summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorivan <ivan>2008-01-13 21:14:19 +0000
committerivan <ivan>2008-01-13 21:14:19 +0000
commitf49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (patch)
tree2104b5d1a05433756d3b91ee436cfaa8c24ab464
parent2d53d2ebdce80d0f0dc7f75ccf506a06c2f852f9 (diff)
ACLs
-rw-r--r--httemplate/misc/batch-cust_pay.html16
-rwxr-xr-xhttemplate/misc/bill.cgi82
-rwxr-xr-xhttemplate/misc/cancel-unaudited.cgi59
-rw-r--r--httemplate/misc/cancel_cust.html2
-rwxr-xr-xhttemplate/misc/cancel_pkg.html69
-rwxr-xr-xhttemplate/misc/catchall.cgi252
-rw-r--r--httemplate/misc/cdr-import.html6
-rwxr-xr-xhttemplate/misc/cust_main-cancel.cgi3
-rw-r--r--httemplate/misc/cust_main-import.cgi8
-rw-r--r--httemplate/misc/cust_main-import_charges.cgi22
-rwxr-xr-xhttemplate/misc/delete-cust_credit.cgi36
-rwxr-xr-xhttemplate/misc/delete-cust_pay.cgi36
-rwxr-xr-xhttemplate/misc/delete-cust_refund.cgi36
-rwxr-xr-xhttemplate/misc/delete-customer.cgi93
-rwxr-xr-xhttemplate/misc/delete-domain_record.cgi34
-rwxr-xr-xhttemplate/misc/delete-part_export.cgi34
-rw-r--r--httemplate/misc/dump.cgi4
-rwxr-xr-xhttemplate/misc/email-invoice.cgi35
-rw-r--r--httemplate/misc/email_invoice_events.cgi11
-rw-r--r--httemplate/misc/email_invoices.cgi11
-rwxr-xr-xhttemplate/misc/fax-invoice.cgi35
-rw-r--r--httemplate/misc/fax_invoice_events.cgi11
-rw-r--r--httemplate/misc/fax_invoices.cgi11
-rw-r--r--httemplate/misc/inventory_item-import.html18
-rwxr-xr-xhttemplate/misc/link.cgi67
-rw-r--r--httemplate/misc/meta-import.cgi14
-rw-r--r--httemplate/misc/payment.cgi3
-rwxr-xr-xhttemplate/misc/print-invoice.cgi35
-rw-r--r--httemplate/misc/print_invoice_events.cgi11
-rw-r--r--httemplate/misc/print_invoices.cgi11
-rw-r--r--httemplate/misc/process/batch-cust_pay.cgi2
-rwxr-xr-xhttemplate/misc/process/cancel_pkg.html18
-rwxr-xr-xhttemplate/misc/process/catchall.cgi59
-rw-r--r--httemplate/misc/process/cdr-import.html44
-rw-r--r--httemplate/misc/process/cust_main-import.cgi57
-rw-r--r--httemplate/misc/process/cust_main-import_charges.cgi47
-rwxr-xr-xhttemplate/misc/process/delete-customer.cgi51
-rw-r--r--httemplate/misc/process/inventory_item-import.html41
-rwxr-xr-xhttemplate/misc/process/link.cgi134
-rw-r--r--httemplate/misc/process/meta-import.cgi7
-rw-r--r--httemplate/misc/process/payment.cgi3
-rwxr-xr-xhttemplate/misc/process/recharge_svc.html58
-rw-r--r--httemplate/misc/queue.cgi95
-rwxr-xr-xhttemplate/misc/recharge_svc.html23
-rw-r--r--httemplate/misc/svc_acct-domains.cgi54
-rwxr-xr-xhttemplate/misc/unapply-cust_credit.cgi37
-rwxr-xr-xhttemplate/misc/unapply-cust_pay.cgi37
-rwxr-xr-xhttemplate/misc/unprovision.cgi47
-rwxr-xr-xhttemplate/misc/unsusp_pkg.cgi34
-rwxr-xr-xhttemplate/misc/unvoid-cust_pay_void.cgi36
-rw-r--r--httemplate/misc/upload-batch.cgi21
-rwxr-xr-xhttemplate/misc/void-cust_pay.cgi41
-rw-r--r--httemplate/misc/whois.cgi34
53 files changed, 1074 insertions, 971 deletions
diff --git a/httemplate/misc/batch-cust_pay.html b/httemplate/misc/batch-cust_pay.html
index 89dd68a62..84889399d 100644
--- a/httemplate/misc/batch-cust_pay.html
+++ b/httemplate/misc/batch-cust_pay.html
@@ -1,7 +1,4 @@
-<% include("/elements/header.html", 'Quick payment entry',
- menubar( 'Main Menu' => $p ),
- )
-%>
+<% include('/elements/header.html', 'Quick payment entry') %>
<% include('/elements/error.html') %>
@@ -24,5 +21,12 @@
<INPUT TYPE="submit" NAME="submit" VALUE="Post payment batch">
</FORM>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post payment batch');
+
+</%init>
diff --git a/httemplate/misc/bill.cgi b/httemplate/misc/bill.cgi
index 24dfd6bbd..3c3c48c54 100755
--- a/httemplate/misc/bill.cgi
+++ b/httemplate/misc/bill.cgi
@@ -1,45 +1,45 @@
-%
-%#untaint custnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d*)$/;
-%my $custnum = $1;
-%my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum});
-%die "Can't find customer!\n" unless $cust_main;
-%
-%my $conf = new FS::Conf;
-%
-%my $error = $cust_main->bill(
-%# 'time'=>$time
-% );
-%
-%unless ( $error ) {
-% $error = $cust_main->apply_payments_and_credits
-% || $cust_main->collect(
-% #'invoice-time'=>$time,
-% #'batch_card'=> 'yes',
-% #'batch_card'=> 'no',
-% #'report_badcard'=> 'yes',
-% #'retry_card' => 'yes',
-%
-% 'retry' => 'yes',
-%
-% #this is used only by cust_main::batch_card
-% #need to pick & create an actual config
-% #value if we're going to turn this on
-% #("realtime-backend" doesn't exist,
-% # "backend-realtime" is for something
-% # entirely different)
-% #'realtime' => $conf->exists('realtime-backend'),
-% );
-%}
-%
%if ( $error ) {
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
-% print $cgi->redirect(popurl(2). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(2). "view/cust_main.cgi?$custnum") %>
%}
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Bill customer now');
+
+#untaint custnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d*)$/;
+my $custnum = $1;
+my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum});
+die "Can't find customer!\n" unless $cust_main;
+
+my $conf = new FS::Conf;
+
+my $error = $cust_main->bill(
+# 'time'=>$time
+ );
+
+unless ( $error ) {
+ $error = $cust_main->apply_payments_and_credits
+ || $cust_main->collect(
+ #'invoice-time'=>$time,
+ #'batch_card'=> 'yes',
+ #'batch_card'=> 'no',
+ #'report_badcard'=> 'yes',
+ #'retry_card' => 'yes',
+
+ 'retry' => 'yes',
+
+ #this is used only by cust_main::batch_card
+ #need to pick & create an actual config
+ #value if we're going to turn this on
+ #("realtime-backend" doesn't exist,
+ # "backend-realtime" is for something
+ # entirely different)
+ #'realtime' => $conf->exists('realtime-backend'),
+ );
+}
+
+</%init>
diff --git a/httemplate/misc/cancel-unaudited.cgi b/httemplate/misc/cancel-unaudited.cgi
index da60dc47b..4919c6632 100755
--- a/httemplate/misc/cancel-unaudited.cgi
+++ b/httemplate/misc/cancel-unaudited.cgi
@@ -1,36 +1,33 @@
-%
-%
-%my $dbh = dbh;
-%
-%#untaint svcnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%
-%#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
-%#die "Unknown svcnum!" unless $svc_acct;
-%
-%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
-%die "Unknown svcnum!" unless $cust_svc;
-%my $cust_pkg = $cust_svc->cust_pkg;
-%if ( $cust_pkg ) {
-% errorpage( 'This account has already been audited. Cancel the '.
-% qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum.
-% '#cust_pkg'. $cust_pkg->pkgnum. '">'.
-% 'package</A> instead.');
-%}
-%
-%my $error = $cust_svc->cancel;
-%
%if ( $error ) {
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
-% print $cgi->redirect(popurl(2));
+<% $cgi->redirect(popurl(2)) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unprovision customer service')
+ && $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services');
+
+#untaint svcnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+
+#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
+#die "Unknown svcnum!" unless $svc_acct;
+
+my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
+die "Unknown svcnum!" unless $cust_svc;
+my $cust_pkg = $cust_svc->cust_pkg;
+if ( $cust_pkg ) {
+ errorpage( 'This account has already been audited. Cancel the '.
+ qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum.
+ '#cust_pkg'. $cust_pkg->pkgnum. '">'.
+ 'package</A> instead.');
+}
+
+my $error = $cust_svc->cancel;
+
+</%init>
diff --git a/httemplate/misc/cancel_cust.html b/httemplate/misc/cancel_cust.html
index 634000d70..bb4e1904a 100644
--- a/httemplate/misc/cancel_cust.html
+++ b/httemplate/misc/cancel_cust.html
@@ -50,6 +50,8 @@ if ( $cgi->param('error') ) {
$curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" unless $curuser->access_right('Cancel customer');
+
$cust_main = qsearchs( {
'table' => 'cust_main',
'hashref' => { 'custnum' => $custnum },
diff --git a/httemplate/misc/cancel_pkg.html b/httemplate/misc/cancel_pkg.html
index 7cbaf1d82..8dffba72e 100755
--- a/httemplate/misc/cancel_pkg.html
+++ b/httemplate/misc/cancel_pkg.html
@@ -23,7 +23,7 @@
% if ($method eq 'expire' || $method eq 'adjourn') {
<TR>
<TD><% $submit =~ /^(\w*)\s/ %> package on </TD>
- <TD><INPUT TYPE="text" NAME="date" ID="expire_date" VALUE="<% $date %>">
+ <TD><INPUT TYPE="text" NAME="date" ID="expire_date" VALUE="<% $date |h %>">
<IMG SRC="<% $p %>images/calendar.png" ID="expire_button" STYLE="cursor:pointer" TITLE="Select date">
<BR><I>m/d/y</I>
</TD>
@@ -42,8 +42,7 @@
<% include('/elements/tr-select-reason.html',
'field' => 'reasonnum',
'reason_class' => $class,
- #XXX these need to be sticky on errors too...
- #'curr_value' => '',
+ 'curr_value' => $reasonnum,
'control_button' => 'document.sc_popup.submit',
)
%>
@@ -58,45 +57,53 @@
</HTML>
<%init>
-my($method, $pkgnum, $reasonnum, $submit, $cust_pkg, $part_pkg,
- $date, $curuser, $class);
-$date = time2str("%m/%d/%Y", time);
+
+my $date = time2str("%m/%d/%Y", time);
+
+my($pkgnum, $reasonnum);
if ( $cgi->param('error') ) {
- $method = $cgi->param('method');
- $pkgnum = $cgi->param('pkgnum');
- $reasonnum = $cgi->param('reasonnum');
- $date = $cgi->param('date');
+ $pkgnum = $cgi->param('pkgnum');
+ $reasonnum = $cgi->param('reasonnum');
+ $date = $cgi->param('date');
} elsif ( $cgi->param('pkgnum') =~ /^(\d+)$/ ) {
- $pkgnum = $1;
+ $pkgnum = $1;
+ $reasonnum = '';
} else {
die "illegal query ". $cgi->keywords;
}
-$method = $cgi->param('method');
+$cgi->param('method') =~ /^(\w+)$/ or die 'illegal method';
+my $method = $1;
+
+my($class, $submit, $right);
if ($method eq 'cancel') {
- $class = 'C';
- $submit = "Cancel Now";
-}elsif ($method eq 'expire') {
- $class = 'C';
- $submit = "Cancel Later";
-}elsif ($method eq 'suspend') {
- $class = 'S';
- $submit = "Suspend Now";
-}elsif ($method eq 'adjourn') {
- $class = 'S';
- $submit = "Suspend Later";
-}else{
- die "illegal query ". $cgi->keywords;
+ $class = 'C';
+ $submit = 'Cancel Now';
+ $right = 'Cancel customer package immediately';
+} elsif ($method eq 'expire') {
+ $class = 'C';
+ $submit = 'Cancel Later';
+ $right = 'Cancel customer package later';
+} elsif ($method eq 'suspend') {
+ $class = 'S';
+ $submit = 'Suspend Now';
+ $right = 'Suspend customer package';
+} elsif ($method eq 'adjourn') {
+ $class = 'S';
+ $submit = "Suspend Later";
+ $right = 'Suspend customer package later';
+} else {
+ die 'illegal query (unknown method param)';
}
-my $title = ucfirst($method) . ' Package';
+my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" unless $curuser->access_right($right);
-$cust_pkg = qsearchs('cust_pkg', {'pkgnum' => $pkgnum});
-die "No such package: $pkgnum" unless $cust_pkg;
+my $title = ucfirst($method) . ' Package';
-$part_pkg = $cust_pkg->part_pkg;
+my $cust_pkg = qsearchs('cust_pkg', {'pkgnum' => $pkgnum})
+ or die "Unknown pkgnum: $pkgnum";
-$curuser = $FS::CurrentUser::CurrentUser;
+my $part_pkg = $cust_pkg->part_pkg;
</%init>
-
diff --git a/httemplate/misc/catchall.cgi b/httemplate/misc/catchall.cgi
index 8881746d1..2094494be 100755
--- a/httemplate/misc/catchall.cgi
+++ b/httemplate/misc/catchall.cgi
@@ -1,134 +1,120 @@
-<!-- mason kludge -->
-%
-%
-%my $conf = new FS::Conf;
-%
-%my($svc_domain, $svcnum, $pkgnum, $svcpart, $part_svc);
-%if ( $cgi->param('error') ) {
-% $svc_domain = new FS::svc_domain ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_domain')
-% } );
-% $svcnum = $svc_domain->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $cgi->param('svcpart');
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%} else {
-% my($query) = $cgi->keywords;
-% if ( $query =~ /^(\d+)$/ ) { #editing
-% $svcnum=$1;
-% $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_domain) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% } else {
-%
-% die "Invalid (svc_domain) svcnum!";
-%
-% }
-%}
-%
-%my %email;
-%if ($pkgnum) {
-%
-% #find all possible user svcnums (and emails)
-%
-% #starting with that currently attached
-% if ($svc_domain->catchall) {
-% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
-% $email{$svc_domain->catchall} = $svc_acct->email;
-% }
-%
-% #and including the rest for this customer
-% my($u_part_svc,@u_acct_svcparts);
-% foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) {
-% push @u_acct_svcparts,$u_part_svc->getfield('svcpart');
-% }
-%
-% my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-% my($custnum)=$cust_pkg->getfield('custnum');
-% my($i_cust_pkg);
-% foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
-% my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
-% my($acct_svcpart);
-% foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
-% #record(s) in cust_svc ( for this
-% #pkgnum ! )
-% my($i_cust_svc);
-% foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) {
-% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')});
-% $email{$svc_acct->getfield('svcnum')}=$svc_acct->email;
-% }
-% }
-% }
-%
-%} else {
-%
-% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
-% $email{$svc_domain->catchall} = $svc_acct->email;
-%}
-%
-%# add an absence of a catchall
-%$email{''} = "(none)";
-%
-%my $p1 = popurl(1);
-%print header("Domain Catchall Edit", '');
-%
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-% "</FONT>"
-% if $cgi->param('error');
-%
-%print qq!<FORM ACTION="${p1}process/catchall.cgi" METHOD=POST>!;
-%
-%#display
-%
-% #formatting
-% print "<PRE>";
-%
-%#svcnum
-%print qq!<INPUT TYPE="hidden" NAME="svcnum" VALUE="$svcnum">!;
-%print qq!Service #<FONT SIZE=+1><B>!, $svcnum ? $svcnum : " (NEW)", "</B></FONT>";
-%
-%#pkgnum
-%print qq!<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">!;
-%
-%#svcpart
-%print qq!<INPUT TYPE="hidden" NAME="svcpart" VALUE="$svcpart">!;
-%
-%my($domain,$catchall)=(
-% $svc_domain->domain,
-% $svc_domain->catchall,
-%);
-%
-%print qq!<INPUT TYPE="hidden" NAME="domain" VALUE="$domain">!;
-%
-%#catchall
-%print qq!\n\nMail to <I>(anything)</I>@<B>$domain</B> forwards to <SELECT NAME="catchall" SIZE=1>!;
-%foreach $_ (keys %email) {
-% print "<OPTION", $_ eq $catchall ? " SELECTED" : "",
-% qq! VALUE="$_">$email{$_}!;
-%}
-%print "</SELECT>";
-%
-% #formatting
-% print "</PRE>\n";
-%
-%print qq!<CENTER><INPUT TYPE="submit" VALUE="Submit"></CENTER>!;
-%
-%print <<END;
-%
-% </FORM>
-% </BODY>
-%</HTML>
-%END
-%
-%
+<% include('/elements/header.html', 'Domain Catchall Edit') %>
+<% include('/elements/error.html') %>
+
+<FORM ACTION="<%$p1%>process/catchall.cgi" METHOD=POST>
+
+<PRE>
+
+<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum |h %>">
+Service #<FONT SIZE=+1><B><% $svcnum ? $svcnum : ' (NEW)' |h %></B></FONT>
+
+<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum |h %>">
+
+<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>">
+
+% my $domain = $svc_domain->domain;
+% my $catchall = $svc_domain->catchall;
+
+<INPUT TYPE="hidden" NAME="domain" VALUE="<% $domain |h %>">
+
+Mail to <I>(anything)</I>@<B><% $domain |h %></B> forwards to <SELECT NAME="catchall" SIZE=1>
+% foreach $_ (keys %email) {
+ <OPTION<% $_ eq $catchall ? ' SELECTED' : '' %> VALUE="<% $_ %>"><% $email{$_} %>
+% }
+</SELECT>
+
+</PRE>
+
+<INPUT TYPE="submit" VALUE="Submit">
+
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit domain catchall');
+
+my $conf = new FS::Conf;
+
+my($svc_domain, $svcnum, $pkgnum, $svcpart, $part_svc);
+if ( $cgi->param('error') ) {
+ $svc_domain = new FS::svc_domain ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_domain')
+ } );
+ $svcnum = $svc_domain->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $cgi->param('svcpart');
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+} else {
+ my($query) = $cgi->keywords;
+ if ( $query =~ /^(\d+)$/ ) { #editing
+ $svcnum=$1;
+ $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_domain) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ } else {
+
+ die "Invalid (svc_domain) svcnum!";
+
+ }
+}
+
+my %email;
+if ($pkgnum) {
+
+ #find all possible user svcnums (and emails)
+
+ #starting with that currently attached
+ if ($svc_domain->catchall) {
+ my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
+ $email{$svc_domain->catchall} = $svc_acct->email;
+ }
+
+ #and including the rest for this customer
+ my($u_part_svc,@u_acct_svcparts);
+ foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) {
+ push @u_acct_svcparts,$u_part_svc->getfield('svcpart');
+ }
+
+ my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+ my($custnum)=$cust_pkg->getfield('custnum');
+ my($i_cust_pkg);
+ foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
+ my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
+ my($acct_svcpart);
+ foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
+ #record(s) in cust_svc ( for this
+ #pkgnum ! )
+ my($i_cust_svc);
+ foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) {
+ my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')});
+ $email{$svc_acct->getfield('svcnum')}=$svc_acct->email;
+ }
+ }
+ }
+
+} else {
+
+ my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
+ $email{$svc_domain->catchall} = $svc_acct->email;
+}
+
+# add an absence of a catchall
+$email{''} = "(none)";
+
+my $p1 = popurl(1);
+
+</%init>
diff --git a/httemplate/misc/cdr-import.html b/httemplate/misc/cdr-import.html
index 5e9e2690d..36b2e4cb0 100644
--- a/httemplate/misc/cdr-import.html
+++ b/httemplate/misc/cdr-import.html
@@ -14,3 +14,9 @@ Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR>
<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+</%init>
diff --git a/httemplate/misc/cust_main-cancel.cgi b/httemplate/misc/cust_main-cancel.cgi
index 7f6f69701..009a7d41b 100755
--- a/httemplate/misc/cust_main-cancel.cgi
+++ b/httemplate/misc/cust_main-cancel.cgi
@@ -6,6 +6,9 @@
</HTML>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Cancel customer');
+
my $custnum;
my $ban = '';
if ( $cgi->param('custnum') =~ /^(\d+)$/ ) {
diff --git a/httemplate/misc/cust_main-import.cgi b/httemplate/misc/cust_main-import.cgi
index b710ca8f0..84da38611 100644
--- a/httemplate/misc/cust_main-import.cgi
+++ b/httemplate/misc/cust_main-import.cgi
@@ -97,5 +97,13 @@ advertising source table.
<% include('/elements/footer.html') %>
<%once>
+
my $req = qq!<font color="#ff0000">*</font>!;
+
</%once>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+</%init>
diff --git a/httemplate/misc/cust_main-import_charges.cgi b/httemplate/misc/cust_main-import_charges.cgi
index cd4441e0b..3801929e8 100644
--- a/httemplate/misc/cust_main-import_charges.cgi
+++ b/httemplate/misc/cust_main-import_charges.cgi
@@ -1,14 +1,22 @@
-<!-- mason kludge -->
-<% include("/elements/header.html",'Batch Customer Charge') %>
+<% include('/elements/header.html', 'Batch Customer Charge') %>
+
<FORM ACTION="process/cust_main-import_charges.cgi" METHOD="post" ENCTYPE="multipart/form-data">
+
Import a CSV file containing customer charges.<BR><BR>
Default file format is CSV, with the following field order: <i>custnum, amount, description</i><BR><BR>
If <i>amount</i> is negative, a credit will be applied instead.<BR><BR>
<BR><BR>
- CSV Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR>
- <INPUT TYPE="submit" VALUE="Import">
- </FORM>
- </BODY>
-<HTML>
+CSV Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR>
+<INPUT TYPE="submit" VALUE="Import">
+
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+</%init>
diff --git a/httemplate/misc/delete-cust_credit.cgi b/httemplate/misc/delete-cust_credit.cgi
index 78df24989..03eb47299 100755
--- a/httemplate/misc/delete-cust_credit.cgi
+++ b/httemplate/misc/delete-cust_credit.cgi
@@ -1,17 +1,21 @@
-%
-%
-%#untaint crednum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal crednum";
-%my $crednum = $1;
-%
-%my $cust_credit = qsearchs('cust_credit',{'crednum'=>$crednum});
-%my $custnum = $cust_credit->custnum;
-%
-%my $error = $cust_credit->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete credit');
+
+#untaint crednum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal crednum";
+my $crednum = $1;
+
+my $cust_credit = qsearchs('cust_credit',{'crednum'=>$crednum});
+my $custnum = $cust_credit->custnum;
+
+my $error = $cust_credit->delete;
+
+</%init>
diff --git a/httemplate/misc/delete-cust_pay.cgi b/httemplate/misc/delete-cust_pay.cgi
index a0fa414d5..38e7e4ba1 100755
--- a/httemplate/misc/delete-cust_pay.cgi
+++ b/httemplate/misc/delete-cust_pay.cgi
@@ -1,17 +1,21 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
-%my $custnum = $cust_pay->custnum;
-%
-%my $error = $cust_pay->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete payment');
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+
+my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
+my $custnum = $cust_pay->custnum;
+
+my $error = $cust_pay->delete;
+
+</%init>
diff --git a/httemplate/misc/delete-cust_refund.cgi b/httemplate/misc/delete-cust_refund.cgi
index f3ac589aa..983a79da5 100755
--- a/httemplate/misc/delete-cust_refund.cgi
+++ b/httemplate/misc/delete-cust_refund.cgi
@@ -1,17 +1,21 @@
-%
-%
-%#untaint refundnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal refundnum";
-%my $refundnum = $1;
-%
-%my $cust_refund = qsearchs('cust_refund',{'refundnum'=>$refundnum});
-%my $custnum = $cust_refund->custnum;
-%
-%my $error = $cust_refund->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete refund');
+
+#untaint refundnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal refundnum";
+my $refundnum = $1;
+
+my $cust_refund = qsearchs('cust_refund',{'refundnum'=>$refundnum});
+my $custnum = $cust_refund->custnum;
+
+my $error = $cust_refund->delete;
+
+</%init>
diff --git a/httemplate/misc/delete-customer.cgi b/httemplate/misc/delete-customer.cgi
index 378f69e61..17b7bda5e 100755
--- a/httemplate/misc/delete-customer.cgi
+++ b/httemplate/misc/delete-customer.cgi
@@ -1,48 +1,26 @@
-<!-- mason kludge -->
-%
-%
-%my $conf = new FS::Conf;
-%die "Customer deletions not enabled" unless $conf->exists('deletecustomers');
-%
-%my($custnum, $new_custnum);
-%if ( $cgi->param('error') ) {
-% $custnum = $cgi->param('custnum');
-% $new_custnum = $cgi->param('new_custnum');
-%} else {
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "Illegal query: $query";
-% $custnum = $1;
-% $new_custnum = '';
-%}
-%my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } )
-% or die "Customer not found: $custnum";
-%
-%print header('Delete customer');
-%
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-% "</FONT>"
-% if $cgi->param('error');
-%
-%print
-% qq!<form action="!, popurl(1), qq!process/delete-customer.cgi" method=post>!,
-% qq!<input type="hidden" name="custnum" value="$custnum">!;
-%
+<% include('/elements/header.html', 'Delete customer') %>
+
+<% include('/elements/error.html') %>
+
+<FORM ACTION="<% popurl(1) %>process/delete-customer.cgi" METHOD=POST>
+<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum |h %>">
+
%if ( qsearch('cust_pkg', { 'custnum' => $custnum, 'cancel' => '' } ) ) {
-% print "Move uncancelled packages to customer number ",
-% qq!<input type="text" name="new_custnum" value="$new_custnum"><br><br>!;
+ Move uncancelled packages to customer number
+ <INPUT TYPE="text" NAME="new_custnum" VALUE="<% $new_custnum |h %>"><BR><BR>
%}
-%
-%print <<END;
-%This will <b>completely remove</b> all traces of this customer record. This
-%is <B>not</B> what you want if this is a real customer who has simply
-%canceled service with you. For that, cancel all of the customer's packages.
-%(you can optionally hide cancelled customers with the <a href="../config/config-view.cgi#hidecancelledcustomers">hidecancelledcustomers</a> configuration option)
-%<br>
-%<br>Are you <b>absolutely sure</b> you want to delete this customer?
-%<br><input type="submit" value="Yes">
-%</form></body></html>
-%END
-%
+
+This will <B>completely remove</B> all traces of this customer record. This
+is <B>not</B> what you want if this is a real customer who has simply
+canceled service with you. For that, cancel all of the customer's packages.
+(you can optionally hide cancelled customers with the <A HREF="../config/config-view.cgi#hidecancelledcustomers">hidecancelledcustomers</A> configuration option)
+<BR>
+<BR>Are you <B>absolutely sure</B> you want to delete this customer?
+<BR><INPUT TYPE="submit" VALUE="Yes">
+</FORM>
+
+<% include('/elements/footer.html') %>
+
%#Deleting a customer you have financial records on (i.e. credits) is
%#typically considered fraudulant bookkeeping. Remember, deleting
%#customers should ONLY be used for completely bogus records. You should
@@ -56,6 +34,31 @@
%#Also see the "hidecancelledcustomers" and "hidecancelledpackages"
%#configuration options, which will allow you to surpress the display of
%#cancelled customers and packages, respectively.
-%
-%
+<%init>
+
+my $conf = new FS::Conf;
+die "Customer deletions not enabled in configuration"
+ unless $conf->exists('deletecustomers');
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete customer');
+
+my($custnum, $new_custnum);
+if ( $cgi->param('error') ) {
+ $custnum = $cgi->param('custnum');
+ $new_custnum = $cgi->param('new_custnum');
+} else {
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "Illegal query: $query";
+ $custnum = $1;
+ $new_custnum = '';
+}
+my $cust_main = qsearchs( {
+ 'table' => 'cust_main',
+ 'hashref' => { 'custnum' => $custnum },
+ 'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+} )
+ or die 'Unknown custnum';
+
+<%/init>
diff --git a/httemplate/misc/delete-domain_record.cgi b/httemplate/misc/delete-domain_record.cgi
index 83e75ce20..08eedde5f 100755
--- a/httemplate/misc/delete-domain_record.cgi
+++ b/httemplate/misc/delete-domain_record.cgi
@@ -1,16 +1,20 @@
-%
-%
-%#untaint recnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal recnum";
-%my $recnum = $1;
-%
-%my $domain_record = qsearchs('domain_record',{'recnum'=>$recnum});
-%
-%my $error = $domain_record->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/svc_domain.cgi?". $domain_record->svcnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/svc_domain.cgi?". $domain_record->svcnum) %>
+% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice');
+
+#untaint recnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal recnum";
+my $recnum = $1;
+
+my $domain_record = qsearchs('domain_record',{'recnum'=>$recnum});
+
+my $error = $domain_record->delete;
+
+</%init>
diff --git a/httemplate/misc/delete-part_export.cgi b/httemplate/misc/delete-part_export.cgi
index 5f2ebb99c..52404e0c4 100755
--- a/httemplate/misc/delete-part_export.cgi
+++ b/httemplate/misc/delete-part_export.cgi
@@ -1,16 +1,20 @@
-%
-%
-%#untaint exportnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal exportnum";
-%my $exportnum = $1;
-%
-%my $part_export = qsearchs('part_export',{'exportnum'=>$exportnum});
-%
-%my $error = $part_export->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "browse/part_export.cgi");
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "browse/part_export.cgi") %>
+% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+#untaint exportnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal exportnum";
+my $exportnum = $1;
+
+my $part_export = qsearchs('part_export',{'exportnum'=>$exportnum});
+
+my $error = $part_export->delete;
+
+</%init>
diff --git a/httemplate/misc/dump.cgi b/httemplate/misc/dump.cgi
index 486b66568..3b60b20ef 100644
--- a/httemplate/misc/dump.cgi
+++ b/httemplate/misc/dump.cgi
@@ -1,3 +1,5 @@
+% die "access denied"
+% unless $FS::CurrentUser::CurrentUser->access_right('Export');
%
% if ( driver_name =~ /^Pg$/ ) {
% my $dbname = (split(':', datasrc))[2];
@@ -16,5 +18,3 @@
% print $_;
% }
% close DUMP;
-%
-
diff --git a/httemplate/misc/email-invoice.cgi b/httemplate/misc/email-invoice.cgi
index 8a3dd90b1..269722f67 100755
--- a/httemplate/misc/email-invoice.cgi
+++ b/httemplate/misc/email-invoice.cgi
@@ -1,18 +1,19 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $template = $2;
-%my $invnum = $3;
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Can't find invoice!\n" unless $cust_bill;
-%
-%$cust_bill->email($template);
-%
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%print $cgi->redirect("${p}view/cust_main.cgi?$custnum");
-%
-%
+<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $template = $2;
+my $invnum = $3;
+my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+die "Can't find invoice!\n" unless $cust_bill;
+
+$cust_bill->email($template);
+
+my $custnum = $cust_bill->getfield('custnum');
+
+</%init>
diff --git a/httemplate/misc/email_invoice_events.cgi b/httemplate/misc/email_invoice_events.cgi
index ba6e72c1a..d65fe172b 100644
--- a/httemplate/misc/email_invoice_events.cgi
+++ b/httemplate/misc/email_invoice_events.cgi
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reemail', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reemail', $cgi;
+
+</%init>
diff --git a/httemplate/misc/email_invoices.cgi b/httemplate/misc/email_invoices.cgi
index 6c2103f7b..78ca0f67d 100644
--- a/httemplate/misc/email_invoices.cgi
+++ b/httemplate/misc/email_invoices.cgi
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reemail', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reemail', $cgi;
+
+</%init>
diff --git a/httemplate/misc/fax-invoice.cgi b/httemplate/misc/fax-invoice.cgi
index 1ddc23ece..e2e6db095 100755
--- a/httemplate/misc/fax-invoice.cgi
+++ b/httemplate/misc/fax-invoice.cgi
@@ -1,18 +1,19 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $template = $2;
-%my $invnum = $3;
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Can't find invoice!\n" unless $cust_bill;
-%
-%$cust_bill->fax($template);
-%
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%print $cgi->redirect("${p}view/cust_main.cgi?$custnum");
-%
-%
+<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $template = $2;
+my $invnum = $3;
+my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+die "Can't find invoice!\n" unless $cust_bill;
+
+$cust_bill->fax($template);
+
+my $custnum = $cust_bill->getfield('custnum');
+
+</%init>
diff --git a/httemplate/misc/fax_invoice_events.cgi b/httemplate/misc/fax_invoice_events.cgi
index deb78d456..05420eeca 100644
--- a/httemplate/misc/fax_invoice_events.cgi
+++ b/httemplate/misc/fax_invoice_events.cgi
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_refax', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_refax', $cgi;
+
+</%init>
diff --git a/httemplate/misc/fax_invoices.cgi b/httemplate/misc/fax_invoices.cgi
index 4bdac970c..a843523db 100644
--- a/httemplate/misc/fax_invoices.cgi
+++ b/httemplate/misc/fax_invoices.cgi
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_refax', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_refax', $cgi;
+
+</%init>
diff --git a/httemplate/misc/inventory_item-import.html b/httemplate/misc/inventory_item-import.html
index 363623806..423d0d672 100644
--- a/httemplate/misc/inventory_item-import.html
+++ b/httemplate/misc/inventory_item-import.html
@@ -1,11 +1,3 @@
-%
-%
-%my $classnum = $cgi->param('classnum');
-%$classnum =~ /^(\d+)$/ or errorpage("illegal classnum $classnum");
-%$classnum = $1;
-%my $inventory_class = qsearchs('inventory_class', { 'classnum' => $classnum } );
-%
-%
<% include("/elements/header.html", $inventory_class->classname. 's') %>
<FORM ACTION="process/inventory_item-import.html" METHOD="POST" ENCTYPE="multipart/form-data">
@@ -19,3 +11,13 @@ Filename: <INPUT TYPE="file" NAME="filename"><BR><BR>
<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+$cgi->param =~ /^(\d+)$/ or errorpage("illegal classnum $classnum");
+my $classnum = $1;
+my $inventory_class = qsearchs('inventory_class', { 'classnum' => $classnum } );
+
+</%init>
diff --git a/httemplate/misc/link.cgi b/httemplate/misc/link.cgi
index ef72b4a5c..748eaa15f 100755
--- a/httemplate/misc/link.cgi
+++ b/httemplate/misc/link.cgi
@@ -1,31 +1,5 @@
-%my %link_field = (
-% 'svc_acct' => 'username',
-% 'svc_domain' => 'domain',
-%);
-%
-%my %link_field2 = (
-% 'svc_acct' => { label => 'Domain',
-% field => 'domsvc',
-% type => 'select',
-% select_table => 'svc_domain',
-% select_key => 'svcnum',
-% select_label => 'domain'
-% },
-%);
-%
-%$cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-%my $pkgnum = $1;
-%$cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-%my $svcpart = $1;
-%
-%my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart});
-%my $svc = $part_svc->getfield('svc');
-%my $svcdb = $part_svc->getfield('svcdb');
-%my $link_field = $link_field{$svcdb};
-%my $link_field2 = $link_field2{$svcdb};
-%
-
<% include("/elements/header.html","Link to existing $svc") %>
+
<FORM ACTION="<% popurl(1) %>process/link.cgi" METHOD=POST>
% if ( $link_field ) {
@@ -72,6 +46,39 @@
<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>">
<BR><INPUT TYPE="submit" VALUE="Link">
- </FORM>
- </BODY>
-</HTML>
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services');
+
+my %link_field = (
+ 'svc_acct' => 'username',
+ 'svc_domain' => 'domain',
+);
+
+my %link_field2 = (
+ 'svc_acct' => { label => 'Domain',
+ field => 'domsvc',
+ type => 'select',
+ select_table => 'svc_domain',
+ select_key => 'svcnum',
+ select_label => 'domain'
+ },
+);
+
+$cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+my $pkgnum = $1;
+$cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+my $svcpart = $1;
+
+my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart});
+my $svc = $part_svc->getfield('svc');
+my $svcdb = $part_svc->getfield('svcdb');
+my $link_field = $link_field{$svcdb};
+my $link_field2 = $link_field2{$svcdb};
+
+</%init>
diff --git a/httemplate/misc/meta-import.cgi b/httemplate/misc/meta-import.cgi
index fc249a2ab..5b3470c06 100644
--- a/httemplate/misc/meta-import.cgi
+++ b/httemplate/misc/meta-import.cgi
@@ -1,5 +1,5 @@
-<!-- mason kludge -->
-<% include("/elements/header.html",'Import') %>
+<% include('/elements/header.html', 'Import') %>
+
<FORM ACTION="process/meta-import.cgi" METHOD="post" ENCTYPE="multipart/form-data">
Import data from a DBI data source<BR><BR>
%
@@ -68,6 +68,12 @@ Import data from a DBI data source<BR><BR>
<INPUT TYPE="submit" VALUE="Import">
</FORM>
- </BODY>
-<HTML>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+#there's no ACL for this... haven't used in ages
+die 'meta-import not enabled; remove this if you want to use it';
+
+</%init>
diff --git a/httemplate/misc/payment.cgi b/httemplate/misc/payment.cgi
index ce9a48beb..f99f2f068 100644
--- a/httemplate/misc/payment.cgi
+++ b/httemplate/misc/payment.cgi
@@ -217,6 +217,9 @@ function OLiframeContent(src, width, height, name) {
<% include('/elements/footer.html') %>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Process payment');
+
my %type = ( 'CARD' => 'credit card',
'CHEK' => 'electronic check (ACH)',
);
diff --git a/httemplate/misc/print-invoice.cgi b/httemplate/misc/print-invoice.cgi
index 511bdce19..aeef68795 100755
--- a/httemplate/misc/print-invoice.cgi
+++ b/httemplate/misc/print-invoice.cgi
@@ -1,18 +1,19 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $template = $2;
-%my $invnum = $3;
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Can't find invoice!\n" unless $cust_bill;
-%
-%$cust_bill->print($template);
-%
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%print $cgi->redirect("${p}view/cust_main.cgi?$custnum");
-%
-%
+<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $template = $2;
+my $invnum = $3;
+my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+die "Can't find invoice!\n" unless $cust_bill;
+
+$cust_bill->print($template);
+
+my $custnum = $cust_bill->getfield('custnum');
+
+</%init>
diff --git a/httemplate/misc/print_invoice_events.cgi b/httemplate/misc/print_invoice_events.cgi
index 913e2683f..c974d5f4e 100644
--- a/httemplate/misc/print_invoice_events.cgi
+++ b/httemplate/misc/print_invoice_events.cgi
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reprint', $cgi;
-
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reprint', $cgi;
+
+</%init>
diff --git a/httemplate/misc/print_invoices.cgi b/httemplate/misc/print_invoices.cgi
index 826a081fd..f859f6db8 100644
--- a/httemplate/misc/print_invoices.cgi
+++ b/httemplate/misc/print_invoices.cgi
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reprint', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reprint', $cgi;
+
+</%init>
diff --git a/httemplate/misc/process/batch-cust_pay.cgi b/httemplate/misc/process/batch-cust_pay.cgi
index e4d1bbff5..058a2251a 100644
--- a/httemplate/misc/process/batch-cust_pay.cgi
+++ b/httemplate/misc/process/batch-cust_pay.cgi
@@ -1,3 +1,5 @@
+% die "access denied"
+% unless $FS::CurrentUser::CurrentUser->access_right('Post payment batch');
%
% my $param = $cgi->Vars;
%
diff --git a/httemplate/misc/process/cancel_pkg.html b/httemplate/misc/process/cancel_pkg.html
index 805d1a711..d265c1849 100755
--- a/httemplate/misc/process/cancel_pkg.html
+++ b/httemplate/misc/process/cancel_pkg.html
@@ -12,29 +12,39 @@ my %past = ( 'cancel' => 'cancelled',
'adjourn' => 'adjourned',
);
+#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html
+my %right = ( 'cancel' => 'Cancel customer package immediately',
+ 'expire' => 'Cancel customer package later',
+ 'suspend' => 'Suspend customer package',
+ 'adjourn' => 'Suspend customer package later',
+ );
+
</%once>
<%init>
#untaint method
my $method = $cgi->param('method');
-$method =~ /^(cancel|expire|suspend|adjourn)$/ || die "Illegal method";
+$method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method";
$method = $1;
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right($right{$method});
+
#untaint pkgnum
my $pkgnum = $cgi->param('pkgnum');
-$pkgnum =~ /^(\d+)$/ || die "Illegal pkgnum";
+$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum";
$pkgnum = $1;
#untaint reasonnum
my $reasonnum = $cgi->param('reasonnum');
-$reasonnum =~ /^(-?\d+)$/ || die "Illegal reasonnum";
+$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum";
$reasonnum = $1;
my $date = time;
if ($method eq 'expire' || $method eq 'adjourn'){
#untaint date
$date = $cgi->param('date');
- str2time($cgi->param('date')) =~ /^(\d+)$/ || die "Illegal date";
+ str2time($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date";
$date = $1;
}
diff --git a/httemplate/misc/process/catchall.cgi b/httemplate/misc/process/catchall.cgi
index f2899c720..0dda2eada 100755
--- a/httemplate/misc/process/catchall.cgi
+++ b/httemplate/misc/process/catchall.cgi
@@ -1,34 +1,35 @@
-%
-%
-%$FS::svc_domain::whois_hack=1;
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum =$1;
-%
-%my $old = qsearchs('svc_domain',{'svcnum'=>$svcnum}) if $svcnum;
-%
-%my $new = new FS::svc_domain ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% } ( fields('svc_domain'), qw( pkgnum svcpart ) )
-%} );
-%
-%$new->setfield('action' => 'M');
-%
-%my $error;
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->getfield('svcnum');
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "catchall.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "catchall.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit domain catchall');
+
+$FS::svc_domain::whois_hack=1;
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum =$1;
+
+my $old = qsearchs('svc_domain',{'svcnum'=>$svcnum}) if $svcnum;
+
+my $new = new FS::svc_domain ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ } ( fields('svc_domain'), qw( pkgnum svcpart ) )
+} );
+
+$new->setfield('action' => 'M');
+
+my $error;
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->getfield('svcnum');
+}
+</%init>
diff --git a/httemplate/misc/process/cdr-import.html b/httemplate/misc/process/cdr-import.html
index 93137c3d0..4848fa325 100644
--- a/httemplate/misc/process/cdr-import.html
+++ b/httemplate/misc/process/cdr-import.html
@@ -1,30 +1,22 @@
-%
-%
-% my $fh = $cgi->upload('csvfile');
-%
-% my $error = defined($fh)
-% ? FS::cdr::batch_import( {
-% 'filehandle' => $fh,
-% 'format' => $cgi->param('format'),
-% } )
-% : 'No file';
-%
-% if ( $error ) {
-%
-
- <!-- mason kludge -->
-%
-% errorpage($error);
-%# $cgi->param('error', $error);
-%# print $cgi->redirect( "${p}cust_main-import.cgi
-% } else {
-%
-
- <!-- mason kludge -->
+% if ( $error ) {
+% errorpage($error);
+% } else {
<% include("/elements/header.html",'Import successful') %>
<!-- XXX redirect to batch search like the payment entry... -->
<% include("/elements/footer.html",'Import successful') %>
-%
-% }
-%
+% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+my $fh = $cgi->upload('csvfile');
+
+my $error = defined($fh)
+ ? FS::cdr::batch_import( {
+ 'filehandle' => $fh,
+ 'format' => $cgi->param('format'),
+ } )
+ : 'No file';
+</%init>
diff --git a/httemplate/misc/process/cust_main-import.cgi b/httemplate/misc/process/cust_main-import.cgi
index c8d1b6cd1..aa8cd5298 100644
--- a/httemplate/misc/process/cust_main-import.cgi
+++ b/httemplate/misc/process/cust_main-import.cgi
@@ -1,35 +1,28 @@
-%
-%
-% my $fh = $cgi->upload('csvfile');
-% #warn $cgi;
-% #warn $fh;
-%
-% my $error = defined($fh)
-% ? FS::cust_main::batch_import( {
-% filehandle => $fh,
-% agentnum => scalar($cgi->param('agentnum')),
-% refnum => scalar($cgi->param('refnum')),
-% pkgpart => scalar($cgi->param('pkgpart')),
-% #'fields' => [qw( cust_pkg.setup dayphone first last address1 address2
-% # city state zip comments )],
-% 'format' => scalar($cgi->param('format')),
-% } )
-% : 'No file';
-%
-% if ( $error ) {
-%
-
- <!-- mason kludge -->
-%
-% errorpage($error);
-%# $cgi->param('error', $error);
-%# print $cgi->redirect( "${p}cust_main-import.cgi
+% if ( $error ) {
+% errorpage($error);
% } else {
-%
-
- <!-- mason kludge -->
- <% include("/elements/header.html",'Import successful') %>
-%
+ <% include('/elements/header.html','Import successful') %>
+ <% include('/elements/footer.html') %>
% }
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+my $fh = $cgi->upload('csvfile');
+#warn $cgi;
+#warn $fh;
+
+my $error = defined($fh)
+ ? FS::cust_main::batch_import( {
+ filehandle => $fh,
+ agentnum => scalar($cgi->param('agentnum')),
+ refnum => scalar($cgi->param('refnum')),
+ pkgpart => scalar($cgi->param('pkgpart')),
+ #'fields' => [qw( cust_pkg.setup dayphone first last address1 address2
+ # city state zip comments )],
+ 'format' => scalar($cgi->param('format')),
+ } )
+ : 'No file';
+</%init>
diff --git a/httemplate/misc/process/cust_main-import_charges.cgi b/httemplate/misc/process/cust_main-import_charges.cgi
index 1a29bf600..3ca68944a 100644
--- a/httemplate/misc/process/cust_main-import_charges.cgi
+++ b/httemplate/misc/process/cust_main-import_charges.cgi
@@ -1,30 +1,23 @@
-%
-%
-% my $fh = $cgi->upload('csvfile');
-% #warn $cgi;
-% #warn $fh;
-%
-% my $error = defined($fh)
-% ? FS::cust_main::batch_charge( {
-% filehandle => $fh,
-% 'fields' => [qw( custnum amount pkg )],
-% } )
-% : 'No file';
-%
-% if ( $error ) {
-%
-
- <!-- mason kludge -->
-%
-% errorpage($error);
-%# $cgi->param('error', $error);
-%# print $cgi->redirect( "${p}cust_main-import_charges.cgi
+% if ( $error ) {
+% errorpage($error);
% } else {
-%
-
- <!-- mason kludge -->
- <% include("/elements/header.html",'Import successful') %>
-%
+ <% include('/elements/header.html','Import successful') %>
+ <% include('/elements/footer.html') %>
% }
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+my $fh = $cgi->upload('csvfile');
+#warn $cgi;
+#warn $fh;
+
+my $error = defined($fh)
+ ? FS::cust_main::batch_charge( {
+ filehandle => $fh,
+ 'fields' => [qw( custnum amount pkg )],
+ } )
+ : 'No file';
+</%init>
diff --git a/httemplate/misc/process/delete-customer.cgi b/httemplate/misc/process/delete-customer.cgi
index d0d237ee8..d509a5e0e 100755
--- a/httemplate/misc/process/delete-customer.cgi
+++ b/httemplate/misc/process/delete-customer.cgi
@@ -1,30 +1,33 @@
-%
-%
-%my $conf = new FS::Conf;
-%die "Customer deletions not enabled" unless $conf->exists('deletecustomers');
-%
-%$cgi->param('custnum') =~ /^(\d+)$/;
-%my $custnum = $1;
-%my $new_custnum;
-%if ( $cgi->param('new_custnum') ) {
-% $cgi->param('new_custnum') =~ /^(\d+)$/
-% or die "Illegal new customer number: ". $cgi->param('new_custnum');
-% $new_custnum = $1;
-%} else {
-% $new_custnum = '';
-%}
-%my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } )
-% or die "Customer not found: $custnum";
-%
-%my $error = $cust_main->delete($new_custnum);
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string ) %>
%} elsif ( $new_custnum ) {
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum") %>
%} else {
-% print $cgi->redirect(popurl(3));
+<% $cgi->redirect(popurl(3)) %>
%}
-%
+<%init>
+
+my $conf = new FS::Conf;
+die "Customer deletions not enabled in configuration"
+ unless $conf->exists('deletecustomers');
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete customer');
+
+$cgi->param('custnum') =~ /^(\d+)$/;
+my $custnum = $1;
+my $new_custnum;
+if ( $cgi->param('new_custnum') ) {
+ $cgi->param('new_custnum') =~ /^(\d+)$/
+ or die "Illegal new customer number: ". $cgi->param('new_custnum');
+ $new_custnum = $1;
+} else {
+ $new_custnum = '';
+}
+my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } )
+ or die "Customer not found: $custnum";
+
+my $error = $cust_main->delete($new_custnum);
+</%init>
diff --git a/httemplate/misc/process/inventory_item-import.html b/httemplate/misc/process/inventory_item-import.html
index 51337529f..3aae202c7 100644
--- a/httemplate/misc/process/inventory_item-import.html
+++ b/httemplate/misc/process/inventory_item-import.html
@@ -1,31 +1,22 @@
-%
-%
-% my $fh = $cgi->upload('filename');
-%
-% my $error = defined($fh)
-% ? FS::inventory_item::batch_import( {
-% 'filehandle' => $fh,
-% 'classnum' => $cgi->param('classnum'),
-% } )
-% : 'No file';
-%
-% if ( $error ) {
-%
-
- <!-- mason kludge -->
-%
-% errorpage($error);
-%# $cgi->param('error', $error);
-%# print $cgi->redirect( "${p}cust_main-import.cgi
-% } else {
-%
-
- <!-- mason kludge -->
+% if ( $error ) {
+% errorpage($error);
+% } else {
<% include("/elements/header.html",'Import successful') %>
<!-- XXX redirect to batch search like the payment entry... -->
<% include("/elements/footer.html",'Import successful') %>
-%
% }
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+my $fh = $cgi->upload('filename');
+my $error = defined($fh)
+ ? FS::inventory_item::batch_import( {
+ 'filehandle' => $fh,
+ 'classnum' => $cgi->param('classnum'),
+ } )
+ : 'No file';
+</%init>
diff --git a/httemplate/misc/process/link.cgi b/httemplate/misc/process/link.cgi
index 66f4ee11d..960326747 100755
--- a/httemplate/misc/process/link.cgi
+++ b/httemplate/misc/process/link.cgi
@@ -1,76 +1,72 @@
-%
-%
-%my $DEBUG = 0;
-%
-%$cgi->param('pkgnum') =~ /^(\d+)$/;
-%my $pkgnum = $1;
-%$cgi->param('svcpart') =~ /^(\d+)$/;
-%my $svcpart = $1;
-%$cgi->param('svcnum') =~ /^(\d*)$/;
-%my $svcnum = $1;
-%
-%unless ( $svcnum ) {
-% my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart});
-% my $svcdb = $part_svc->getfield('svcdb');
-% $cgi->param('link_field') =~ /^(\w+)$/;
-% my $link_field = $1;
-% my %search = ( $link_field => $cgi->param('link_value') );
-% if ( $cgi->param('link_field2') =~ /^(\w+)$/ ) {
-% $search{$1} = $cgi->param('link_value2');
-% }
-%
-% my @svc_x = ( sort { ($a->cust_svc->pkgnum > 0) <=> ($b->cust_svc->pkgnum > 0)
-% or ($b->cust_svc->svcpart == $svcpart)
-% <=> ($a->cust_svc->svcpart == $svcpart)
-% }
-% qsearch( $svcdb, \%search )
-% );
-%
-% if ( $DEBUG ) {
-% warn scalar(@svc_x). " candidate accounts found for linking ".
-% "(svcpart $svcpart):\n";
-% foreach my $svc_x ( @svc_x ) {
-% warn " ". $svc_x->email.
-% " (svcnum ". $svc_x->svcnum. ",".
-% " pkgnum ". $svc_x->cust_svc->pkgnum. ",".
-% " svcpart ". $svc_x->cust_svc->svcpart. ")\n";
-% }
-% }
-%
-% my $svc_x = $svc_x[0];
-%
-% errorpage("$link_field not found!") unless $svc_x;
-%
-% $svcnum = $svc_x->svcnum;
-%
-%}
-%
-%my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum});
-%die "svcnum not found!" unless $old;
-%my $conf = new FS::Conf;
-%my($error, $new);
-%if ( $old->pkgnum && ! $conf->exists('legacy_link-steal') ) {
-% $error = "svcnum $svcnum already linked to package ". $old->pkgnum;
-%} else {
-% $new = new FS::cust_svc { $old->hash };
-% $new->pkgnum($pkgnum);
-% $new->svcpart($svcpart);
-%
-% $error = $new->replace($old);
-%}
-%
%unless ($error) {
% #no errors, so let's view this customer.
% my $custnum = $new->cust_pkg->custnum;
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum".
-% "#cust_pkg$pkgnum" );
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?<%$custnum%>#cust_pkg<%$pkgnum%>" ) %>
%} else {
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services');
+
+my $DEBUG = 0;
+
+$cgi->param('pkgnum') =~ /^(\d+)$/;
+my $pkgnum = $1;
+$cgi->param('svcpart') =~ /^(\d+)$/;
+my $svcpart = $1;
+$cgi->param('svcnum') =~ /^(\d*)$/;
+my $svcnum = $1;
+
+unless ( $svcnum ) {
+ my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart});
+ my $svcdb = $part_svc->getfield('svcdb');
+ $cgi->param('link_field') =~ /^(\w+)$/;
+ my $link_field = $1;
+ my %search = ( $link_field => $cgi->param('link_value') );
+ if ( $cgi->param('link_field2') =~ /^(\w+)$/ ) {
+ $search{$1} = $cgi->param('link_value2');
+ }
+
+ my @svc_x = ( sort { ($a->cust_svc->pkgnum > 0) <=> ($b->cust_svc->pkgnum > 0)
+ or ($b->cust_svc->svcpart == $svcpart)
+ <=> ($a->cust_svc->svcpart == $svcpart)
+ }
+ qsearch( $svcdb, \%search )
+ );
+
+ if ( $DEBUG ) {
+ warn scalar(@svc_x). " candidate accounts found for linking ".
+ "(svcpart $svcpart):\n";
+ foreach my $svc_x ( @svc_x ) {
+ warn " ". $svc_x->email.
+ " (svcnum ". $svc_x->svcnum. ",".
+ " pkgnum ". $svc_x->cust_svc->pkgnum. ",".
+ " svcpart ". $svc_x->cust_svc->svcpart. ")\n";
+ }
+ }
+
+ my $svc_x = $svc_x[0];
+
+ errorpage("$link_field not found!") unless $svc_x;
+
+ $svcnum = $svc_x->svcnum;
+
+}
+
+my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum});
+die "svcnum not found!" unless $old;
+my $conf = new FS::Conf;
+my($error, $new);
+if ( $old->pkgnum && ! $conf->exists('legacy_link-steal') ) {
+ $error = "svcnum $svcnum already linked to package ". $old->pkgnum;
+} else {
+ $new = new FS::cust_svc { $old->hash };
+ $new->pkgnum($pkgnum);
+ $new->svcpart($svcpart);
+
+ $error = $new->replace($old);
+}
+</%init>
diff --git a/httemplate/misc/process/meta-import.cgi b/httemplate/misc/process/meta-import.cgi
index 1cf178c08..68ae49c60 100644
--- a/httemplate/misc/process/meta-import.cgi
+++ b/httemplate/misc/process/meta-import.cgi
@@ -1,4 +1,3 @@
-<!-- mason kludge -->
<% include("/elements/header.html",'Map tables') %>
<SCRIPT>
@@ -183,5 +182,9 @@ function SafeOnsubmit() {
%
%
<%init>
-die "meta-import script not currently enabled"; #make XSS-safe if this is used for more than just admins to import data....
+
+#there's no ACL for this... haven't used in ages
+#make XSS-safe if this is used for more than just admins to import data....
+die 'meta-import not enabled; remove this if you want to use it';
+
</%init>
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi
index 889670d12..2baca1e39 100644
--- a/httemplate/misc/process/payment.cgi
+++ b/httemplate/misc/process/payment.cgi
@@ -15,6 +15,9 @@
% }
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Process payment');
+
#some false laziness w/MyAccount::process_payment
$cgi->param('custnum') =~ /^(\d+)$/
diff --git a/httemplate/misc/process/recharge_svc.html b/httemplate/misc/process/recharge_svc.html
index e540c385c..147b9533a 100755
--- a/httemplate/misc/process/recharge_svc.html
+++ b/httemplate/misc/process/recharge_svc.html
@@ -1,31 +1,3 @@
-%
-%
-%#untaint svcnum
-%my $svcnum = $cgi->param('svcnum');
-%$svcnum =~ /^(\d+)$/ || die "Illegal svcnum";
-%$svcnum = $1;
-%
-%#untaint prepaid
-%my $prepaid = $cgi->param('prepaid');
-%$prepaid =~ /^(\w*)$/;
-%$prepaid = $1;
-
-%#untaint payby
-%my $payby = $cgi->param('payby');
-%$payby =~ /^([A-Z]*)$/;
-%$payby = $1;
-%
-%my $error = '';
-%my $svc_acct = qsearchs( 'svc_acct', {'svcnum'=>$svcnum} );
-%$error = "Can't recharge service $svcnum. " unless $svc_acct;
-%
-%my $cust_main = $svc_acct->cust_svc->cust_pkg->cust_main;
-%
-%my $oldAutoCommit = $FS::UID::AutoCommit;
-%local $FS::UID::AutoCommit = 0;
-%my $dbh = dbh;
-%
-%
%unless ($error) {
%
% my ($amount, $seconds, $up, $down, $total) = (0, 0, 0, 0, 0);
@@ -86,5 +58,35 @@
</SCRIPT>
</BODY></HTML>
<%init>
+
my $conf = new FS::Conf;
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Recharge customer service');
+
+#untaint svcnum
+my $svcnum = $cgi->param('svcnum');
+$svcnum =~ /^(\d+)$/ || die "Illegal svcnum";
+$svcnum = $1;
+
+#untaint prepaid
+my $prepaid = $cgi->param('prepaid');
+$prepaid =~ /^(\w*)$/;
+$prepaid = $1;
+
+#untaint payby
+my $payby = $cgi->param('payby');
+$payby =~ /^([A-Z]*)$/;
+$payby = $1;
+
+my $error = '';
+my $svc_acct = qsearchs( 'svc_acct', {'svcnum'=>$svcnum} );
+$error = "Can't recharge service $svcnum. " unless $svc_acct;
+
+my $cust_main = $svc_acct->cust_svc->cust_pkg->cust_main;
+
+my $oldAutoCommit = $FS::UID::AutoCommit;
+local $FS::UID::AutoCommit = 0;
+my $dbh = dbh;
+
</%init>
diff --git a/httemplate/misc/queue.cgi b/httemplate/misc/queue.cgi
index 7370aabe1..5dee29b88 100644
--- a/httemplate/misc/queue.cgi
+++ b/httemplate/misc/queue.cgi
@@ -1,48 +1,49 @@
-%
-%
-%$cgi->param('action') =~ /^(new|del|(retry|remove) selected)$/
-% or die "Illegal action";
-%my $action = $1;
-%
-%my $job;
-%if ( $action eq 'new' || $action eq 'del' ) {
-% $cgi->param('jobnum') =~ /^(\d+)$/ or die "Illegal jobnum";
-% my $jobnum = $1;
-% $job = qsearchs('queue', { 'jobnum' => $1 })
-% or die "unknown jobnum $jobnum - ".
-% "it probably completed normally or was removed by another user";
-%}
-%
-%if ( $action eq 'new' ) {
-% my %hash = $job->hash;
-% $hash{'status'} = 'new';
-% $hash{'statustext'} = '';
-% my $new = new FS::queue \%hash;
-% my $error = $new->replace($job);
-% die $error if $error;
-%} elsif ( $action eq 'del' ) {
-% my $error = $job->delete;
-% die $error if $error;
-%} elsif ( $action =~ /^(retry|remove) selected$/ ) {
-% foreach my $jobnum (
-% map { /^jobnum(\d+)$/; $1; } grep /^jobnum\d+$/, $cgi->param
-% ) {
-% my $job = qsearchs('queue', { 'jobnum' => $jobnum });
-% if ( $action eq 'retry selected' && $job ) { #new
-% my %hash = $job->hash;
-% $hash{'status'} = 'new';
-% $hash{'statustext'} = '';
-% my $new = new FS::queue \%hash;
-% my $error = $new->replace($job);
-% die $error if $error;
-% } elsif ( $action eq 'remove selected' && $job ) { #del
-% my $error = $job->delete;
-% die $error if $error;
-% }
-% }
-%}
-%
-%print $cgi->redirect(popurl(2). "search/queue.html");
-%
-%
+<% $cgi->redirect(popurl(2). "search/queue.html") %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Job queue');
+
+$cgi->param('action') =~ /^(new|del|(retry|remove) selected)$/
+ or die "Illegal action";
+my $action = $1;
+
+my $job;
+if ( $action eq 'new' || $action eq 'del' ) {
+ $cgi->param('jobnum') =~ /^(\d+)$/ or die "Illegal jobnum";
+ my $jobnum = $1;
+ $job = qsearchs('queue', { 'jobnum' => $1 })
+ or die "unknown jobnum $jobnum - ".
+ "it probably completed normally or was removed by another user";
+}
+
+if ( $action eq 'new' ) {
+ my %hash = $job->hash;
+ $hash{'status'} = 'new';
+ $hash{'statustext'} = '';
+ my $new = new FS::queue \%hash;
+ my $error = $new->replace($job);
+ die $error if $error;
+} elsif ( $action eq 'del' ) {
+ my $error = $job->delete;
+ die $error if $error;
+} elsif ( $action =~ /^(retry|remove) selected$/ ) {
+ foreach my $jobnum (
+ map { /^jobnum(\d+)$/; $1; } grep /^jobnum\d+$/, $cgi->param
+ ) {
+ my $job = qsearchs('queue', { 'jobnum' => $jobnum });
+ if ( $action eq 'retry selected' && $job ) { #new
+ my %hash = $job->hash;
+ $hash{'status'} = 'new';
+ $hash{'statustext'} = '';
+ my $new = new FS::queue \%hash;
+ my $error = $new->replace($job);
+ die $error if $error;
+ } elsif ( $action eq 'remove selected' && $job ) { #del
+ my $error = $job->delete;
+ die $error if $error;
+ }
+ }
+}
+
+</%init>
diff --git a/httemplate/misc/recharge_svc.html b/httemplate/misc/recharge_svc.html
index a3de13d92..2302f3fd3 100755
--- a/httemplate/misc/recharge_svc.html
+++ b/httemplate/misc/recharge_svc.html
@@ -28,7 +28,7 @@
</TR>
<TR>
<TD>Enter prepaid card: </TD>
- <TD><INPUT TYPE="text" NAME="prepaid" VALUE="<% $prepaid %>" <% $payby eq "PREP" ? '' : 'disabled' %>></TD>
+ <TD><INPUT TYPE="text" NAME="prepaid" VALUE="<% $prepaid |h %>" <% $payby eq "PREP" ? '' : 'disabled' %>></TD>
</TR>
</TABLE>
@@ -37,35 +37,42 @@
<INPUT TYPE="submit" NAME="submit" VALUE="Recharge">
</FORM>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html');
<%once>
+
my $conf = new FS::Conf;
my $money_char = $conf->config('money_char') || '$';
+
</%once>
<%init>
-my($svcnum, $cust_svc, $part_pkg, $label, $value, $prepaid, $amount, $payby);
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Recharge customer service');
+
+my($svcnum, $prepaid, $payby);
if ( $cgi->param('error') ) {
$svcnum = $cgi->param('svcnum');
$prepaid = $cgi->param('prepaid');
$payby = $cgi->param('payby');
} elsif ( $cgi->param('svcnum') =~ /^(\d+)$/ ) {
$svcnum = $1;
+ $prepaid = '';
} else {
die "illegal query ". $cgi->keywords;
}
my $title = 'Recharge Service';
-$cust_svc = qsearchs('cust_svc', {'svcnum' => $svcnum});
+my $cust_svc = qsearchs('cust_svc', {'svcnum' => $svcnum});
die "No such service: $svcnum" unless $cust_svc;
-($label, $value) = $cust_svc->label;
+my($label, $value) = $cust_svc->label;
$payby = $cust_svc->cust_pkg->cust_main->payby unless $payby;
-$part_pkg = $cust_svc->cust_pkg->part_pkg;
-$amount = $part_pkg->option('recharge_amount', 1) || 0;
+my $part_pkg = $cust_svc->cust_pkg->part_pkg;
+my $amount = $part_pkg->option('recharge_amount', 1) || 0;
my $recharge_label = "Charge $money_char$amount for ";
diff --git a/httemplate/misc/svc_acct-domains.cgi b/httemplate/misc/svc_acct-domains.cgi
index a49a02305..573457483 100644
--- a/httemplate/misc/svc_acct-domains.cgi
+++ b/httemplate/misc/svc_acct-domains.cgi
@@ -1,31 +1,31 @@
-%
-%
-% my $pkgpart_svcpart = $cgi->param('arg');
-% $pkgpart_svcpart =~ /^\d+_(\d+)$/;
-% my $part_svc = qsearchs('part_svc', { 'svcpart' => $1 }) if $1;
-% my $part_svc_column = $part_svc->part_svc_column('domsvc') if $part_svc;
-%
-% my @output = split /,/, $part_svc_column->columnvalue if $part_svc_column;
-% my $columnflag = $part_svc_column->columnflag if $part_svc_column;
-% my @svc_domain = ();
-% my %seen = ();
-%
-% foreach (@output) {
-% my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $_ })
-% or warn "unknown svc_domain.svcnum $_ for part_svc_column domsvc; ".
-% "svcpart = " . $part_svc->svcpart;
-% push @svc_domain, [ $_ => $svc_domain->domain ];
-% $seen{$_}++;
-% }
-% if ($conf->exists('svc_acct-alldomains')
-% && ( $columnflag eq 'D' || $columnflag eq '' )
-% ) {
-% foreach (grep { $_->svcnum ne $output[0] } qsearch('svc_domain', {}) ){
-% push @svc_domain, [ $_->svcnum => $_->domain ];
-% }
-% }
-%
[ <% join(', ', map { qq("$_->[0]", "$_->[1]") } @svc_domain) %> ]
<%init>
+
my $conf = new FS::Conf;
+
+my $pkgpart_svcpart = $cgi->param('arg');
+$pkgpart_svcpart =~ /^\d+_(\d+)$/;
+my $part_svc = qsearchs('part_svc', { 'svcpart' => $1 }) if $1;
+my $part_svc_column = $part_svc->part_svc_column('domsvc') if $part_svc;
+
+my @output = split /,/, $part_svc_column->columnvalue if $part_svc_column;
+my $columnflag = $part_svc_column->columnflag if $part_svc_column;
+my @svc_domain = ();
+my %seen = ();
+
+foreach (@output) {
+ my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $_ })
+ or warn "unknown svc_domain.svcnum $_ for part_svc_column domsvc; ".
+ "svcpart = " . $part_svc->svcpart;
+ push @svc_domain, [ $_ => $svc_domain->domain ];
+ $seen{$_}++;
+}
+if ($conf->exists('svc_acct-alldomains')
+ && ( $columnflag eq 'D' || $columnflag eq '' )
+ ) {
+ foreach (grep { $_->svcnum ne $output[0] } qsearch('svc_domain', {}) ){
+ push @svc_domain, [ $_->svcnum => $_->domain ];
+ }
+}
+
</%init>
diff --git a/httemplate/misc/unapply-cust_credit.cgi b/httemplate/misc/unapply-cust_credit.cgi
index f8fa63268..ed739ac1b 100755
--- a/httemplate/misc/unapply-cust_credit.cgi
+++ b/httemplate/misc/unapply-cust_credit.cgi
@@ -1,19 +1,20 @@
-%
-%
-%#untaint crednum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal crednum";
-%my $crednum = $1;
-%
-%my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } );
-%my $custnum = $cust_credit->custnum;
-%
-%foreach my $cust_credit_bill ( $cust_credit->cust_credit_bill ) {
-% my $error = $cust_credit_bill->delete;
-% errorpage($error) if $error;
-%}
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unapply credit');
+
+#untaint crednum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal crednum";
+my $crednum = $1;
+
+my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } );
+my $custnum = $cust_credit->custnum;
+
+foreach my $cust_credit_bill ( $cust_credit->cust_credit_bill ) {
+ my $error = $cust_credit_bill->delete;
+ errorpage($error) if $error;
+}
+
+</%init>
diff --git a/httemplate/misc/unapply-cust_pay.cgi b/httemplate/misc/unapply-cust_pay.cgi
index 6bd6c07ee..8cdac180b 100755
--- a/httemplate/misc/unapply-cust_pay.cgi
+++ b/httemplate/misc/unapply-cust_pay.cgi
@@ -1,19 +1,20 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } );
-%my $custnum = $cust_pay->custnum;
-%
-%foreach my $cust_bill_pay ( $cust_pay->cust_bill_pay ) {
-% my $error = $cust_bill_pay->delete;
-% errorpage($error) if $error;
-%}
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unapply payment');
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+
+my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } );
+my $custnum = $cust_pay->custnum;
+
+foreach my $cust_bill_pay ( $cust_pay->cust_bill_pay ) {
+ my $error = $cust_bill_pay->delete;
+ errorpage($error) if $error;
+}
+
+</%init>
diff --git a/httemplate/misc/unprovision.cgi b/httemplate/misc/unprovision.cgi
index b5e510695..4ab15fdc0 100755
--- a/httemplate/misc/unprovision.cgi
+++ b/httemplate/misc/unprovision.cgi
@@ -1,31 +1,26 @@
-%
-%
-%my $dbh = dbh;
-%
-%#untaint svcnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%
-%#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
-%#die "Unknown svcnum!" unless $svc_acct;
-%
-%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
-%die "Unknown svcnum!" unless $cust_svc;
-%
-%my $custnum = $cust_svc->cust_pkg->custnum;
-%
-%my $error = $cust_svc->cancel;
-%
%if ( $error ) {
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
-% print $cgi->redirect(popurl(2)."view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(2)."view/cust_main.cgi?$custnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unprovision customer service');
+
+#untaint svcnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+
+#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
+#die "Unknown svcnum!" unless $svc_acct;
+
+my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
+die "Unknown svcnum!" unless $cust_svc;
+
+my $custnum = $cust_svc->cust_pkg->custnum;
+
+my $error = $cust_svc->cancel;
+</%init>
diff --git a/httemplate/misc/unsusp_pkg.cgi b/httemplate/misc/unsusp_pkg.cgi
index 80188c668..b350693dd 100755
--- a/httemplate/misc/unsusp_pkg.cgi
+++ b/httemplate/misc/unsusp_pkg.cgi
@@ -1,16 +1,20 @@
-%
-%
-%#untaint pkgnum
-%my ($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal pkgnum";
-%my $pkgnum = $1;
-%
-%my $cust_pkg = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-%
-%my $error = $cust_pkg->unsuspend;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect(popurl(2). "view/cust_main.cgi?".$cust_pkg->getfield('custnum'));
-%
-%
+%if ( $error ) {
+% errorpage($error);
+%} else {
+<% $cgi->redirect(popurl(2). "view/cust_main.cgi?".$cust_pkg->getfield('custnum')) %>
+%}
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unsuspend customer package');
+
+#untaint pkgnum
+my ($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal pkgnum";
+my $pkgnum = $1;
+
+my $cust_pkg = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+
+my $error = $cust_pkg->unsuspend;
+
+</%init>
diff --git a/httemplate/misc/unvoid-cust_pay_void.cgi b/httemplate/misc/unvoid-cust_pay_void.cgi
index 625431a57..91fe1c223 100755
--- a/httemplate/misc/unvoid-cust_pay_void.cgi
+++ b/httemplate/misc/unvoid-cust_pay_void.cgi
@@ -1,17 +1,21 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay_void = qsearchs('cust_pay_void', { 'paynum' => $paynum } );
-%my $custnum = $cust_pay_void->custnum;
-%
-%my $error = $cust_pay_void->unvoid;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+%if ( $error ) {
+% errorpage($error);
+%} else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+%}
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unvoid');
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+
+my $cust_pay_void = qsearchs('cust_pay_void', { 'paynum' => $paynum } );
+my $custnum = $cust_pay_void->custnum;
+
+my $error = $cust_pay_void->unvoid;
+
+</%init>
diff --git a/httemplate/misc/upload-batch.cgi b/httemplate/misc/upload-batch.cgi
index 5a15008b0..d1a84fd02 100644
--- a/httemplate/misc/upload-batch.cgi
+++ b/httemplate/misc/upload-batch.cgi
@@ -1,17 +1,14 @@
-% if ( $error ) {
-
- <!-- mason kludge -->
-
-% errorpage($error);
-%# $cgi->param('error', $error);
-%# print $cgi->redirect( "${p}cust_main-import.cgi
-% } else {
-
- <% include("/elements/header.html",'Batch results upload successful') %>
-
-% }
+% if ( $error ) {
+% errorpage($error);
+% } else {
+ <% include('/elements/header.html','Batch results upload successful') %>
+ <% include('/elements/footer.html') %>
+% }
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Process batches');
+
my $error;
my $fh = $cgi->upload('batch_results');
diff --git a/httemplate/misc/void-cust_pay.cgi b/httemplate/misc/void-cust_pay.cgi
index 972a1a5bd..7b484e93e 100755
--- a/httemplate/misc/void-cust_pay.cgi
+++ b/httemplate/misc/void-cust_pay.cgi
@@ -1,17 +1,26 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
-%my $custnum = $cust_pay->custnum;
-%
-%my $error = $cust_pay->void;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+%if ( $error ) {
+% errorpage($error);
+%} else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+%}
+<%init>
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+
+my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
+
+my $right = 'Regular void';
+$right = 'Credit card void' if $cust_pay->payby eq 'CARD';
+$right = 'Echeck void' if $cust_pay->payby eq 'CHEK';
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right($right);
+
+my $custnum = $cust_pay->custnum;
+
+my $error = $cust_pay->void;
+
+</%init>
diff --git a/httemplate/misc/whois.cgi b/httemplate/misc/whois.cgi
index d3d9649fd..35d0eccc9 100644
--- a/httemplate/misc/whois.cgi
+++ b/httemplate/misc/whois.cgi
@@ -1,10 +1,3 @@
-%
-% my $svcnum = $cgi->param('svcnum');
-% my $custnum = $cgi->param('custnum');
-% my $domain = $cgi->param('domain');
-%
-%
-
<% include("/elements/header.html","Whois $domain", menubar(
( $custnum
? ( "View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum",
@@ -12,16 +5,23 @@
: ()
),
"View this domain (#$svcnum)" => "${p}view/svc_domain.cgi?$svcnum",
- "Main menu" => $p,
)) %>
-% my $whois = eval { whois($domain) };
-% if ( $@ ) {
-% ( $whois = $@ ) =~ s/ at \/.*Net\/Whois\/Raw\.pm line \d+.*$//s;
-% } else {
-% $whois =~ s/^\n+//;
-% }
-%
<PRE><% $whois %></PRE>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+my $svcnum = $cgi->param('svcnum');
+my $custnum = $cgi->param('custnum');
+my $domain = $cgi->param('domain');
+
+my $whois = eval { whois($domain) };
+ if ( $@ ) {
+ ( $whois = $@ ) =~ s/ at \/.*Net\/Whois\/Raw\.pm line \d+.*$//s;
+ } else {
+ $whois =~ s/^\n+//;
+ }
+
+</%init>