2 Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is only
3 acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise create an
4 empty dummy svc_acct) and 'fieldid' (for html post-processing, passed along in
5 results for convenience.)
7 Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is valid),
8 'error' (error text if password is invalid) or 'syserror' (error text if password
9 could not be validated.) Only one of these keys will be set. Will also set
10 'fieldid' if it was passed.
13 <% encode_json($result) %>
17 my $validate_password = sub {
18 my %arg = $cgi->param('arg');
21 $result{'fieldid'} = $arg{'fieldid'}
22 if $arg{'fieldid'} =~ /^\w+$/;
24 $result{'syserror'} = 'Request is not POST' unless $cgi->request_method eq 'POST';
25 return \%result if $result{'syserror'};
27 my $password = $arg{'password'};
28 $result{'syserror'} = 'Invoked without password' unless $password;
29 return \%result if $result{'syserror'};
31 if ($arg{'contactnum'} =~ /^\d+$/) {
32 my $contactnum = $arg{'contactnum'};
33 $result{'syserror'} = 'Invalid contactnum' unless $contactnum =~ /^\d*$/;
34 return \%result if $result{'syserror'};
36 my $contact = $contactnum
37 ? qsearchs('contact',{'contactnum' => $contactnum})
38 : (new FS::contact {});
40 $result{'error'} = $contact->is_password_allowed($password);
44 my $svcnum = $arg{'svcnum'};
45 $result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/;
46 return \%result if $result{'syserror'};
48 my $svc_acct = $svcnum
49 ? qsearchs('svc_acct',{'svcnum' => $svcnum})
50 : (new FS::svc_acct {});
51 $result{'syserror'} = 'Could not find service' unless $svc_acct;
52 return \%result if $result{'syserror'};
54 $result{'error'} = $svc_acct->is_password_allowed($password);
57 # $result{'error'} = $svc_acct->is_password_allowed($password);
58 $result{'valid'} = 1 unless $result{'error'};
62 my $result = ($cgi->param('sub') eq 'validate_password')
63 ? &$validate_password()
64 : { 'syserror' => 'Invalid sub' };