From dcdf657e77ec7b46dc69e19a849a9c133123db7c Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Thu, 14 Dec 2006 06:00:46 +0000
Subject: encryption fixes from huntsberg & jayce

---
 httemplate/edit/cust_main/billing.html |  26 +++---
 httemplate/edit/cust_refund.cgi        | 147 ++++++++++++++++++++-------------
 httemplate/edit/process/cust_main.cgi  |   6 ++
 3 files changed, 111 insertions(+), 68 deletions(-)

(limited to 'httemplate/edit')
diff --git a/httemplate/edit/cust_main/billing.html b/httemplate/edit/cust_main/billing.html
index 78a2002a4..ae5630739 100644
--- a/httemplate/edit/cust_main/billing.html
+++ b/httemplate/edit/cust_main/billing.html
@@ -23,7 +23,10 @@
 
   <FORM NAME="<% $cust_main->payby %>" STYLE="margin-top: 0; margin-bottom: 0"> 
 % # XXX key 
-% foreach my $field (qw( payinfo payname paycvv paystart_month paystart_year payissue payip )) { 
+
+
+    <INPUT TYPE="hidden" NAME="payinfo" VALUE="<% $cust_main->paymask %>">
+% foreach my $field (qw( payname paycvv paystart_month paystart_year payissue payip )) { 
 
 
     <INPUT TYPE="hidden" NAME="<% $field %>" VALUE="<% $cust_main->getfield($field) %>">
@@ -136,16 +139,19 @@
   </SCRIPT>
 %
 %
-%  my($payby, $payinfo, $payname)=(
+%  my($payby, $paymask, $payname)=(
 %    $cust_main->payby,
-%    $cust_main->payinfo,
+%    $cust_main->paymask,
 %    $cust_main->payname,
 %  );
-%  my( $account, $aba ) = split('@', $payinfo);
+%  my( $account, $aba ) = split('@', $paymask);
 %
 %  my $disabled = 'DISABLED style="background-color: #dddddd"';
 %  my $text_disabled = 'style="color: #999999"';
-%  if ( $payby =~ /^(CARD|DCRD)$/ && cardtype($payinfo) =~ /^(Switch|Solo)$/ ) {
+%
+%  # this is not going to work unless the mask-generation recognizes
+%  # Switch/Solo cards
+%  if ( $payby =~ /^(CARD|DCRD)$/ && cardtype($paymask) =~ /^(Switch|Solo)$/ ) {
 %    $disabled = 'style="background-color: #ffffff"';
 %    $text_disabled = 'style="color: #000000";'
 %  }
@@ -157,7 +163,7 @@
 %      '<TABLE BGCOLOR="#cccccc" BORDER=0 CELLSPACING=0 HEIGHT=192>'.
 %
 %        qq!<TR><TD ALIGN="right" WIDTH="200">${r}Card number </TD>!.
-%          qq!<TD WIDTH="408"><INPUT TYPE="text" NAME="payinfo" VALUE="!. ( $payby =~ /^(CARD|DCRD)$/ ? $payinfo : '' ). qq!" MAXLENGTH=19 onChange="card_changed(this)" onKeyUp="card_changed(this)"></TD></TR>!.
+%          qq!<TD WIDTH="408"><INPUT TYPE="text" NAME="payinfo" VALUE="!. ( $payby =~ /^(CARD|DCRD)$/ ? $paymask : '' ). qq!" MAXLENGTH=19 onChange="card_changed(this)" onKeyUp="card_changed(this)"></TD></TR>!.
 %
 %        qq!<TR><TD ALIGN="right" WIDTH="200">${r}Expiration </TD>!.
 %          '<TD WIDTH="408">'.
@@ -174,7 +180,7 @@
 %
 %          qq!(<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('../docs/cvv2.html', 480, 352, 'cvv2_popup' ), CAPTION, 'CVV2 Help', STICKY, AUTOSTATUSCAP, CLOSECLICK, DRAGGABLE ); return false;">help</A>)!.
 %          qq!</TD>!.
-%          '<TD WIDTH="408"><INPUT TYPE="text" NAME="paycvv" VALUE="'. ( $payby =~ /^(CARD|DCRD)$/ ? $cust_main->paycvv : '' ). '" SIZE=4 MAXLENGTH=4>'.
+%          '<TD WIDTH="408"><INPUT TYPE="text" NAME="paycvv" VALUE="'. ( $payby =~ /^(CARD|DCRD)$/ && !$cust_main->is_encrypted($cust_main->paycvv) ? $cust_main->paycvv : '' ). '" SIZE=4 MAXLENGTH=4>'.
 %
 %
 %        qq!<TR><TD ALIGN="right" WIDTH="200"><SPAN ID="paystart_label" $text_disabled>Start date </SPAN></TD>!.
@@ -188,7 +194,7 @@
 %                    'end_year'   => (localtime())[5] + 1900,
 %                    'selected_date' => (
 %                      ( $payby =~ /^(CARD|DCRD)$/
-%                        && cardtype($payinfo) =~ /^(Switch|Solo)$/ )
+%                        && cardtype($paymask) =~ /^(Switch|Solo)$/ ) #also
 %                          ? $cust_main->paystart_month. '-'.
 %                            $cust_main->paystart_year 
 %                          : ''
@@ -236,7 +242,7 @@
 %      '<TABLE BGCOLOR="#cccccc" BORDER=0 CELLSPACING=0 HEIGHT=192>'.
 %
 %        qq!<TR><TD ALIGN="right" WIDTH="200">${r}Phone number </TD>!.
-%          qq!<TD WIDTH="408"><INPUT TYPE="text" NAME="payinfo" VALUE="!. ( $payby eq 'LECB' ? $cust_main->payinfo : '' ). qq!" MAXLENGTH=15 SIZE=16></TD></TR>!.
+%          qq!<TD WIDTH="408"><INPUT TYPE="text" NAME="payinfo" VALUE="!. ( $payby eq 'LECB' ? $cust_main->paymask : '' ). qq!" MAXLENGTH=15 SIZE=16></TD></TR>!.
 %
 %        qq!<INPUT TYPE="hidden" NAME="exp_month" VALUE="12">!.
 %        qq!<INPUT TYPE="hidden" NAME="exp_year" VALUE="2037">!.
@@ -256,7 +262,7 @@
 %      '<TABLE BGCOLOR="#cccccc" BORDER=0 CELLSPACING=0 HEIGHT=192>'.
 %
 %        qq!<TR><TD ALIGN="right" WIDTH="200">P.O. </TD>!.
-%          qq!<TD WIDTH="408"><INPUT TYPE="text" NAME="payinfo" VALUE="!. ( $payby eq 'BILL' ? $cust_main->payinfo : '' ). qq!"></TD></TR>!.
+%          qq!<TD WIDTH="408"><INPUT TYPE="text" NAME="payinfo" VALUE="!. ( $payby eq 'BILL' ? $cust_main->paymask : '' ). qq!"></TD></TR>!.
 %
 %        qq!<INPUT TYPE="hidden" NAME="exp_month" VALUE="12">!.
 %        qq!<INPUT TYPE="hidden" NAME="exp_year" VALUE="2037">!.
diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi
index 2b3e02614..aa825af94 100755
--- a/httemplate/edit/cust_refund.cgi
+++ b/httemplate/edit/cust_refund.cgi
@@ -1,4 +1,3 @@
-<!-- mason kludge -->
 %
 %
 %my $conf = new FS::Conf;
@@ -26,70 +25,102 @@
 %
 %my $p1 = popurl(1);
 %
-%print header('Refund '. ucfirst(lc($payby)). ' payment', '');
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-%      "</FONT>"
-%  if $cgi->param('error');
-%print <<END, small_custview($custnum, $conf->config('countrydefault'));
-%    <FORM ACTION="${p1}process/cust_refund.cgi" METHOD=POST>
-%    <INPUT TYPE="hidden" NAME="refundnum" VALUE="">
-%    <INPUT TYPE="hidden" NAME="custnum" VALUE="$custnum">
-%    <INPUT TYPE="hidden" NAME="paynum" VALUE="$paynum">
-%    <INPUT TYPE="hidden" NAME="_date" VALUE="$_date">
-%    <INPUT TYPE="hidden" NAME="payby" VALUE="$payby">
-%    <INPUT TYPE="hidden" NAME="payinfo" VALUE="">
-%    <INPUT TYPE="hidden" NAME="paybatch" VALUE="">
-%    <INPUT TYPE="hidden" NAME="credited" VALUE="">
-%    <BR>
-%END
 %
-%if ( $cust_pay ) {
+
+
+<% include('/elements/header.html', 'Refund '. ucfirst(lc($payby)). ' payment', '') %>
+% if ( $cgi->param('error') ) { 
+
+  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
+  <BR><BR>
+% } 
+
+
+<% small_custview($custnum, $conf->config('countrydefault')) %>
+
+<FORM NAME="RefundForm" ACTION="<% $p1 %>process/cust_refund.cgi" METHOD=POST onSubmit="document.RefundForm.submit.disabled=true">
+<INPUT TYPE="hidden" NAME="refundnum" VALUE="">
+<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
+<INPUT TYPE="hidden" NAME="paynum" VALUE="<% $paynum %>">
+<INPUT TYPE="hidden" NAME="_date" VALUE="<% $_date %>">
+<INPUT TYPE="hidden" NAME="payby" VALUE="<% $payby %>">
+<INPUT TYPE="hidden" NAME="payinfo" VALUE="">
+<INPUT TYPE="hidden" NAME="paybatch" VALUE="">
+<INPUT TYPE="hidden" NAME="credited" VALUE="">
+<BR>
+% if ( $cust_pay ) {
 %
 %  #false laziness w/FS/FS/cust_pay.pm
 %  my $payby = $cust_pay->payby;
-%  my $payinfo = $cust_pay->payinfo;
-%  $payby =~ s/^BILL$/Check/ if $payinfo;
+%  my $paymask = $cust_pay->paymask;
+%  $payby =~ s/^BILL$/Check/ if $paymask;
 %  $payby =~ s/^CHEK$/Electronic check/;
-%  $payinfo = $cust_pay->payinfo_masked if $payby eq 'CARD';
 %
-%  print '<BR>Payment'. ntable("#cccccc", 2).
-%        '<TR><TD ALIGN="right">Amount</TD><TD BGCOLOR="#ffffff">$'.
-%          $cust_pay->paid. '</TD></TR>'.
-%        '<TR><TD ALIGN="right">Date</TD><TD BGCOLOR="#ffffff">'.
-%          time2str("%D",$cust_pay->_date). '</TD></TR>'.
-%        '<TR><TD ALIGN="right">Method</TD><TD BGCOLOR="#ffffff">'.
-%          ucfirst(lc($payby)). ' # '. $payinfo. '</TD></TR>';
+%
+
+
+  <BR>Payment
+  <% ntable("#cccccc", 2) %>
+
+    <TR>
+      <TD ALIGN="right">Amount</TD><TD BGCOLOR="#ffffff">$<% $cust_pay->paid %></TD>
+    </TR>
+
+  <TR>
+    <TD ALIGN="right">Date</TD><TD BGCOLOR="#ffffff"><% time2str("%D",$cust_pay->_date) %></TD>
+  </TR>
+
+  <TR>
+    <TD ALIGN="right">Method</TD><TD BGCOLOR="#ffffff"><% ucfirst(lc($payby)) %> # <% $paymask %></TD>
+  </TR>
+%
 %  #false laziness w/FS/FS/cust_main::realtime_refund_bop
 %  if ( $cust_pay->paybatch =~ /^(\w+):(\w+)(:(\w+))?$/ ) {
 %    my ( $processor, $auth, $order_number ) = ( $1, $2, $4 );
-%    print '<TR><TD ALIGN="right">Processor</TD><TD BGCOLOR="#ffffff">'.
-%          $processor. '</TD></TR>';
-%    print '<TR><TD ALIGN="right">Authorization</TD><TD BGCOLOR="#ffffff">'.
-%          $auth. '</TD></TR>'
-%      if length($auth);
-%    print '<TR><TD ALIGN="right">Order number</TD><TD BGCOLOR="#ffffff">'.
-%          $order_number. '</TD></TR>'
-%      if length($order_number);
-%  }
-%  print '</TABLE>';
-%}
-%
-%print '<BR>Refund'. ntable("#cccccc", 2).
-%      '<TR><TD ALIGN="right">Date</TD><TD BGCOLOR="#ffffff">'.
-%      time2str("%D",$_date). '</TD></TR>';
-%
-%print qq!<TR><TD ALIGN="right">Amount</TD><TD BGCOLOR="#ffffff">\$<INPUT TYPE="text" NAME="refund" VALUE="$refund" SIZE=8 MAXLENGTH=8></TD></TR>!;
-%
-%print qq!<TR><TD ALIGN="right">Reason</TD><TD BGCOLOR="#ffffff"><INPUT TYPE="text" NAME="reason" VALUE="$reason"></TD></TR>!;
-%
-%print <<END;
-%</TABLE>
-%<BR>
-%<INPUT TYPE="submit" VALUE="Post refund">
-%    </FORM>
-%  </BODY>
-%</HTML>
-%END
-%
-%
+%  
+
+
+    <TR>
+      <TD ALIGN="right">Processor</TD><TD BGCOLOR="#ffffff"><% $processor %></TD>
+    </TR>
+% if ( length($auth) ) { 
+
+      <TR>
+        <TD ALIGN="right">Authorization</TD><TD BGCOLOR="#ffffff"><% $auth %></TD>
+      </TR>
+% } 
+% if ( length($order_number) ) { 
+
+      <TR>
+        <TD ALIGN="right">Order number</TD><TD BGCOLOR="#ffffff"><% $order_number %></TD>
+      </TR>
+% } 
+% } 
+
+  </TABLE>
+% } 
+
+
+<BR>Refund
+<% ntable("#cccccc", 2) %>
+
+  <TR>
+    <TD ALIGN="right">Date</TD><TD BGCOLOR="#ffffff"><% time2str("%D",$_date) %></TD>
+  </TR>
+
+  <TR>
+    <TD ALIGN="right">Amount</TD><TD BGCOLOR="#ffffff">$<INPUT TYPE="text" NAME="refund" VALUE="<% $refund %>" SIZE=8 MAXLENGTH=8></TD>
+  </TR>
+
+  <TR>
+    <TD ALIGN="right">Reason</TD><TD BGCOLOR="#ffffff"><INPUT TYPE="text" NAME="reason" VALUE="<% $reason %>"></TD>
+  </TR>
+</TABLE>
+
+<BR>
+<INPUT TYPE="submit" NAME="submit" VALUE="Post refund">
+
+</FORM>
+
+<% include('/elements/footer.html') %>
 
diff --git a/httemplate/edit/process/cust_main.cgi b/httemplate/edit/process/cust_main.cgi
index d5d127b2d..789f29522 100755
--- a/httemplate/edit/process/cust_main.cgi
+++ b/httemplate/edit/process/cust_main.cgi
@@ -46,6 +46,9 @@
 %  } fields('cust_main')
 %} );
 %
+% delete( $new->hashref->{'agent_custid'} )
+%   unless $new->hashref->{'agent_custid'};
+%
 %if ( defined($cgi->param('same')) && $cgi->param('same') eq "Y" ) {
 %  $new->setfield("ship_$_", '') foreach qw(
 %    last first company address1 address2 city county state zip
@@ -151,6 +154,9 @@
 %       && $new->paycvv =~ /^\s*\*+\s*$/ ) {
 %    $new->paycvv($old->paycvv);
 %  }
+%  if ($new->payby =~ /CARD|DCRD|CHEK|DCHK/ && $new->payinfo =~ /xx/) {
+%    $new->payinfo($old->payinfo);
+%  }
 %  $error ||= $new->replace($old, \@invoicing_list);
 %  
 %}
-- 
cgit v1.2.1


${r}Card number

${r}Expiration	'. @@ -174,7 +180,7 @@ % % qq!(help)!. % qq!	'. +% '	'. % % % qq!
Start date
P.O.

Amount	$'. -% $cust_pay->paid. '
Date	'. -% time2str("%D",$cust_pay->_date). '
Method	'. -% ucfirst(lc($payby)). ' # '. $payinfo. '
Amount	$<% $cust_pay->paid %>
Date	<% time2str("%D",$cust_pay->_date) %>
Method	<% ucfirst(lc($payby)) %> # <% $paymask %>
Processor	'. -% $processor. '
Authorization	'. -% $auth. '
Order number	'. -% $order_number. '