diff options
Diffstat (limited to 'httemplate/misc/process')
| -rw-r--r-- | httemplate/misc/process/batch-cust_pay.cgi | 2 | ||||
| -rwxr-xr-x | httemplate/misc/process/cancel_pkg.html | 18 | ||||
| -rwxr-xr-x | httemplate/misc/process/catchall.cgi | 59 | ||||
| -rw-r--r-- | httemplate/misc/process/cdr-import.html | 44 | ||||
| -rw-r--r-- | httemplate/misc/process/cust_main-import.cgi | 57 | ||||
| -rw-r--r-- | httemplate/misc/process/cust_main-import_charges.cgi | 47 | ||||
| -rwxr-xr-x | httemplate/misc/process/delete-customer.cgi | 51 | ||||
| -rw-r--r-- | httemplate/misc/process/inventory_item-import.html | 41 | ||||
| -rwxr-xr-x | httemplate/misc/process/link.cgi | 134 | ||||
| -rw-r--r-- | httemplate/misc/process/meta-import.cgi | 7 | ||||
| -rw-r--r-- | httemplate/misc/process/payment.cgi | 3 | ||||
| -rwxr-xr-x | httemplate/misc/process/recharge_svc.html | 58 |
12 files changed, 255 insertions, 266 deletions
diff --git a/httemplate/misc/process/batch-cust_pay.cgi b/httemplate/misc/process/batch-cust_pay.cgi index e4d1bbff5..058a2251a 100644 --- a/httemplate/misc/process/batch-cust_pay.cgi +++ b/httemplate/misc/process/batch-cust_pay.cgi @@ -1,3 +1,5 @@ +% die "access denied" +% unless $FS::CurrentUser::CurrentUser->access_right('Post payment batch'); % % my $param = $cgi->Vars; % diff --git a/httemplate/misc/process/cancel_pkg.html b/httemplate/misc/process/cancel_pkg.html index 805d1a711..d265c1849 100755 --- a/httemplate/misc/process/cancel_pkg.html +++ b/httemplate/misc/process/cancel_pkg.html @@ -12,29 +12,39 @@ my %past = ( 'cancel' => 'cancelled', 'adjourn' => 'adjourned', ); +#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html +my %right = ( 'cancel' => 'Cancel customer package immediately', + 'expire' => 'Cancel customer package later', + 'suspend' => 'Suspend customer package', + 'adjourn' => 'Suspend customer package later', + ); + </%once> <%init> #untaint method my $method = $cgi->param('method'); -$method =~ /^(cancel|expire|suspend|adjourn)$/ || die "Illegal method"; +$method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method"; $method = $1; +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right($right{$method}); + #untaint pkgnum my $pkgnum = $cgi->param('pkgnum'); -$pkgnum =~ /^(\d+)$/ || die "Illegal pkgnum"; +$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum"; $pkgnum = $1; #untaint reasonnum my $reasonnum = $cgi->param('reasonnum'); -$reasonnum =~ /^(-?\d+)$/ || die "Illegal reasonnum"; +$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum"; $reasonnum = $1; my $date = time; if ($method eq 'expire' || $method eq 'adjourn'){ #untaint date $date = $cgi->param('date'); - str2time($cgi->param('date')) =~ /^(\d+)$/ || die "Illegal date"; + str2time($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date"; $date = $1; } diff --git a/httemplate/misc/process/catchall.cgi b/httemplate/misc/process/catchall.cgi index f2899c720..0dda2eada 100755 --- a/httemplate/misc/process/catchall.cgi +++ b/httemplate/misc/process/catchall.cgi @@ -1,34 +1,35 @@ -% -% -%$FS::svc_domain::whois_hack=1; -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum =$1; -% -%my $old = qsearchs('svc_domain',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::svc_domain ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_domain'), qw( pkgnum svcpart ) ) -%} ); -% -%$new->setfield('action' => 'M'); -% -%my $error; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->getfield('svcnum'); -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "catchall.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "catchall.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit domain catchall'); + +$FS::svc_domain::whois_hack=1; + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum =$1; + +my $old = qsearchs('svc_domain',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::svc_domain ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_domain'), qw( pkgnum svcpart ) ) +} ); + +$new->setfield('action' => 'M'); + +my $error; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->getfield('svcnum'); +} +</%init> diff --git a/httemplate/misc/process/cdr-import.html b/httemplate/misc/process/cdr-import.html index 93137c3d0..4848fa325 100644 --- a/httemplate/misc/process/cdr-import.html +++ b/httemplate/misc/process/cdr-import.html @@ -1,30 +1,22 @@ -% -% -% my $fh = $cgi->upload('csvfile'); -% -% my $error = defined($fh) -% ? FS::cdr::batch_import( { -% 'filehandle' => $fh, -% 'format' => $cgi->param('format'), -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import.cgi -% } else { -% - - <!-- mason kludge --> +% if ( $error ) { +% errorpage($error); +% } else { <% include("/elements/header.html",'Import successful') %> <!-- XXX redirect to batch search like the payment entry... --> <% include("/elements/footer.html",'Import successful') %> -% -% } -% +% } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('csvfile'); + +my $error = defined($fh) + ? FS::cdr::batch_import( { + 'filehandle' => $fh, + 'format' => $cgi->param('format'), + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/cust_main-import.cgi b/httemplate/misc/process/cust_main-import.cgi index c8d1b6cd1..aa8cd5298 100644 --- a/httemplate/misc/process/cust_main-import.cgi +++ b/httemplate/misc/process/cust_main-import.cgi @@ -1,35 +1,28 @@ -% -% -% my $fh = $cgi->upload('csvfile'); -% #warn $cgi; -% #warn $fh; -% -% my $error = defined($fh) -% ? FS::cust_main::batch_import( { -% filehandle => $fh, -% agentnum => scalar($cgi->param('agentnum')), -% refnum => scalar($cgi->param('refnum')), -% pkgpart => scalar($cgi->param('pkgpart')), -% #'fields' => [qw( cust_pkg.setup dayphone first last address1 address2 -% # city state zip comments )], -% 'format' => scalar($cgi->param('format')), -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import.cgi +% if ( $error ) { +% errorpage($error); % } else { -% - - <!-- mason kludge --> - <% include("/elements/header.html",'Import successful') %> -% + <% include('/elements/header.html','Import successful') %> + <% include('/elements/footer.html') %> % } -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('csvfile'); +#warn $cgi; +#warn $fh; + +my $error = defined($fh) + ? FS::cust_main::batch_import( { + filehandle => $fh, + agentnum => scalar($cgi->param('agentnum')), + refnum => scalar($cgi->param('refnum')), + pkgpart => scalar($cgi->param('pkgpart')), + #'fields' => [qw( cust_pkg.setup dayphone first last address1 address2 + # city state zip comments )], + 'format' => scalar($cgi->param('format')), + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/cust_main-import_charges.cgi b/httemplate/misc/process/cust_main-import_charges.cgi index 1a29bf600..3ca68944a 100644 --- a/httemplate/misc/process/cust_main-import_charges.cgi +++ b/httemplate/misc/process/cust_main-import_charges.cgi @@ -1,30 +1,23 @@ -% -% -% my $fh = $cgi->upload('csvfile'); -% #warn $cgi; -% #warn $fh; -% -% my $error = defined($fh) -% ? FS::cust_main::batch_charge( { -% filehandle => $fh, -% 'fields' => [qw( custnum amount pkg )], -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import_charges.cgi +% if ( $error ) { +% errorpage($error); % } else { -% - - <!-- mason kludge --> - <% include("/elements/header.html",'Import successful') %> -% + <% include('/elements/header.html','Import successful') %> + <% include('/elements/footer.html') %> % } -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('csvfile'); +#warn $cgi; +#warn $fh; + +my $error = defined($fh) + ? FS::cust_main::batch_charge( { + filehandle => $fh, + 'fields' => [qw( custnum amount pkg )], + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/delete-customer.cgi b/httemplate/misc/process/delete-customer.cgi index d0d237ee8..d509a5e0e 100755 --- a/httemplate/misc/process/delete-customer.cgi +++ b/httemplate/misc/process/delete-customer.cgi @@ -1,30 +1,33 @@ -% -% -%my $conf = new FS::Conf; -%die "Customer deletions not enabled" unless $conf->exists('deletecustomers'); -% -%$cgi->param('custnum') =~ /^(\d+)$/; -%my $custnum = $1; -%my $new_custnum; -%if ( $cgi->param('new_custnum') ) { -% $cgi->param('new_custnum') =~ /^(\d+)$/ -% or die "Illegal new customer number: ". $cgi->param('new_custnum'); -% $new_custnum = $1; -%} else { -% $new_custnum = ''; -%} -%my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } ) -% or die "Customer not found: $custnum"; -% -%my $error = $cust_main->delete($new_custnum); -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string ) %> %} elsif ( $new_custnum ) { -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum") %> %} else { -% print $cgi->redirect(popurl(3)); +<% $cgi->redirect(popurl(3)) %> %} -% +<%init> + +my $conf = new FS::Conf; +die "Customer deletions not enabled in configuration" + unless $conf->exists('deletecustomers'); + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Delete customer'); + +$cgi->param('custnum') =~ /^(\d+)$/; +my $custnum = $1; +my $new_custnum; +if ( $cgi->param('new_custnum') ) { + $cgi->param('new_custnum') =~ /^(\d+)$/ + or die "Illegal new customer number: ". $cgi->param('new_custnum'); + $new_custnum = $1; +} else { + $new_custnum = ''; +} +my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } ) + or die "Customer not found: $custnum"; + +my $error = $cust_main->delete($new_custnum); +</%init> diff --git a/httemplate/misc/process/inventory_item-import.html b/httemplate/misc/process/inventory_item-import.html index 51337529f..3aae202c7 100644 --- a/httemplate/misc/process/inventory_item-import.html +++ b/httemplate/misc/process/inventory_item-import.html @@ -1,31 +1,22 @@ -% -% -% my $fh = $cgi->upload('filename'); -% -% my $error = defined($fh) -% ? FS::inventory_item::batch_import( { -% 'filehandle' => $fh, -% 'classnum' => $cgi->param('classnum'), -% } ) -% : 'No file'; -% -% if ( $error ) { -% - - <!-- mason kludge --> -% -% errorpage($error); -%# $cgi->param('error', $error); -%# print $cgi->redirect( "${p}cust_main-import.cgi -% } else { -% - - <!-- mason kludge --> +% if ( $error ) { +% errorpage($error); +% } else { <% include("/elements/header.html",'Import successful') %> <!-- XXX redirect to batch search like the payment entry... --> <% include("/elements/footer.html",'Import successful') %> -% % } -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Import'); + +my $fh = $cgi->upload('filename'); +my $error = defined($fh) + ? FS::inventory_item::batch_import( { + 'filehandle' => $fh, + 'classnum' => $cgi->param('classnum'), + } ) + : 'No file'; +</%init> diff --git a/httemplate/misc/process/link.cgi b/httemplate/misc/process/link.cgi index 66f4ee11d..960326747 100755 --- a/httemplate/misc/process/link.cgi +++ b/httemplate/misc/process/link.cgi @@ -1,76 +1,72 @@ -% -% -%my $DEBUG = 0; -% -%$cgi->param('pkgnum') =~ /^(\d+)$/; -%my $pkgnum = $1; -%$cgi->param('svcpart') =~ /^(\d+)$/; -%my $svcpart = $1; -%$cgi->param('svcnum') =~ /^(\d*)$/; -%my $svcnum = $1; -% -%unless ( $svcnum ) { -% my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart}); -% my $svcdb = $part_svc->getfield('svcdb'); -% $cgi->param('link_field') =~ /^(\w+)$/; -% my $link_field = $1; -% my %search = ( $link_field => $cgi->param('link_value') ); -% if ( $cgi->param('link_field2') =~ /^(\w+)$/ ) { -% $search{$1} = $cgi->param('link_value2'); -% } -% -% my @svc_x = ( sort { ($a->cust_svc->pkgnum > 0) <=> ($b->cust_svc->pkgnum > 0) -% or ($b->cust_svc->svcpart == $svcpart) -% <=> ($a->cust_svc->svcpart == $svcpart) -% } -% qsearch( $svcdb, \%search ) -% ); -% -% if ( $DEBUG ) { -% warn scalar(@svc_x). " candidate accounts found for linking ". -% "(svcpart $svcpart):\n"; -% foreach my $svc_x ( @svc_x ) { -% warn " ". $svc_x->email. -% " (svcnum ". $svc_x->svcnum. ",". -% " pkgnum ". $svc_x->cust_svc->pkgnum. ",". -% " svcpart ". $svc_x->cust_svc->svcpart. ")\n"; -% } -% } -% -% my $svc_x = $svc_x[0]; -% -% errorpage("$link_field not found!") unless $svc_x; -% -% $svcnum = $svc_x->svcnum; -% -%} -% -%my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}); -%die "svcnum not found!" unless $old; -%my $conf = new FS::Conf; -%my($error, $new); -%if ( $old->pkgnum && ! $conf->exists('legacy_link-steal') ) { -% $error = "svcnum $svcnum already linked to package ". $old->pkgnum; -%} else { -% $new = new FS::cust_svc { $old->hash }; -% $new->pkgnum($pkgnum); -% $new->svcpart($svcpart); -% -% $error = $new->replace($old); -%} -% %unless ($error) { % #no errors, so let's view this customer. % my $custnum = $new->cust_pkg->custnum; -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum". -% "#cust_pkg$pkgnum" ); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?<%$custnum%>#cust_pkg<%$pkgnum%>" ) %> %} else { -% - -<!-- mason kludge --> -% % errorpage($error); %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services'); + +my $DEBUG = 0; + +$cgi->param('pkgnum') =~ /^(\d+)$/; +my $pkgnum = $1; +$cgi->param('svcpart') =~ /^(\d+)$/; +my $svcpart = $1; +$cgi->param('svcnum') =~ /^(\d*)$/; +my $svcnum = $1; + +unless ( $svcnum ) { + my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart}); + my $svcdb = $part_svc->getfield('svcdb'); + $cgi->param('link_field') =~ /^(\w+)$/; + my $link_field = $1; + my %search = ( $link_field => $cgi->param('link_value') ); + if ( $cgi->param('link_field2') =~ /^(\w+)$/ ) { + $search{$1} = $cgi->param('link_value2'); + } + + my @svc_x = ( sort { ($a->cust_svc->pkgnum > 0) <=> ($b->cust_svc->pkgnum > 0) + or ($b->cust_svc->svcpart == $svcpart) + <=> ($a->cust_svc->svcpart == $svcpart) + } + qsearch( $svcdb, \%search ) + ); + + if ( $DEBUG ) { + warn scalar(@svc_x). " candidate accounts found for linking ". + "(svcpart $svcpart):\n"; + foreach my $svc_x ( @svc_x ) { + warn " ". $svc_x->email. + " (svcnum ". $svc_x->svcnum. ",". + " pkgnum ". $svc_x->cust_svc->pkgnum. ",". + " svcpart ". $svc_x->cust_svc->svcpart. ")\n"; + } + } + + my $svc_x = $svc_x[0]; + + errorpage("$link_field not found!") unless $svc_x; + + $svcnum = $svc_x->svcnum; + +} + +my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}); +die "svcnum not found!" unless $old; +my $conf = new FS::Conf; +my($error, $new); +if ( $old->pkgnum && ! $conf->exists('legacy_link-steal') ) { + $error = "svcnum $svcnum already linked to package ". $old->pkgnum; +} else { + $new = new FS::cust_svc { $old->hash }; + $new->pkgnum($pkgnum); + $new->svcpart($svcpart); + + $error = $new->replace($old); +} +</%init> diff --git a/httemplate/misc/process/meta-import.cgi b/httemplate/misc/process/meta-import.cgi index 1cf178c08..68ae49c60 100644 --- a/httemplate/misc/process/meta-import.cgi +++ b/httemplate/misc/process/meta-import.cgi @@ -1,4 +1,3 @@ -<!-- mason kludge --> <% include("/elements/header.html",'Map tables') %> <SCRIPT> @@ -183,5 +182,9 @@ function SafeOnsubmit() { % % <%init> -die "meta-import script not currently enabled"; #make XSS-safe if this is used for more than just admins to import data.... + +#there's no ACL for this... haven't used in ages +#make XSS-safe if this is used for more than just admins to import data.... +die 'meta-import not enabled; remove this if you want to use it'; + </%init> diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi index 889670d12..2baca1e39 100644 --- a/httemplate/misc/process/payment.cgi +++ b/httemplate/misc/process/payment.cgi @@ -15,6 +15,9 @@ % } <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Process payment'); + #some false laziness w/MyAccount::process_payment $cgi->param('custnum') =~ /^(\d+)$/ diff --git a/httemplate/misc/process/recharge_svc.html b/httemplate/misc/process/recharge_svc.html index e540c385c..147b9533a 100755 --- a/httemplate/misc/process/recharge_svc.html +++ b/httemplate/misc/process/recharge_svc.html @@ -1,31 +1,3 @@ -% -% -%#untaint svcnum -%my $svcnum = $cgi->param('svcnum'); -%$svcnum =~ /^(\d+)$/ || die "Illegal svcnum"; -%$svcnum = $1; -% -%#untaint prepaid -%my $prepaid = $cgi->param('prepaid'); -%$prepaid =~ /^(\w*)$/; -%$prepaid = $1; - -%#untaint payby -%my $payby = $cgi->param('payby'); -%$payby =~ /^([A-Z]*)$/; -%$payby = $1; -% -%my $error = ''; -%my $svc_acct = qsearchs( 'svc_acct', {'svcnum'=>$svcnum} ); -%$error = "Can't recharge service $svcnum. " unless $svc_acct; -% -%my $cust_main = $svc_acct->cust_svc->cust_pkg->cust_main; -% -%my $oldAutoCommit = $FS::UID::AutoCommit; -%local $FS::UID::AutoCommit = 0; -%my $dbh = dbh; -% -% %unless ($error) { % % my ($amount, $seconds, $up, $down, $total) = (0, 0, 0, 0, 0); @@ -86,5 +58,35 @@ </SCRIPT> </BODY></HTML> <%init> + my $conf = new FS::Conf; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Recharge customer service'); + +#untaint svcnum +my $svcnum = $cgi->param('svcnum'); +$svcnum =~ /^(\d+)$/ || die "Illegal svcnum"; +$svcnum = $1; + +#untaint prepaid +my $prepaid = $cgi->param('prepaid'); +$prepaid =~ /^(\w*)$/; +$prepaid = $1; + +#untaint payby +my $payby = $cgi->param('payby'); +$payby =~ /^([A-Z]*)$/; +$payby = $1; + +my $error = ''; +my $svc_acct = qsearchs( 'svc_acct', {'svcnum'=>$svcnum} ); +$error = "Can't recharge service $svcnum. " unless $svc_acct; + +my $cust_main = $svc_acct->cust_svc->cust_pkg->cust_main; + +my $oldAutoCommit = $FS::UID::AutoCommit; +local $FS::UID::AutoCommit = 0; +my $dbh = dbh; + </%init> |