<%
'=============================================================================
' FILE: savecheckinusb.asp
' PURPOSE: Process USB check-in request
' SECURITY: Parameterized queries, input validation
' CREATED: 2025-12-07
'=============================================================================
%>
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/response.asp"-->
<%
	' Get form values
	Dim checkoutid, waswiped, notes
	checkoutid = Trim(Request.Form("checkoutid"))
	waswiped = Trim(Request.Form("waswiped"))
	notes = Trim(Request.Form("notes"))

	' Validate checkoutid
	If checkoutid = "" Or Not IsNumeric(checkoutid) Then
		objConn.Close
		ShowError "Invalid checkout ID.", "checkinusb.asp"
		Response.End
	End If

	' Validate waswiped - must be checked (value = "1")
	Dim wipedValue
	If waswiped = "1" Then
		wipedValue = 1
	Else
		objConn.Close
		ShowError "You must confirm the USB has been wiped before check-in.", "checkinusb.asp"
		Response.End
	End If

	' Verify the checkout record exists and is still open
	Dim checkSQL, cmdCheck, rsCheck
	checkSQL = "SELECT uc.checkoutid, uc.machineid, uc.sso, m.serialnumber, m.alias " & _
	           "FROM usbcheckouts uc " & _
	           "JOIN machines m ON uc.machineid = m.machineid " & _
	           "WHERE uc.checkoutid = ? AND uc.checkin_time IS NULL"

	Set cmdCheck = Server.CreateObject("ADODB.Command")
	cmdCheck.ActiveConnection = objConn
	cmdCheck.CommandText = checkSQL
	cmdCheck.CommandType = 1
	cmdCheck.Parameters.Append cmdCheck.CreateParameter("@checkoutid", 3, 1, , CLng(checkoutid))

	Set rsCheck = cmdCheck.Execute

	If rsCheck.EOF Then
		rsCheck.Close
		Set rsCheck = Nothing
		Set cmdCheck = Nothing
		objConn.Close
		ShowError "Checkout record not found or already checked in.", "checkinusb.asp"
		Response.End
	End If

	Dim serialnumber, usbAlias, sso
	serialnumber = rsCheck("serialnumber") & ""
	usbAlias = rsCheck("alias") & ""
	sso = rsCheck("sso") & ""

	rsCheck.Close
	Set rsCheck = Nothing
	Set cmdCheck = Nothing

	' Update checkout record with check-in info
	Dim updateSQL, cmdUpdate
	updateSQL = "UPDATE usbcheckouts SET checkin_time = NOW(), was_wiped = ?, checkin_notes = ? WHERE checkoutid = ?"

	Set cmdUpdate = Server.CreateObject("ADODB.Command")
	cmdUpdate.ActiveConnection = objConn
	cmdUpdate.CommandText = updateSQL
	cmdUpdate.CommandType = 1
	cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@waswiped", 3, 1, , wipedValue)

	If notes = "" Then
		cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@notes", 200, 1, 1000, Null)
	Else
		cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@notes", 200, 1, 1000, notes)
	End If

	cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@checkoutid", 3, 1, , CLng(checkoutid))

	On Error Resume Next
	cmdUpdate.Execute

	If Err.Number = 0 Then
		Set cmdUpdate = Nothing
		objConn.Close

		' Build display name
		Dim displayName
		If usbAlias <> "" And usbAlias <> serialnumber Then
			displayName = serialnumber & " (" & usbAlias & ")"
		Else
			displayName = serialnumber
		End If

		ShowSuccess "USB '" & Server.HTMLEncode(displayName) & "' checked in successfully. Previously held by SSO " & Server.HTMLEncode(sso) & ".", "displayusb.asp", "USB Check-in"
	Else
		Dim updateErr
		updateErr = Err.Description
		Set cmdUpdate = Nothing
		objConn.Close
		ShowError "Error checking in USB: " & Server.HTMLEncode(updateErr), "checkinusb.asp"
	End If
%>