diff options
| author | ivan <ivan> | 2008-01-13 21:14:19 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2008-01-13 21:14:19 +0000 |
| commit | f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (patch) | |
| tree | 2104b5d1a05433756d3b91ee436cfaa8c24ab464 /httemplate | |
| parent | 2d53d2ebdce80d0f0dc7f75ccf506a06c2f852f9 (diff) | |
ACLs
Diffstat (limited to 'httemplate')
53 files changed, 1074 insertions, 971 deletions
diff --git a/httemplate/misc/batch-cust_pay.html b/httemplate/misc/batch-cust_pay.html index 89dd68a62..84889399d 100644 --- a/httemplate/misc/batch-cust_pay.html +++ b/httemplate/misc/batch-cust_pay.html @@ -1,7 +1,4 @@ -<% include("/elements/header.html", 'Quick payment entry', - menubar( 'Main Menu' => $p ), - ) -%> +<% include('/elements/header.html', 'Quick payment entry') %> <% include('/elements/error.html') %> @@ -24,5 +21,12 @@ <INPUT TYPE="submit" NAME="submit" VALUE="Post payment batch"> </FORM> -</BODY> -</HTML> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Post payment batch'); + +</%init> diff --git a/httemplate/misc/bill.cgi b/httemplate/misc/bill.cgi index 24dfd6bbd..3c3c48c54 100755 --- a/httemplate/misc/bill.cgi +++ b/httemplate/misc/bill.cgi @@ -1,45 +1,45 @@ -% -%#untaint custnum -%my($query) = $cgi->keywords; -%$query =~ /^(\d*)$/; -%my $custnum = $1; -%my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum}); -%die "Can't find customer!\n" unless $cust_main; -% -%my $conf = new FS::Conf; -% -%my $error = $cust_main->bill( -%# 'time'=>$time -% ); -% -%unless ( $error ) { -% $error = $cust_main->apply_payments_and_credits -% || $cust_main->collect( -% #'invoice-time'=>$time, -% #'batch_card'=> 'yes', -% #'batch_card'=> 'no', -% #'report_badcard'=> 'yes', -% #'retry_card' => 'yes', -% -% 'retry' => 'yes', -% -% #this is used only by cust_main::batch_card -% #need to pick & create an actual config -% #value if we're going to turn this on -% #("realtime-backend" doesn't exist, -% # "backend-realtime" is for something -% # entirely different) -% #'realtime' => $conf->exists('realtime-backend'), -% ); -%} -% %if ( $error ) { -% - -<!-- mason kludge --> -% % errorpage($error); %} else { -% print $cgi->redirect(popurl(2). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(2). "view/cust_main.cgi?$custnum") %> %} -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Bill customer now'); + +#untaint custnum +my($query) = $cgi->keywords; +$query =~ /^(\d*)$/; +my $custnum = $1; +my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum}); +die "Can't find customer!\n" unless $cust_main; + +my $conf = new FS::Conf; + +my $error = $cust_main->bill( +# 'time'=>$time + ); + +unless ( $error ) { + $error = $cust_main->apply_payments_and_credits + || $cust_main->collect( + #'invoice-time'=>$time, + #'batch_card'=> 'yes', + #'batch_card'=> 'no', + #'report_badcard'=> 'yes', + #'retry_card' => 'yes', + + 'retry' => 'yes', + + #this is used only by cust_main::batch_card + #need to pick & create an actual config + #value if we're going to turn this on + #("realtime-backend" doesn't exist, + # "backend-realtime" is for something + # entirely different) + #'realtime' => $conf->exists('realtime-backend'), + ); +} + +</%init> diff --git a/httemplate/misc/cancel-unaudited.cgi b/httemplate/misc/cancel-unaudited.cgi index da60dc47b..4919c6632 100755 --- a/httemplate/misc/cancel-unaudited.cgi +++ b/httemplate/misc/cancel-unaudited.cgi @@ -1,36 +1,33 @@ -% -% -%my $dbh = dbh; -% -%#untaint svcnum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/; -%my $svcnum = $1; -% -%#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum}); -%#die "Unknown svcnum!" unless $svc_acct; -% -%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum}); -%die "Unknown svcnum!" unless $cust_svc; -%my $cust_pkg = $cust_svc->cust_pkg; -%if ( $cust_pkg ) { -% errorpage( 'This account has already been audited. Cancel the '. -% qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum. -% '#cust_pkg'. $cust_pkg->pkgnum. '">'. -% 'package</A> instead.'); -%} -% -%my $error = $cust_svc->cancel; -% %if ( $error ) { -% - -<!-- mason kludge --> -% % errorpage($error); %} else { -% print $cgi->redirect(popurl(2)); +<% $cgi->redirect(popurl(2)) %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Unprovision customer service') + && $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services'); + +#untaint svcnum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/; +my $svcnum = $1; + +#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum}); +#die "Unknown svcnum!" unless $svc_acct; + +my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum}); +die "Unknown svcnum!" unless $cust_svc; +my $cust_pkg = $cust_svc->cust_pkg; +if ( $cust_pkg ) { + errorpage( 'This account has already been audited. Cancel the '. + qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum. + '#cust_pkg'. $cust_pkg->pkgnum. '">'. + 'package</A> instead.'); +} + +my $error = $cust_svc->cancel; + +</%init> diff --git a/httemplate/misc/cancel_cust.html b/httemplate/misc/cancel_cust.html index 634000d70..bb4e1904a 100644 --- a/httemplate/misc/cancel_cust.html +++ b/httemplate/misc/cancel_cust.html @@ -50,6 +50,8 @@ if ( $cgi->param('error') ) { $curuser = $FS::CurrentUser::CurrentUser; +die "access denied" unless $curuser->access_right('Cancel customer'); + $cust_main = qsearchs( { 'table' => 'cust_main', 'hashref' => { 'custnum' => $custnum }, diff --git a/httemplate/misc/cancel_pkg.html b/httemplate/misc/cancel_pkg.html index 7cbaf1d82..8dffba72e 100755 --- a/httemplate/misc/cancel_pkg.html +++ b/httemplate/misc/cancel_pkg.html @@ -23,7 +23,7 @@ % if ($method eq 'expire' || $method eq 'adjourn') { <TR> <TD><% $submit =~ /^(\w*)\s/ %> package on </TD> - <TD><INPUT TYPE="text" NAME="date" ID="expire_date" VALUE="<% $date %>"> + <TD><INPUT TYPE="text" NAME="date" ID="expire_date" VALUE="<% $date |h %>"> <IMG SRC="<% $p %>images/calendar.png" ID="expire_button" STYLE="cursor:pointer" TITLE="Select date"> <BR><I>m/d/y</I> </TD> @@ -42,8 +42,7 @@ <% include('/elements/tr-select-reason.html', 'field' => 'reasonnum', 'reason_class' => $class, - #XXX these need to be sticky on errors too... - #'curr_value' => '', + 'curr_value' => $reasonnum, 'control_button' => 'document.sc_popup.submit', ) %> @@ -58,45 +57,53 @@ </HTML> <%init> -my($method, $pkgnum, $reasonnum, $submit, $cust_pkg, $part_pkg, - $date, $curuser, $class); -$date = time2str("%m/%d/%Y", time); + +my $date = time2str("%m/%d/%Y", time); + +my($pkgnum, $reasonnum); if ( $cgi->param('error') ) { - $method = $cgi->param('method'); - $pkgnum = $cgi->param('pkgnum'); - $reasonnum = $cgi->param('reasonnum'); - $date = $cgi->param('date'); + $pkgnum = $cgi->param('pkgnum'); + $reasonnum = $cgi->param('reasonnum'); + $date = $cgi->param('date'); } elsif ( $cgi->param('pkgnum') =~ /^(\d+)$/ ) { - $pkgnum = $1; + $pkgnum = $1; + $reasonnum = ''; } else { die "illegal query ". $cgi->keywords; } -$method = $cgi->param('method'); +$cgi->param('method') =~ /^(\w+)$/ or die 'illegal method'; +my $method = $1; + +my($class, $submit, $right); if ($method eq 'cancel') { - $class = 'C'; - $submit = "Cancel Now"; -}elsif ($method eq 'expire') { - $class = 'C'; - $submit = "Cancel Later"; -}elsif ($method eq 'suspend') { - $class = 'S'; - $submit = "Suspend Now"; -}elsif ($method eq 'adjourn') { - $class = 'S'; - $submit = "Suspend Later"; -}else{ - die "illegal query ". $cgi->keywords; + $class = 'C'; + $submit = 'Cancel Now'; + $right = 'Cancel customer package immediately'; +} elsif ($method eq 'expire') { + $class = 'C'; + $submit = 'Cancel Later'; + $right = 'Cancel customer package later'; +} elsif ($method eq 'suspend') { + $class = 'S'; + $submit = 'Suspend Now'; + $right = 'Suspend customer package'; +} elsif ($method eq 'adjourn') { + $class = 'S'; + $submit = "Suspend Later"; + $right = 'Suspend customer package later'; +} else { + die 'illegal query (unknown method param)'; } -my $title = ucfirst($method) . ' Package'; +my $curuser = $FS::CurrentUser::CurrentUser; +die "access denied" unless $curuser->access_right($right); -$cust_pkg = qsearchs('cust_pkg', {'pkgnum' => $pkgnum}); -die "No such package: $pkgnum" unless $cust_pkg; +my $title = ucfirst($method) . ' Package'; -$part_pkg = $cust_pkg->part_pkg; +my $cust_pkg = qsearchs('cust_pkg', {'pkgnum' => $pkgnum}) + or die "Unknown pkgnum: $pkgnum"; -$curuser = $FS::CurrentUser::CurrentUser; +my $part_pkg = $cust_pkg->part_pkg; </%init> - diff --git a/httemplate/misc/catchall.cgi b/httemplate/misc/catchall.cgi index 8881746d1..2094494be 100755 --- a/httemplate/misc/catchall.cgi +++ b/httemplate/misc/catchall.cgi @@ -1,134 +1,120 @@ -<!-- mason kludge --> -% -% -%my $conf = new FS::Conf; -% -%my($svc_domain, $svcnum, $pkgnum, $svcpart, $part_svc); -%if ( $cgi->param('error') ) { -% $svc_domain = new FS::svc_domain ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_domain') -% } ); -% $svcnum = $svc_domain->svcnum; -% $pkgnum = $cgi->param('pkgnum'); -% $svcpart = $cgi->param('svcpart'); -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -%} else { -% my($query) = $cgi->keywords; -% if ( $query =~ /^(\d+)$/ ) { #editing -% $svcnum=$1; -% $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum}) -% or die "Unknown (svc_domain) svcnum!"; -% -% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) -% or die "Unknown (cust_svc) svcnum!"; -% -% $pkgnum=$cust_svc->pkgnum; -% $svcpart=$cust_svc->svcpart; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -% } else { -% -% die "Invalid (svc_domain) svcnum!"; -% -% } -%} -% -%my %email; -%if ($pkgnum) { -% -% #find all possible user svcnums (and emails) -% -% #starting with that currently attached -% if ($svc_domain->catchall) { -% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall}); -% $email{$svc_domain->catchall} = $svc_acct->email; -% } -% -% #and including the rest for this customer -% my($u_part_svc,@u_acct_svcparts); -% foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) { -% push @u_acct_svcparts,$u_part_svc->getfield('svcpart'); -% } -% -% my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); -% my($custnum)=$cust_pkg->getfield('custnum'); -% my($i_cust_pkg); -% foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) { -% my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum'); -% my($acct_svcpart); -% foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding -% #record(s) in cust_svc ( for this -% #pkgnum ! ) -% my($i_cust_svc); -% foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) { -% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')}); -% $email{$svc_acct->getfield('svcnum')}=$svc_acct->email; -% } -% } -% } -% -%} else { -% -% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall}); -% $email{$svc_domain->catchall} = $svc_acct->email; -%} -% -%# add an absence of a catchall -%$email{''} = "(none)"; -% -%my $p1 = popurl(1); -%print header("Domain Catchall Edit", ''); -% -%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'), -% "</FONT>" -% if $cgi->param('error'); -% -%print qq!<FORM ACTION="${p1}process/catchall.cgi" METHOD=POST>!; -% -%#display -% -% #formatting -% print "<PRE>"; -% -%#svcnum -%print qq!<INPUT TYPE="hidden" NAME="svcnum" VALUE="$svcnum">!; -%print qq!Service #<FONT SIZE=+1><B>!, $svcnum ? $svcnum : " (NEW)", "</B></FONT>"; -% -%#pkgnum -%print qq!<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">!; -% -%#svcpart -%print qq!<INPUT TYPE="hidden" NAME="svcpart" VALUE="$svcpart">!; -% -%my($domain,$catchall)=( -% $svc_domain->domain, -% $svc_domain->catchall, -%); -% -%print qq!<INPUT TYPE="hidden" NAME="domain" VALUE="$domain">!; -% -%#catchall -%print qq!\n\nMail to <I>(anything)</I>@<B>$domain</B> forwards to <SELECT NAME="catchall" SIZE=1>!; -%foreach $_ (keys %email) { -% print "<OPTION", $_ eq $catchall ? " SELECTED" : "", -% qq! VALUE="$_">$email{$_}!; -%} -%print "</SELECT>"; -% -% #formatting -% print "</PRE>\n"; -% -%print qq!<CENTER><INPUT TYPE="submit" VALUE="Submit"></CENTER>!; -% -%print <<END; -% -% </FORM> -% </BODY> -%</HTML> -%END -% -% +<% include('/elements/header.html', 'Domain Catchall Edit') %> +<% include('/elements/error.html') %> + +<FORM ACTION="<%$p1%>process/catchall.cgi" METHOD=POST> + +<PRE> + +<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum |h %>"> +Service #<FONT SIZE=+1><B><% $svcnum ? $svcnum : ' (NEW)' |h %></B></FONT> + +<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum |h %>"> + +<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> + +% my $domain = $svc_domain->domain; +% my $catchall = $svc_domain->catchall; + +<INPUT TYPE="hidden" NAME="domain" VALUE="<% $domain |h %>"> + +Mail to <I>(anything)</I>@<B><% $domain |h %></B> forwards to <SELECT NAME="catchall" SIZE=1> +% foreach $_ (keys %email) { + <OPTION<% $_ eq $catchall ? ' SELECTED' : '' %> VALUE="<% $_ %>"><% $email{$_} %> +% } +</SELECT> + +</PRE> + +<INPUT TYPE="submit" VALUE="Submit"> + +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit domain catchall'); + +my $conf = new FS::Conf; + +my($svc_domain, $svcnum, $pkgnum, $svcpart, $part_svc); +if ( $cgi->param('error') ) { + $svc_domain = new FS::svc_domain ( { + map { $_, scalar($cgi->param($_)) } fields('svc_domain') + } ); + $svcnum = $svc_domain->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; +} else { + my($query) = $cgi->keywords; + if ( $query =~ /^(\d+)$/ ) { #editing + $svcnum=$1; + $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum}) + or die "Unknown (svc_domain) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + } else { + + die "Invalid (svc_domain) svcnum!"; + + } +} + +my %email; +if ($pkgnum) { + + #find all possible user svcnums (and emails) + + #starting with that currently attached + if ($svc_domain->catchall) { + my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall}); + $email{$svc_domain->catchall} = $svc_acct->email; + } + + #and including the rest for this customer + my($u_part_svc,@u_acct_svcparts); + foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) { + push @u_acct_svcparts,$u_part_svc->getfield('svcpart'); + } + + my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); + my($custnum)=$cust_pkg->getfield('custnum'); + my($i_cust_pkg); + foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) { + my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum'); + my($acct_svcpart); + foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding + #record(s) in cust_svc ( for this + #pkgnum ! ) + my($i_cust_svc); + foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) { + my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')}); + $email{$svc_acct->getfield('svcnum')}=$svc_acct->email; + } + } + } + +} else { + + my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall}); + $email{$svc_domain->catchall} = $svc_acct->email; +} + +# add an absence of a catchall +$email{''} = "(none)"; + +my $p1 = popurl(1); + +</%init> diff --git a/httemplate/misc/cdr-import.html b/httemplate/misc/cdr-import.html index 5e9e2690d..36b2e4cb0 100644 --- a/httemplate/misc/cdr-import.html +++ b/httemplate/misc/cdr-import.html @@ -14,3 +14,9 @@ Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR> <% include('/elements/footer.html') %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +</%init> diff --git a/httemplate/misc/cust_main-cancel.cgi b/httemplate/misc/cust_main-cancel.cgi index 7f6f69701..009a7d41b 100755 --- a/httemplate/misc/cust_main-cancel.cgi +++ b/httemplate/misc/cust_main-cancel.cgi @@ -6,6 +6,9 @@ </HTML> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Cancel customer'); + my $custnum; my $ban = ''; if ( $cgi->param('custnum') =~ /^(\d+)$/ ) { diff --git a/httemplate/misc/cust_main-import.cgi b/httemplate/misc/cust_main-import.cgi index b710ca8f0..84da38611 100644 --- a/httemplate/misc/cust_main-import.cgi +++ b/httemplate/misc/cust_main-import.cgi @@ -97,5 +97,13 @@ advertising source table. <% include('/elements/footer.html') %> <%once> + my $req = qq!<font color="#ff0000">*</font>!; + </%once> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +</%init> diff --git a/httemplate/misc/cust_main-import_charges.cgi b/httemplate/misc/cust_main-import_charges.cgi index cd4441e0b..3801929e8 100644 --- a/httemplate/misc/cust_main-import_charges.cgi +++ b/httemplate/misc/cust_main-import_charges.cgi @@ -1,14 +1,22 @@ -<!-- mason kludge --> -<% include("/elements/header.html",'Batch Customer Charge') %> +<% include('/elements/header.html', 'Batch Customer Charge') %> + <FORM ACTION="process/cust_main-import_charges.cgi" METHOD="post" ENCTYPE="multipart/form-data"> + Import a CSV file containing customer charges.<BR><BR> Default file format is CSV, with the following field order: <i>custnum, amount, description</i><BR><BR> If <i>amount</i> is negative, a credit will be applied instead.<BR><BR> <BR><BR> - CSV Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR> - <INPUT TYPE="submit" VALUE="Import"> - </FORM> - </BODY> -<HTML> +CSV Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR> +<INPUT TYPE="submit" VALUE="Import"> + +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); +</%init> diff --git a/httemplate/misc/delete-cust_credit.cgi b/httemplate/misc/delete-cust_credit.cgi index 78df24989..03eb47299 100755 --- a/httemplate/misc/delete-cust_credit.cgi +++ b/httemplate/misc/delete-cust_credit.cgi @@ -1,17 +1,21 @@ -% -% -%#untaint crednum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal crednum"; -%my $crednum = $1; -% -%my $cust_credit = qsearchs('cust_credit',{'crednum'=>$crednum}); -%my $custnum = $cust_credit->custnum; -% -%my $error = $cust_credit->delete; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +% if ( $error ) { +% errorpage($error); +% } else { +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +% } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Delete credit'); + +#untaint crednum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal crednum"; +my $crednum = $1; + +my $cust_credit = qsearchs('cust_credit',{'crednum'=>$crednum}); +my $custnum = $cust_credit->custnum; + +my $error = $cust_credit->delete; + +</%init> diff --git a/httemplate/misc/delete-cust_pay.cgi b/httemplate/misc/delete-cust_pay.cgi index a0fa414d5..38e7e4ba1 100755 --- a/httemplate/misc/delete-cust_pay.cgi +++ b/httemplate/misc/delete-cust_pay.cgi @@ -1,17 +1,21 @@ -% -% -%#untaint paynum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal paynum"; -%my $paynum = $1; -% -%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}); -%my $custnum = $cust_pay->custnum; -% -%my $error = $cust_pay->delete; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +% if ( $error ) { +% errorpage($error); +% } else { +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +% } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Delete payment'); + +#untaint paynum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal paynum"; +my $paynum = $1; + +my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}); +my $custnum = $cust_pay->custnum; + +my $error = $cust_pay->delete; + +</%init> diff --git a/httemplate/misc/delete-cust_refund.cgi b/httemplate/misc/delete-cust_refund.cgi index f3ac589aa..983a79da5 100755 --- a/httemplate/misc/delete-cust_refund.cgi +++ b/httemplate/misc/delete-cust_refund.cgi @@ -1,17 +1,21 @@ -% -% -%#untaint refundnum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal refundnum"; -%my $refundnum = $1; -% -%my $cust_refund = qsearchs('cust_refund',{'refundnum'=>$refundnum}); -%my $custnum = $cust_refund->custnum; -% -%my $error = $cust_refund->delete; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +% if ( $error ) { +% errorpage($error); +% } else { +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +% } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Delete refund'); + +#untaint refundnum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal refundnum"; +my $refundnum = $1; + +my $cust_refund = qsearchs('cust_refund',{'refundnum'=>$refundnum}); +my $custnum = $cust_refund->custnum; + +my $error = $cust_refund->delete; + +</%init> diff --git a/httemplate/misc/delete-customer.cgi b/httemplate/misc/delete-customer.cgi index 378f69e61..17b7bda5e 100755 --- a/httemplate/misc/delete-customer.cgi +++ b/httemplate/misc/delete-customer.cgi @@ -1,48 +1,26 @@ -<!-- mason kludge --> -% -% -%my $conf = new FS::Conf; -%die "Customer deletions not enabled" unless $conf->exists('deletecustomers'); -% -%my($custnum, $new_custnum); -%if ( $cgi->param('error') ) { -% $custnum = $cgi->param('custnum'); -% $new_custnum = $cgi->param('new_custnum'); -%} else { -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/ or die "Illegal query: $query"; -% $custnum = $1; -% $new_custnum = ''; -%} -%my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } ) -% or die "Customer not found: $custnum"; -% -%print header('Delete customer'); -% -%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'), -% "</FONT>" -% if $cgi->param('error'); -% -%print -% qq!<form action="!, popurl(1), qq!process/delete-customer.cgi" method=post>!, -% qq!<input type="hidden" name="custnum" value="$custnum">!; -% +<% include('/elements/header.html', 'Delete customer') %> + +<% include('/elements/error.html') %> + +<FORM ACTION="<% popurl(1) %>process/delete-customer.cgi" METHOD=POST> +<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum |h %>"> + %if ( qsearch('cust_pkg', { 'custnum' => $custnum, 'cancel' => '' } ) ) { -% print "Move uncancelled packages to customer number ", -% qq!<input type="text" name="new_custnum" value="$new_custnum"><br><br>!; + Move uncancelled packages to customer number + <INPUT TYPE="text" NAME="new_custnum" VALUE="<% $new_custnum |h %>"><BR><BR> %} -% -%print <<END; -%This will <b>completely remove</b> all traces of this customer record. This -%is <B>not</B> what you want if this is a real customer who has simply -%canceled service with you. For that, cancel all of the customer's packages. -%(you can optionally hide cancelled customers with the <a href="../config/config-view.cgi#hidecancelledcustomers">hidecancelledcustomers</a> configuration option) -%<br> -%<br>Are you <b>absolutely sure</b> you want to delete this customer? -%<br><input type="submit" value="Yes"> -%</form></body></html> -%END -% + +This will <B>completely remove</B> all traces of this customer record. This +is <B>not</B> what you want if this is a real customer who has simply +canceled service with you. For that, cancel all of the customer's packages. +(you can optionally hide cancelled customers with the <A HREF="../config/config-view.cgi#hidecancelledcustomers">hidecancelledcustomers</A> configuration option) +<BR> +<BR>Are you <B>absolutely sure</B> you want to delete this customer? +<BR><INPUT TYPE="submit" VALUE="Yes"> +</FORM> + +<% include('/elements/footer.html') %> + %#Deleting a customer you have financial records on (i.e. credits) is %#typically considered fraudulant bookkeeping. Remember, deleting %#customers should ONLY be used for completely bogus records. You should @@ -56,6 +34,31 @@ %#Also see the "hidecancelledcustomers" and "hidecancelledpackages" %#configuration options, which will allow you to surpress the display of %#cancelled customers and packages, respectively. -% -% +<%init> + +my $conf = new FS::Conf; +die "Customer deletions not enabled in configuration" + unless $conf->exists('deletecustomers'); + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Delete customer'); + +my($custnum, $new_custnum); +if ( $cgi->param('error') ) { + $custnum = $cgi->param('custnum'); + $new_custnum = $cgi->param('new_custnum'); +} else { + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "Illegal query: $query"; + $custnum = $1; + $new_custnum = ''; +} +my $cust_main = qsearchs( { + 'table' => 'cust_main', + 'hashref' => { 'custnum' => $custnum }, + 'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql, +} ) + or die 'Unknown custnum'; + +<%/init> diff --git a/httemplate/misc/delete-domain_record.cgi b/httemplate/misc/delete-domain_record.cgi index 83e75ce20..08eedde5f 100755 --- a/httemplate/misc/delete-domain_record.cgi +++ b/httemplate/misc/delete-domain_record.cgi @@ -1,16 +1,20 @@ -% -% -%#untaint recnum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal recnum"; -%my $recnum = $1; -% -%my $domain_record = qsearchs('domain_record',{'recnum'=>$recnum}); -% -%my $error = $domain_record->delete; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "view/svc_domain.cgi?". $domain_record->svcnum); -% -% +% if ( $error ) { +% errorpage($error); +% } else { +<% $cgi->redirect($p. "view/svc_domain.cgi?". $domain_record->svcnum) %> +% } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice'); + +#untaint recnum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal recnum"; +my $recnum = $1; + +my $domain_record = qsearchs('domain_record',{'recnum'=>$recnum}); + +my $error = $domain_record->delete; + +</%init> diff --git a/httemplate/misc/delete-part_export.cgi b/httemplate/misc/delete-part_export.cgi index 5f2ebb99c..52404e0c4 100755 --- a/httemplate/misc/delete-part_export.cgi +++ b/httemplate/misc/delete-part_export.cgi @@ -1,16 +1,20 @@ -% -% -%#untaint exportnum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal exportnum"; -%my $exportnum = $1; -% -%my $part_export = qsearchs('part_export',{'exportnum'=>$exportnum}); -% -%my $error = $part_export->delete; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "browse/part_export.cgi"); -% -% +% if ( $error ) { +% errorpage($error); +% } else { +<% $cgi->redirect($p. "browse/part_export.cgi") %> +% } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +#untaint exportnum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal exportnum"; +my $exportnum = $1; + +my $part_export = qsearchs('part_export',{'exportnum'=>$exportnum}); + +my $error = $part_export->delete; + +</%init> diff --git a/httemplate/misc/dump.cgi b/httemplate/misc/dump.cgi index 486b66568..3b60b20ef 100644 --- a/httemplate/misc/dump.cgi +++ b/httemplate/misc/dump.cgi @@ -1,3 +1,5 @@ +% die "access denied" +% unless $FS::CurrentUser::CurrentUser->access_right('Export'); % % if ( driver_name =~ /^Pg$/ ) { % my $dbname = (split(':', datasrc))[2]; @@ -16,5 +18,3 @@ % print $_; % } % close DUMP; -% - diff --git a/httemplate/misc/email-invoice.cgi b/httemplate/misc/email-invoice.cgi index 8a3dd90b1..269722f67 100755 --- a/httemplate/misc/email-invoice.cgi +++ b/httemplate/misc/email-invoice.cgi @@ -1,18 +1,19 @@ -% -% -%#untaint invnum -%my($query) = $cgi->keywords; -%$query =~ /^((.+)-)?(\d+)$/; -%my $template = $2; -%my $invnum = $3; -%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum}); -%die "Can't find invoice!\n" unless $cust_bill; -% -%$cust_bill->email($template); -% -%my $custnum = $cust_bill->getfield('custnum'); -% -%print $cgi->redirect("${p}view/cust_main.cgi?$custnum"); -% -% +<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +#untaint invnum +my($query) = $cgi->keywords; +$query =~ /^((.+)-)?(\d+)$/; +my $template = $2; +my $invnum = $3; +my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum}); +die "Can't find invoice!\n" unless $cust_bill; + +$cust_bill->email($template); + +my $custnum = $cust_bill->getfield('custnum'); + +</%init> diff --git a/httemplate/misc/email_invoice_events.cgi b/httemplate/misc/email_invoice_events.cgi index ba6e72c1a..d65fe172b 100644 --- a/httemplate/misc/email_invoice_events.cgi +++ b/httemplate/misc/email_invoice_events.cgi @@ -1,4 +1,9 @@ -% -%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reemail', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reemail', $cgi; + +</%init> diff --git a/httemplate/misc/email_invoices.cgi b/httemplate/misc/email_invoices.cgi index 6c2103f7b..78ca0f67d 100644 --- a/httemplate/misc/email_invoices.cgi +++ b/httemplate/misc/email_invoices.cgi @@ -1,4 +1,9 @@ -% -%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reemail', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reemail', $cgi; + +</%init> diff --git a/httemplate/misc/fax-invoice.cgi b/httemplate/misc/fax-invoice.cgi index 1ddc23ece..e2e6db095 100755 --- a/httemplate/misc/fax-invoice.cgi +++ b/httemplate/misc/fax-invoice.cgi @@ -1,18 +1,19 @@ -% -% -%#untaint invnum -%my($query) = $cgi->keywords; -%$query =~ /^((.+)-)?(\d+)$/; -%my $template = $2; -%my $invnum = $3; -%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum}); -%die "Can't find invoice!\n" unless $cust_bill; -% -%$cust_bill->fax($template); -% -%my $custnum = $cust_bill->getfield('custnum'); -% -%print $cgi->redirect("${p}view/cust_main.cgi?$custnum"); -% -% +<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +#untaint invnum +my($query) = $cgi->keywords; +$query =~ /^((.+)-)?(\d+)$/; +my $template = $2; +my $invnum = $3; +my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum}); +die "Can't find invoice!\n" unless $cust_bill; + +$cust_bill->fax($template); + +my $custnum = $cust_bill->getfield('custnum'); + +</%init> diff --git a/httemplate/misc/fax_invoice_events.cgi b/httemplate/misc/fax_invoice_events.cgi index deb78d456..05420eeca 100644 --- a/httemplate/misc/fax_invoice_events.cgi +++ b/httemplate/misc/fax_invoice_events.cgi @@ -1,4 +1,9 @@ -% -%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_refax', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_refax', $cgi; + +</%init> diff --git a/httemplate/misc/fax_invoices.cgi b/httemplate/misc/fax_invoices.cgi index 4bdac970c..a843523db 100644 --- a/httemplate/misc/fax_invoices.cgi +++ b/httemplate/misc/fax_invoices.cgi @@ -1,4 +1,9 @@ -% -%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_refax', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_refax', $cgi; + +</%init> diff --git a/httemplate/misc/inventory_item-import.html b/httemplate/misc/inventory_item-import.html index 363623806..423d0d672 100644 --- a/httemplate/misc/inventory_item-import.html +++ b/httemplate/misc/inventory_item-import.html @@ -1,11 +1,3 @@ -% -% -%my $classnum = $cgi->param('classnum'); -%$classnum =~ /^(\d+)$/ or errorpage("illegal classnum $classnum"); -%$classnum = $1; -%my $inventory_class = qsearchs('inventory_class', { 'classnum' => $classnum } ); -% -% <% include("/elements/header.html", $inventory_class->classname. 's') %> <FORM ACTION="process/inventory_item-import.html" METHOD="POST" ENCTYPE="multipart/form-data"> @@ -19,3 +11,13 @@ Filename: <INPUT TYPE="file" NAME="filename"><BR><BR> <% include('/elements/footer.html') %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +$cgi->param =~ /^(\d+)$/ or errorpage("illegal classnum $classnum"); +my $classnum = $1; +my $inventory_class = qsearchs('inventory_class', { 'classnum' => $classnum } ); + +</%init> diff --git a/httemplate/misc/link.cgi b/httemplate/misc/link.cgi index ef72b4a5c..748eaa15f 100755 --- a/httemplate/misc/link.cgi +++ b/httemplate/misc/link.cgi @@ -1,31 +1,5 @@ -%my %link_field = ( -% 'svc_acct' => 'username', -% 'svc_domain' => 'domain', -%); -% -%my %link_field2 = ( -% 'svc_acct' => { label => 'Domain', -% field => 'domsvc', -% type => 'select', -% select_table => 'svc_domain', -% select_key => 'svcnum', -% select_label => 'domain' -% }, -%); -% -%$cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; -%my $pkgnum = $1; -%$cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; -%my $svcpart = $1; -% -%my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart}); -%my $svc = $part_svc->getfield('svc'); -%my $svcdb = $part_svc->getfield('svcdb'); -%my $link_field = $link_field{$svcdb}; -%my $link_field2 = $link_field2{$svcdb}; -% - <% include("/elements/header.html","Link to existing $svc") %> + <FORM ACTION="<% popurl(1) %>process/link.cgi" METHOD=POST> % if ( $link_field ) { @@ -72,6 +46,39 @@ <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> <INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> <BR><INPUT TYPE="submit" VALUE="Link"> - </FORM> - </BODY> -</HTML> +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services'); + +my %link_field = ( + 'svc_acct' => 'username', + 'svc_domain' => 'domain', +); + +my %link_field2 = ( + 'svc_acct' => { label => 'Domain', + field => 'domsvc', + type => 'select', + select_table => 'svc_domain', + select_key => 'svcnum', + select_label => 'domain' + }, +); + +$cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; +my $pkgnum = $1; +$cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; +my $svcpart = $1; + +my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart}); +my $svc = $part_svc->getfield('svc'); +my $svcdb = $part_svc->getfield('svcdb'); +my $link_field = $link_field{$svcdb}; +my $link_field2 = $link_field2{$svcdb}; + +</%init> diff --git a/httemplate/misc/meta-import.cgi b/httemplate/misc/meta-import.cgi index fc249a2ab..5b3470c06 100644 --- a/httemplate/misc/meta-import.cgi +++ b/httemplate/misc/meta-import.cgi @@ -1,5 +1,5 @@ -<!-- mason kludge --> -<% include("/elements/header.html",'Import') %> +<% include('/elements/header.html', 'Import') %> + <FORM ACTION="process/meta-import.cgi" METHOD="post" ENCTYPE="multipart/form-data"> Import data from a DBI data source<BR><BR> % @@ -68,6 +68,12 @@ Import data from a DBI data source<BR><BR> <INPUT TYPE="submit" VALUE="Import"> </FORM> - </BODY> -<HTML> +<% include('/elements/footer.html') %> + +<%init> + +#there's no ACL for this... haven't used in ages +die 'meta-import not enabled; remove this if you want to use it'; + +</%init> diff --git a/httemplate/misc/payment.cgi b/httemplate/misc/payment.cgi index ce9a48beb..f99f2f068 100644 --- a/httemplate/misc/payment.cgi +++ b/httemplate/misc/payment.cgi @@ -217,6 +217,9 @@ function OLiframeContent(src, width, height, name) { <% include('/elements/footer.html') %> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Process payment'); + my %type = ( 'CARD' => 'credit card', 'CHEK' => 'electronic check (ACH)', ); diff --git a/httemplate/misc/print-invoice.cgi b/httemplate/misc/print-invoice.cgi index 511bdce19..aeef68795 100755 --- a/httemplate/misc/print-invoice.cgi +++ b/httemplate/misc/print-invoice.cgi @@ -1,18 +1,19 @@ -% -% -%#untaint invnum -%my($query) = $cgi->keywords; -%$query =~ /^((.+)-)?(\d+)$/; -%my $template = $2; -%my $invnum = $3; -%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum}); -%die "Can't find invoice!\n" unless $cust_bill; -% -%$cust_bill->print($template); -% -%my $custnum = $cust_bill->getfield('custnum'); -% -%print $cgi->redirect("${p}view/cust_main.cgi?$custnum"); -% -% +<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +#untaint invnum +my($query) = $cgi->keywords; +$query =~ /^((.+)-)?(\d+)$/; +my $template = $2; +my $invnum = $3; +my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum}); +die "Can't find invoice!\n" unless $cust_bill; + +$cust_bill->print($template); + +my $custnum = $cust_bill->getfield('custnum'); + +</%init> diff --git a/httemplate/misc/print_invoice_events.cgi b/httemplate/misc/print_invoice_events.cgi index 913e2683f..c974d5f4e 100644 --- a/httemplate/misc/print_invoice_events.cgi +++ b/httemplate/misc/print_invoice_events.cgi @@ -1,4 +1,9 @@ -% -%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reprint', $cgi; - <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reprint', $cgi; + +</%init> diff --git a/httemplate/misc/print_invoices.cgi b/httemplate/misc/print_invoices.cgi index 826a081fd..f859f6db8 100644 --- a/httemplate/misc/print_invoices.cgi +++ b/httemplate/misc/print_invoices.cgi @@ -1,4 +1,9 @@ -% -%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reprint', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices'); + +my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reprint', $cgi; + +</%init> diff --git a/httemplate/misc/process/batch-cust_pay.cgi b/httemplate/misc/process/batch-cust_pay.cgi index e4d1bbff5..058a2251a 100644 --- a/httemplate/misc/process/batch-cust_pay.cgi +++ b/httemplate/misc/process/batch-cust_pay.cgi @@ -1,3 +1,5 @@ +% die "access denied" +% unless $FS::CurrentUser::CurrentUser->access_right('Post payment batch'); % % my $param = $cgi->Vars; % diff --git a/httemplate/misc/process/cancel_pkg.html b/httemplate/misc/process/cancel_pkg.html index 805d1a711..d265c1849 100755 --- a/httemplate/misc/process/cancel_pkg.html +++ b/httemplate/misc/process/cancel_pkg.html @@ -12,29 +12,39 @@ my %past = ( 'cancel' => 'cancelled', 'adjourn' => 'adjourned', ); +#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html +my %right = ( 'cancel' => 'Cancel customer package immediately', + 'expire' => 'Cancel customer package later', + 'suspend' => 'Suspend customer package', + 'adjourn' => 'Suspend customer package later', + ); + </%once> <%init> #untaint method my $method = $cgi->param('method'); -$method =~ /^(cancel|expire|suspend|adjourn)$/ || die "Illegal method"; +$method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method"; $method = $1; +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right($right{$method}); + #untaint pkgnum my $pkgnum = $cgi->param('pkgnum'); -$pkgnum =~ /^(\d+)$/ || die "Illegal pkgnum"; +$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum"; $pkgnum = $1; #untaint reasonnum my $reasonnum = $cgi->param('reasonnum'); -$reasonnum =~ /^(-?\d+)$/ || die "Illegal reasonnum"; +$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum"; $reasonnum = $1; my $date = time; if ($method eq 'expire' || $method eq 'adjourn'){ #untaint date $date = $cgi->param('date'); - str2time($cgi->param('date')) =~ /^(\d+)$/ || die "Illegal date"; + str2time($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date"; $date = $1; } diff --git a/httemplate/misc/process/catchall.cgi b/httemplate/misc/process/catchall.cgi index f2899c720..0dda2eada 100755 --- a/httemplate/misc/process/catchall.cgi +++ b/httemplate/misc/process/catchall.cgi @@ -1,34 +1,35 @@ -% -% -%$FS::svc_domain::whois_hack=1; -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum =$1; -% -%my $old = qsearchs('svc_domain',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::svc_domain ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_domain'), qw( pkgnum svcpart ) ) -%} ); -% -%$new->setfield('action' => 'M'); -% -%my $error; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->getfield('svcnum'); -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "catchall.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "catchall.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit domain catchall'); + +$FS::svc_domain::whois_hack=1; + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum =$1; + +my $old = qsearchs('svc_domain',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::svc_domain ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_domain'), qw( pkgnum svcpart ) ) +} ); + +$new->setfield('action' => 'M'); + +my $error; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->getfield('svcnum'); +} +</%init> diff --git a/httemplate/misc/process/cdr-import.html b/httemplate/misc/process/cdr-import.html index 93137c3d0..4848fa325 100644 --- a/httemplate/misc/process/cdr-import.html +++ b/httemplate/misc/process/cdr-import.html @@ -1,30 +1,22 @@ -% -% -% my $fh = $cgi->upload('csvfile'); -% -% my $error = defined($fh) -% ? FS::cdr::batch_import( { -% 'filehandle' => $fh, -% 'format' => $cgi->param('format'), -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import.cgi -% } else { -% - - <!-- mason kludge --> +% if ( $error ) { +% errorpage($error); +% } else { <% include("/elements/header.html",'Import successful') %> <!-- XXX redirect to batch search like the payment entry... --> <% include("/elements/footer.html",'Import successful') %> -% -% } -% +% } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('csvfile'); + +my $error = defined($fh) + ? FS::cdr::batch_import( { + 'filehandle' => $fh, + 'format' => $cgi->param('format'), + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/cust_main-import.cgi b/httemplate/misc/process/cust_main-import.cgi index c8d1b6cd1..aa8cd5298 100644 --- a/httemplate/misc/process/cust_main-import.cgi +++ b/httemplate/misc/process/cust_main-import.cgi @@ -1,35 +1,28 @@ -% -% -% my $fh = $cgi->upload('csvfile'); -% #warn $cgi; -% #warn $fh; -% -% my $error = defined($fh) -% ? FS::cust_main::batch_import( { -% filehandle => $fh, -% agentnum => scalar($cgi->param('agentnum')), -% refnum => scalar($cgi->param('refnum')), -% pkgpart => scalar($cgi->param('pkgpart')), -% #'fields' => [qw( cust_pkg.setup dayphone first last address1 address2 -% # city state zip comments )], -% 'format' => scalar($cgi->param('format')), -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import.cgi +% if ( $error ) { +% errorpage($error); % } else { -% - - <!-- mason kludge --> - <% include("/elements/header.html",'Import successful') %> -% + <% include('/elements/header.html','Import successful') %> + <% include('/elements/footer.html') %> % } -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('csvfile'); +#warn $cgi; +#warn $fh; + +my $error = defined($fh) + ? FS::cust_main::batch_import( { + filehandle => $fh, + agentnum => scalar($cgi->param('agentnum')), + refnum => scalar($cgi->param('refnum')), + pkgpart => scalar($cgi->param('pkgpart')), + #'fields' => [qw( cust_pkg.setup dayphone first last address1 address2 + # city state zip comments )], + 'format' => scalar($cgi->param('format')), + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/cust_main-import_charges.cgi b/httemplate/misc/process/cust_main-import_charges.cgi index 1a29bf600..3ca68944a 100644 --- a/httemplate/misc/process/cust_main-import_charges.cgi +++ b/httemplate/misc/process/cust_main-import_charges.cgi @@ -1,30 +1,23 @@ -% -% -% my $fh = $cgi->upload('csvfile'); -% #warn $cgi; -% #warn $fh; -% -% my $error = defined($fh) -% ? FS::cust_main::batch_charge( { -% filehandle => $fh, -% 'fields' => [qw( custnum amount pkg )], -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import_charges.cgi +% if ( $error ) { +% errorpage($error); % } else { -% - - <!-- mason kludge --> - <% include("/elements/header.html",'Import successful') %> -% + <% include('/elements/header.html','Import successful') %> + <% include('/elements/footer.html') %> % } -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('csvfile'); +#warn $cgi; +#warn $fh; + +my $error = defined($fh) + ? FS::cust_main::batch_charge( { + filehandle => $fh, + 'fields' => [qw( custnum amount pkg )], + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/delete-customer.cgi b/httemplate/misc/process/delete-customer.cgi index d0d237ee8..d509a5e0e 100755 --- a/httemplate/misc/process/delete-customer.cgi +++ b/httemplate/misc/process/delete-customer.cgi @@ -1,30 +1,33 @@ -% -% -%my $conf = new FS::Conf; -%die "Customer deletions not enabled" unless $conf->exists('deletecustomers'); -% -%$cgi->param('custnum') =~ /^(\d+)$/; -%my $custnum = $1; -%my $new_custnum; -%if ( $cgi->param('new_custnum') ) { -% $cgi->param('new_custnum') =~ /^(\d+)$/ -% or die "Illegal new customer number: ". $cgi->param('new_custnum'); -% $new_custnum = $1; -%} else { -% $new_custnum = ''; -%} -%my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } ) -% or die "Customer not found: $custnum"; -% -%my $error = $cust_main->delete($new_custnum); -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string ) %> %} elsif ( $new_custnum ) { -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum") %> %} else { -% print $cgi->redirect(popurl(3)); +<% $cgi->redirect(popurl(3)) %> %} -% +<%init> + +my $conf = new FS::Conf; +die "Customer deletions not enabled in configuration" + unless $conf->exists('deletecustomers'); + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Delete customer'); + +$cgi->param('custnum') =~ /^(\d+)$/; +my $custnum = $1; +my $new_custnum; +if ( $cgi->param('new_custnum') ) { + $cgi->param('new_custnum') =~ /^(\d+)$/ + or die "Illegal new customer number: ". $cgi->param('new_custnum'); + $new_custnum = $1; +} else { + $new_custnum = ''; +} +my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } ) + or die "Customer not found: $custnum"; + +my $error = $cust_main->delete($new_custnum); +</%init> diff --git a/httemplate/misc/process/inventory_item-import.html b/httemplate/misc/process/inventory_item-import.html index 51337529f..3aae202c7 100644 --- a/httemplate/misc/process/inventory_item-import.html +++ b/httemplate/misc/process/inventory_item-import.html @@ -1,31 +1,22 @@ -% -% -% my $fh = $cgi->upload('filename'); -% -% my $error = defined($fh) -% ? FS::inventory_item::batch_import( { -% 'filehandle' => $fh, -% 'classnum' => $cgi->param('classnum'), -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import.cgi -% } else { -% - - <!-- mason kludge --> +% if ( $error ) { +% errorpage($error); +% } else { <% include("/elements/header.html",'Import successful') %> <!-- XXX redirect to batch search like the payment entry... --> <% include("/elements/footer.html",'Import successful') %> -% % } -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('filename'); +my $error = defined($fh) + ? FS::inventory_item::batch_import( { + 'filehandle' => $fh, + 'classnum' => $cgi->param('classnum'), + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/link.cgi b/httemplate/misc/process/link.cgi index 66f4ee11d..960326747 100755 --- a/httemplate/misc/process/link.cgi +++ b/httemplate/misc/process/link.cgi @@ -1,76 +1,72 @@ -% -% -%my $DEBUG = 0; -% -%$cgi->param('pkgnum') =~ /^(\d+)$/; -%my $pkgnum = $1; -%$cgi->param('svcpart') =~ /^(\d+)$/; -%my $svcpart = $1; -%$cgi->param('svcnum') =~ /^(\d*)$/; -%my $svcnum = $1; -% -%unless ( $svcnum ) { -% my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart}); -% my $svcdb = $part_svc->getfield('svcdb'); -% $cgi->param('link_field') =~ /^(\w+)$/; -% my $link_field = $1; -% my %search = ( $link_field => $cgi->param('link_value') ); -% if ( $cgi->param('link_field2') =~ /^(\w+)$/ ) { -% $search{$1} = $cgi->param('link_value2'); -% } -% -% my @svc_x = ( sort { ($a->cust_svc->pkgnum > 0) <=> ($b->cust_svc->pkgnum > 0) -% or ($b->cust_svc->svcpart == $svcpart) -% <=> ($a->cust_svc->svcpart == $svcpart) -% } -% qsearch( $svcdb, \%search ) -% ); -% -% if ( $DEBUG ) { -% warn scalar(@svc_x). " candidate accounts found for linking ". -% "(svcpart $svcpart):\n"; -% foreach my $svc_x ( @svc_x ) { -% warn " ". $svc_x->email. -% " (svcnum ". $svc_x->svcnum. ",". -% " pkgnum ". $svc_x->cust_svc->pkgnum. ",". -% " svcpart ". $svc_x->cust_svc->svcpart. ")\n"; -% } -% } -% -% my $svc_x = $svc_x[0]; -% -% errorpage("$link_field not found!") unless $svc_x; -% -% $svcnum = $svc_x->svcnum; -% -%} -% -%my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}); -%die "svcnum not found!" unless $old; -%my $conf = new FS::Conf; -%my($error, $new); -%if ( $old->pkgnum && ! $conf->exists('legacy_link-steal') ) { -% $error = "svcnum $svcnum already linked to package ". $old->pkgnum; -%} else { -% $new = new FS::cust_svc { $old->hash }; -% $new->pkgnum($pkgnum); -% $new->svcpart($svcpart); -% -% $error = $new->replace($old); -%} -% %unless ($error) { % #no errors, so let's view this customer. % my $custnum = $new->cust_pkg->custnum; -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum". -% "#cust_pkg$pkgnum" ); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?<%$custnum%>#cust_pkg<%$pkgnum%>" ) %> %} else { -% - -<!-- mason kludge --> -% % errorpage($error); %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services'); + +my $DEBUG = 0; + +$cgi->param('pkgnum') =~ /^(\d+)$/; +my $pkgnum = $1; +$cgi->param('svcpart') =~ /^(\d+)$/; +my $svcpart = $1; +$cgi->param('svcnum') =~ /^(\d*)$/; +my $svcnum = $1; + +unless ( $svcnum ) { + my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart}); + my $svcdb = $part_svc->getfield('svcdb'); + $cgi->param('link_field') =~ /^(\w+)$/; + my $link_field = $1; + my %search = ( $link_field => $cgi->param('link_value') ); + if ( $cgi->param('link_field2') =~ /^(\w+)$/ ) { + $search{$1} = $cgi->param('link_value2'); + } + + my @svc_x = ( sort { ($a->cust_svc->pkgnum > 0) <=> ($b->cust_svc->pkgnum > 0) + or ($b->cust_svc->svcpart == $svcpart) + <=> ($a->cust_svc->svcpart == $svcpart) + } + qsearch( $svcdb, \%search ) + ); + + if ( $DEBUG ) { + warn scalar(@svc_x). " candidate accounts found for linking ". + "(svcpart $svcpart):\n"; + foreach my $svc_x ( @svc_x ) { + warn " ". $svc_x->email. + " (svcnum ". $svc_x->svcnum. ",". + " pkgnum ". $svc_x->cust_svc->pkgnum. ",". + " svcpart ". $svc_x->cust_svc->svcpart. ")\n"; + } + } + + my $svc_x = $svc_x[0]; + + errorpage("$link_field not found!") unless $svc_x; + + $svcnum = $svc_x->svcnum; + +} + +my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}); +die "svcnum not found!" unless $old; +my $conf = new FS::Conf; +my($error, $new); +if ( $old->pkgnum && ! $conf->exists('legacy_link-steal') ) { + $error = "svcnum $svcnum already linked to package ". $old->pkgnum; +} else { + $new = new FS::cust_svc { $old->hash }; + $new->pkgnum($pkgnum); + $new->svcpart($svcpart); + + $error = $new->replace($old); +} +</%init> diff --git a/httemplate/misc/process/meta-import.cgi b/httemplate/misc/process/meta-import.cgi index 1cf178c08..68ae49c60 100644 --- a/httemplate/misc/process/meta-import.cgi +++ b/httemplate/misc/process/meta-import.cgi @@ -1,4 +1,3 @@ -<!-- mason kludge --> <% include("/elements/header.html",'Map tables') %> <SCRIPT> @@ -183,5 +182,9 @@ function SafeOnsubmit() { % % <%init> -die "meta-import script not currently enabled"; #make XSS-safe if this is used for more than just admins to import data.... + +#there's no ACL for this... haven't used in ages +#make XSS-safe if this is used for more than just admins to import data.... +die 'meta-import not enabled; remove this if you want to use it'; + </%init> diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi index 889670d12..2baca1e39 100644 --- a/httemplate/misc/process/payment.cgi +++ b/httemplate/misc/process/payment.cgi @@ -15,6 +15,9 @@ % } <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Process payment'); + #some false laziness w/MyAccount::process_payment $cgi->param('custnum') =~ /^(\d+)$/ diff --git a/httemplate/misc/process/recharge_svc.html b/httemplate/misc/process/recharge_svc.html index e540c385c..147b9533a 100755 --- a/httemplate/misc/process/recharge_svc.html +++ b/httemplate/misc/process/recharge_svc.html @@ -1,31 +1,3 @@ -% -% -%#untaint svcnum -%my $svcnum = $cgi->param('svcnum'); -%$svcnum =~ /^(\d+)$/ || die "Illegal svcnum"; -%$svcnum = $1; -% -%#untaint prepaid -%my $prepaid = $cgi->param('prepaid'); -%$prepaid =~ /^(\w*)$/; -%$prepaid = $1; - -%#untaint payby -%my $payby = $cgi->param('payby'); -%$payby =~ /^([A-Z]*)$/; -%$payby = $1; -% -%my $error = ''; -%my $svc_acct = qsearchs( 'svc_acct', {'svcnum'=>$svcnum} ); -%$error = "Can't recharge service $svcnum. " unless $svc_acct; -% -%my $cust_main = $svc_acct->cust_svc->cust_pkg->cust_main; -% -%my $oldAutoCommit = $FS::UID::AutoCommit; -%local $FS::UID::AutoCommit = 0; -%my $dbh = dbh; -% -% %unless ($error) { % % my ($amount, $seconds, $up, $down, $total) = (0, 0, 0, 0, 0); @@ -86,5 +58,35 @@ </SCRIPT> </BODY></HTML> <%init> + my $conf = new FS::Conf; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Recharge customer service'); + +#untaint svcnum +my $svcnum = $cgi->param('svcnum'); +$svcnum =~ /^(\d+)$/ || die "Illegal svcnum"; +$svcnum = $1; + +#untaint prepaid +my $prepaid = $cgi->param('prepaid'); +$prepaid =~ /^(\w*)$/; +$prepaid = $1; + +#untaint payby +my $payby = $cgi->param('payby'); +$payby =~ /^([A-Z]*)$/; +$payby = $1; + +my $error = ''; +my $svc_acct = qsearchs( 'svc_acct', {'svcnum'=>$svcnum} ); +$error = "Can't recharge service $svcnum. " unless $svc_acct; + +my $cust_main = $svc_acct->cust_svc->cust_pkg->cust_main; + +my $oldAutoCommit = $FS::UID::AutoCommit; +local $FS::UID::AutoCommit = 0; +my $dbh = dbh; + </%init> diff --git a/httemplate/misc/queue.cgi b/httemplate/misc/queue.cgi index 7370aabe1..5dee29b88 100644 --- a/httemplate/misc/queue.cgi +++ b/httemplate/misc/queue.cgi @@ -1,48 +1,49 @@ -% -% -%$cgi->param('action') =~ /^(new|del|(retry|remove) selected)$/ -% or die "Illegal action"; -%my $action = $1; -% -%my $job; -%if ( $action eq 'new' || $action eq 'del' ) { -% $cgi->param('jobnum') =~ /^(\d+)$/ or die "Illegal jobnum"; -% my $jobnum = $1; -% $job = qsearchs('queue', { 'jobnum' => $1 }) -% or die "unknown jobnum $jobnum - ". -% "it probably completed normally or was removed by another user"; -%} -% -%if ( $action eq 'new' ) { -% my %hash = $job->hash; -% $hash{'status'} = 'new'; -% $hash{'statustext'} = ''; -% my $new = new FS::queue \%hash; -% my $error = $new->replace($job); -% die $error if $error; -%} elsif ( $action eq 'del' ) { -% my $error = $job->delete; -% die $error if $error; -%} elsif ( $action =~ /^(retry|remove) selected$/ ) { -% foreach my $jobnum ( -% map { /^jobnum(\d+)$/; $1; } grep /^jobnum\d+$/, $cgi->param -% ) { -% my $job = qsearchs('queue', { 'jobnum' => $jobnum }); -% if ( $action eq 'retry selected' && $job ) { #new -% my %hash = $job->hash; -% $hash{'status'} = 'new'; -% $hash{'statustext'} = ''; -% my $new = new FS::queue \%hash; -% my $error = $new->replace($job); -% die $error if $error; -% } elsif ( $action eq 'remove selected' && $job ) { #del -% my $error = $job->delete; -% die $error if $error; -% } -% } -%} -% -%print $cgi->redirect(popurl(2). "search/queue.html"); -% -% +<% $cgi->redirect(popurl(2). "search/queue.html") %> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Job queue'); + +$cgi->param('action') =~ /^(new|del|(retry|remove) selected)$/ + or die "Illegal action"; +my $action = $1; + +my $job; +if ( $action eq 'new' || $action eq 'del' ) { + $cgi->param('jobnum') =~ /^(\d+)$/ or die "Illegal jobnum"; + my $jobnum = $1; + $job = qsearchs('queue', { 'jobnum' => $1 }) + or die "unknown jobnum $jobnum - ". + "it probably completed normally or was removed by another user"; +} + +if ( $action eq 'new' ) { + my %hash = $job->hash; + $hash{'status'} = 'new'; + $hash{'statustext'} = ''; + my $new = new FS::queue \%hash; + my $error = $new->replace($job); + die $error if $error; +} elsif ( $action eq 'del' ) { + my $error = $job->delete; + die $error if $error; +} elsif ( $action =~ /^(retry|remove) selected$/ ) { + foreach my $jobnum ( + map { /^jobnum(\d+)$/; $1; } grep /^jobnum\d+$/, $cgi->param + ) { + my $job = qsearchs('queue', { 'jobnum' => $jobnum }); + if ( $action eq 'retry selected' && $job ) { #new + my %hash = $job->hash; + $hash{'status'} = 'new'; + $hash{'statustext'} = ''; + my $new = new FS::queue \%hash; + my $error = $new->replace($job); + die $error if $error; + } elsif ( $action eq 'remove selected' && $job ) { #del + my $error = $job->delete; + die $error if $error; + } + } +} + +</%init> diff --git a/httemplate/misc/recharge_svc.html b/httemplate/misc/recharge_svc.html index a3de13d92..2302f3fd3 100755 --- a/httemplate/misc/recharge_svc.html +++ b/httemplate/misc/recharge_svc.html @@ -28,7 +28,7 @@ </TR> <TR> <TD>Enter prepaid card: </TD> - <TD><INPUT TYPE="text" NAME="prepaid" VALUE="<% $prepaid %>" <% $payby eq "PREP" ? '' : 'disabled' %>></TD> + <TD><INPUT TYPE="text" NAME="prepaid" VALUE="<% $prepaid |h %>" <% $payby eq "PREP" ? '' : 'disabled' %>></TD> </TR> </TABLE> @@ -37,35 +37,42 @@ <INPUT TYPE="submit" NAME="submit" VALUE="Recharge"> </FORM> -</BODY> -</HTML> + +<% include('/elements/footer.html'); <%once> + my $conf = new FS::Conf; my $money_char = $conf->config('money_char') || '$'; + </%once> <%init> -my($svcnum, $cust_svc, $part_pkg, $label, $value, $prepaid, $amount, $payby); + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Recharge customer service'); + +my($svcnum, $prepaid, $payby); if ( $cgi->param('error') ) { $svcnum = $cgi->param('svcnum'); $prepaid = $cgi->param('prepaid'); $payby = $cgi->param('payby'); } elsif ( $cgi->param('svcnum') =~ /^(\d+)$/ ) { $svcnum = $1; + $prepaid = ''; } else { die "illegal query ". $cgi->keywords; } my $title = 'Recharge Service'; -$cust_svc = qsearchs('cust_svc', {'svcnum' => $svcnum}); +my $cust_svc = qsearchs('cust_svc', {'svcnum' => $svcnum}); die "No such service: $svcnum" unless $cust_svc; -($label, $value) = $cust_svc->label; +my($label, $value) = $cust_svc->label; $payby = $cust_svc->cust_pkg->cust_main->payby unless $payby; -$part_pkg = $cust_svc->cust_pkg->part_pkg; -$amount = $part_pkg->option('recharge_amount', 1) || 0; +my $part_pkg = $cust_svc->cust_pkg->part_pkg; +my $amount = $part_pkg->option('recharge_amount', 1) || 0; my $recharge_label = "Charge $money_char$amount for "; diff --git a/httemplate/misc/svc_acct-domains.cgi b/httemplate/misc/svc_acct-domains.cgi index a49a02305..573457483 100644 --- a/httemplate/misc/svc_acct-domains.cgi +++ b/httemplate/misc/svc_acct-domains.cgi @@ -1,31 +1,31 @@ -% -% -% my $pkgpart_svcpart = $cgi->param('arg'); -% $pkgpart_svcpart =~ /^\d+_(\d+)$/; -% my $part_svc = qsearchs('part_svc', { 'svcpart' => $1 }) if $1; -% my $part_svc_column = $part_svc->part_svc_column('domsvc') if $part_svc; -% -% my @output = split /,/, $part_svc_column->columnvalue if $part_svc_column; -% my $columnflag = $part_svc_column->columnflag if $part_svc_column; -% my @svc_domain = (); -% my %seen = (); -% -% foreach (@output) { -% my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $_ }) -% or warn "unknown svc_domain.svcnum $_ for part_svc_column domsvc; ". -% "svcpart = " . $part_svc->svcpart; -% push @svc_domain, [ $_ => $svc_domain->domain ]; -% $seen{$_}++; -% } -% if ($conf->exists('svc_acct-alldomains') -% && ( $columnflag eq 'D' || $columnflag eq '' ) -% ) { -% foreach (grep { $_->svcnum ne $output[0] } qsearch('svc_domain', {}) ){ -% push @svc_domain, [ $_->svcnum => $_->domain ]; -% } -% } -% [ <% join(', ', map { qq("$_->[0]", "$_->[1]") } @svc_domain) %> ] <%init> + my $conf = new FS::Conf; + +my $pkgpart_svcpart = $cgi->param('arg'); +$pkgpart_svcpart =~ /^\d+_(\d+)$/; +my $part_svc = qsearchs('part_svc', { 'svcpart' => $1 }) if $1; +my $part_svc_column = $part_svc->part_svc_column('domsvc') if $part_svc; + +my @output = split /,/, $part_svc_column->columnvalue if $part_svc_column; +my $columnflag = $part_svc_column->columnflag if $part_svc_column; +my @svc_domain = (); +my %seen = (); + +foreach (@output) { + my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $_ }) + or warn "unknown svc_domain.svcnum $_ for part_svc_column domsvc; ". + "svcpart = " . $part_svc->svcpart; + push @svc_domain, [ $_ => $svc_domain->domain ]; + $seen{$_}++; +} +if ($conf->exists('svc_acct-alldomains') + && ( $columnflag eq 'D' || $columnflag eq '' ) + ) { + foreach (grep { $_->svcnum ne $output[0] } qsearch('svc_domain', {}) ){ + push @svc_domain, [ $_->svcnum => $_->domain ]; + } +} + </%init> diff --git a/httemplate/misc/unapply-cust_credit.cgi b/httemplate/misc/unapply-cust_credit.cgi index f8fa63268..ed739ac1b 100755 --- a/httemplate/misc/unapply-cust_credit.cgi +++ b/httemplate/misc/unapply-cust_credit.cgi @@ -1,19 +1,20 @@ -% -% -%#untaint crednum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal crednum"; -%my $crednum = $1; -% -%my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } ); -%my $custnum = $cust_credit->custnum; -% -%foreach my $cust_credit_bill ( $cust_credit->cust_credit_bill ) { -% my $error = $cust_credit_bill->delete; -% errorpage($error) if $error; -%} -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Unapply credit'); + +#untaint crednum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal crednum"; +my $crednum = $1; + +my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } ); +my $custnum = $cust_credit->custnum; + +foreach my $cust_credit_bill ( $cust_credit->cust_credit_bill ) { + my $error = $cust_credit_bill->delete; + errorpage($error) if $error; +} + +</%init> diff --git a/httemplate/misc/unapply-cust_pay.cgi b/httemplate/misc/unapply-cust_pay.cgi index 6bd6c07ee..8cdac180b 100755 --- a/httemplate/misc/unapply-cust_pay.cgi +++ b/httemplate/misc/unapply-cust_pay.cgi @@ -1,19 +1,20 @@ -% -% -%#untaint paynum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal paynum"; -%my $paynum = $1; -% -%my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } ); -%my $custnum = $cust_pay->custnum; -% -%foreach my $cust_bill_pay ( $cust_pay->cust_bill_pay ) { -% my $error = $cust_bill_pay->delete; -% errorpage($error) if $error; -%} -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Unapply payment'); + +#untaint paynum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal paynum"; +my $paynum = $1; + +my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } ); +my $custnum = $cust_pay->custnum; + +foreach my $cust_bill_pay ( $cust_pay->cust_bill_pay ) { + my $error = $cust_bill_pay->delete; + errorpage($error) if $error; +} + +</%init> diff --git a/httemplate/misc/unprovision.cgi b/httemplate/misc/unprovision.cgi index b5e510695..4ab15fdc0 100755 --- a/httemplate/misc/unprovision.cgi +++ b/httemplate/misc/unprovision.cgi @@ -1,31 +1,26 @@ -% -% -%my $dbh = dbh; -% -%#untaint svcnum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/; -%my $svcnum = $1; -% -%#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum}); -%#die "Unknown svcnum!" unless $svc_acct; -% -%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum}); -%die "Unknown svcnum!" unless $cust_svc; -% -%my $custnum = $cust_svc->cust_pkg->custnum; -% -%my $error = $cust_svc->cancel; -% %if ( $error ) { -% - -<!-- mason kludge --> -% % errorpage($error); %} else { -% print $cgi->redirect(popurl(2)."view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(2)."view/cust_main.cgi?$custnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Unprovision customer service'); + +#untaint svcnum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/; +my $svcnum = $1; + +#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum}); +#die "Unknown svcnum!" unless $svc_acct; + +my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum}); +die "Unknown svcnum!" unless $cust_svc; + +my $custnum = $cust_svc->cust_pkg->custnum; + +my $error = $cust_svc->cancel; +</%init> diff --git a/httemplate/misc/unsusp_pkg.cgi b/httemplate/misc/unsusp_pkg.cgi index 80188c668..b350693dd 100755 --- a/httemplate/misc/unsusp_pkg.cgi +++ b/httemplate/misc/unsusp_pkg.cgi @@ -1,16 +1,20 @@ -% -% -%#untaint pkgnum -%my ($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal pkgnum"; -%my $pkgnum = $1; -% -%my $cust_pkg = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); -% -%my $error = $cust_pkg->unsuspend; -%errorpage($error) if $error; -% -%print $cgi->redirect(popurl(2). "view/cust_main.cgi?".$cust_pkg->getfield('custnum')); -% -% +%if ( $error ) { +% errorpage($error); +%} else { +<% $cgi->redirect(popurl(2). "view/cust_main.cgi?".$cust_pkg->getfield('custnum')) %> +%} +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Unsuspend customer package'); + +#untaint pkgnum +my ($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal pkgnum"; +my $pkgnum = $1; + +my $cust_pkg = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); + +my $error = $cust_pkg->unsuspend; + +</%init> diff --git a/httemplate/misc/unvoid-cust_pay_void.cgi b/httemplate/misc/unvoid-cust_pay_void.cgi index 625431a57..91fe1c223 100755 --- a/httemplate/misc/unvoid-cust_pay_void.cgi +++ b/httemplate/misc/unvoid-cust_pay_void.cgi @@ -1,17 +1,21 @@ -% -% -%#untaint paynum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal paynum"; -%my $paynum = $1; -% -%my $cust_pay_void = qsearchs('cust_pay_void', { 'paynum' => $paynum } ); -%my $custnum = $cust_pay_void->custnum; -% -%my $error = $cust_pay_void->unvoid; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +%if ( $error ) { +% errorpage($error); +%} else { +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +%} +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Unvoid'); + +#untaint paynum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal paynum"; +my $paynum = $1; + +my $cust_pay_void = qsearchs('cust_pay_void', { 'paynum' => $paynum } ); +my $custnum = $cust_pay_void->custnum; + +my $error = $cust_pay_void->unvoid; + +</%init> diff --git a/httemplate/misc/upload-batch.cgi b/httemplate/misc/upload-batch.cgi index 5a15008b0..d1a84fd02 100644 --- a/httemplate/misc/upload-batch.cgi +++ b/httemplate/misc/upload-batch.cgi @@ -1,17 +1,14 @@ -% if ( $error ) { - - <!-- mason kludge --> - -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import.cgi -% } else { - - <% include("/elements/header.html",'Batch results upload successful') %> - -% } +% if ( $error ) { +% errorpage($error); +% } else { + <% include('/elements/header.html','Batch results upload successful') %> + <% include('/elements/footer.html') %> +% } <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Process batches'); + my $error; my $fh = $cgi->upload('batch_results'); diff --git a/httemplate/misc/void-cust_pay.cgi b/httemplate/misc/void-cust_pay.cgi index 972a1a5bd..7b484e93e 100755 --- a/httemplate/misc/void-cust_pay.cgi +++ b/httemplate/misc/void-cust_pay.cgi @@ -1,17 +1,26 @@ -% -% -%#untaint paynum -%my($query) = $cgi->keywords; -%$query =~ /^(\d+)$/ || die "Illegal paynum"; -%my $paynum = $1; -% -%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}); -%my $custnum = $cust_pay->custnum; -% -%my $error = $cust_pay->void; -%errorpage($error) if $error; -% -%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum); -% -% +%if ( $error ) { +% errorpage($error); +%} else { +<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %> +%} +<%init> +#untaint paynum +my($query) = $cgi->keywords; +$query =~ /^(\d+)$/ || die "Illegal paynum"; +my $paynum = $1; + +my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}); + +my $right = 'Regular void'; +$right = 'Credit card void' if $cust_pay->payby eq 'CARD'; +$right = 'Echeck void' if $cust_pay->payby eq 'CHEK'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right($right); + +my $custnum = $cust_pay->custnum; + +my $error = $cust_pay->void; + +</%init> diff --git a/httemplate/misc/whois.cgi b/httemplate/misc/whois.cgi index d3d9649fd..35d0eccc9 100644 --- a/httemplate/misc/whois.cgi +++ b/httemplate/misc/whois.cgi @@ -1,10 +1,3 @@ -% -% my $svcnum = $cgi->param('svcnum'); -% my $custnum = $cgi->param('custnum'); -% my $domain = $cgi->param('domain'); -% -% - <% include("/elements/header.html","Whois $domain", menubar( ( $custnum ? ( "View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum", @@ -12,16 +5,23 @@ : () ), "View this domain (#$svcnum)" => "${p}view/svc_domain.cgi?$svcnum", - "Main menu" => $p, )) %> -% my $whois = eval { whois($domain) }; -% if ( $@ ) { -% ( $whois = $@ ) =~ s/ at \/.*Net\/Whois\/Raw\.pm line \d+.*$//s; -% } else { -% $whois =~ s/^\n+//; -% } -% <PRE><% $whois %></PRE> -</BODY> -</HTML> + +<% include('/elements/footer.html') %> + +<%init> + +my $svcnum = $cgi->param('svcnum'); +my $custnum = $cgi->param('custnum'); +my $domain = $cgi->param('domain'); + +my $whois = eval { whois($domain) }; + if ( $@ ) { + ( $whois = $@ ) =~ s/ at \/.*Net\/Whois\/Raw\.pm line \d+.*$//s; + } else { + $whois =~ s/^\n+//; + } + +</%init> |