ON ia.appversionid = av.appversionid " & _
"WHERE ia.isactive = 1 AND ia.machineid = ? ORDER BY a.appname ASC"
Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid))
Do While Not rs2.EOF
Response.Write("<tr><td><span class='float-left font-weight-bold'>" & Server.HTMLEncode(rs2("appname") & "") & "</span></td></tr>")
appId = rs2("appid")
appDisplay = Server.HTMLEncode(rs2("appname") & "")
appVer = rs2("version") & ""
If appVer <> "" Then appDisplay = appDisplay & " <span class='text-muted'>v" & Server.HTMLEncode(appVer) & "</span>"
Response.Write("<tr><td><a href='./displayapplication.asp?appid=" & appId & "' class='float-left font-weight-bold'>" & appDisplay & "</a></td></tr>")
rs2.MoveNext
Loop
rs2.Close