<%@ Language=VBScript %>
<%
Option Explicit
%>
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/validation.asp"-->
<!--#include file="./includes/encoding.asp"-->
<!--#include file="./includes/error_handler.asp"-->
<!--#include file="./includes/db_helpers.asp"-->
<%
'=============================================================================
' FILE: saveapplication.asp
' PURPOSE: Insert a new application record
'
' PARAMETERS:
'   appname (Form, Required) - Application name (1-50 chars)
'   appdescription (Form, Optional) - Description (max 255 chars)
'   supportteamid (Form, Required) - Support team ID
'   applicationnotes (Form, Optional) - Notes (max 512 chars)
'   installpath (Form, Optional) - Installation path/URL (max 255 chars)
'   documentationpath (Form, Optional) - Documentation path/URL (max 512 chars)
'   image (Form, Optional) - Image filename (max 255 chars)
'   isinstallable, isactive, ishidden, isprinter, islicenced (Form, Optional) - Checkboxes (0/1)
'
' SECURITY:
'   - Uses parameterized queries
'   - Validates all inputs
'   - HTML encodes outputs
'
' AUTHOR: Claude Code
' CREATED: 2025-10-12
'=============================================================================

'-----------------------------------------------------------------------------
' INITIALIZATION
'-----------------------------------------------------------------------------
Call InitializeErrorHandling("saveapplication.asp")

' Get and validate inputs
Dim appname, appdescription, supportteamid
Dim applicationnotes, installpath, documentationpath, image
Dim isinstallable, isactive, ishidden, isprinter, islicenced

appname = Trim(Request.Form("appname"))
appdescription = Trim(Request.Form("appdescription"))
supportteamid = Trim(Request.Form("supportteamid"))
applicationnotes = Trim(Request.Form("applicationnotes"))
installpath = Trim(Request.Form("installpath"))
documentationpath = Trim(Request.Form("documentationpath"))
image = Trim(Request.Form("image"))

' Checkboxes - convert to bit values
If Request.Form("isinstallable") = "1" Then
	isinstallable = 1
Else
	isinstallable = 0
End If

If Request.Form("isactive") = "1" Then
	isactive = 1
Else
	isactive = 0
End If

If Request.Form("ishidden") = "1" Then
	ishidden = 1
Else
	ishidden = 0
End If

If Request.Form("isprinter") = "1" Then
	isprinter = 1
Else
	isprinter = 0
End If

If Request.Form("islicenced") = "1" Then
	islicenced = 1
Else
	islicenced = 0
End If

'-----------------------------------------------------------------------------
' VALIDATE INPUTS
'-----------------------------------------------------------------------------

' Validate appname (required, 1-50 chars)
If Len(appname) < 1 Or Len(appname) > 50 Then
	Call HandleValidationError("addapplication.asp", "INVALID_INPUT")
End If

' Validate supportteamid
If Not ValidateID(supportteamid) Then
	Call HandleValidationError("addapplication.asp", "INVALID_ID")
End If

' Verify support team exists
If Not RecordExists(objConn, "supportteams", "supporteamid", supportteamid) Then
	Call HandleValidationError("addapplication.asp", "INVALID_INPUT")
End If

' Validate field lengths
If Len(appdescription) > 255 Then
	Call HandleValidationError("addapplication.asp", "INVALID_INPUT")
End If

If Len(applicationnotes) > 512 Then
	Call HandleValidationError("addapplication.asp", "INVALID_INPUT")
End If

If Len(installpath) > 255 Then
	Call HandleValidationError("addapplication.asp", "INVALID_INPUT")
End If

If Len(documentationpath) > 512 Then
	Call HandleValidationError("addapplication.asp", "INVALID_INPUT")
End If

If Len(image) > 255 Then
	Call HandleValidationError("addapplication.asp", "INVALID_INPUT")
End If

'-----------------------------------------------------------------------------
' DATABASE INSERT
'-----------------------------------------------------------------------------

Dim strSQL
strSQL = "INSERT INTO applications (" & _
         "appname, appdescription, supportteamid, applicationnotes, " & _
         "installpath, documentationpath, image, " & _
         "isinstallable, isactive, ishidden, isprinter, islicenced" & _
         ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"

Dim recordsAffected
recordsAffected = ExecuteParameterizedInsert(objConn, strSQL, Array( _
	appname, _
	appdescription, _
	supportteamid, _
	applicationnotes, _
	installpath, _
	documentationpath, _
	image, _
	CInt(isinstallable), _
	CInt(isactive), _
	CInt(ishidden), _
	CInt(isprinter), _
	CInt(islicenced) _
))

Call CheckForErrors()

' Get the newly created application ID
Dim newAppId
newAppId = GetLastInsertId(objConn)

'-----------------------------------------------------------------------------
' CLEANUP AND REDIRECT
'-----------------------------------------------------------------------------
Call CleanupResources()

If recordsAffected > 0 And newAppId > 0 Then
	' Redirect to the newly created application
	Response.Redirect("displayapplication.asp?appid=" & Server.URLEncode(CStr(newAppId)))
Else
	Response.Write("<html><body>")
	Response.Write("<h3>Error: Application could not be created.</h3>")
	Response.Write("<p><a href='addapplication.asp'>Go Back</a></p>")
	Response.Write("</body></html>")
End If
%>