ge-aerospace/shopdb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac13437bbe9fd4a243b1aeec7b7fde4bbcc3cd16
shopdb/savevendor_direct.asp
cproudlock 65b622c361 Add USB checkout system and SSO profile page 
New Features:
- USB Device checkout/check-in system with barcode scanning
  - displayusb.asp: List all USB devices with status
  - addusb.asp: Add new USB devices via barcode scan
  - checkout_usb.asp/savecheckout_usb.asp: Check out USB to SSO
  - checkin_usb.asp/savecheckin_usb.asp: Check in with wipe confirmation
  - usb_history.asp: Full checkout history with filters
  - api_usb.asp: JSON API for AJAX lookups
- displayprofile.asp: SSO profile page showing user info and USB history
- Date/time format changed to 12-hour (MM/DD/YYYY h:mm AM/PM)
- SSO links in USB history now link to profile page via search

Database:
- New machinetypeid 44 for USB devices
- New usb_checkouts table for tracking checkouts

Cleanup:
- Removed v2 folder (duplicate/old files)
- Removed old debug/test files
- Removed completed migration documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-07 11:16:14 -05:00

124 lines
3.7 KiB
Plaintext
Raw Blame History

<%
'=============================================================================
' FILE: savevendor_direct.asp
' PURPOSE: Create new vendor with type flags
' SECURITY: Parameterized queries, HTML encoding, input validation
' UPDATED: 2025-10-27 - Migrated to secure patterns
'=============================================================================
%>
<html>
<head>
<link rel="stylesheet" href="./style.css" type="text/css">
<!--#include file="./includes/sql.asp"-->
<!--#include file="./includes/response.asp"-->
</head>
<body>
<div class="page">
<%
Dim vendor, isprinter, ispc, ismachine
vendor = Trim(Request.Form("vendor"))
isprinter = Request.Form("isprinter")
ispc = Request.Form("ispc")
ismachine = Request.Form("ismachine")
' Validate
If vendor = "" Then
objConn.Close
ShowError "Error: Manufacturer name is required.", "addvendor.asp"
Response.End
End If
If Len(vendor) > 50 Then
objConn.Close
ShowError "Error: Manufacturer name too long.", "addvendor.asp"
Response.End
End If
If isprinter <> "1" AND ispc <> "1" AND ismachine <> "1" Then
objConn.Close
ShowError "Error: Please select at least one category.", "addvendor.asp"
Response.End
End If
' Check if vendor exists using parameterized query
Dim checkSQL, rsCheck, cmdCheck
checkSQL = "SELECT COUNT(*) as cnt FROM vendors WHERE LOWER(vendor) = LOWER(?)"
Set cmdCheck = Server.CreateObject("ADODB.Command")
cmdCheck.ActiveConnection = objConn
cmdCheck.CommandText = checkSQL
cmdCheck.CommandType = 1
cmdCheck.Parameters.Append cmdCheck.CreateParameter("@vendor", 200, 1, 50, vendor)
Set rsCheck = cmdCheck.Execute
If Not rsCheck.EOF Then
If Not IsNull(rsCheck("cnt")) Then
If CLng(rsCheck("cnt")) > 0 Then
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
objConn.Close
ShowError "Error: Manufacturer '" & Server.HTMLEncode(vendor) & "' already exists.", "addvendor.asp"
Response.End
End If
End If
End If
rsCheck.Close
Set rsCheck = Nothing
Set cmdCheck = Nothing
' Convert checkboxes
Dim iPrint, iPC, iMach
If isprinter = "1" Then iPrint = 1 Else iPrint = 0
If ispc = "1" Then iPC = 1 Else iPC = 0
If ismachine = "1" Then iMach = 1 Else iMach = 0
' INSERT using parameterized query
Dim vendorSQL, cmdVendor
vendorSQL = "INSERT INTO vendors (vendor, isactive, isprinter, ispc, ismachine) VALUES (?, 1, ?, ?, ?)"
Set cmdVendor = Server.CreateObject("ADODB.Command")
cmdVendor.ActiveConnection = objConn
cmdVendor.CommandText = vendorSQL
cmdVendor.CommandType = 1
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@vendor", 200, 1, 50, vendor)
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@isprinter", 3, 1, , iPrint)
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@ispc", 3, 1, , iPC)
cmdVendor.Parameters.Append cmdVendor.CreateParameter("@ismachine", 3, 1, , iMach)
On Error Resume Next
cmdVendor.Execute
If Err.Number <> 0 Then
Set cmdVendor = Nothing
objConn.Close
ShowError "Error: " & Server.HTMLEncode(Err.Description), "addvendor.asp"
Response.End
End If
Set cmdVendor = Nothing
On Error Goto 0
' Get the newly created vendor ID
Set rsCheck = objConn.Execute("SELECT LAST_INSERT_ID() as newid")
Dim newVendorId
newVendorId = 0
If Not rsCheck.EOF Then
If Not IsNull(rsCheck("newid")) Then
newVendorId = CLng(rsCheck("newid"))
End If
End If
rsCheck.Close
Set rsCheck = Nothing
objConn.Close
If newVendorId > 0 Then
ShowSuccess "Manufacturer '" & Server.HTMLEncode(Request.Form("vendor")) & "' added successfully.", "addvendor.asp", "add another"
Else
ShowError "Manufacturer was not added.", "addvendor.asp"
End If
%>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink