<% '============================================================================= ' FILE: savecheckout_usb.asp ' PURPOSE: Process USB checkout request ' SECURITY: Parameterized queries, input validation ' CREATED: 2025-12-07 '============================================================================= %> <% ' Get form values Dim machineid, sso, reason machineid = Trim(Request.Form("machineid")) sso = Trim(Request.Form("sso")) reason = Trim(Request.Form("reason")) ' Validate machineid If machineid = "" Or Not IsNumeric(machineid) Then objConn.Close ShowError "Invalid USB device ID.", "checkout_usb.asp" Response.End End If ' Validate SSO - must be 9 digits If sso = "" Or Len(sso) <> 9 Then objConn.Close ShowError "SSO must be exactly 9 digits.", "checkout_usb.asp" Response.End End If ' Verify SSO is numeric Dim i, c For i = 1 To Len(sso) c = Mid(sso, i, 1) If c < "0" Or c > "9" Then objConn.Close ShowError "SSO must contain only digits.", "checkout_usb.asp" Response.End End If Next ' Verify the USB device exists and is available Dim checkSQL, cmdCheck, rsCheck checkSQL = "SELECT m.machineid, m.serialnumber, m.alias, " & _ "(SELECT COUNT(*) FROM usb_checkouts uc WHERE uc.machineid = m.machineid AND uc.checkin_time IS NULL) AS is_checked_out " & _ "FROM machines m " & _ "WHERE m.machineid = ? AND m.machinetypeid = 44 AND m.isactive = 1" Set cmdCheck = Server.CreateObject("ADODB.Command") cmdCheck.ActiveConnection = objConn cmdCheck.CommandText = checkSQL cmdCheck.CommandType = 1 cmdCheck.Parameters.Append cmdCheck.CreateParameter("@machineid", 3, 1, , CLng(machineid)) Set rsCheck = cmdCheck.Execute If rsCheck.EOF Then rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing objConn.Close ShowError "USB device not found.", "checkout_usb.asp" Response.End End If Dim serialnumber, usbAlias, isCheckedOut serialnumber = rsCheck("serialnumber") & "" usbAlias = rsCheck("alias") & "" If IsNull(rsCheck("is_checked_out")) Or rsCheck("is_checked_out") = "" Then isCheckedOut = 0 Else isCheckedOut = CLng(rsCheck("is_checked_out")) End If rsCheck.Close Set rsCheck = Nothing Set cmdCheck = Nothing If isCheckedOut > 0 Then objConn.Close ShowError "USB device '" & Server.HTMLEncode(serialnumber) & "' is already checked out.", "checkout_usb.asp" Response.End End If ' Insert checkout record Dim insertSQL, cmdInsert insertSQL = "INSERT INTO usb_checkouts (machineid, sso, checkout_reason, checkout_time) VALUES (?, ?, ?, NOW())" Set cmdInsert = Server.CreateObject("ADODB.Command") cmdInsert.ActiveConnection = objConn cmdInsert.CommandText = insertSQL cmdInsert.CommandType = 1 cmdInsert.Parameters.Append cmdInsert.CreateParameter("@machineid", 3, 1, , CLng(machineid)) cmdInsert.Parameters.Append cmdInsert.CreateParameter("@sso", 200, 1, 20, sso) If reason = "" Then cmdInsert.Parameters.Append cmdInsert.CreateParameter("@reason", 200, 1, 1000, Null) Else cmdInsert.Parameters.Append cmdInsert.CreateParameter("@reason", 200, 1, 1000, reason) End If On Error Resume Next cmdInsert.Execute If Err.Number = 0 Then Set cmdInsert = Nothing objConn.Close ' Build display name Dim displayName If usbAlias <> "" And usbAlias <> serialnumber Then displayName = serialnumber & " (" & usbAlias & ")" Else displayName = serialnumber End If ShowSuccess "USB '" & Server.HTMLEncode(displayName) & "' checked out to SSO " & Server.HTMLEncode(sso) & ".", "displayusb.asp", "USB Checkout" Else Dim insertErr insertErr = Err.Description Set cmdInsert = Nothing objConn.Close ShowError "Error checking out USB: " & Server.HTMLEncode(insertErr), "checkout_usb.asp" End If %>