ge-aerospace/shopdb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65b622c361f4b625efaf0bea1fff0a81308033a7
shopdb/addsubnetbackend_direct.asp
cproudlock 65b622c361 Add USB checkout system and SSO profile page 
New Features:
- USB Device checkout/check-in system with barcode scanning
  - displayusb.asp: List all USB devices with status
  - addusb.asp: Add new USB devices via barcode scan
  - checkout_usb.asp/savecheckout_usb.asp: Check out USB to SSO
  - checkin_usb.asp/savecheckin_usb.asp: Check in with wipe confirmation
  - usb_history.asp: Full checkout history with filters
  - api_usb.asp: JSON API for AJAX lookups
- displayprofile.asp: SSO profile page showing user info and USB history
- Date/time format changed to 12-hour (MM/DD/YYYY h:mm AM/PM)
- SSO links in USB history now link to profile page via search

Database:
- New machinetypeid 44 for USB devices
- New usb_checkouts table for tracking checkouts

Cleanup:
- Removed v2 folder (duplicate/old files)
- Removed old debug/test files
- Removed completed migration documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-07 11:16:14 -05:00

160 lines
4.9 KiB
Plaintext
Raw Blame History

<%
'=============================================================================
' FILE: addsubnetbackend_direct.asp
' PURPOSE: Create new subnet with IP address calculations
' SECURITY: Parameterized queries, HTML encoding, input validation
' UPDATED: 2025-10-27 - Migrated to secure patterns
'=============================================================================
%>
<html>
<head>
<link rel="stylesheet" href="./style.css" type="text/css">
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/response.asp"-->
</head>
<body>
<div class="page">
<%
' Get form inputs
Dim vlan, ipstart, cidr, description, subnettypeid, cidrarray, ipend
vlan = Trim(Request.Form("vlan"))
ipstart = Trim(Request.Form("ipstart"))
cidr = Trim(Request.Form("cidr"))
description = Trim(Request.Form("description"))
subnettypeid = Trim(Request.Form("subnettypeid"))
' Validate required fields
If vlan = "" Or ipstart = "" Or cidr = "" Or subnettypeid = "" Then
objConn.Close
ShowError "Required field missing.", "addsubnet.asp"
Response.End
End If
' Validate VLAN is numeric
If Not IsNumeric(vlan) Then
objConn.Close
ShowError "VLAN must be numeric.", "addsubnet.asp"
Response.End
End If
' Basic IP address validation
If Len(ipstart) < 7 Or Len(ipstart) > 15 Then
objConn.Close
ShowError "Invalid IP address.", "addsubnet.asp"
Response.End
End If
' Validate subnet type ID
If Not IsNumeric(subnettypeid) Or CLng(subnettypeid) < 1 Then
objConn.Close
ShowError "Invalid subnet type.", "addsubnet.asp"
Response.End
End If
' Parse CIDR value (expected format: "cidr,ipend")
If InStr(cidr, ",") = 0 Then
objConn.Close
ShowError "Invalid CIDR format.", "addsubnet.asp"
Response.End
End If
cidrarray = Split(cidr, ",")
If UBound(cidrarray) < 1 Then
objConn.Close
ShowError "Invalid CIDR format.", "addsubnet.asp"
Response.End
End If
ipend = Trim(cidrarray(1))
cidr = Trim(cidrarray(0))
' Strip leading "/" if present (dropdown values include it)
If Left(cidr, 1) = "/" Then
cidr = Mid(cidr, 2)
End If
' Validate CIDR is numeric
If Not IsNumeric(cidr) Or CInt(cidr) < 0 Or CInt(cidr) > 32 Then
objConn.Close
ShowError "CIDR must be between 0 and 32.", "addsubnet.asp"
Response.End
End If
' Validate ipend is numeric
If Not IsNumeric(ipend) Then
objConn.Close
ShowError "Invalid IP end value.", "addsubnet.asp"
Response.End
End If
' Validate description length
If Len(description) > 500 Then
objConn.Close
ShowError "Description too long.", "addsubnet.asp"
Response.End
End If
' Verify subnet type exists using parameterized query
Dim checkSQL, rsCheck, cmdCheck
checkSQL = "SELECT COUNT(*) as cnt FROM subnettypes WHERE subnettypeid = ?"
Set cmdCheck = Server.CreateObject("ADODB.Command")
cmdCheck.ActiveConnection = objConn
cmdCheck.CommandText = checkSQL
cmdCheck.CommandType = 1
cmdCheck.Parameters.Append cmdCheck.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid))
Set rsCheck = cmdCheck.Execute
If Not rsCheck.EOF Then
If Not IsNull(rsCheck("cnt")) Then
If CLng(rsCheck("cnt")) = 0 Then
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
objConn.Close
ShowError "Subnet type not found.", "addsubnet.asp"
Response.End
End If
End If
End If
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
' Insert using parameterized query
' Note: INET_ATON requires the IP address, ipend is added to the result
Dim strSQL, cmdInsert
strSQL = "INSERT INTO subnets (vlan, description, cidr, ipstart, ipend, subnettypeid, isactive) " & _
"VALUES (?, ?, ?, INET_ATON(?), (INET_ATON(?) + ?), ?, 1)"
Set cmdInsert = Server.CreateObject("ADODB.Command")
cmdInsert.ActiveConnection = objConn
cmdInsert.CommandText = strSQL
cmdInsert.CommandType = 1
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@vlan", 3, 1, , CLng(vlan))
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@description", 200, 1, 500, description)
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@cidr", 3, 1, , CInt(cidr))
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart1", 200, 1, 15, ipstart)
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart2", 200, 1, 15, ipstart)
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipend", 3, 1, , CLng(ipend))
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid))
On Error Resume Next
cmdInsert.Execute
If Err.Number = 0 Then
Set cmdInsert = Nothing
objConn.Close
ShowSuccess "Subnet added successfully.", "displaysubnets.asp", "subnets"
Else
Dim insertErr
insertErr = Err.Description
Set cmdInsert = Nothing
objConn.Close
ShowError "Error: " & Server.HTMLEncode(insertErr), "addsubnet.asp"
End If
%>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink