From 77baa7974ade41e55d85de22e7d7a54273dd442f Mon Sep 17 00:00:00 2001
From: Christopher Burger <burgerc@freeside.biz>
Date: Mon, 17 Sep 2018 07:57:32 -0400
Subject: RT# 39340 - removed min_selfservice dir and merged into
 ng_selfservice

---
 ng_selfservice/elements/header.php |  18 +++++++
 ng_selfservice/index.php           |   8 ++-
 ng_selfservice/ip_login.php        | 105 +++++++++++++++++++++++++++++++++++++
 ng_selfservice/no_access.php       |  34 ++++++++++++
 ng_selfservice/process_login.php   |  15 ++++--
 5 files changed, 174 insertions(+), 6 deletions(-)
 create mode 100644 ng_selfservice/ip_login.php
 create mode 100644 ng_selfservice/no_access.php

(limited to 'ng_selfservice')

diff --git a/ng_selfservice/elements/header.php b/ng_selfservice/elements/header.php
index 633996515..3ef5c6e12 100644
--- a/ng_selfservice/elements/header.php
+++ b/ng_selfservice/elements/header.php
@@ -1,3 +1,21 @@
+<?
+
+require_once('session.php');
+
+$page = basename($_SERVER['SCRIPT_FILENAME']);
+
+$access = $freeside->check_access( array(
+  'session_id' => $_COOKIE['session_id'],
+  'page'       => $page,
+) );
+
+if ($access['error']) {
+  header('Location:no_access.php?error='. urlencode($access['error']));
+  die();
+}
+
+?>
+
 <!DOCTYPE html>
 <HTML>
   <HEAD>
diff --git a/ng_selfservice/index.php b/ng_selfservice/index.php
index 62b6562c8..06e8fc13b 100644
--- a/ng_selfservice/index.php
+++ b/ng_selfservice/index.php
@@ -3,7 +3,7 @@
 require('freeside.class.php');
 $freeside = new FreesideSelfService();
 
-$login_info = $freeside->login_info();
+$login_info = $freeside->login_info( array('session_id' => $_COOKIE['session_id'],));
 
 extract($login_info);
 
@@ -60,7 +60,7 @@ if ( $error ) {
 <? if ( $phone_login ) { ?>
 
   <B>OR</B><BR><BR>
-    
+
   <FORM ACTION="process_login.php" METHOD=POST>
   <INPUT TYPE="hidden" NAME="session" VALUE="login">
   <TABLE BGCOLOR="#c0c0c0" BORDER=0 CELLSPACING=2 CELLPADDING=0>
@@ -85,6 +85,10 @@ if ( $error ) {
 
 <? } ?>
 
+<!--
+<BR><BR><A HREF="ip_login.php">Login by IP (<? echo $_SERVER['REMOTE_ADDR']; ?>) to make a payment.</A>
+-->
+
 <? include('elements/footer.php'); ?>
 
 
diff --git a/ng_selfservice/ip_login.php b/ng_selfservice/ip_login.php
new file mode 100644
index 000000000..153065767
--- /dev/null
+++ b/ng_selfservice/ip_login.php
@@ -0,0 +1,105 @@
+<?
+
+require('freeside.class.php');
+$freeside = new FreesideSelfService();
+
+$ip = $_SERVER['REMOTE_ADDR'];
+
+$mac = $freeside->get_mac_address( array('ip' => $ip, ) );
+
+$response = $freeside->login( array( 
+  'username' => $mac['mac_address'],
+  'domain'   => 'ip_mac',
+) );
+
+$error = $response['error'];
+
+if ( $error ) {
+
+  $title ='Login'; include('elements/header.php');
+  include('elements/error.php');	
+  echo "Sorry "+$error;
+
+ // header('Location:index.php?username='. urlencode($mac).
+ //                          '&domain='.   urlencode($domain).
+ //                          '&email='.    urlencode($email).
+ //                          '&error='.    urlencode($error)
+ //       );
+
+}
+else {
+// sucessful login
+
+$session_id = $response['session_id'];
+
+error_log("[login] logged into freeside with session_id=$session_id, setting cookie");
+
+// now what?  for now, always redirect to the main page (or the select a
+// customer diversion).
+// eventually, other options?
+
+setcookie('session_id', $session_id);
+
+if ( $response['custnum'] || $response['svcnum'] ) {
+
+  header("Location:main.php");
+  die();
+  //1;
+
+} elseif ( $response['customers'] ) {
+  //var_dump($response['customers']);
+?>
+
+  <? $title ='Select customer'; include('elements/header.php'); ?>
+  <? include('elements/error.php'); ?>
+
+  <FORM NAME="SelectCustomerForm" ACTION="process_select_cust.php" METHOD=POST>
+  <INPUT TYPE="hidden" NAME="action" VALUE="switch_cust">
+
+  <TABLE BGCOLOR="#c0c0c0" BORDER=0 CELLSPACING=2 CELLPADDING=0>
+
+    <TR>
+      <TH ALIGN="right">Customer </TH>
+      <TD>
+        <SELECT NAME="custnum" ID="custnum" onChange="custnum_changed()">
+          <OPTION VALUE="">Select a customer
+          <? foreach ( $response['customers'] AS $custnum => $customer ) { ?>
+            <OPTION VALUE="<? echo $custnum ?>"><? echo htmlspecialchars( $customer ) ?>
+          <? } ?>
+        </SELECT>
+      </TD>
+    </TR>
+
+    <TR>
+      <TD COLSPAN=2 ALIGN="center"><INPUT TYPE="submit" ID="submit" VALUE="Select customer" DISABLED></TD>
+    </TR>
+
+  </TABLE>
+  </FORM>
+
+  <SCRIPT TYPE="text/javascript">
+
+  function custnum_changed () {
+    var form = document.SelectCustomerForm;
+    if ( form.custnum.selectedIndex > 0 ) {
+      form.submit.disabled = false;
+    } else {
+      form.submit.disabled = true;
+    }
+  }
+
+  </SCRIPT>
+
+<?
+
+// } else {
+// 
+//   die 'login successful, but unrecognized info (no custnum, svcnum or customers)';
+  
+} // multiple customers found
+
+} //successfull login
+
+?>
+
+  <? include('elements/footer.php'); ?>
diff --git a/ng_selfservice/no_access.php b/ng_selfservice/no_access.php
new file mode 100644
index 000000000..b13cca93c
--- /dev/null
+++ b/ng_selfservice/no_access.php
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<HTML>
+  <HEAD>
+    <TITLE>
+      Access Denied
+    </TITLE>
+    <link href="css/default.css" rel="stylesheet" type="text/css"/>
+    <script type="text/javascript" src="js/jquery.js"></script>
+    <script type="text/javascript" src="js/menu.js"></script>
+  </HEAD>
+  <BODY>
+    <FONT SIZE=5>Access Denied</FONT>
+    <BR><BR>
+<? $current_menu = 'no_access.php'; include('elements/menu.php'); ?>
+<?
+
+$customer_info = $freeside->customer_info_short( array(
+  'session_id' => $_COOKIE['session_id'],
+) );
+
+if ( isset($customer_info['error']) && $customer_info['error'] ) {
+  $error = $customer_info['error'];
+  header('Location:index.php?error='. urlencode($error));
+  die();
+}
+
+extract($customer_info);
+
+?>
+
+<P>Sorry you do not have access to the page you are trying to reach.</P>
+
+<? include('elements/menu_footer.php'); ?>
+<? include('elements/footer.php'); ?>
\ No newline at end of file
diff --git a/ng_selfservice/process_login.php b/ng_selfservice/process_login.php
index 15b000b14..d98281a1a 100644
--- a/ng_selfservice/process_login.php
+++ b/ng_selfservice/process_login.php
@@ -3,6 +3,13 @@
 require('freeside.class.php');
 $freeside = new FreesideSelfService();
 
+$ip = $_SERVER['REMOTE_ADDR'];
+
+if ($_POST['domain'] == "ip_mac") {
+  $mac_addr = $freeside->get_mac_address( array('ip' => $ip, ) );
+  $_POST['username'] = $mac_addr['mac_address'];
+}
+
 $response = $freeside->login( array( 
   'email'    => strtolower($_POST['email']),
   'username' => strtolower($_POST['username']),
@@ -16,9 +23,9 @@ $error = $response['error'];
 
 if ( $error ) {
 
-  header('Location:index.php?username='. urlencode($username).
-                           '&domain='.   urlencode($domain).
-                           '&email='.    urlencode($email).
+  header('Location:index.php?username='. urlencode($_POST['username']).
+                           '&domain='.   urlencode($_POST['domain']).
+                           '&email='.    urlencode($_POST['email']).
                            '&error='.    urlencode($error)
         );
   die();
@@ -43,7 +50,7 @@ if ( $response['custnum'] || $response['svcnum'] ) {
   die();
 
 } elseif ( $response['customers'] ) {
-var_dump($response['customers']);
+  //var_dump($response['customers']);
 ?>
 
   <? $title ='Select customer'; include('elements/header.php'); ?>
-- 
cgit v1.2.1