diff options
Diffstat (limited to 'httemplate/pref')
| -rw-r--r-- | httemplate/pref/pref-process.html | 113 | ||||
| -rw-r--r-- | httemplate/pref/pref.html | 32 |
2 files changed, 91 insertions, 54 deletions
diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html index 96615169b..378164e7b 100644 --- a/httemplate/pref/pref-process.html +++ b/httemplate/pref/pref-process.html @@ -1,58 +1,67 @@ -% my $error = ''; -% -% my $access_user; -% if ( grep { $cgi->param($_) !~ /^\s*$/ } -% qw(_password new_password new_password2) -% ) { -% -% $access_user = qsearchs( 'access_user', { -% 'username' => getotaker, -% '_password' => $cgi->param('_password'), -% } ); -% -% $error = 'Current password incorrect; password not changed' -% unless $access_user; -% -% $error ||= "New passwords don't match" -% unless $cgi->param('new_password') eq $cgi->param('new_password2'); -% -% $error ||= "No new password entered" -% unless length($cgi->param('new_password')); -% -% $access_user->_password($cgi->param('new_password')) unless $error; -% -% } else { -% -% $access_user = $FS::CurrentUser::CurrentUser; -% -% } -% -% my %param = $access_user->options; -% -% #XXX autogen -% my @paramlist = qw( menu_position -% email_address -% vonage-fromnumber vonage-username vonage-password -% show_pkgnum show_db_profile save_db_profile -% height width availHeight availWidth colorDepth -% ); -% -% foreach (@paramlist) { -% scalar($cgi->param($_)) =~ /^[,.\-\@\w]*$/ && next; -% $error ||= "Illegal value for parameter $_"; -% last; -% } -% -% foreach (@paramlist) { -% $param{$_} = scalar($cgi->param($_)); -% } -% -% $error ||= $access_user->replace( \%param ); -% % if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string ); +<% $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string ) %> % } else { <% include('/elements/header.html', 'Preferences updated') %> <% include('/elements/footer.html') %> % } +<%init> + +my $error = ''; +my $access_user = ''; + +if ( grep { $cgi->param($_) !~ /^\s*$/ } + qw(_password new_password new_password2) + ) { + + $access_user = qsearchs( 'access_user', { + 'username' => getotaker, + '_password' => $cgi->param('_password'), + } ); + + $error = 'Current password incorrect; password not changed' + unless $access_user; + + $error ||= "New passwords don't match" + unless $cgi->param('new_password') eq $cgi->param('new_password2'); + + $error ||= "No new password entered" + unless length($cgi->param('new_password')); + + $access_user->_password($cgi->param('new_password')) unless $error; + +} else { + + $access_user = $FS::CurrentUser::CurrentUser; + +} + +#well, if you got your password change wrong, you don't get anything else +#changed right now. but it should be sticky on the form +unless ( $error ) { # if ($access_user) { + + my %param = $access_user->options; + + #XXX autogen + my @paramlist = qw( menu_position default_customer_view + email_address + vonage-fromnumber vonage-username vonage-password + show_pkgnum show_db_profile save_db_profile + height width availHeight availWidth colorDepth + ); + + foreach (@paramlist) { + scalar($cgi->param($_)) =~ /^[,.\-\@\w]*$/ && next; + $error ||= "Illegal value for parameter $_"; + last; + } + + foreach (@paramlist) { + $param{$_} = scalar($cgi->param($_)); + } + + $error ||= $access_user->replace( \%param ); + +} + +</%init> diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index 57e22b345..562ef2980 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -31,7 +31,7 @@ Interface <% ntable("#cccccc",2) %> <TR> - <TH>Menu location: </TH> + <TH ALIGN="right">Menu location: </TH> <TD> <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR> <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR> @@ -39,6 +39,21 @@ Interface <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD> </TR> + <TR> + <TH ALIGN="right">Default customer view: </TD> + <TD COLSPAN=2> + <SELECT NAME="default_customer_view"> +% foreach my $view ( keys %customer_views ) { +% my $selected = +% $customer_views{$view} eq $curuser->option('default_customer_view') +% ? 'SELECTED' +% : ''; + <OPTION VALUE="<%$customer_views{$view}%>" <%$selected%>><%$view%></OPTION> +% } + </SELECT> + </TD> + </TR> + </TABLE> <BR> @@ -113,8 +128,21 @@ Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a> my $curuser = $FS::CurrentUser::CurrentUser; +#false laziness w/view/cust_main.cgi and Conf.pm (cust_main-default_view) + +tie my %customer_views, 'Tie::IxHash', + 'Basics' => 'basics', + 'Notes' => 'notes', #notes and files? + 'Tickets' => 'tickets', + 'Packages' => 'packages', + 'Payment History' => 'payment_history', +; +$customer_views{'Change History'} = 'change_history' + if $curuser->access_right('View customer history'); +$customer_views{'Jumbo'} = 'jumbo'; + # XSS via your own preferences? seems unlikely, but nice try anyway... -( $curuser->option('menu_position') || 'left' ) +( $curuser->option('menu_position') || 'top' ) =~ /^(\w+)$/ or die "illegal menu_position"; my $menu_position = $1; ( $curuser->option('email_address') ) |