summaryrefslogtreecommitdiff
path: root/httemplate/pref
diff options
context:
space:
mode:
Diffstat (limited to 'httemplate/pref')
-rw-r--r--httemplate/pref/pref-process.html67
-rw-r--r--httemplate/pref/pref.html152
2 files changed, 219 insertions, 0 deletions
diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html
new file mode 100644
index 000000000..378164e7b
--- /dev/null
+++ b/httemplate/pref/pref-process.html
@@ -0,0 +1,67 @@
+% if ( $error ) {
+% $cgi->param('error', $error);
+<% $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string ) %>
+% } else {
+<% include('/elements/header.html', 'Preferences updated') %>
+<% include('/elements/footer.html') %>
+% }
+<%init>
+
+my $error = '';
+my $access_user = '';
+
+if ( grep { $cgi->param($_) !~ /^\s*$/ }
+ qw(_password new_password new_password2)
+ ) {
+
+ $access_user = qsearchs( 'access_user', {
+ 'username' => getotaker,
+ '_password' => $cgi->param('_password'),
+ } );
+
+ $error = 'Current password incorrect; password not changed'
+ unless $access_user;
+
+ $error ||= "New passwords don't match"
+ unless $cgi->param('new_password') eq $cgi->param('new_password2');
+
+ $error ||= "No new password entered"
+ unless length($cgi->param('new_password'));
+
+ $access_user->_password($cgi->param('new_password')) unless $error;
+
+} else {
+
+ $access_user = $FS::CurrentUser::CurrentUser;
+
+}
+
+#well, if you got your password change wrong, you don't get anything else
+#changed right now. but it should be sticky on the form
+unless ( $error ) { # if ($access_user) {
+
+ my %param = $access_user->options;
+
+ #XXX autogen
+ my @paramlist = qw( menu_position default_customer_view
+ email_address
+ vonage-fromnumber vonage-username vonage-password
+ show_pkgnum show_db_profile save_db_profile
+ height width availHeight availWidth colorDepth
+ );
+
+ foreach (@paramlist) {
+ scalar($cgi->param($_)) =~ /^[,.\-\@\w]*$/ && next;
+ $error ||= "Illegal value for parameter $_";
+ last;
+ }
+
+ foreach (@paramlist) {
+ $param{$_} = scalar($cgi->param($_));
+ }
+
+ $error ||= $access_user->replace( \%param );
+
+}
+
+</%init>
diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html
new file mode 100644
index 000000000..562ef2980
--- /dev/null
+++ b/httemplate/pref/pref.html
@@ -0,0 +1,152 @@
+<% include('/elements/header.html', 'Preferences for '. getotaker ) %>
+
+<FORM METHOD="POST" NAME="pref_form" ACTION="pref-process.html">
+
+<% include('/elements/error.html') %>
+
+
+Change password (leave blank for no change)
+<% ntable("#cccccc",2) %>
+
+ <TR>
+ <TH ALIGN="right">Current password: </TH>
+ <TD><INPUT TYPE="password" NAME="_password"></TD>
+ </TR>
+
+ <TR>
+ <TH ALIGN="right">New password: </TH>
+ <TD><INPUT TYPE="password" NAME="new_password"></TD>
+ </TR>
+
+ <TR>
+ <TH ALIGN="right">Re-enter new password: </TH>
+ <TD><INPUT TYPE="password" NAME="new_password2"></TD>
+ </TR>
+
+</TABLE>
+<BR>
+
+
+Interface
+<% ntable("#cccccc",2) %>
+
+ <TR>
+ <TH ALIGN="right">Menu location: </TH>
+ <TD>
+ <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR>
+ <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR>
+ </TD>
+ <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD>
+ </TR>
+
+ <TR>
+ <TH ALIGN="right">Default customer view: </TD>
+ <TD COLSPAN=2>
+ <SELECT NAME="default_customer_view">
+% foreach my $view ( keys %customer_views ) {
+% my $selected =
+% $customer_views{$view} eq $curuser->option('default_customer_view')
+% ? 'SELECTED'
+% : '';
+ <OPTION VALUE="<%$customer_views{$view}%>" <%$selected%>><%$view%></OPTION>
+% }
+ </SELECT>
+ </TD>
+ </TR>
+
+</TABLE>
+<BR>
+
+
+Email Address
+<% ntable("#cccccc",2) %>
+
+ <TR>
+ <TH>Email Address(es) (comma separated) </TH>
+ <TD>
+ <TD><INPUT TYPE="text" NAME="email_address" VALUE="<% $email_address %>">
+ </TD>
+ </TR>
+
+</TABLE>
+<BR>
+
+
+Development
+<% ntable("#cccccc",2) %>
+
+ <TR>
+ <TH>Show internal package numbers: </TH>
+ <TD><INPUT TYPE="checkbox" NAME="show_pkgnum" VALUE="1" <% $curuser->option('show_pkgnum') ? 'CHECKED' : '' %>></TD>
+ </TR>
+ <TR>
+ <TH>Show database profiling (when available): </TH>
+ <TD><INPUT TYPE="checkbox" NAME="show_db_profile" VALUE="1" <% $curuser->option('show_db_profile') ? 'CHECKED' : '' %>></TD>
+ </TR>
+ <TR>
+ <TH>Save database profiling logs (when available): </TH>
+ <TD><INPUT TYPE="checkbox" NAME="save_db_profile" VALUE="1" <% $curuser->option('save_db_profile') ? 'CHECKED' : '' %>></TD>
+ </TR>
+
+</TABLE>
+<BR>
+
+
+Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a>)
+<% ntable("#cccccc",2) %>
+
+ <TR>
+ <TH ALIGN="right">Vonage phone number</TH>
+ <TD><INPUT TYPE="text" NAME="vonage-fromnumber" VALUE="<% $curuser->option('vonage-fromnumber') %>"></TD>
+ </TR>
+
+ <TR>
+ <TH ALIGN="right">Vonage username</TH>
+ <TD><INPUT TYPE="text" NAME="vonage-username" VALUE="<% $curuser->option('vonage-username') %>"></TD>
+ </TR>
+
+ <TR>
+ <TH ALIGN="right">Vonage password</TH>
+ <TD><INPUT TYPE="password" NAME="vonage-password" VALUE="<% $curuser->option('vonage-password') %>"></TD>
+ </TR>
+
+</TABLE>
+<BR>
+
+
+% foreach my $prop (qw( height width availHeight availWidth colorDepth )) {
+ <INPUT TYPE="hidden" NAME="<% $prop %>" VALUE="">
+ <SCRIPT TYPE="text/javascript">
+ document.pref_form.<% $prop %>.value = screen.<% $prop %>;
+ </script>
+% }
+
+<INPUT TYPE="submit" VALUE="Update preferences">
+
+<% include('/elements/footer.html') %>
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+#false laziness w/view/cust_main.cgi and Conf.pm (cust_main-default_view)
+
+tie my %customer_views, 'Tie::IxHash',
+ 'Basics' => 'basics',
+ 'Notes' => 'notes', #notes and files?
+ 'Tickets' => 'tickets',
+ 'Packages' => 'packages',
+ 'Payment History' => 'payment_history',
+;
+$customer_views{'Change History'} = 'change_history'
+ if $curuser->access_right('View customer history');
+$customer_views{'Jumbo'} = 'jumbo';
+
+# XSS via your own preferences? seems unlikely, but nice try anyway...
+( $curuser->option('menu_position') || 'top' )
+ =~ /^(\w+)$/ or die "illegal menu_position";
+my $menu_position = $1;
+( $curuser->option('email_address') )
+ =~ /^([,\w\@.]*)$/ or die "illegal email_address"; #too late
+my $email_address = $1;
+
+</%init>
generated by cgit v1.2.1 (git 2.18.0) at 2025-10-31 15:57:17 +0000