summaryrefslogtreecommitdiff
path: root/httemplate/misc/process/cancel_pkg.html
blob: a4371e6f3a5aa777540b9616b6c0b2c707154496 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<% header(emt("Package $past{$method}")) %>
  <SCRIPT TYPE="text/javascript">
    window.top.location.reload();
  </SCRIPT>
  </BODY>
</HTML>
<%once>

my %past = ( 'cancel'  => 'cancelled',
             'expire'  => 'expired',
             'suspend' => 'suspended',
             'adjourn' => 'adjourned',
           );

#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html
my %right = ( 'cancel'  => 'Cancel customer package immediately',
              'expire'  => 'Cancel customer package later',
              'suspend' => 'Suspend customer package',
              'adjourn' => 'Suspend customer package later',
            );

</%once>
<%init>

#untaint method
my $method = $cgi->param('method');
$method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method";
$method = $1;

die "access denied"
  unless $FS::CurrentUser::CurrentUser->access_right($right{$method});

#untaint pkgnum
my $pkgnum = $cgi->param('pkgnum');
$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum";
$pkgnum = $1;

#untaint reasonnum
my $reasonnum = $cgi->param('reasonnum');
$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum";
$reasonnum = $1;

my $date = time;
if ($method eq 'expire' || $method eq 'adjourn'){
  #untaint date
  $date = $cgi->param('date');
  parse_datetime($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date";
  $date = $1;
  $method = ($method eq 'expire') ? 'cancel' : 'suspend';
}

my $cust_pkg = qsearchs( 'cust_pkg', {'pkgnum'=>$pkgnum} );

if ($reasonnum == -1) {
  $reasonnum = {
    'typenum' => scalar( $cgi->param('newreasonnumT') ),
    'reason'  => scalar( $cgi->param('newreasonnum' ) ),
  };
}

my $error = $cust_pkg->$method( 'reason' => $reasonnum, 'date' => $date );

if ($error) {
  $cgi->param('error', $error);
  print $cgi->redirect(popurl(2). "cancel_pkg.html?". $cgi->query_string );
}

</%init>