blob: 2a8f33bad3ebce724f022cf93bd12dd13238757f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
%if ( $success ) {
<& /elements/header-popup.html, mt("Payment voided") &>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
</BODY>
</HTML>
%} else {
<& /elements/header-popup.html, mt('Void payment') &>
<& /elements/error.html &>
<P ALIGN="center"><B><% mt('Void this payment?') |h %></B>
% if ( $cust_pay->payby =~ /^(CARD|CHEK)$/ ) {
<P ALIGN="center"><% mt('(Do not send anything to the payment gateway)') |h %>
% }
<FORM action="<% ${p} %>misc/void-cust_pay.html">
<INPUT TYPE="hidden" NAME="paynum" VALUE="<% $paynum %>">
<TABLE BGCOLOR="#cccccc" BORDER="0" CELLSPACING="2" STYLE="margin-left:auto; margin-right:auto">
<& /elements/tr-select-reason.html,
'field' => 'reasonnum',
'reason_class' => 'P',
'cgi' => $cgi
&>
</TABLE>
<BR>
<P ALIGN="CENTER">
<INPUT TYPE="submit" NAME="confirm_void_payment" VALUE="<% mt('Void payment') |h %>">
<INPUT TYPE="BUTTON" VALUE="<% mt("Don't void payment") |h %>" onClick="parent.cClick();">
</FORM>
</BODY>
</HTML>
%}
<%init>
#untaint paynum
my $paynum = $cgi->param('paynum');
if ($paynum) {
$paynum =~ /^(\d+)$/ || die "Illegal paynum";
} else {
my($query) = $cgi->keywords;
$query =~ /^(\d+)/ || die "Illegal paynum";
$paynum = $1;
}
my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum}) || die "Payment not found";
my $right = 'Void payments';
$right = 'Credit card void' if $cust_pay->payby eq 'CARD';
$right = 'Echeck void' if $cust_pay->payby eq 'CHEK';
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right($right);
my $success = 0;
if ($cgi->param('confirm_void_payment')) {
#untaint reasonnum / create new reason
my ($reasonnum, $error) = $m->comp('process/elements/reason');
if (!$reasonnum) {
$error = 'Reason required';
} else {
my $reason = qsearchs('reason', { 'reasonnum' => $reasonnum })
|| die "Reason num $reasonnum not found in database";
$error = $cust_pay->void($reason) unless $error;
}
if ($error) {
$cgi->param('error',$error);
} else {
$success = 1;
}
}
</%init>
|
