-$cgi->param('payname') =~ /^([\w \,\.\-\']+)$/
- or eidiot gettext('illegal_name'). " payname: ". $cgi->param('payname');
-my $payname = $1;
-
-$cgi->param('paybatch') =~ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=]*)$/
- or eidiot gettext('illegal_text'). " paybatch: ". $cgi->param('paybatch');
-my $paybatch = $1;
-
-my $payinfo;
-my $paycvv = '';
-if ( $payby eq 'CHEK' ) {
-
- $cgi->param('payinfo1') =~ /^(\d+)$/
- or eidiot "illegal account number ". $cgi->param('payinfo1');
- my $payinfo1 = $1;
- $cgi->param('payinfo2') =~ /^(\d+)$/
- or eidiot "illegal ABA/routing number ". $cgi->param('payinfo2');
- my $payinfo2 = $1;
- $payinfo = $payinfo1. '@'. $payinfo2;
-
-} elsif ( $payby eq 'CARD' ) {
-
- $payinfo = $cgi->param('payinfo');
- $payinfo =~ s/\D//g;
- $payinfo =~ /^(\d{13,16})$/
- or eidiot gettext('invalid_card'); # . ": ". $self->payinfo;
- $payinfo = $1;
- validate($payinfo)
- or eidiot gettext('invalid_card'); # . ": ". $self->payinfo;
- eidiot gettext('unknown_card_type')
- if cardtype($payinfo) eq "Unknown";
-
- if ( defined $cust_main->dbdef_table->column('paycvv') ) {
+$cgi->param('payunique') =~ /^([\w \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=]*)$/
+ or errorpage(gettext('illegal_text'). " payunique: ". $cgi->param('payunique'));
+my $payunique = $1;
+
+$cgi->param('balance') =~ /^\s*(\-?\s*\d*(\.\d\d)?)\s*$/
+ or errorpage("illegal balance");
+my $balance = $1;
+
+$cgi->param('discount_term') =~ /^(\d*)$/
+ or errorpage("illegal discount_term");
+my $discount_term = $1;
+
+my( $payinfo, $paycvv, $month, $year, $payname );
+my $paymask = '';
+if ( (my $custpaybynum = scalar($cgi->param('custpaybynum'))) > 0 ) {
+
+ ##
+ # use stored cust_payby info
+ ##
+
+ my $cust_payby = qsearchs('cust_payby', { custnum => $custnum,
+ custpaybynum => $custpaybynum, } )
+ or die "unknown custpaybynum $custpaybynum";
+
+ $payinfo = $cust_payby->payinfo;
+ $paymask = $cust_payby->paymask;
+ $paycvv = '';
+ ( $month, $year ) = $cust_payby->paydate_mon_year;
+ $payname = $cust_payby->payname;
+
+} else {
+
+ ##
+ # use new info
+ ##
+
+ $cgi->param('year') =~ /^(\d+)$/
+ or errorpage("illegal year ". $cgi->param('year'));
+ $year = $1;
+
+ $cgi->param('month') =~ /^(\d+)$/
+ or errorpage("illegal month ". $cgi->param('month'));
+ $month = $1;
+
+ $cgi->param('payname') =~ /^([\w \,\.\-\']+)$/
+ or errorpage(gettext('illegal_name'). " payname: ". $cgi->param('payname'));
+ $payname = $1;
+
+ if ( $payby eq 'CHEK' ) {
+
+ $cgi->param('payinfo1') =~ /^(\d+)$/
+ or errorpage("Illegal account number ". $cgi->param('payinfo1'));
+ my $payinfo1 = $1;
+ $cgi->param('payinfo2') =~ /^(\d+)$/
+ or errorpage("Illegal ABA/routing number ". $cgi->param('payinfo2'));
+ my $payinfo2 = $1;
+ if ( $conf->config('echeck-country') eq 'CA' ) {
+ $cgi->param('payinfo3') =~ /^(\d{5})$/
+ or errorpage("Illegal branch number ". $cgi->param('payinfo2'));
+ $payinfo2 = "$1.$payinfo2";
+ }
+ $payinfo = $payinfo1. '@'. $payinfo2;
+
+ } elsif ( $payby eq 'CARD' ) {
+
+ $payinfo = $cgi->param('payinfo');
+
+ $payinfo =~ s/\D//g;
+ $payinfo =~ /^(\d{13,16}|\d{8,9})$/
+ or errorpage(gettext('invalid_card'));
+ $payinfo = $1;
+ validate($payinfo)
+ or errorpage(gettext('invalid_card'));
+
+ unless ( $payinfo =~ /^99\d{14}$/ ) { #token
+
+ my $cardtype = cardtype($payinfo);
+
+ errorpage(gettext('unknown_card_type'))
+ if $cardtype eq "Unknown";
+
+ my %bop_card_types = map { $_=>1 } values %{ card_types() };
+ errorpage("$cardtype not accepted") unless $bop_card_types{$cardtype};
+
+ }
+