249bfbba8c
Renamed 45 ASP files to follow lowercase concatenated naming convention: - Direct handlers: save_machine_direct.asp -> savemachinedirect.asp - USB files: checkin_usb.asp -> checkinusb.asp - API files: api_usb.asp -> apiusb.asp - Map files: network_map.asp -> networkmap.asp - Printer files: printer_lookup.asp -> printerlookup.asp Also: - Updated 84+ internal references across all ASP and JS files - Deleted 6 test/duplicate files (editmacine.asp, test_*.asp) - Updated production migration guide with filename changes - Added rename scripts for Linux (bash) and Windows (PowerShell)
160 lines
4.9 KiB
Plaintext
160 lines
4.9 KiB
Plaintext
<%
|
|
'=============================================================================
|
|
' FILE: addsubnetbackenddirect.asp
|
|
' PURPOSE: Create new subnet with IP address calculations
|
|
' SECURITY: Parameterized queries, HTML encoding, input validation
|
|
' UPDATED: 2025-10-27 - Migrated to secure patterns
|
|
'=============================================================================
|
|
%>
|
|
<html>
|
|
<head>
|
|
<link rel="stylesheet" href="./style.css" type="text/css">
|
|
<!--#include file="./includes/sql.asp"-->
|
|
<!--#include file="./includes/response.asp"-->
|
|
</head>
|
|
|
|
<body>
|
|
<div class="page">
|
|
<%
|
|
' Get form inputs
|
|
Dim vlan, ipstart, cidr, description, subnettypeid, cidrarray, ipend
|
|
|
|
vlan = Trim(Request.Form("vlan"))
|
|
ipstart = Trim(Request.Form("ipstart"))
|
|
cidr = Trim(Request.Form("cidr"))
|
|
description = Trim(Request.Form("description"))
|
|
subnettypeid = Trim(Request.Form("subnettypeid"))
|
|
|
|
' Validate required fields
|
|
If vlan = "" Or ipstart = "" Or cidr = "" Or subnettypeid = "" Then
|
|
objConn.Close
|
|
ShowError "Required field missing.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Validate VLAN is numeric
|
|
If Not IsNumeric(vlan) Then
|
|
objConn.Close
|
|
ShowError "VLAN must be numeric.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Basic IP address validation
|
|
If Len(ipstart) < 7 Or Len(ipstart) > 15 Then
|
|
objConn.Close
|
|
ShowError "Invalid IP address.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Validate subnet type ID
|
|
If Not IsNumeric(subnettypeid) Or CLng(subnettypeid) < 1 Then
|
|
objConn.Close
|
|
ShowError "Invalid subnet type.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Parse CIDR value (expected format: "cidr,ipend")
|
|
If InStr(cidr, ",") = 0 Then
|
|
objConn.Close
|
|
ShowError "Invalid CIDR format.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
cidrarray = Split(cidr, ",")
|
|
If UBound(cidrarray) < 1 Then
|
|
objConn.Close
|
|
ShowError "Invalid CIDR format.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
ipend = Trim(cidrarray(1))
|
|
cidr = Trim(cidrarray(0))
|
|
|
|
' Strip leading "/" if present (dropdown values include it)
|
|
If Left(cidr, 1) = "/" Then
|
|
cidr = Mid(cidr, 2)
|
|
End If
|
|
|
|
' Validate CIDR is numeric
|
|
If Not IsNumeric(cidr) Or CInt(cidr) < 0 Or CInt(cidr) > 32 Then
|
|
objConn.Close
|
|
ShowError "CIDR must be between 0 and 32.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Validate ipend is numeric
|
|
If Not IsNumeric(ipend) Then
|
|
objConn.Close
|
|
ShowError "Invalid IP end value.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Validate description length
|
|
If Len(description) > 500 Then
|
|
objConn.Close
|
|
ShowError "Description too long.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Verify subnet type exists using parameterized query
|
|
Dim checkSQL, rsCheck, cmdCheck
|
|
checkSQL = "SELECT COUNT(*) as cnt FROM subnettypes WHERE subnettypeid = ?"
|
|
Set cmdCheck = Server.CreateObject("ADODB.Command")
|
|
cmdCheck.ActiveConnection = objConn
|
|
cmdCheck.CommandText = checkSQL
|
|
cmdCheck.CommandType = 1
|
|
cmdCheck.Parameters.Append cmdCheck.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid))
|
|
Set rsCheck = cmdCheck.Execute
|
|
|
|
If Not rsCheck.EOF Then
|
|
If Not IsNull(rsCheck("cnt")) Then
|
|
If CLng(rsCheck("cnt")) = 0 Then
|
|
rsCheck.Close
|
|
Set rsCheck = Nothing
|
|
Set cmdCheck = Nothing
|
|
objConn.Close
|
|
ShowError "Subnet type not found.", "addsubnet.asp"
|
|
Response.End
|
|
End If
|
|
End If
|
|
End If
|
|
rsCheck.Close
|
|
Set rsCheck = Nothing
|
|
Set cmdCheck = Nothing
|
|
|
|
' Insert using parameterized query
|
|
' Note: INET_ATON requires the IP address, ipend is added to the result
|
|
Dim strSQL, cmdInsert
|
|
strSQL = "INSERT INTO subnets (vlan, description, cidr, ipstart, ipend, subnettypeid, isactive) " & _
|
|
"VALUES (?, ?, ?, INET_ATON(?), (INET_ATON(?) + ?), ?, 1)"
|
|
Set cmdInsert = Server.CreateObject("ADODB.Command")
|
|
cmdInsert.ActiveConnection = objConn
|
|
cmdInsert.CommandText = strSQL
|
|
cmdInsert.CommandType = 1
|
|
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@vlan", 3, 1, , CLng(vlan))
|
|
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@description", 200, 1, 500, description)
|
|
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@cidr", 3, 1, , CInt(cidr))
|
|
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart1", 200, 1, 15, ipstart)
|
|
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipstart2", 200, 1, 15, ipstart)
|
|
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@ipend", 3, 1, , CLng(ipend))
|
|
cmdInsert.Parameters.Append cmdInsert.CreateParameter("@subnettypeid", 3, 1, , CLng(subnettypeid))
|
|
|
|
On Error Resume Next
|
|
cmdInsert.Execute
|
|
|
|
If Err.Number = 0 Then
|
|
Set cmdInsert = Nothing
|
|
objConn.Close
|
|
ShowSuccess "Subnet added successfully.", "displaysubnets.asp", "subnets"
|
|
Else
|
|
Dim insertErr
|
|
insertErr = Err.Description
|
|
Set cmdInsert = Nothing
|
|
objConn.Close
|
|
ShowError "Error: " & Server.HTMLEncode(insertErr), "addsubnet.asp"
|
|
End If
|
|
%>
|
|
</div>
|
|
</body>
|
|
</html>
|