-my $payinfo;
-my $paymask; # override only used by loaded cust payinfo, only implemented for realtime processing
-my $paycvv = '';
-my $loaded_cust_payby;
-if ( $payby eq 'CHEK' ) {
-
- if ($cgi->param('payinfo1') =~ /xx/i || $cgi->param('payinfo2') =~ /xx/i ) {
-
- my $search_paymask = $cgi->param('payinfo1') . '@' . $cgi->param('payinfo2');
- $search_paymask .= '.' . $cgi->param('payinfo3')
- if $conf->config('echeck-country') eq 'CA';
-
- #paymask might not be saved in database, need to run paymask method for any potential match
- foreach my $search_cust_payby ($cust_main->cust_payby('CHEK','DCHK')) {
- if ($search_paymask eq $search_cust_payby->paymask) {
- # if there are multiple matches, assume for now that it's the first one returned,
- # since that's what auto-fills; it's unlikely a masked number would be entered by hand,
- # but it's very likely users will just click-through what's been auto-filled
- $loaded_cust_payby = $search_cust_payby;
- last;
- }
- }
- errorpage("Masked payinfo not found") unless $loaded_cust_payby;
- $payinfo = $loaded_cust_payby->payinfo;
- $paymask = $loaded_cust_payby->paymask;
+$cgi->param('discount_term') =~ /^(\d*)$/
+ or errorpage("illegal discount_term");
+my $discount_term = $1;
+
+my( $cust_payby, $payinfo, $paycvv, $month, $year, $payname );
+my $paymask = '';
+if ( (my $custpaybynum = scalar($cgi->param('custpaybynum'))) > 0 ) {
+
+ ##
+ # use stored cust_payby info
+ ##
+
+ $cust_payby = qsearchs('cust_payby', { custnum => $custnum,
+ custpaybynum => $custpaybynum, } )
+ or die "unknown custpaybynum $custpaybynum";
+
+ # not needed for realtime_bop, but still needed for batch_card
+ $payinfo = $cust_payby->payinfo;
+ $paymask = $cust_payby->paymask;
+ $paycvv = $cust_payby->paycvv; # pass it if we got it, running a transaction will clear it
+ ( $month, $year ) = $cust_payby->paydate_mon_year;
+ $payname = $cust_payby->payname;
+
+} else {
+
+ ##
+ # use new info
+ ##
+
+ $cgi->param('year') =~ /^(\d+)$/
+ or errorpage("illegal year ". $cgi->param('year'));
+ $year = $1;
+
+ $cgi->param('month') =~ /^(\d+)$/
+ or errorpage("illegal month ". $cgi->param('month'));
+ $month = $1;
+
+ $cgi->param('payname') =~ /^([\w \,\.\-\']+)$/
+ or errorpage(gettext('illegal_name'). " payname: ". $cgi->param('payname'));
+ $payname = $1;
+
+ if ( $payby eq 'CHEK' ) {