<% '============================================================================= ' FILE: displaysubnet.asp ' PURPOSE: Display detailed subnet information with edit capability ' SECURITY: Parameterized queries, HTML encoding, input validation ' UPDATED: 2025-12-29 - Migrated to match displaypc.asp style '============================================================================= %> <% theme = Request.Cookies("theme") IF theme = "" THEN theme = "bg-theme1" END IF '============================================================================= ' SMART REDIRECT: Check if search param is a printer or PC IP address '============================================================================= Dim search search = Trim(Request.QueryString("search") & "") IF search <> "" THEN ' Check if this IP belongs to a printer Dim rsPrinterCheck, strPrinterSQL strPrinterSQL = "SELECT printerid FROM printers WHERE ipaddress = ?" Set rsPrinterCheck = ExecuteParameterizedQuery(objConn, strPrinterSQL, Array(search)) IF NOT rsPrinterCheck.EOF THEN Dim printerRedirectId printerRedirectId = rsPrinterCheck("printerid") rsPrinterCheck.Close Set rsPrinterCheck = Nothing objConn.Close Response.Redirect("./displayprinter.asp?printerid=" & printerRedirectId) Response.End END IF rsPrinterCheck.Close Set rsPrinterCheck = Nothing ' Check if this IP belongs to a PC (Phase 2: uses communications table) Dim rsPCCheck, strPCSQL strPCSQL = "SELECT m.machineid FROM machines m " & _ "INNER JOIN communications c ON m.machineid = c.machineid " & _ "WHERE c.address = ? AND m.pctypeid IS NOT NULL AND c.isactive = 1" Set rsPCCheck = ExecuteParameterizedQuery(objConn, strPCSQL, Array(search)) IF NOT rsPCCheck.EOF THEN Dim pcRedirectId pcRedirectId = rsPCCheck("machineid") rsPCCheck.Close Set rsPCCheck = Nothing objConn.Close Response.Redirect("./displaypc.asp?machineid=" & pcRedirectId) Response.End END IF rsPCCheck.Close Set rsPCCheck = Nothing END IF '============================================================================= ' SECURITY: Validate subnet ID input '============================================================================= Dim subnetid subnetid = GetSafeInteger("QS", "subnetid", 0, 1, 999999) IF subnetid = 0 THEN objConn.Close Response.Redirect("displaysubnets.asp") Response.End END IF '============================================================================= ' SECURITY: Use parameterized query to prevent SQL injection '============================================================================= Dim strSQL, rs strSQL = "SELECT subnets.*, subnettypes.subnettype, " & _ "INET_NTOA(subnets.ipstart) AS subnetstart, " & _ "INET_NTOA(subnets.ipend) AS subnetend " & _ "FROM subnets " & _ "LEFT JOIN subnettypes ON subnets.subnettypeid = subnettypes.subnettypeid " & _ "WHERE subnets.isactive = 1 AND subnets.subnetid = ?" Set rs = ExecuteParameterizedQuery(objConn, strSQL, Array(subnetid)) ' Check if subnet exists IF rs.EOF THEN objConn.Close Response.Redirect("displaysubnets.asp") Response.End END IF ' Store values for use in page Dim vlanVal, zoneVal, networkVal, networkEndVal, cidrVal, descVal, ipStartInt, ipEndInt vlanVal = rs("vlan") & "" zoneVal = rs("subnettype") & "" networkVal = rs("subnetstart") & "" networkEndVal = rs("subnetend") & "" cidrVal = rs("cidr") & "" descVal = rs("description") & "" ipStartInt = rs("ipstart") ipEndInt = rs("ipend") If vlanVal = "" Then vlanVal = "N/A" If zoneVal = "" Then zoneVal = "Unknown" If networkVal = "" Then networkVal = "N/A" If cidrVal = "" Then cidrVal = "" If descVal = "" Then descVal = "No description" ' Calculate usable IPs Dim usableIPs If IsNumeric(ipStartInt) And IsNumeric(ipEndInt) Then usableIPs = CLng(ipEndInt) - CLng(ipStartInt) Else usableIPs = 0 End If %>

Subnet Configuration

VLAN:

Zone:

Network:

CIDR:

IP Range:

Usable IPs:

Description:

<%=Server.HTMLEncode(vlanVal)%>

<%=Server.HTMLEncode(zoneVal)%>

<%=Server.HTMLEncode(networkVal)%>

<%=Server.HTMLEncode(cidrVal)%>

<%=Server.HTMLEncode(networkVal)%> - <%=Server.HTMLEncode(networkEndVal)%>

<%=Server.HTMLEncode(CStr(usableIPs))%>

<%=Server.HTMLEncode(descVal)%>

Devices on this Subnet

<% ' Get PCs on this subnet using machines/communications tables Dim strSQL2, rs2, deviceCount deviceCount = 0 ' Query for PCs (machines with pctypeid IS NOT NULL) strSQL2 = "SELECT m.machineid, m.hostname, c.address " & _ "FROM machines m " & _ "INNER JOIN communications c ON m.machineid = c.machineid AND c.isprimary = 1 " & _ "WHERE m.isactive = 1 AND m.pctypeid IS NOT NULL " & _ "AND INET_ATON(c.address) >= " & CLng(ipStartInt) & " " & _ "AND INET_ATON(c.address) <= " & CLng(ipEndInt) & " " & _ "ORDER BY INET_ATON(c.address)" Set rs2 = objConn.Execute(strSQL2) Do While Not rs2.EOF deviceCount = deviceCount + 1 Dim pcDeviceName, pcDeviceIP, pcDeviceId pcDeviceName = rs2("hostname") & "" pcDeviceIP = rs2("address") & "" pcDeviceId = rs2("machineid") If pcDeviceName = "" Then pcDeviceName = "Unknown" %> <% rs2.MoveNext Loop rs2.Close Set rs2 = Nothing ' Query for Printers Dim strSQL3, rs3 strSQL3 = "SELECT printerid, printerwindowsname, ipaddress " & _ "FROM printers " & _ "WHERE isactive = 1 " & _ "AND INET_ATON(ipaddress) >= " & CLng(ipStartInt) & " " & _ "AND INET_ATON(ipaddress) <= " & CLng(ipEndInt) & " " & _ "ORDER BY INET_ATON(ipaddress)" Set rs3 = objConn.Execute(strSQL3) Do While Not rs3.EOF deviceCount = deviceCount + 1 Dim prtName, prtIP, prtId prtName = rs3("printerwindowsname") & "" prtIP = rs3("ipaddress") & "" prtId = rs3("printerid") If prtName = "" Then prtName = "Unknown Printer" %> <% rs3.MoveNext Loop rs3.Close Set rs3 = Nothing If deviceCount = 0 Then %> <% End If %>

Type	Name	IP Address
PC	<%=Server.HTMLEncode(pcDeviceName)%>	<%=Server.HTMLEncode(pcDeviceIP)%>
Printer	<%=Server.HTMLEncode(prtName)%>	<%=Server.HTMLEncode(prtIP)%>
No devices found on this subnet

Total devices: <%=deviceCount%>

VLAN #:

" maxlength="10">

Zone:

Network:

CIDR:

Description:

" maxlength="255">

<% '============================================================================= ' CLEANUP '============================================================================= rs.Close Set rs = Nothing objConn.Close %>