<% '============================================================================= ' FILE: displaypc.asp ' PURPOSE: Display detailed PC information with edit capability ' SECURITY: Parameterized queries, HTML encoding, input validation ' UPDATED: 2025-10-27 - Migrated to secure patterns '============================================================================= theme = Request.Cookies("theme") IF theme = "" THEN theme="bg-theme1" END IF ' SECURITY: Validate PC ID input Dim pcid pcid = GetSafeInteger("QS", "pcid", 0, 1, 999999) IF pcid = 0 THEN objConn.Close Response.Redirect("displaypcs.asp") Response.End END IF ' SECURITY: Use parameterized query Dim strSQL, rs strSQL = "SELECT pc.*,vendors.*,models.*,pc_network_interfaces.*,machines.machineid,machines.machinenumber as machine_number,machines.alias,machine_models.machinetypeid,machinetypes.machinetype,machines.businessunitid,businessunits.businessunit,machines.printerid,printers.printerwindowsname,pctype.typename,functionalaccounts.functionalaccount,functionalaccounts.description as functionalaccount_description " & _ "FROM pc " & _ "LEFT JOIN models ON pc.modelnumberid=models.modelnumberid " & _ "LEFT JOIN vendors ON models.vendorid=vendors.vendorid " & _ "LEFT JOIN pc_network_interfaces ON pc_network_interfaces.pcid=pc.pcid " & _ "LEFT JOIN machines ON pc.machinenumber = machines.machinenumber " & _ "LEFT JOIN models AS machine_models ON machines.modelnumberid = machine_models.modelnumberid " & _ "LEFT JOIN machinetypes ON machine_models.machinetypeid = machinetypes.machinetypeid " & _ "LEFT JOIN businessunits ON machines.businessunitid = businessunits.businessunitid " & _ "LEFT JOIN printers ON machines.printerid = printers.printerid " & _ "LEFT JOIN pctype ON pc.pctypeid = pctype.pctypeid " & _ "LEFT JOIN functionalaccounts ON pctype.functionalaccountid = functionalaccounts.functionalaccountid " & _ "WHERE pc.isactive=1 AND pc.pcid=?" Set rs = ExecuteParameterizedQuery(objConn, strSQL, Array(pcid)) ' Check if PC exists IF rs.EOF THEN Call CleanupResources() Response.Redirect("displaypcs.asp") Response.End END IF ' Get machine ID if it exists Dim machineid IF NOT rs.EOF THEN IF NOT IsNull(rs("machineid")) THEN machineid = CLng(rs("machineid")) ELSE machineid = 0 END IF END IF %>
" alt="Card image cap">
" alt="profile-image" class="profile">
<%=Server.HTMLEncode(rs("vendor") & "")%>
Configuration

Vendor:

Model:

Serial:

Hostname:

Location:

IP:

Functional Account:

<% Dim vendorValPC, modelValPC, serialValPC, hostnameValPC, ipValPC ' Get values and default to N/A if empty vendorValPC = rs("vendor") & "" If vendorValPC = "" Then vendorValPC = "N/A" modelValPC = rs("modelnumber") & "" If modelValPC = "" Then modelValPC = "N/A" serialValPC = rs("serialnumber") & "" If serialValPC = "" Then serialValPC = "N/A" hostnameValPC = rs("hostname") & "" If hostnameValPC = "" Then hostnameValPC = "N/A" ipValPC = rs("ipaddress") & "" If ipValPC = "" Then ipValPC = "N/A" %>

<%=Server.HTMLEncode(vendorValPC)%>

<%=Server.HTMLEncode(modelValPC)%>

<%=Server.HTMLEncode(serialValPC)%>

<% If hostnameValPC <> "N/A" And ipValPC <> "N/A" Then Response.Write("" & Server.HTMLEncode(hostnameValPC) & "") Else Response.Write(Server.HTMLEncode(hostnameValPC)) End If %>

<% IF machineid > 0 THEN Dim locationDisplay ' Use alias if available, otherwise machine_number IF NOT IsNull(rs("alias")) AND rs("alias") <> "" THEN locationDisplay = Server.HTMLEncode(rs("alias") & "") ELSE locationDisplay = Server.HTMLEncode(rs("machine_number") & "") END IF Response.Write("" & locationDisplay & "") ELSE Response.Write("Not assigned") END IF %>

<% IF NOT IsNull(rs("ipaddress")) AND rs("ipaddress") <> "" THEN Response.Write(Server.HTMLEncode(rs("ipaddress") & "")) ELSE Response.Write("N/A") END IF %>

<% IF NOT IsNull(rs("functionalaccount")) AND rs("functionalaccount") <> "" THEN Dim accountDisplay, descDisplay, extractedAccount Dim pcTypeName pcTypeName = "" IF NOT IsNull(rs("typename")) THEN pcTypeName = UCase(Trim(rs("typename") & "")) END IF ' Check if loggedinuser exists and should be used Dim useLoggedInUser useLoggedInUser = False IF NOT IsNull(rs("LoggedInUser")) AND rs("LoggedInUser") <> "" THEN ' Use loggedinuser for Standard, Engineer, or TBD types IF pcTypeName = "STANDARD" OR pcTypeName = "ENGINEER" OR rs("functionalaccount") = "TBD" OR rs("functionalaccount") = "1" THEN useLoggedInUser = True END IF END IF IF useLoggedInUser THEN accountDisplay = Server.HTMLEncode(rs("LoggedInUser") & "") ' Try to extract the account number from loggedinuser (format: lg[account]sd) Dim loggedUser loggedUser = rs("LoggedInUser") & "" IF Left(loggedUser, 2) = "lg" AND Right(loggedUser, 2) = "sd" AND Len(loggedUser) > 4 THEN extractedAccount = Mid(loggedUser, 3, Len(loggedUser) - 4) ELSE extractedAccount = "" END IF ELSE accountDisplay = Server.HTMLEncode("lg" & rs("functionalaccount") & "sd") extractedAccount = "" END IF ' Determine what description to show Dim descField descField = "" ' If showing plain SSO (not lg[account]sd format), label it as "SSO" IF useLoggedInUser AND extractedAccount = "" THEN descField = "SSO" ' If we extracted an account from loggedinuser, look up its description ELSEIF extractedAccount <> "" THEN ' SECURITY: Use parameterized query for functional account lookup Dim rsDesc, sqlDesc sqlDesc = "SELECT description FROM functionalaccounts WHERE functionalaccount = ? AND isactive = 1" Set rsDesc = ExecuteParameterizedQuery(objConn, sqlDesc, Array(extractedAccount)) IF NOT rsDesc.EOF THEN IF NOT IsNull(rsDesc("description")) AND rsDesc("description") <> "" THEN descField = Server.HTMLEncode(rsDesc("description") & "") END IF END IF rsDesc.Close Set rsDesc = Nothing ' Otherwise use functional account description from the query ELSE On Error Resume Next descField = Server.HTMLEncode(rs("functionalaccount_description") & "") If descField = "" Then descField = Server.HTMLEncode(rs("description") & "") End If On Error Goto 0 END IF IF descField <> "" AND NOT IsNull(descField) THEN descDisplay = " - " & descField ELSE descDisplay = "" END IF Response.Write(accountDisplay & descDisplay) ELSE Response.Write("N/A") END IF %>

Warranty Information

Status:

End Date:

Days Remaining:

Service Level:

Last Checked:

<% Dim warrantyStatus, warrantyEndDate, warrantyDaysRemaining, warrantyServiceLevel, warrantyLastChecked Dim warrantyStatusClass, warrantyBadge warrantyStatus = rs("warrantystatus") & "" warrantyEndDate = rs("warrantyenddate") & "" warrantyDaysRemaining = rs("warrantydaysremaining") warrantyServiceLevel = rs("warrantyservicelevel") & "" warrantyLastChecked = rs("warrantylastchecked") & "" ' Determine warranty status badge If IsNull(rs("warrantystatus")) Or warrantyStatus = "" Then warrantyBadge = "Unknown" ElseIf LCase(warrantyStatus) = "active" Then If Not IsNull(warrantyDaysRemaining) And IsNumeric(warrantyDaysRemaining) Then If warrantyDaysRemaining < 30 Then warrantyBadge = "Expiring Soon" Else warrantyBadge = "Active" End If Else warrantyBadge = "Active" End If ElseIf LCase(warrantyStatus) = "expired" Then warrantyBadge = "Expired" Else warrantyBadge = "" & Server.HTMLEncode(warrantyStatus) & "" End If %>

<%=warrantyBadge%>

<% If Not IsNull(rs("warrantyenddate")) And warrantyEndDate <> "" And warrantyEndDate <> "0000-00-00" Then Response.Write(Server.HTMLEncode(warrantyEndDate)) Else Response.Write("Not available") End If %>

<% If Not IsNull(warrantyDaysRemaining) And IsNumeric(warrantyDaysRemaining) Then If warrantyDaysRemaining < 0 Then Response.Write("" & Abs(warrantyDaysRemaining) & " days overdue") ElseIf warrantyDaysRemaining < 30 Then Response.Write("" & warrantyDaysRemaining & " days") Else Response.Write(warrantyDaysRemaining & " days") End If Else Response.Write("Not available") End If %>

<% If Not IsNull(rs("warrantyservicelevel")) And warrantyServiceLevel <> "" Then Response.Write(Server.HTMLEncode(warrantyServiceLevel)) Else Response.Write("Not available") End If %>

<% If Not IsNull(rs("warrantylastchecked")) And warrantyLastChecked <> "" Then Response.Write(Server.HTMLEncode(warrantyLastChecked)) Else Response.Write("Never checked") End If %>

Equipment Controlled by This PC
<% IF machineid > 0 THEN ' Query equipment controlled by this PC strSQL2 = "SELECT m.machineid, m.machinenumber, m.alias, mt.machinetype, v.vendor, mo.modelnumber " & _ "FROM machinerelationships mr " & _ "JOIN relationshiptypes rt ON mr.relationshiptypeid = rt.relationshiptypeid " & _ "JOIN machines m ON mr.related_machineid = m.machineid " & _ "LEFT JOIN models mo ON m.modelnumberid = mo.modelnumberid " & _ "LEFT JOIN vendors v ON mo.vendorid = v.vendorid " & _ "LEFT JOIN machinetypes mt ON mo.machinetypeid = mt.machinetypeid " & _ "WHERE mr.machineid = ? AND rt.relationshiptype = 'Controls' AND mr.isactive = 1" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) If rs2.EOF Then Response.Write("") Else Do While Not rs2.EOF Dim equipMachineNum, equipType, equipVendor, equipModel, equipLocation, equipMachineID equipMachineNum = rs2("machinenumber") & "" equipType = rs2("machinetype") & "" equipVendor = rs2("vendor") & "" equipModel = rs2("modelnumber") & "" equipLocation = rs2("alias") & "" equipMachineID = rs2("machineid") If equipType = "" Then equipType = "N/A" If equipVendor = "" Then equipVendor = "N/A" If equipModel = "" Then equipModel = "N/A" If equipLocation = "" Then equipLocation = equipMachineNum Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") Response.Write("") rs2.MoveNext Loop End If rs2.Close Set rs2 = Nothing ELSE Response.Write("") END IF %>
Machine Number Equipment Type Vendor Model Location
This PC does not control any equipment
" & Server.HTMLEncode(equipMachineNum) & "" & equipType & "" & equipVendor & "" & equipModel & "" & Server.HTMLEncode(equipLocation) & "
No machine assigned to this PC
<% IF machineid > 0 THEN ' SECURITY: Use parameterized query for installed apps Dim strSQL2, rs2 strSQL2 = "SELECT * FROM installedapps,applications WHERE installedapps.appid=applications.appid AND installedapps.isactive=1 AND installedapps.machineid=? ORDER BY appname ASC" Set rs2 = ExecuteParameterizedQuery(objConn, strSQL2, Array(machineid)) while not rs2.eof Response.Write("") rs2.movenext wend rs2.Close Set rs2 = Nothing ELSE Response.Write("") END IF %>
" & Server.HTMLEncode(rs2("appname") & "") & "
No machine assigned - cannot display installed applications
<% '============================================================================= ' CLEANUP '============================================================================= objConn.Close %>