shopdb/savedevicedirect.asp

<%
'=============================================================================
' FILE: savedevicedirect.asp
' PURPOSE: Create new PC with minimal required fields (PC-only scanner)
' SECURITY: Parameterized queries, HTML encoding, input validation
' UPDATED: 2025-12-09 - All PCs use machinetypeid 33, pctypeid determines type
'=============================================================================
%>
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/response.asp"-->
<%
	' Get the serial number from the form
	Dim serialnumber
	serialnumber = Trim(Request.Form("serialnumber"))

	' Basic validation - serial number should not be empty and should be alphanumeric-ish
	If serialnumber = "" Or Len(serialnumber) < 3 Or Len(serialnumber) > 100 Then
		objConn.Close
		ShowError "Invalid serial number. Must be 3-100 characters.", "adddevice.asp"
		Response.End
	End If

	' Check if serial number already exists - PHASE 2: Use machines table
	' Check ALL machines regardless of type to prevent duplicates
	Dim checkSQL, rsCheck, cmdCheck, existingMachineID, existingPCTypeID
	checkSQL = "SELECT machineid, pctypeid FROM machines WHERE serialnumber = ? AND isactive = 1"
	Set cmdCheck = Server.CreateObject("ADODB.Command")
	cmdCheck.ActiveConnection = objConn
	cmdCheck.CommandText = checkSQL
	cmdCheck.CommandType = 1
	cmdCheck.Parameters.Append cmdCheck.CreateParameter("@serialnumber", 200, 1, 100, serialnumber)

	Set rsCheck = cmdCheck.Execute

	If Not rsCheck.EOF Then
		' Serial number already exists - redirect to appropriate edit page
		existingMachineID = rsCheck("machineid")
		existingPCTypeID = rsCheck("pctypeid")
		rsCheck.Close
		Set rsCheck = Nothing
		Set cmdCheck = Nothing
		objConn.Close

		' Redirect to PC edit page if it's a PC (pctypeid IS NOT NULL), otherwise to machine edit page
		If Not IsNull(existingPCTypeID) Then
			Response.Redirect("./editpc.asp?machineid=" & existingMachineID & "&scanned=1")
		Else
			Response.Redirect("./editmachine.asp?machineid=" & existingMachineID & "&scanned=1")
		End If
		Response.End
	End If

	rsCheck.Close
	Set rsCheck = Nothing
	Set cmdCheck = Nothing

	' Insert new PC with minimal required fields - PHASE 2: Use machines table
	' machinetypeid = 33 (PC), pctypeid = 1 (Standard)
	' machinestatusid = 2 (Inventory)
	' modelnumberid = 1 (default model)
	' maptop = 1519, mapleft = 1896 (default map location)
	' hostname = serialnumber (default)
	' isactive = 1
	Dim insertSQL, cmdInsert
	insertSQL = "INSERT INTO machines (serialnumber, hostname, machinetypeid, pctypeid, machinestatusid, modelnumberid, maptop, mapleft, isactive, lastupdated) " & _
				"VALUES (?, ?, 33, 1, 2, 1, 1519, 1896, 1, NOW())"
	Set cmdInsert = Server.CreateObject("ADODB.Command")
	cmdInsert.ActiveConnection = objConn
	cmdInsert.CommandText = insertSQL
	cmdInsert.CommandType = 1
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@serialnumber", 200, 1, 100, serialnumber)
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@hostname", 200, 1, 255, serialnumber)

	On Error Resume Next
	cmdInsert.Execute

	If Err.Number = 0 Then
		Set cmdInsert = Nothing
		objConn.Close
		' Success - show success message
		ShowSuccess "PC with serial '" & Server.HTMLEncode(serialnumber) & "' added successfully.", "adddevice.asp", "scanner"
	Else
		Dim insertErr
		insertErr = Err.Description
		Set cmdInsert = Nothing
		objConn.Close
		ShowError "Error adding PC: " & Server.HTMLEncode(insertErr), "adddevice.asp"
	End If
%>