projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix contact self-service password reset link vs. outlook, RT#32657
[freeside.git]
/
fs_selfservice
/
FS-SelfService
/
cgi
/
selfservice.cgi
diff --git
a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index
84998bb
..
4ccf1de
100755
(executable)
--- a/
fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/
fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@
-88,12
+88,17
@@
my @nologin_actions = (qw(
do_forgot_password
process_forgot_password
do_process_forgot_password
do_forgot_password
process_forgot_password
do_process_forgot_password
+ process_forgot_password_session
));
push @actions, @nologin_actions;
my %nologin_actions = map { $_=>1 } @nologin_actions;
my $action = 'myaccount'; # sensible default
));
push @actions, @nologin_actions;
my %nologin_actions = map { $_=>1 } @nologin_actions;
my $action = 'myaccount'; # sensible default
-if ( $cgi->param('action') =~ /^(\w+)$/ ) {
+
+if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) {
+ $action = 'process_forgot_password_session';
+ $session_id = $1;
+} elsif ( $cgi->param('action') =~ /^(\w+)$/ ) {
if (grep {$_ eq $1} @actions) {
$action = $1;
} else {
if (grep {$_ eq $1} @actions) {
$action = $1;
} else {
@@
-101,8
+106,6
@@
if ( $cgi->param('action') =~ /^(\w+)$/ ) {
}
}
}
}
-warn $action;
-
unless ( $nologin_actions{$action} ) {
my %cookies = CGI::Cookie->fetch;
unless ( $nologin_actions{$action} ) {
my %cookies = CGI::Cookie->fetch;
@@
-126,7
+129,15
@@
unless ( $nologin_actions{$action} ) {
'email' => $email,
'password' => $password
);
'email' => $email,
'password' => $password
);
- $session_id = $login_rv->{'session_id'};
+
+ if ( $login_rv->{'error'} ) {
+ my $ip = $cgi->remote_addr();
+ warn("login failure [email $email] [ip $ip] [error $login_rv->{error}]");
+ } else {
+ #successful login
+ }
+
+ $session_id = $login_rv->{'session_id'};
} else {
} else {
@@
-183,9
+194,6
@@
unless ( $nologin_actions{$action} ) {
} # else there is no session cookie
if ( !$session_id ) {
} # else there is no session cookie
if ( !$session_id ) {
- # XXX why are we getting agentnum from a CGI param? surely it should
- # be some kind of configuration option.
- #
# show the login page
$session_id = 'login'; # set state
my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) );
# show the login page
$session_id = 'login'; # set state
my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) );
@@
-210,7
+218,7
@@
if ( $result->{error} && ( $result->{error} eq "Can't resume session"
|| $result->{error} eq "Expired session") ) { #ick
$session_id = 'login';
|| $result->{error} eq "Expired session") ) { #ick
$session_id = 'login';
- my $login_info = login_info();
+ my $login_info = login_info(
'agentnum' => scalar($cgi->param('agentnum'))
);
do_template('login', $login_info);
exit;
}
do_template('login', $login_info);
exit;
}
@@
-311,6
+319,7
@@
sub process_change_pay {
'error' => '<FONT COLOR="#FF0000">Postal or email required.</FONT>',
};
}
'error' => '<FONT COLOR="#FF0000">Postal or email required.</FONT>',
};
}
+
_process_change_info( 'change_pay', @list );
}
_process_change_info( 'change_pay', @list );
}
@@
-632,7
+641,10
@@
sub payment_results {
my $auto = 0;
$auto = 1 if $cgi->param('auto');
my $auto = 0;
$auto = 1 if $cgi->param('auto');
- $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch";
+ $cgi->param('payunique') =~ /^([\w\-\.]*)$/ or die "illegal payunique";
+ my $payunique = $1;
+
+ $cgi->param('paybatch') =~ /^([\w\-\.]*)$/ or die "illegal paybatch";
my $paybatch = $1;
$cgi->param('discount_term') =~ /^(\d*)$/ or die "illegal discount_term";
my $paybatch = $1;
$cgi->param('discount_term') =~ /^(\d*)$/ or die "illegal discount_term";
@@
-656,6
+668,7
@@
sub payment_results {
'country' => $country,
'save' => $save,
'auto' => $auto,
'country' => $country,
'save' => $save,
'auto' => $auto,
+ 'payunique' => $payunique,
'paybatch' => $paybatch,
'discount_term' => $discount_term,
);
'paybatch' => $paybatch,
'discount_term' => $discount_term,
);
@@
-928,11
+941,17
@@
sub delete_svc {
}
sub view_usage {
}
sub view_usage {
- list_svcs(
+
my $res =
list_svcs(
'session_id' => $session_id,
'svcdb' => [ 'svc_acct', 'svc_phone', 'svc_port', ],
'ncancelled' => 1,
);
'session_id' => $session_id,
'svcdb' => [ 'svc_acct', 'svc_phone', 'svc_port', ],
'ncancelled' => 1,
);
+ if ($res->{hide_usage}) {
+ $action = 'myaccount';
+ return myaccount();
+ } else {
+ return $res;
+ }
}
sub real_port_graph {
}
sub real_port_graph {
@@
-1037,6
+1056,12
@@
sub process_forgot_password {
);
}
);
}
+sub process_forgot_password_session {
+ check_reset_passwd(
+ 'session_id' => $session_id,
+ );
+}
+
sub do_process_forgot_password {
process_reset_passwd(
map { $_ => scalar($cgi->param($_)) }
sub do_process_forgot_password {
process_reset_passwd(
map { $_ => scalar($cgi->param($_)) }
@@
-1061,7
+1086,7
@@
sub do_template {
$fill_in->{$_} = $access_info->{$_} foreach keys %$access_info;
# update the user's authentication
$fill_in->{$_} = $access_info->{$_} foreach keys %$access_info;
# update the user's authentication
- my $timeout = $access_info->{'timeout'} || '
6
0';
+ my $timeout = $access_info->{'timeout'} || '
360
0';
my $cookie = CGI::Cookie->new('-name' => 'session',
'-value' => $session_id,
'-expires' => '+'.$timeout.'s',
my $cookie = CGI::Cookie->new('-name' => 'session',
'-value' => $session_id,
'-expires' => '+'.$timeout.'s',