shopdb/savecheckout_usb.asp

<%
'=============================================================================
' FILE: savecheckout_usb.asp
' PURPOSE: Process USB checkout request
' SECURITY: Parameterized queries, input validation
' CREATED: 2025-12-07
'=============================================================================
%>
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/response.asp"-->
<%
	' Get form values
	Dim machineid, sso, reason
	machineid = Trim(Request.Form("machineid"))
	sso = Trim(Request.Form("sso"))
	reason = Trim(Request.Form("reason"))

	' Validate machineid
	If machineid = "" Or Not IsNumeric(machineid) Then
		objConn.Close
		ShowError "Invalid USB device ID.", "checkout_usb.asp"
		Response.End
	End If

	' Validate SSO - must be 9 digits
	If sso = "" Or Len(sso) <> 9 Then
		objConn.Close
		ShowError "SSO must be exactly 9 digits.", "checkout_usb.asp"
		Response.End
	End If

	' Verify SSO is numeric
	Dim i, c
	For i = 1 To Len(sso)
		c = Mid(sso, i, 1)
		If c < "0" Or c > "9" Then
			objConn.Close
			ShowError "SSO must contain only digits.", "checkout_usb.asp"
			Response.End
		End If
	Next

	' Verify the USB device exists and is available
	Dim checkSQL, cmdCheck, rsCheck
	checkSQL = "SELECT m.machineid, m.serialnumber, m.alias, " & _
	           "(SELECT COUNT(*) FROM usb_checkouts uc WHERE uc.machineid = m.machineid AND uc.checkin_time IS NULL) AS is_checked_out " & _
	           "FROM machines m " & _
	           "WHERE m.machineid = ? AND m.machinetypeid = 44 AND m.isactive = 1"

	Set cmdCheck = Server.CreateObject("ADODB.Command")
	cmdCheck.ActiveConnection = objConn
	cmdCheck.CommandText = checkSQL
	cmdCheck.CommandType = 1
	cmdCheck.Parameters.Append cmdCheck.CreateParameter("@machineid", 3, 1, , CLng(machineid))

	Set rsCheck = cmdCheck.Execute

	If rsCheck.EOF Then
		rsCheck.Close
		Set rsCheck = Nothing
		Set cmdCheck = Nothing
		objConn.Close
		ShowError "USB device not found.", "checkout_usb.asp"
		Response.End
	End If

	Dim serialnumber, usbAlias, isCheckedOut
	serialnumber = rsCheck("serialnumber") & ""
	usbAlias = rsCheck("alias") & ""
	If IsNull(rsCheck("is_checked_out")) Or rsCheck("is_checked_out") = "" Then
		isCheckedOut = 0
	Else
		isCheckedOut = CLng(rsCheck("is_checked_out"))
	End If

	rsCheck.Close
	Set rsCheck = Nothing
	Set cmdCheck = Nothing

	If isCheckedOut > 0 Then
		objConn.Close
		ShowError "USB device '" & Server.HTMLEncode(serialnumber) & "' is already checked out.", "checkout_usb.asp"
		Response.End
	End If

	' Insert checkout record
	Dim insertSQL, cmdInsert
	insertSQL = "INSERT INTO usb_checkouts (machineid, sso, checkout_reason, checkout_time) VALUES (?, ?, ?, NOW())"

	Set cmdInsert = Server.CreateObject("ADODB.Command")
	cmdInsert.ActiveConnection = objConn
	cmdInsert.CommandText = insertSQL
	cmdInsert.CommandType = 1
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@machineid", 3, 1, , CLng(machineid))
	cmdInsert.Parameters.Append cmdInsert.CreateParameter("@sso", 200, 1, 20, sso)

	If reason = "" Then
		cmdInsert.Parameters.Append cmdInsert.CreateParameter("@reason", 200, 1, 1000, Null)
	Else
		cmdInsert.Parameters.Append cmdInsert.CreateParameter("@reason", 200, 1, 1000, reason)
	End If

	On Error Resume Next
	cmdInsert.Execute

	If Err.Number = 0 Then
		Set cmdInsert = Nothing
		objConn.Close

		' Build display name
		Dim displayName
		If usbAlias <> "" And usbAlias <> serialnumber Then
			displayName = serialnumber & " (" & usbAlias & ")"
		Else
			displayName = serialnumber
		End If

		ShowSuccess "USB '" & Server.HTMLEncode(displayName) & "' checked out to SSO " & Server.HTMLEncode(sso) & ".", "displayusb.asp", "USB Checkout"
	Else
		Dim insertErr
		insertErr = Err.Description
		Set cmdInsert = Nothing
		objConn.Close
		ShowError "Error checking out USB: " & Server.HTMLEncode(insertErr), "checkout_usb.asp"
	End If
%>