diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2013-12-30 15:37:04 -0800 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2013-12-30 15:37:04 -0800 |
| commit | 7b268e364a68b076e1f3bd3741159fb51759ee19 (patch) | |
| tree | 3ccc2e3a1544466e75bc745b7c764c2739765998 /fs_selfservice/FS-SelfService/cgi | |
| parent | d535444f90993fb7b16928e3f2f342603016623b (diff) | |
self-service access for contacts, RT#25533
Diffstat (limited to 'fs_selfservice/FS-SelfService/cgi')
5 files changed, 127 insertions, 113 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/do_process_forgot_password.html b/fs_selfservice/FS-SelfService/cgi/do_process_forgot_password.html index 9274f9294..35728e7ec 100644 --- a/fs_selfservice/FS-SelfService/cgi/do_process_forgot_password.html +++ b/fs_selfservice/FS-SelfService/cgi/do_process_forgot_password.html @@ -10,8 +10,8 @@ <FONT SIZE="+1" COLOR="#ff0000"><%= $error %></FONT> <%= if (!$error) { - $self_url =~ s/\?.*//; - $OUT .= "Your password has been changed. You can now <A HREF=\"$self_url\">log in</A>."; + $selfurl =~ s/\?.*//; + $OUT .= "Your password has been changed. You can now <A HREF=\"$selfurl\">log in</A>."; } %> diff --git a/fs_selfservice/FS-SelfService/cgi/forgot_password.html b/fs_selfservice/FS-SelfService/cgi/forgot_password.html index e14034c7d..607151138 100644 --- a/fs_selfservice/FS-SelfService/cgi/forgot_password.html +++ b/fs_selfservice/FS-SelfService/cgi/forgot_password.html @@ -9,7 +9,8 @@ <FONT SIZE=5>Forgot password</FONT><BR><BR> <FONT SIZE="+1" COLOR="#ff0000"><%= $error %></FONT> -<FORM ACTION="<%= $self_url %>" METHOD=POST> +<%= $selfurl =~ s/\?.*//; ''; %> +<FORM ACTION="<%= $selfurl %>" METHOD=POST> <INPUT TYPE="hidden" NAME="action" VALUE="do_forgot_password"> <INPUT TYPE="hidden" NAME="agentnum" VALUE="<%= $agentnum %>"> @@ -17,25 +18,26 @@ Please enter your email address. A password reset email will be sent to that ad <TABLE BGCOLOR="<%= $box_bgcolor || '#c0c0c0' %>" BORDER=0 CELLSPACING=2 CELLPADDING=0> -<TR> - <TH ALIGN="right">Email address </TH> - <TD> - <INPUT TYPE="text" NAME="email" VALUE="<%= $username %>"><%= $single_domain ? '@'.$single_domain : '' %> - </TD> -</TR> - <%= if ( $single_domain ) { - $OUT .= qq(<INPUT TYPE="hidden" NAME="domain" VALUE="$single_domain">); + $OUT .= qq( + <TR> + <TH ALIGN="right">Username </TH> + <TD> + <INPUT TYPE="text" NAME="username" VALUE="$username">\@$single_domain + </TD> + </TR> + <INPUT TYPE="hidden" NAME="domain" VALUE="$single_domain"> + ); } else { $OUT .= qq( <TR> - <TH ALIGN="right">Domain </TH> + <TH ALIGN="right">Email address </TH> <TD> - <INPUT TYPE="text" NAME="domain" VALUE="$domain"> + <INPUT TYPE="text" NAME="email" VALUE="$email"> </TD> </TR> ); diff --git a/fs_selfservice/FS-SelfService/cgi/login.html b/fs_selfservice/FS-SelfService/cgi/login.html index 65efd7bdb..f7af4e9d8 100644 --- a/fs_selfservice/FS-SelfService/cgi/login.html +++ b/fs_selfservice/FS-SelfService/cgi/login.html @@ -9,7 +9,8 @@ <FONT SIZE=5>Login</FONT><BR><BR> <FONT SIZE="+1" COLOR="#ff0000"><%= $error %></FONT> -<FORM ACTION="<%= $self_url %>" METHOD=POST> +<%= $selfurl =~ s/\?.*//; ''; %> +<FORM ACTION="<%= $selfurl %>" METHOD=POST> <INPUT TYPE="hidden" NAME="action" VALUE="myaccount"> <INPUT TYPE="hidden" NAME="agentnum" VALUE="<%= $agentnum %>"> @@ -65,7 +66,7 @@ if ( $phone_login ) { <B>OR</B><BR><BR> - <FORM ACTION="$self_url" METHOD=POST> + <FORM ACTION="$selfurl" METHOD=POST> <TABLE BGCOLOR="$box_bgcolor" BORDER=0 CELLSPACING=2 CELLPADDING=0> <TR> <TH ALIGN="right">Phone number </TH> diff --git a/fs_selfservice/FS-SelfService/cgi/process_forgot_password.html b/fs_selfservice/FS-SelfService/cgi/process_forgot_password.html index 3d8c0583e..ec672c8d5 100644 --- a/fs_selfservice/FS-SelfService/cgi/process_forgot_password.html +++ b/fs_selfservice/FS-SelfService/cgi/process_forgot_password.html @@ -9,7 +9,8 @@ <FONT SIZE=5>Reset password</FONT><BR><BR> <FONT SIZE="+1" COLOR="#ff0000"><%= $error %></FONT> -<FORM ACTION="<%= $self_url %>" METHOD=POST> +<%= $selfurl =~ s/\?.*//; ''; %> +<FORM ACTION="<%= $selfurl %>" METHOD=POST> <INPUT TYPE="hidden" NAME="action" VALUE="do_process_forgot_password"> <INPUT TYPE="hidden" NAME="session_id" VALUE="<%= $session_id %>"> <INPUT TYPE="hidden" NAME="agentnum" VALUE="<%= $agentnum %>"> diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 8d3a23b03..13723118c 100755 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -32,99 +32,6 @@ $DEBUG = 0; $form_max = 255; $cgi = new CGI; -my %cookies = CGI::Cookie->fetch; - -my $login_rv; - -if ( exists($cookies{'session'}) ) { - - $session_id = $cookies{'session'}->value; - - if ( $session_id eq 'login' ) { - # then we've just come back from the login page - - $cgi->param('password') =~ /^(.{0,$form_max})$/; - my $password = $1; - - if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) { - - my $email = $1; - $login_rv = login( - 'email' => $email, - 'password' => $password - ); - $session_id = $login_rv->{'session_id'}; - - } else { - - $cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i; - my $username = $1; - - $cgi->param('domain') =~ /^\s*([\w\-\.]{0,$form_max})\s*$/; - my $domain = $1; - - if ( $username and $domain and $password ) { - - # authenticate - $login_rv = login( - 'username' => $username, - 'domain' => $domain, - 'password' => $password, - ); - $session_id = $login_rv->{'session_id'}; - - } elsif ( $username or $domain or $password ) { - - my $error = 'Illegal '; #XXX localization... - my $count = 0; - if ( !$username ) { - $error .= 'username'; - $count++; - } - if ( !$domain ) { - $error .= ', ' if $count; - $error .= 'domain'; - $count++; - } - if ( !$password ) { - $error .= ', ' if $count; - $error .= 'and ' if $count > 1; - $error .= 'password'; - $count++; - } - $error .= '.'; - $login_rv = { - 'username' => $username, - 'domain' => $domain, - 'password' => $password, - 'error' => $error, - }; - $session_id = undef; # attempt login again - - } - - } # else there was no input, so show no error message - - } # else session_id ne 'login' - -} else { - # there is no session cookie - $login_rv = {}; -} - -if ( !$session_id ) { - # XXX why are we getting agentnum from a CGI param? surely it should - # be some kind of configuration option. - # - # show the login page - $session_id = 'login'; # set state - my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) ); - - do_template('login', { %$login_rv, %$login_info }); - exit; -} - -# at this point $session_id is a real session #order|pw_list XXX ??? my @actions = ( qw( @@ -172,13 +79,18 @@ my @actions = ( qw( real_port_graph change_password process_change_password + customer_suspend_pkg + process_suspend_pkg +)); + +my @nologin_actions = (qw( forgot_password do_forgot_password process_forgot_password do_process_forgot_password - customer_suspend_pkg - process_suspend_pkg )); +push @actions, @nologin_actions; +my %nologin_actions = map { $_=>1 } @nologin_actions; my $action = 'myaccount'; # sensible default if ( $cgi->param('action') =~ /^(\w+)$/ ) { @@ -189,6 +101,104 @@ if ( $cgi->param('action') =~ /^(\w+)$/ ) { } } +unless ( $nologin_actions{$action} ) { + + my %cookies = CGI::Cookie->fetch; + + my $login_rv; + + if ( exists($cookies{'session'}) ) { + + $session_id = $cookies{'session'}->value; + + if ( $session_id eq 'login' ) { + # then we've just come back from the login page + + $cgi->param('password') =~ /^(.{0,$form_max})$/; + my $password = $1; + + if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) { + + my $email = $1; + $login_rv = login( + 'email' => $email, + 'password' => $password + ); + $session_id = $login_rv->{'session_id'}; + + } else { + + $cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i; + my $username = $1; + + $cgi->param('domain') =~ /^\s*([\w\-\.]{0,$form_max})\s*$/; + my $domain = $1; + + if ( $username and $domain and $password ) { + + # authenticate + $login_rv = login( + 'username' => $username, + 'domain' => $domain, + 'password' => $password, + ); + $session_id = $login_rv->{'session_id'}; + + } elsif ( $username or $domain or $password ) { + + my $error = 'Illegal '; #XXX localization... + my $count = 0; + if ( !$username ) { + $error .= 'username'; + $count++; + } + if ( !$domain ) { + $error .= ', ' if $count; + $error .= 'domain'; + $count++; + } + if ( !$password ) { + $error .= ', ' if $count; + $error .= 'and ' if $count > 1; + $error .= 'password'; + $count++; + } + $error .= '.'; + $login_rv = { + 'username' => $username, + 'domain' => $domain, + 'password' => $password, + 'error' => $error, + }; + $session_id = undef; # attempt login again + + } + + } # else there was no input, so show no error message + + } # else session_id ne 'login' + + } else { + # there is no session cookie + $login_rv = {}; + } + + if ( !$session_id ) { + # XXX why are we getting agentnum from a CGI param? surely it should + # be some kind of configuration option. + # + # show the login page + $session_id = 'login'; # set state + my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) ); + + do_template('login', { %$login_rv, %$login_info }); + exit; + } + + # at this point $session_id is a real session + +} + warn "calling $action sub\n" if $DEBUG; $FS::SelfService::DEBUG = $DEBUG; @@ -1011,13 +1021,13 @@ sub process_change_password { } sub forgot_password { - login_info( 'agentnum' => scalar($cgi->param('agentnum')) ); #skin_info + login_info( 'agentnum' => scalar($cgi->param('agentnum')) ); } sub do_forgot_password { reset_passwd( map { $_ => scalar($cgi->param($_)) } - qw( email username domain ) + qw( agentnum email username domain ) ); } |