<%
'=============================================================================
' FILE: savenotificationdirect.asp
' PURPOSE: Create new notification
' SECURITY: Parameterized queries, HTML encoding, input validation
' UPDATED: 2025-10-27 - Migrated to secure patterns
'=============================================================================
%>
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/response.asp"-->
<%
On Error Resume Next

' Get form inputs
Dim notification, ticketnumber, starttime, endtime, isactive, isshopfloor, notificationtypeid, businessunitid, appid, employeesso
notification = Trim(Request.Form("notification"))
ticketnumber = Trim(Request.Form("ticketnumber"))
starttime = Trim(Request.Form("starttime"))
endtime = Trim(Request.Form("endtime"))
notificationtypeid = Trim(Request.Form("notificationtypeid"))
businessunitid = Trim(Request.Form("businessunitid"))
appid = Trim(Request.Form("appid"))
employeesso = Trim(Request.Form("employeesso"))

' Recognition type ID
Const RECOGNITION_TYPE_ID = 5

' Checkboxes - ensure they are always integers 0 or 1
If Request.Form("isactive") = "1" Then
    isactive = 1
Else
    isactive = 0
End If

If Request.Form("isshopfloor") = "1" Then
    isshopfloor = 1
Else
    isshopfloor = 0
End If

' Default to TBD if no type selected
If notificationtypeid = "" Or Not IsNumeric(notificationtypeid) Then
	notificationtypeid = "1"
End If

' Check for errors so far
If Err.Number <> 0 Then
	objConn.Close
	ShowError "Error during initialization: " & Err.Description, "addnotification.asp"
	Response.End
End If

' Handle Recognition type - auto-set times and require employeesso
Dim isRecognition
isRecognition = (CLng(notificationtypeid) = RECOGNITION_TYPE_ID)

If isRecognition Then
	' Validate that employeesso is provided for Recognition (can be SSO or NAME:customname)
	If Len(employeesso) = 0 Then
		objConn.Close
		ShowError "At least one employee must be selected for Recognition notifications.", "addnotification.asp"
		Response.End
	End If

	' Auto-set starttime to NOW
	starttime = Year(Now) & "-" & Right("0" & Month(Now), 2) & "-" & Right("0" & Day(Now), 2) & " " & _
	            Right("0" & Hour(Now), 2) & ":" & Right("0" & Minute(Now), 2) & ":00"

	' Auto-set endtime to 4AM next day
	Dim nextDay
	nextDay = DateAdd("d", 1, Date)
	endtime = Year(nextDay) & "-" & Right("0" & Month(nextDay), 2) & "-" & Right("0" & Day(nextDay), 2) & " 04:00:00"

	' Auto-enable shopfloor display for Recognition
	isshopfloor = 1
End If

' Check for errors after Recognition handling
If Err.Number <> 0 Then
	objConn.Close
	ShowError "Error during Recognition setup: " & Err.Description, "addnotification.asp"
	Response.End
End If

' Validate required fields (endtime is now optional, starttime not required for Recognition)
If Len(notification) = 0 Then
	objConn.Close
	ShowError "Notification message is required.", "addnotification.asp"
	Response.End
End If

If Not isRecognition And Len(starttime) = 0 Then
	objConn.Close
	ShowError "Start time is required.", "addnotification.asp"
	Response.End
End If

If Len(notification) > 500 Or Len(ticketnumber) > 50 Then
	objConn.Close
	ShowError "Field length exceeded.", "addnotification.asp"
	Response.End
End If

' Convert datetime format for starttime (skip if already formatted for Recognition)
If InStr(starttime, "T") > 0 Then
	starttime = Replace(starttime, "T", " ") & ":00"
End If

' Handle optional endtime - leave as NULL if blank (indefinite)
Dim endtimeValue, businessunitValue
If Len(endtime) = 0 Then
	' No end date - store as NULL for indefinite notifications
	endtimeValue = Null
Else
	' End date specified - convert format (only add :00 if from datetime-local input with T)
	If InStr(endtime, "T") > 0 Then
		endtime = Replace(endtime, "T", " ") & ":00"
	End If
	endtimeValue = endtime
End If

' Handle optional businessunitid - NULL means applies to all business units
If businessunitid = "" Or Not IsNumeric(businessunitid) Then
	businessunitValue = Null
Else
	businessunitValue = CLng(businessunitid)
End If

' Handle optional appid - NULL means not linked to an application
Dim appidValue
If appid = "" Or Not IsNumeric(appid) Then
	appidValue = Null
Else
	appidValue = CLng(appid)
End If

' Handle optional employeesso - can be SSO or NAME:customname
Dim employeessoValue
If Len(employeesso) = 0 Then
	employeessoValue = Null
Else
	employeessoValue = employeesso
End If

' INSERT using parameterized query
On Error Resume Next
Dim strSQL, cmdInsert
strSQL = "INSERT INTO notifications (notificationtypeid, businessunitid, appid, notification, ticketnumber, starttime, endtime, isactive, isshopfloor, employeesso) " & _
         "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
Set cmdInsert = Server.CreateObject("ADODB.Command")
If Err.Number <> 0 Then
	objConn.Close
	ShowError "Error creating command: " & Err.Description, "addnotification.asp"
	Response.End
End If
cmdInsert.ActiveConnection = objConn
cmdInsert.CommandText = strSQL
cmdInsert.CommandType = 1
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@notificationtypeid", 3, 1, , CLng(notificationtypeid))
If IsNull(businessunitValue) Then
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@businessunitid", 3, 1, , Null)
Else
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@businessunitid", 3, 1, , businessunitValue)
End If
If IsNull(appidValue) Then
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@appid", 2, 1, , Null)
Else
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@appid", 2, 1, , appidValue)
End If
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@notification", 200, 1, 500, notification)
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ticketnumber", 200, 1, 50, ticketnumber)
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@starttime", 135, 1, , starttime)
If IsNull(endtimeValue) Then
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@endtime", 135, 1, , Null)
Else
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@endtime", 135, 1, , endtimeValue)
End If
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@isactive", 11, 1, , CBool(isactive))
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@isshopfloor", 11, 1, , CBool(isshopfloor))
If IsNull(employeessoValue) Then
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@employeesso", 200, 1, 100, Null)
Else
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@employeesso", 200, 1, 100, employeessoValue)
End If

' Check for parameter errors
If Err.Number <> 0 Then
	objConn.Close
	ShowError "Error building parameters: " & Err.Description, "addnotification.asp"
	Response.End
End If

cmdInsert.Execute

If Err.Number = 0 Then
	Set cmdInsert = Nothing
	objConn.Close
	ShowSuccess "Notification created successfully.", "displaynotifications.asp", "notifications"
Else
	Dim insertErr
	insertErr = Err.Description
	Set cmdInsert = Nothing
	objConn.Close
	ShowError "Error: " & Server.HTMLEncode(insertErr), "addnotification.asp"
End If
%>