65b622c361
New Features: - USB Device checkout/check-in system with barcode scanning - displayusb.asp: List all USB devices with status - addusb.asp: Add new USB devices via barcode scan - checkout_usb.asp/savecheckout_usb.asp: Check out USB to SSO - checkin_usb.asp/savecheckin_usb.asp: Check in with wipe confirmation - usb_history.asp: Full checkout history with filters - api_usb.asp: JSON API for AJAX lookups - displayprofile.asp: SSO profile page showing user info and USB history - Date/time format changed to 12-hour (MM/DD/YYYY h:mm AM/PM) - SSO links in USB history now link to profile page via search Database: - New machinetypeid 44 for USB devices - New usb_checkouts table for tracking checkouts Cleanup: - Removed v2 folder (duplicate/old files) - Removed old debug/test files - Removed completed migration documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
234 lines
7.6 KiB
Plaintext
234 lines
7.6 KiB
Plaintext
<%
|
|
'=============================================================================
|
|
' FILE: updatepc_direct.asp
|
|
' PURPOSE: Update PC/device with optional vendor and model creation
|
|
' SECURITY: Parameterized queries, HTML encoding, input validation
|
|
' UPDATED: 2025-10-27 - Migrated to secure patterns
|
|
'=============================================================================
|
|
%>
|
|
<!--#include file="./includes/sql.asp"-->
|
|
<!--#include file="./includes/response.asp"-->
|
|
<%
|
|
' Get form data
|
|
Dim pcid, vendorid, modelnumberid, machinenumber
|
|
|
|
pcid = Trim(Request.Form("pcid"))
|
|
vendorid = Trim(Request.Form("vendorid"))
|
|
modelnumberid = Trim(Request.Form("modelid"))
|
|
machinenumber = Trim(Request.Form("machinenumber"))
|
|
|
|
' Get form inputs for new model
|
|
Dim newmodelnumber, newvendorid
|
|
newmodelnumber = Trim(Request.Form("newpcmodelnumber"))
|
|
newvendorid = Trim(Request.Form("newpcmodelvendorid"))
|
|
|
|
' Get form inputs for new vendor
|
|
Dim newvendorname
|
|
newvendorname = Trim(Request.Form("newpcvendorname"))
|
|
|
|
' Validate required ID fields
|
|
If pcid = "" Or Not IsNumeric(pcid) Then
|
|
objConn.Close
|
|
ShowError "Invalid PC ID.", "displaypcs.asp"
|
|
Response.End
|
|
End If
|
|
|
|
If CLng(pcid) < 1 Then
|
|
objConn.Close
|
|
ShowError "Invalid PC ID.", "displaypcs.asp"
|
|
Response.End
|
|
End If
|
|
|
|
' Verify the PC exists using parameterized query - PHASE 2: Use machines table
|
|
Dim checkSQL, rsCheck, cmdCheck
|
|
checkSQL = "SELECT COUNT(*) as cnt FROM machines WHERE machineid = ? AND machinetypeid IN (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)"
|
|
Set cmdCheck = Server.CreateObject("ADODB.Command")
|
|
cmdCheck.ActiveConnection = objConn
|
|
cmdCheck.CommandText = checkSQL
|
|
cmdCheck.CommandType = 1
|
|
cmdCheck.Parameters.Append cmdCheck.CreateParameter("@pcid", 3, 1, , CLng(pcid))
|
|
Set rsCheck = cmdCheck.Execute
|
|
|
|
If Not rsCheck.EOF Then
|
|
If CLng(rsCheck("cnt")) = 0 Then
|
|
rsCheck.Close
|
|
Set rsCheck = Nothing
|
|
Set cmdCheck = Nothing
|
|
objConn.Close
|
|
Response.Redirect("displaypcs.asp")
|
|
Response.End
|
|
End If
|
|
End If
|
|
rsCheck.Close
|
|
Set rsCheck = Nothing
|
|
Set cmdCheck = Nothing
|
|
|
|
' Validate optional ID fields - allow "new" as a valid value for model and vendor
|
|
If vendorid <> "" And vendorid <> "new" Then
|
|
If Not IsNumeric(vendorid) Or CLng(vendorid) < 1 Then
|
|
objConn.Close
|
|
ShowError "Invalid vendor ID.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
End If
|
|
|
|
If modelnumberid <> "" And modelnumberid <> "new" Then
|
|
If Not IsNumeric(modelnumberid) Or CLng(modelnumberid) < 1 Then
|
|
objConn.Close
|
|
ShowError "Invalid model ID.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
End If
|
|
|
|
' Handle new vendor creation
|
|
If vendorid = "new" Then
|
|
If Len(newvendorname) = 0 Then
|
|
objConn.Close
|
|
ShowError "Vendor name is required.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
If Len(newvendorname) > 50 Then
|
|
objConn.Close
|
|
ShowError "Vendor name too long.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
' Insert new vendor using parameterized query (with ispc=1)
|
|
Dim sqlNewVendor, cmdNewVendor
|
|
sqlNewVendor = "INSERT INTO vendors (vendor, isactive, isprinter, ispc, ismachine) VALUES (?, 1, 0, 1, 0)"
|
|
Set cmdNewVendor = Server.CreateObject("ADODB.Command")
|
|
cmdNewVendor.ActiveConnection = objConn
|
|
cmdNewVendor.CommandText = sqlNewVendor
|
|
cmdNewVendor.CommandType = 1
|
|
cmdNewVendor.Parameters.Append cmdNewVendor.CreateParameter("@vendor", 200, 1, 50, newvendorname)
|
|
|
|
On Error Resume Next
|
|
cmdNewVendor.Execute
|
|
|
|
If Err.Number <> 0 Then
|
|
Dim vendorErr
|
|
vendorErr = Err.Description
|
|
Set cmdNewVendor = Nothing
|
|
objConn.Close
|
|
ShowError "Error creating vendor: " & Server.HTMLEncode(vendorErr), "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
' Get the newly created vendor ID
|
|
Dim rsNewVendor
|
|
Set rsNewVendor = objConn.Execute("SELECT LAST_INSERT_ID() AS newid")
|
|
vendorid = CLng(rsNewVendor("newid"))
|
|
rsNewVendor.Close
|
|
Set rsNewVendor = Nothing
|
|
Set cmdNewVendor = Nothing
|
|
On Error Goto 0
|
|
End If
|
|
|
|
' Handle new model creation
|
|
If modelnumberid = "new" Then
|
|
If Len(newmodelnumber) = 0 Then
|
|
objConn.Close
|
|
ShowError "Model number is required.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
If Len(newvendorid) = 0 Then
|
|
objConn.Close
|
|
ShowError "Vendor is required for new model.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
If Len(newmodelnumber) > 50 Then
|
|
objConn.Close
|
|
ShowError "Model number too long.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
' If vendor was also created new, use that vendor ID
|
|
If vendorid <> "" And IsNumeric(vendorid) Then
|
|
newvendorid = vendorid
|
|
End If
|
|
|
|
' Insert new model using parameterized query
|
|
Dim sqlNewModel, cmdNewModel
|
|
sqlNewModel = "INSERT INTO models (modelnumber, vendorid, isactive) VALUES (?, ?, 1)"
|
|
Set cmdNewModel = Server.CreateObject("ADODB.Command")
|
|
cmdNewModel.ActiveConnection = objConn
|
|
cmdNewModel.CommandText = sqlNewModel
|
|
cmdNewModel.CommandType = 1
|
|
cmdNewModel.Parameters.Append cmdNewModel.CreateParameter("@modelnumber", 200, 1, 50, newmodelnumber)
|
|
cmdNewModel.Parameters.Append cmdNewModel.CreateParameter("@vendorid", 3, 1, , CLng(newvendorid))
|
|
|
|
On Error Resume Next
|
|
cmdNewModel.Execute
|
|
|
|
If Err.Number <> 0 Then
|
|
Dim modelErr
|
|
modelErr = Err.Description
|
|
Set cmdNewModel = Nothing
|
|
objConn.Close
|
|
ShowError "Error creating model: " & Server.HTMLEncode(modelErr), "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
' Get the newly created model ID
|
|
Dim rsNewModel
|
|
Set rsNewModel = objConn.Execute("SELECT LAST_INSERT_ID() AS newid")
|
|
modelnumberid = CLng(rsNewModel("newid"))
|
|
rsNewModel.Close
|
|
Set rsNewModel = Nothing
|
|
Set cmdNewModel = Nothing
|
|
On Error Goto 0
|
|
End If
|
|
|
|
' Validate machine number length
|
|
If machinenumber <> "" And Len(machinenumber) > 50 Then
|
|
objConn.Close
|
|
ShowError "Machine number too long.", "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
' Build UPDATE statement for PC using parameterized query - PHASE 2: Use machines table
|
|
Dim strSQL, cmdUpdate
|
|
strSQL = "UPDATE machines SET modelnumberid = ?, machinenumber = ?, lastupdated = NOW() WHERE machineid = ? AND machinetypeid IN (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)"
|
|
Set cmdUpdate = Server.CreateObject("ADODB.Command")
|
|
cmdUpdate.ActiveConnection = objConn
|
|
cmdUpdate.CommandText = strSQL
|
|
cmdUpdate.CommandType = 1
|
|
|
|
' Handle optional modelnumberid
|
|
If modelnumberid <> "" And IsNumeric(modelnumberid) Then
|
|
cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@modelnumberid", 3, 1, , CLng(modelnumberid))
|
|
Else
|
|
cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@modelnumberid", 3, 1, , Null)
|
|
End If
|
|
|
|
' Handle optional machinenumber
|
|
If machinenumber <> "" Then
|
|
cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@machinenumber", 200, 1, 50, machinenumber)
|
|
Else
|
|
cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@machinenumber", 200, 1, 50, Null)
|
|
End If
|
|
|
|
cmdUpdate.Parameters.Append cmdUpdate.CreateParameter("@pcid", 3, 1, , CLng(pcid))
|
|
|
|
On Error Resume Next
|
|
cmdUpdate.Execute
|
|
|
|
If Err.Number <> 0 Then
|
|
Dim updateErr
|
|
updateErr = Err.Description
|
|
Set cmdUpdate = Nothing
|
|
objConn.Close
|
|
ShowError "Error updating PC: " & Server.HTMLEncode(updateErr), "displaypc.asp?machineid=" & pcid
|
|
Response.End
|
|
End If
|
|
|
|
Set cmdUpdate = Nothing
|
|
objConn.Close
|
|
|
|
' Success - show success message
|
|
ShowSuccess "PC updated successfully.", "displaypc.asp?machineid=" & pcid, "PC details"
|
|
%>
|