1 <% include('/elements/header.html', 'Preferences for '. getotaker ) %>
3 <FORM METHOD="POST" NAME="pref_form" ACTION="pref-process.html">
5 <% include('/elements/error.html') %>
8 Change password (leave blank for no change)
9 <% ntable("#cccccc",2) %>
12 <TH ALIGN="right">Current password: </TH>
13 <TD><INPUT TYPE="password" NAME="_password"></TD>
17 <TH ALIGN="right">New password: </TH>
18 <TD><INPUT TYPE="password" NAME="new_password"></TD>
22 <TH ALIGN="right">Re-enter new password: </TH>
23 <TD><INPUT TYPE="password" NAME="new_password2"></TD>
31 <% ntable("#cccccc",2) %>
34 <TH>Menu location: </TH>
36 <INPUT TYPE="radio" NAME="menu_position" VALUE="left" onClick="document.images['menu_example'].src='../images/menu-left-example.png';" <% $menu_position eq 'left' ? ' CHECKED' : ''%>> Left<BR>
37 <INPUT TYPE="radio" NAME="menu_position" VALUE="top"onClick="document.images['menu_example'].src='../images/menu-top-example.png';" <% $menu_position eq 'top' ? ' CHECKED' : ''%>> Top <BR>
39 <TD><IMG NAME="menu_example" SRC="../images/menu-<% $menu_position %>-example.png"></TD>
47 <% ntable("#cccccc",2) %>
50 <TH>Email Address(es) (comma separated) </TH>
52 <TD><INPUT TYPE="text" NAME="email_address" VALUE="<% $email_address %>">
61 <% ntable("#cccccc",2) %>
64 <TH>Show internal package numbers: </TH>
65 <TD><INPUT TYPE="checkbox" NAME="show_pkgnum" VALUE="1" <% $curuser->option('show_pkgnum') ? 'CHECKED' : '' %>></TD>
68 <TH>Show database profiling (when available): </TH>
69 <TD><INPUT TYPE="checkbox" NAME="show_db_profile" VALUE="1" <% $curuser->option('show_db_profile') ? 'CHECKED' : '' %>></TD>
72 <TH>Save database profiling logs (when available): </TH>
73 <TD><INPUT TYPE="checkbox" NAME="save_db_profile" VALUE="1" <% $curuser->option('save_db_profile') ? 'CHECKED' : '' %>></TD>
80 Vonage integration (see <a href="https://secure.click2callu.com/">Click2Call</a>)
81 <% ntable("#cccccc",2) %>
84 <TH ALIGN="right">Vonage phone number</TH>
85 <TD><INPUT TYPE="text" NAME="vonage-fromnumber" VALUE="<% $curuser->option('vonage-fromnumber') %>"></TD>
89 <TH ALIGN="right">Vonage username</TH>
90 <TD><INPUT TYPE="text" NAME="vonage-username" VALUE="<% $curuser->option('vonage-username') %>"></TD>
94 <TH ALIGN="right">Vonage password</TH>
95 <TD><INPUT TYPE="password" NAME="vonage-password" VALUE="<% $curuser->option('vonage-password') %>"></TD>
102 % foreach my $prop (qw( height width availHeight availWidth colorDepth )) {
103 <INPUT TYPE="hidden" NAME="<% $prop %>" VALUE="">
104 <SCRIPT TYPE="text/javascript">
105 document.pref_form.<% $prop %>.value = screen.<% $prop %>;
109 <INPUT TYPE="submit" VALUE="Update preferences">
111 <% include('/elements/footer.html') %>
114 my $curuser = $FS::CurrentUser::CurrentUser;
116 # XSS via your own preferences? seems unlikely, but nice try anyway...
117 ( $curuser->option('menu_position') || 'left' )
118 =~ /^(\w+)$/ or die "illegal menu_position";
119 my $menu_position = $1;
120 ( $curuser->option('email_address') )
121 =~ /^([,\w\@.]*)$/ or die "illegal email_address"; #too late
122 my $email_address = $1;