diff options
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/autohandler | 2 | ||||
| -rw-r--r-- | httemplate/edit/access_user.html | 10 | ||||
| -rwxr-xr-x | httemplate/edit/cust_credit.cgi | 2 | ||||
| -rwxr-xr-x | httemplate/edit/cust_main.cgi | 1 | ||||
| -rw-r--r-- | httemplate/edit/elements/ApplicationCommon.html | 2 | ||||
| -rw-r--r-- | httemplate/edit/process/access_user.html | 28 | ||||
| -rw-r--r-- | httemplate/edit/process/elements/process.html | 9 | ||||
| -rwxr-xr-x | httemplate/edit/svc_acct.cgi | 2 | ||||
| -rw-r--r-- | httemplate/edit/svc_cert.cgi | 2 | ||||
| -rwxr-xr-x | httemplate/edit/svc_domain.cgi | 2 | ||||
| -rw-r--r-- | httemplate/elements/header.html | 33 | ||||
| -rw-r--r-- | httemplate/elements/logout.html | 44 | ||||
| -rw-r--r-- | httemplate/index.html | 2 | ||||
| -rw-r--r-- | httemplate/loginout/login.html | 71 | ||||
| -rw-r--r-- | httemplate/loginout/logout.html | 31 | ||||
| -rw-r--r-- | httemplate/pref/pref-process.html | 35 | ||||
| -rw-r--r-- | httemplate/pref/pref.html | 36 |
17 files changed, 173 insertions, 139 deletions
diff --git a/httemplate/autohandler b/httemplate/autohandler index c326e3e18..b5b1071c1 100644 --- a/httemplate/autohandler +++ b/httemplate/autohandler @@ -46,5 +46,5 @@ if ( UNIVERSAL::can(dbh, 'sprintProfile') ) { </%filter> <%cleanup> - dbh->commit(); + dbh->commit() if dbh; </%cleanup> diff --git a/httemplate/edit/access_user.html b/httemplate/edit/access_user.html index 86ce25374..b087943c2 100644 --- a/httemplate/edit/access_user.html +++ b/httemplate/edit/access_user.html @@ -3,8 +3,7 @@ 'table' => 'access_user', 'fields' => [ 'username', - { field=>'_password', type=>'password' }, - { field=>'_password2', type=>'password' }, + @pw_fields, 'last', 'first', { field=>'user_custnum', type=>'search-cust_main', }, @@ -50,6 +49,13 @@ die "access denied" unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +my @pw_fields = + FS::Auth->auth_class->can('change_password') + ? ( { field=>'_password', type=>'password' }, + { field=>'_password2', type=>'password' }, + ) + : (); + my $check_user_custnum_search = <<END; <SCRIPT TYPE="text/javascript"> function check_user_custnum_search(what) { diff --git a/httemplate/edit/cust_credit.cgi b/httemplate/edit/cust_credit.cgi index 4dba1e769..09300c629 100755 --- a/httemplate/edit/cust_credit.cgi +++ b/httemplate/edit/cust_credit.cgi @@ -8,7 +8,6 @@ <INPUT TYPE="hidden" NAME="paybatch" VALUE=""> <INPUT TYPE="hidden" NAME="_date" VALUE="<% $_date %>"> <INPUT TYPE="hidden" NAME="credited" VALUE=""> -<INPUT TYPE="hidden" NAME="otaker" VALUE="<% $otaker %>"> <% ntable("#cccccc", 2) %> @@ -74,7 +73,6 @@ die "access denied" my $custnum = $cgi->param('custnum'); my $amount = $cgi->param('amount'); my $_date = time; -my $otaker = getotaker; my $p1 = popurl(1); </%init> diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi index 2908848c6..d597d0bc2 100755 --- a/httemplate/edit/cust_main.cgi +++ b/httemplate/edit/cust_main.cgi @@ -299,7 +299,6 @@ if ( $cgi->param('error') ) { $cust_main = new FS::cust_main ( {} ); $cust_main->agentnum( $conf->config('default_agentnum') ) if $conf->exists('default_agentnum'); - $cust_main->otaker( &getotaker ); $cust_main->referral_custnum( $cgi->param('referral_custnum') ); @invoicing_list = (); push @invoicing_list, 'POST' diff --git a/httemplate/edit/elements/ApplicationCommon.html b/httemplate/edit/elements/ApplicationCommon.html index 7b1050ade..acc3368b8 100644 --- a/httemplate/edit/elements/ApplicationCommon.html +++ b/httemplate/edit/elements/ApplicationCommon.html @@ -441,8 +441,6 @@ if ( $cgi->param('error') ) { $dst_pkeyvalue = ''; } -my $otaker = getotaker; - my $p1 = popurl(1); my $src = qsearchs($src_table, { $src_pkey => $src_pkeyvalue } ); diff --git a/httemplate/edit/process/access_user.html b/httemplate/edit/process/access_user.html index 8e7e70a06..7fc7c25e1 100644 --- a/httemplate/edit/process/access_user.html +++ b/httemplate/edit/process/access_user.html @@ -3,14 +3,15 @@ % print $cgi->redirect(popurl(2) . "access_user.html?" . $cgi->query_string); % } else { <% include( 'elements/process.html', - 'table' => 'access_user', - 'viewall_dir' => 'browse', - 'copy_on_empty' => [ '_password' ], + 'table' => 'access_user', + 'viewall_dir' => 'browse', + 'copy_on_empty' => [ '_password', '_password_encoding' ], 'clear_on_error' => [ '_password', '_password2' ], - 'process_m2m' => { 'link_table' => 'access_usergroup', - 'target_table' => 'access_group', - }, - 'precheck_callback'=> \&precheck_callback, + 'process_m2m' => { 'link_table' => 'access_usergroup', + 'target_table' => 'access_group', + }, + 'precheck_callback' => \&precheck_callback, + 'post_new_object_callback' => \&post_new_object_callback, ) %> % } @@ -26,11 +27,24 @@ if ( FS::Conf->new->exists('disable_acl_changes') ) { sub precheck_callback { my $cgi = shift; + my $o = FS::access_user->new({username => $cgi->param('username')}); if( $o->is_system_user and !$cgi->param('usernum') ) { $cgi->param('username',''); return "username '".$o->username."' reserved for system account." } + return ''; } + +sub post_new_object_callback { + my( $cgi, $access_user ) = @_; + + if ( length($cgi->param('_password')) ) { + my $password = scalar($cgi->param('_password')); + $access_user->change_password_fields($password); + } + +} + </%init> diff --git a/httemplate/edit/process/elements/process.html b/httemplate/edit/process/elements/process.html index fb1ee7a27..0439d4e9c 100644 --- a/httemplate/edit/process/elements/process.html +++ b/httemplate/edit/process/elements/process.html @@ -70,6 +70,9 @@ Example: #return an error string or empty for no error 'precheck_callback' => sub { my( $cgi ) = @_; }, + #after the new object is created + 'post_new_object_callback' => sub { my( $cgi, $object ) = @_; }, + #after everything's inserted 'noerror_callback' => sub { my( $cgi, $object ) = @_; }, @@ -201,7 +204,7 @@ my %hash = my @values = ( 1 ); if ( $bfield ) { @values = $cgi->param($bfield); - warn join(',', @values); + #warn join(',', @values); } my $new; @@ -226,6 +229,10 @@ foreach my $value ( @values ) { } } + if ( $opt{'post_new_object_callback'} ) { + &{ $opt{'post_new_object_callback'} }( $cgi, $new ); + } + if ( $opt{'agent_virt'} ) { if ( ! $new->agentnum diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi index 627791ba7..574fb51eb 100755 --- a/httemplate/edit/svc_acct.cgi +++ b/httemplate/edit/svc_acct.cgi @@ -482,8 +482,6 @@ my $action = $svcnum ? 'Edit' : 'Add'; my $svc = $part_svc->getfield('svc'); -my $otaker = getotaker; - my $username = $svc_acct->username; my $password = ''; diff --git a/httemplate/edit/svc_cert.cgi b/httemplate/edit/svc_cert.cgi index 93194228e..dc2cc3200 100644 --- a/httemplate/edit/svc_cert.cgi +++ b/httemplate/edit/svc_cert.cgi @@ -185,8 +185,6 @@ my $action = $svcnum ? 'Edit' : 'Add'; my $svc = $part_svc->getfield('svc'); -#my $otaker = getotaker; - my $p1 = popurl(1); my $link_query = "?svcnum=$svcnum;pkgnum=$pkgnum;svcpart=$svcpart"; diff --git a/httemplate/edit/svc_domain.cgi b/httemplate/edit/svc_domain.cgi index c3307fa8c..417b1b4c5 100755 --- a/httemplate/edit/svc_domain.cgi +++ b/httemplate/edit/svc_domain.cgi @@ -148,8 +148,6 @@ my $export = $exports[0]; # If we have a domain registration export, get the registrar object my $registrar = $export ? $export->registrar : ''; -my $otaker = getotaker; - my $domain = $svc_domain->domain; my $p1 = popurl(1); diff --git a/httemplate/elements/header.html b/httemplate/elements/header.html index c6ad3c387..7a7dc088d 100644 --- a/httemplate/elements/header.html +++ b/httemplate/elements/header.html @@ -2,18 +2,18 @@ Example: - include( '/elements/header.html', - { - 'title' => 'Title', - 'menubar' => \@menubar, - 'etc' => '', #included in <BODY> tag, for things like onLoad= - 'head' => '', #included before closing </HEAD> tag - 'nobr' => 0, #1 for no <BR><BR> after the title - } - ); - - #old-style - include( '/elements/header.html', 'Title', $menubar, $etc, $head); + <& /elements/header.html', + { + 'title' => 'Title', + 'menubar' => \@menubar, + 'etc' => '', #included in <BODY> tag, for things like onLoad= + 'head' => '', #included before closing </HEAD> tag + 'nobr' => 0, #1 for no <BR><BR> after the title + } + &> + + %#old-style + <& /elements/header.html, 'Title', $menubar, $etc, $head &> </%doc> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> @@ -41,13 +41,6 @@ Example: <% include('init_overlib.html') |n %> <% include('rs_init_object.html') |n %> - <% include('logout.html') |n %> -% my $timeout = $conf->config('logout-timeout'); -% if ( $timeout && $timeout =~ /^\s*\d+\s*$/ ) { - <script type="text/javascript"> - setTimeout('logout()', <% 60000 * $timeout %>); - </script> -% } <% $head |n %> @@ -59,7 +52,7 @@ Example: <td align=left BGCOLOR="#ffffff"> <!-- valign="top" --> <font size=6><% $company_name || 'ExampleCo' %></font> </td> - <td align=right valign=top BGCOLOR="#ffffff"><FONT SIZE="-1">Logged in as <b><% getotaker %> </b> <FONT SIZE="-2"><a href="javascript:void(0);" onClick="logout();">logout</a></FONT><br></FONT><FONT SIZE="-2"><a href="<%$fsurl%>pref/pref.html" STYLE="color: #000000">Preferences</a> + <td align=right valign=top BGCOLOR="#ffffff"><FONT SIZE="-1">Logged in as <b><% $FS::CurrentUser::CurrentUser->username |h %> </b> <FONT SIZE="-2"><a href="<%$fsurl%>loginout/logout.html">logout</a></FONT><br></FONT><FONT SIZE="-2"><a href="<%$fsurl%>pref/pref.html" STYLE="color: #000000">Preferences</a> % if ( $conf->config("ticket_system") % && FS::TicketSystem->access_right(\%session, 'ModifySelf') ) { | <a href="<%$fsurl%>rt/Prefs/Other.html" STYLE="color: #000000">Ticketing preferences</a> diff --git a/httemplate/elements/logout.html b/httemplate/elements/logout.html deleted file mode 100644 index 313dbfaf1..000000000 --- a/httemplate/elements/logout.html +++ /dev/null @@ -1,44 +0,0 @@ -<%doc> - -Example: - - include( '/elements/logout.html'); - This is the <a href="javascript:void()" onClick="logout();">logout</a> link. - -</%doc> -<SCRIPT TYPE="text/javascript"> - - function logout() { - // count args; build URL - var url = "<% $fsurl. 'loginout/logout.html' %>"; - - var xmlhttp = rs_init_object(); - xmlhttp.open("GET", url, false, "magic", "notyet"); - xmlhttp.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"); - xmlhttp.send(null); - - if (xmlhttp.readyState != 4) { - alert("Logout failed: readyState is " + xmlhttp.readyState); - return; - } - - if (xmlhttp.status != 200) { - alert("Logout failed: status is " + xmlhttp.status); - } else { - var data = xmlhttp.responseText; - // alert('received response: ' + data); - if ( data.indexOf("<b>System error</b>") > -1 ) { - var w; - if ( w = window.open("about:blank") ) { - w.document.write(data); - } else { - // popup blocking? should use an overlib popup instead - alert("Error popup disabled; try disabling popup blocking to see"); - } - } else { - window.location = "<% $fsurl. 'loginout/logout.html' %>"; - } - } - } - -</SCRIPT> diff --git a/httemplate/index.html b/httemplate/index.html index bc51e6a52..d563fa0b2 100644 --- a/httemplate/index.html +++ b/httemplate/index.html @@ -21,7 +21,7 @@ % ORDER BY history_date desc" # LIMIT 10 % ) or die dbh->errstr; % -% $sth->execute( getotaker() ) or die $sth->errstr; +% $sth->execute( $FS::CurrentUser::CurrentUser->username ) or die $sth->errstr; % % my %saw = (); % my @custnums = grep { !$saw{$_}++ } map $_->[0], @{ $sth->fetchall_arrayref }; diff --git a/httemplate/loginout/login.html b/httemplate/loginout/login.html new file mode 100644 index 000000000..d06d0a8fc --- /dev/null +++ b/httemplate/loginout/login.html @@ -0,0 +1,71 @@ +<& /elements/header-minimal.html, 'Login' &> +<link href="<%$url_string%>elements/freeside.css" type="text/css" rel="stylesheet"> + +<CENTER> + + <BR> + <FONT SIZE=5>Login</FONT> + <BR><BR> + +% if ( $error ) { + <FONT SIZE="+1" COLOR="#ff0000"><% $error |h %></FONT> + <BR><BR> +% } + +%# <FORM METHOD="POST" ACTION="<%$url_string%>loginout/login"> + <FORM METHOD="POST" ACTION="/login"> + <INPUT TYPE="hidden" NAME="destination" VALUE="<% $r->prev->uri %>"> + + <TABLE CELLSPACING=0 CELLPADDING=4 BGCOLOR="#cccccc"> + <TR> + <TD ALIGN="right">Username: </TD> + <TD><INPUT TYPE="text" NAME="credential_0" SIZE="13"></TD> + </TR> + <TR> + <TD ALIGN="right">Password: </TD> + <TD><INPUT TYPE="password" NAME="credential_1" SIZE="13"></TD> + </TR> + </TABLE> + <BR> + + <INPUT TYPE="submit" VALUE="Login"> + + </FORM> + +</CENTER> + +</BODY></HTML> +<%init> + +my %error = ( + 'no_cookie' => '', #First login, don't display an error + 'bad_cookie' => 'Bad Cookie', #timed out? + 'bad_credentials' => 'Incorrect username / password', + #'logout' => 'You have been logged out.', +); + +my $error = # $cgi->param('logout') || + $r->prev->subprocess_env("AuthCookieReason"); + +$error = exists($error{$error}) ? $error{$error} : $error; + + +my $url_string = $r->uri; + +#fake a freeside path for /login so we get our .css. shrug +$url_string =~ s/login$/freeside\/login/ unless $url_string =~ /freeside\//; + +#even though this is kludgy and false laziness w/CGI.pm +$url_string =~ s{ / index\.html /? $ } + {/}x; +$url_string =~ + s{ + /(login|loginout) + ([\w\-\.\/]*) + $ + } + {}ix; + +$url_string .= '/' unless $url_string =~ /\/$/; + +</%init> diff --git a/httemplate/loginout/logout.html b/httemplate/loginout/logout.html index d8e1c634a..5626aa4a1 100644 --- a/httemplate/loginout/logout.html +++ b/httemplate/loginout/logout.html @@ -1,18 +1,13 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<HTML> - <HEAD> - <TITLE> - Logout page - </TITLE> - </HEAD> - <BODY> - <BR><BR> - <CENTER> - You have logged out. - </CENTER> - <BR><BR> - <CENTER> - You can <a href="..">log in</a> again. - </CENTER> - </BODY> -</HTML> +<% $cgi->redirect($redirect) %> +<%init> + +# Delete the server-side session +$FS::CurrentUser::CurrentSession->logout; + +# Delete the browser cookie, etc. +my $auth_type = $r->auth_type; +$auth_type->logout($r); + +my $redirect = $fsurl; #.'?logout=logout'; + +</%init> diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html index 6b94f7175..962ee51b6 100644 --- a/httemplate/pref/pref-process.html +++ b/httemplate/pref/pref-process.html @@ -13,34 +13,35 @@ if ( FS::Conf->new->exists('disable_acl_changes') ) { } my $error = ''; -my $access_user = ''; -if ( grep { $cgi->param($_) !~ /^\s*$/ } - qw(_password new_password new_password2) +if ( FS::Auth->auth_class->can('change_password') + && grep { $cgi->param($_) !~ /^\s*$/ } + qw(_password new_password new_password2) ) { - $access_user = qsearchs( 'access_user', { - 'username' => getotaker, - '_password' => scalar($cgi->param('_password')), - } ); + if ( $cgi->param('new_password') ne $cgi->param('new_password2') ) { + $error = "New passwords don't match"; - $error = 'Current password incorrect; password not changed' - unless $access_user; + } elsif ( ! length($cgi->param('new_password')) ) { + $error = 'No new password entered'; - $error ||= "New passwords don't match" - unless $cgi->param('new_password') eq $cgi->param('new_password2'); + } elsif ( ! FS::Auth->authenticate( $FS::CurrentUser::CurrentUser, + scalar($cgi->param('_password')) ) + ) { + $error = 'Current password incorrect; password not changed'; - $error ||= "No new password entered" - unless length($cgi->param('new_password')); + } else { - $access_user->_password($cgi->param('new_password')) unless $error; + $error = $FS::CurrentUser::CurrentUser->change_password( + scalar($cgi->param('new_password')) + ); -} else { - - $access_user = $FS::CurrentUser::CurrentUser; + } } +my $access_user = $FS::CurrentUser::CurrentUser; + #well, if you got your password change wrong, you don't get anything else #changed right now. but it should be sticky on the form unless ( $error ) { # if ($access_user) { diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index 5babb0181..dc44db0b0 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -1,31 +1,33 @@ -<% include('/elements/header.html', 'Preferences for '. getotaker ) %> +<% include('/elements/header.html', 'Preferences for '. $FS::CurrentUser::CurrentUser->username ) %> <FORM METHOD="POST" NAME="pref_form" ACTION="pref-process.html"> <% include('/elements/error.html') %> +% if ( FS::Auth->auth_class->can('change_password') ) { -<% mt('Change password (leave blank for no change)') |h %> -<% ntable("#cccccc",2) %> + <% mt('Change password (leave blank for no change)') |h %> + <% ntable("#cccccc",2) %> - <TR> - <TH ALIGN="right">Current password: </TH> - <TD><INPUT TYPE="password" NAME="_password"></TD> - </TR> + <TR> + <TH ALIGN="right">Current password: </TH> + <TD><INPUT TYPE="password" NAME="_password"></TD> + </TR> - <TR> - <TH ALIGN="right">New password: </TH> - <TD><INPUT TYPE="password" NAME="new_password"></TD> - </TR> + <TR> + <TH ALIGN="right">New password: </TH> + <TD><INPUT TYPE="password" NAME="new_password"></TD> + </TR> - <TR> - <TH ALIGN="right">Re-enter new password: </TH> - <TD><INPUT TYPE="password" NAME="new_password2"></TD> - </TR> + <TR> + <TH ALIGN="right">Re-enter new password: </TH> + <TD><INPUT TYPE="password" NAME="new_password2"></TD> + </TR> -</TABLE> -<BR> + </TABLE> + <BR> +% } Interface <% ntable("#cccccc",2) %> |