$cgi = new CGI;
unless ( defined $cgi->param('session') ) {
- my $login_info = login_info();
+ my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) );
do_template('login', $login_info );
exit;
'password' => $password,
);
if ( $rv->{error} ) {
- my $login_info = login_info();
+ my $login_info = login_info( 'agentnum' => $cgi->param('agentnum') );
do_template('login', {
'error' => $rv->{error},
'username' => $username,
my $amount = $1;
my $payinfo1 = $cgi->param('payinfo1');
- $payinfo1=~ /^(\d+)$/
+ $payinfo1 =~ s/[^\dx]//g;
+ $payinfo1 =~ /^([\dx]+)$/
or die "illegal account"; #!!!
- $payinfo1= $1;
+ $payinfo1 = $1;
my $payinfo2 = $cgi->param('payinfo2');
- $payinfo2=~ /^(\d+)$/
+ $payinfo2 =~ s/[^\dx]//g;
+ $payinfo2 =~ /^([\dx]+)$/
or die "illegal ABA/routing code"; #!!!
- $payinfo2= $1;
+ $payinfo2 = $1;
$cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname";
my $payname = $1;