diff options
Diffstat (limited to 'httemplate/misc/void-cust_pay.html')
-rwxr-xr-x | httemplate/misc/void-cust_pay.html | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/httemplate/misc/void-cust_pay.html b/httemplate/misc/void-cust_pay.html new file mode 100755 index 000000000..205d93aa3 --- /dev/null +++ b/httemplate/misc/void-cust_pay.html @@ -0,0 +1,78 @@ +%if ( $success ) { +<& /elements/header-popup.html, mt("Payment voided") &> + <SCRIPT TYPE="text/javascript"> + window.top.location.reload(); + </SCRIPT> + </BODY> +</HTML> +%} else { +<& /elements/header-popup.html, mt('Void payment') &> + +<& /elements/error.html &> + +<P ALIGN="center"><B><% mt('Void this payment?') |h %></B> + +<FORM action="<% ${p} %>misc/void-cust_pay.html"> +<INPUT TYPE="hidden" NAME="paynum" VALUE="<% $paynum %>"> + +<TABLE BGCOLOR="#cccccc" BORDER="0" CELLSPACING="2" STYLE="margin-left:auto; margin-right:auto"> +<& /elements/tr-select-reason.html, + 'field' => 'reasonnum', + 'reason_class' => 'P', + 'cgi' => $cgi +&> +</TABLE> + +<BR> +<P ALIGN="CENTER"> +<INPUT TYPE="submit" NAME="confirm_void_payment" VALUE="<% mt('Void payment') |h %>"> + +<INPUT TYPE="BUTTON" VALUE="<% mt("Don't void payment") |h %>" onClick="parent.cClick();"> + +</FORM> +</BODY> +</HTML> + +%} +<%init> + +#untaint paynum +my $paynum = $cgi->param('paynum'); +if ($paynum) { + $paynum =~ /^(\d+)$/ || die "Illegal paynum"; +} else { + my($query) = $cgi->keywords; + $query =~ /^(\d+)/ || die "Illegal paynum"; + $paynum = $1; +} + +my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}) || die "Payment not found"; + +my $right = 'Void payments'; +$right = 'Credit card void' if $cust_pay->payby eq 'CARD'; +$right = 'Echeck void' if $cust_pay->payby eq 'CHEK'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right($right); + +my $success = 0; +if ($cgi->param('confirm_void_payment')) { + + #untaint reasonnum / create new reason + my ($reasonnum, $error) = $m->comp('process/elements/reason'); + if (!$reasonnum) { + $error = 'Reason required'; + } else { + my $reason = qsearchs('reason', { 'reasonnum' => $reasonnum }) + || die "Reason num $reasonnum not found in database"; + $error = $cust_pay->void($reason) unless $error; + } + + if ($error) { + $cgi->param('error',$error); + } else { + $success = 1; + } +} + +</%init> |