ge-aerospace/shopdb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bfaa68d5d02e6910694f1b9ce5692ff679c22f11
shopdb/includes/validation.asp
cproudlock 4bcaf0913f Complete Phase 2 PC migration and network device infrastructure updates 
This commit captures 20 days of development work (Oct 28 - Nov 17, 2025)
including Phase 2 PC migration, network device unification, and numerous
bug fixes and enhancements.

## Major Changes

### Phase 2: PC Migration to Unified Machines Table
- Migrated all PCs from separate `pc` table to unified `machines` table
- PCs identified by `pctypeid IS NOT NULL` in machines table
- Updated all display, add, edit, and update pages for PC functionality
- Comprehensive testing: 15 critical pages verified working

### Network Device Infrastructure Unification
- Unified network devices (Switches, Servers, Cameras, IDFs, Access Points)
  into machines table using machinetypeid 16-20
- Updated vw_network_devices view to query both legacy tables and machines table
- Enhanced network_map.asp to display all device types from machines table
- Fixed location display for all network device types

### Machine Management System
- Complete machine CRUD operations (Create, Read, Update, Delete)
- 5-tab interface: Basic Info, Network, Relationships, Compliance, Location
- Support for multiple network interfaces (up to 3 per machine)
- Machine relationships: Controls (PC→Equipment) and Dualpath (redundancy)
- Compliance tracking with third-party vendor management

### Bug Fixes (Nov 7-14, 2025)
- Fixed editdevice.asp undefined variable (pcid → machineid)
- Migrated updatedevice.asp and updatedevice_direct.asp to Phase 2 schema
- Fixed network_map.asp to show all network device types
- Fixed displaylocation.asp to query machines table for network devices
- Fixed IP columns migration and compliance column handling
- Fixed dateadded column errors in network device pages
- Fixed PowerShell API integration issues
- Simplified displaypcs.asp (removed IP and Machine columns)

### Documentation
- Created comprehensive session summaries (Nov 10, 13, 14)
- Added Machine Quick Reference Guide
- Documented all bug fixes and migrations
- API documentation for ASP endpoints

### Database Schema Updates
- Phase 2 migration scripts for PC consolidation
- Phase 3 migration scripts for network devices
- Updated views to support hybrid table approach
- Sample data creation/removal scripts for testing

## Files Modified (Key Changes)
- editdevice.asp, updatedevice.asp, updatedevice_direct.asp
- network_map.asp, network_devices.asp, displaylocation.asp
- displaypcs.asp, displaypc.asp, displaymachine.asp
- All machine management pages (add/edit/save/update)
- save_network_device.asp (fixed machine type IDs)

## Testing Status
- 15 critical pages tested and verified
- Phase 2 PC functionality: 100% working
- Network device display: 100% working
- Security: All queries use parameterized commands

## Production Readiness
- Core functionality complete and tested
- 85% production ready
- Remaining: Full test coverage of all 123 ASP pages

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-17 20:04:06 -05:00

323 lines
10 KiB
Plaintext
Raw Blame History

<%
'=============================================================================
' FILE: validation.asp
' PURPOSE: Input validation library for secure user input handling
' AUTHOR: System
' CREATED: 2025-10-10
'
' USAGE: Include this file in any page that processes user input
' <!--#include file="./includes/validation.asp"-->
'=============================================================================
'-----------------------------------------------------------------------------
' FUNCTION: ValidateInteger
' PURPOSE: Validates that input is an integer within optional range
' PARAMETERS:
' value - The value to validate
' minVal - Minimum allowed value (optional, pass Empty to skip)
' maxVal - Maximum allowed value (optional, pass Empty to skip)
' RETURNS: True if valid integer within range, False otherwise
'-----------------------------------------------------------------------------
Function ValidateInteger(value, minVal, maxVal)
ValidateInteger = False
' Check if numeric
If Not IsNumeric(value) Then
Exit Function
End If
Dim intValue
intValue = CLng(value)
' Check if it's actually an integer (not a decimal)
If intValue <> CDbl(value) Then
Exit Function
End If
' Check minimum value
If Not IsEmpty(minVal) Then
If intValue < minVal Then
Exit Function
End If
End If
' Check maximum value
If Not IsEmpty(maxVal) Then
If intValue > maxVal Then
Exit Function
End If
End If
ValidateInteger = True
End Function
'-----------------------------------------------------------------------------
' FUNCTION: ValidateString
' PURPOSE: Validates string length and optional pattern
' PARAMETERS:
' value - The string to validate
' minLen - Minimum length
' maxLen - Maximum length
' pattern - Regular expression pattern (optional, pass "" to skip)
' RETURNS: True if valid, False otherwise
'-----------------------------------------------------------------------------
Function ValidateString(value, minLen, maxLen, pattern)
ValidateString = False
Dim strValue
strValue = CStr(value)
' Check length
If Len(strValue) < minLen Or Len(strValue) > maxLen Then
Exit Function
End If
' Check pattern if provided
If pattern <> "" Then
Dim objRegEx
Set objRegEx = New RegExp
objRegEx.Pattern = pattern
objRegEx.IgnoreCase = True
If Not objRegEx.Test(strValue) Then
Set objRegEx = Nothing
Exit Function
End If
Set objRegEx = Nothing
End If
ValidateString = True
End Function
'-----------------------------------------------------------------------------
' FUNCTION: ValidateIPAddress
' PURPOSE: Validates IPv4 address format
' PARAMETERS: ipAddress - The IP address string to validate
' RETURNS: True if valid IPv4 format, False otherwise
'-----------------------------------------------------------------------------
Function ValidateIPAddress(ipAddress)
Dim objRegEx, pattern
Set objRegEx = New RegExp
' Pattern matches XXX.XXX.XXX.XXX where each octet is 0-255
pattern = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
objRegEx.Pattern = pattern
ValidateIPAddress = objRegEx.Test(ipAddress)
Set objRegEx = Nothing
End Function
'-----------------------------------------------------------------------------
' FUNCTION: ValidateEmail
' PURPOSE: Validates email address format
' PARAMETERS: email - The email address to validate
' RETURNS: True if valid email format, False otherwise
'-----------------------------------------------------------------------------
Function ValidateEmail(email)
Dim objRegEx, pattern
Set objRegEx = New RegExp
pattern = "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$"
objRegEx.Pattern = pattern
objRegEx.IgnoreCase = True
ValidateEmail = objRegEx.Test(email)
Set objRegEx = Nothing
End Function
'-----------------------------------------------------------------------------
' FUNCTION: SanitizeInput
' PURPOSE: Removes potentially dangerous characters from user input
' PARAMETERS:
' value - The value to sanitize
' allowHTML - True to allow HTML tags, False to strip them
' RETURNS: Sanitized string
'-----------------------------------------------------------------------------
Function SanitizeInput(value, allowHTML)
Dim sanitized
sanitized = Trim(value)
If Not allowHTML Then
' Remove HTML tags
Dim objRegEx
Set objRegEx = New RegExp
objRegEx.Pattern = "<[^>]+>"
objRegEx.Global = True
sanitized = objRegEx.Replace(sanitized, "")
Set objRegEx = Nothing
End If
' Escape single quotes for SQL (though parameterized queries are preferred)
sanitized = Replace(sanitized, "'", "''")
SanitizeInput = sanitized
End Function
'-----------------------------------------------------------------------------
' FUNCTION: GetSafeInteger
' PURPOSE: Gets integer from request and validates it (combines retrieval + validation)
' PARAMETERS:
' source - "QS" for QueryString, "FORM" for Form, "COOKIE" for Cookie
' paramName - Name of the parameter
' defaultValue - Value to return if parameter is missing or invalid
' minVal - Minimum allowed value (optional)
' maxVal - Maximum allowed value (optional)
' RETURNS: Validated integer or default value
'-----------------------------------------------------------------------------
Function GetSafeInteger(source, paramName, defaultValue, minVal, maxVal)
Dim value
' Get value from appropriate source
If UCase(source) = "QS" Then
value = Request.QueryString(paramName)
ElseIf UCase(source) = "FORM" Then
value = Request.Form(paramName)
ElseIf UCase(source) = "COOKIE" Then
value = Request.Cookies(paramName)
Else
GetSafeInteger = defaultValue
Exit Function
End If
' Return default if empty
If value = "" Then
GetSafeInteger = defaultValue
Exit Function
End If
' Validate
If Not ValidateInteger(value, minVal, maxVal) Then
GetSafeInteger = defaultValue
Exit Function
End If
GetSafeInteger = CLng(value)
End Function
'-----------------------------------------------------------------------------
' FUNCTION: GetSafeString
' PURPOSE: Gets string from request and validates it
' PARAMETERS:
' source - "QS" for QueryString, "FORM" for Form, "COOKIE" for Cookie
' paramName - Name of the parameter
' defaultValue - Value to return if parameter is missing or invalid
' minLen - Minimum length
' maxLen - Maximum length
' pattern - Regular expression pattern (optional, pass "" to skip)
' RETURNS: Validated string or default value
'-----------------------------------------------------------------------------
Function GetSafeString(source, paramName, defaultValue, minLen, maxLen, pattern)
Dim value
' Get value from appropriate source
If UCase(source) = "QS" Then
value = Request.QueryString(paramName)
ElseIf UCase(source) = "FORM" Then
value = Request.Form(paramName)
ElseIf UCase(source) = "COOKIE" Then
value = Request.Cookies(paramName)
Else
GetSafeString = defaultValue
Exit Function
End If
value = Trim(value)
' Return default if empty
If value = "" Then
GetSafeString = defaultValue
Exit Function
End If
' Validate
If Not ValidateString(value, minLen, maxLen, pattern) Then
GetSafeString = defaultValue
Exit Function
End If
GetSafeString = value
End Function
'-----------------------------------------------------------------------------
' FUNCTION: ValidateAlphanumeric
' PURPOSE: Validates that a string contains only alphanumeric characters
' PARAMETERS: value - The string to validate
' RETURNS: True if only alphanumeric, False otherwise
'-----------------------------------------------------------------------------
Function ValidateAlphanumeric(value)
ValidateAlphanumeric = False
Dim objRegEx
Set objRegEx = Server.CreateObject("VBScript.RegExp")
objRegEx.Pattern = "^[a-zA-Z0-9]+$"
ValidateAlphanumeric = objRegEx.Test(value)
Set objRegEx = Nothing
End Function
'-----------------------------------------------------------------------------
' FUNCTION: ValidateURL
' PURPOSE: Validates URL format
' PARAMETERS: url - The URL to validate
' RETURNS: True if valid URL format, False otherwise
'-----------------------------------------------------------------------------
Function ValidateURL(url)
ValidateURL = False
If Len(url) = 0 Then Exit Function
Dim objRegEx
Set objRegEx = New RegExp
objRegEx.Pattern = "^https?://[^\s]+$"
objRegEx.IgnoreCase = True
ValidateURL = objRegEx.Test(url)
Set objRegEx = Nothing
End Function
'-----------------------------------------------------------------------------
' FUNCTION: ValidateID
' PURPOSE: Validates that a value is a positive integer (for database IDs)
' PARAMETERS: id - The ID value to validate
' RETURNS: True if valid positive integer, False otherwise
'-----------------------------------------------------------------------------
Function ValidateID(id)
ValidateID = False
If Not IsNumeric(id) Then Exit Function
Dim numId
numId = CLng(id)
' Must be positive integer
If numId < 1 Then Exit Function
' Check if it's actually an integer (not a decimal)
If numId <> CDbl(id) Then Exit Function
ValidateID = True
End Function
'-----------------------------------------------------------------------------
' FUNCTION: ValidateSerialNumber
' PURPOSE: Validates serial number format (alphanumeric with some special chars)
' PARAMETERS: serial - The serial number to validate
' RETURNS: True if valid format, False otherwise
'-----------------------------------------------------------------------------
Function ValidateSerialNumber(serial)
ValidateSerialNumber = False
If Len(serial) = 0 Then Exit Function
If Len(serial) > 100 Then Exit Function
' Allow alphanumeric, hyphens, underscores, and spaces
Dim objRegEx
Set objRegEx = New RegExp
objRegEx.Pattern = "^[a-zA-Z0-9\-_ ]+$"
objRegEx.IgnoreCase = True
ValidateSerialNumber = objRegEx.Test(serial)
Set objRegEx = Nothing
End Function
%>
Reference in New Issue View Git Blame Copy Permalink