-<%
-#<!-- $Id: cust_pkg.cgi,v 1.2 2001-08-21 02:31:56 ivan Exp $ -->
+% if ($error) {
+% $cgi->param('error', $error);
+% $cgi->redirect(popurl(3). 'edit/cust_pkg.cgi?'. $cgi->query_string );
+% } else {
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
+% }
+<%init>
-use strict;
-use vars qw( $cgi $custnum @remove_pkgnums @pkgparts $pkgpart $error );
-use CGI;
-use CGI::Carp qw(fatalsToBrowser);
-use FS::UID qw(cgisuidsetup);
-use FS::CGI qw(popurl);
-use FS::cust_pkg;
+my $curuser = $FS::CurrentUser::CurrentUser;
-$cgi = new CGI; # create form object
-&cgisuidsetup($cgi);
-$error = '';
+die "access denied"
+ unless $curuser->access_right('Bulk change customer packages');
+
+my $error = '';
#untaint custnum
$cgi->param('custnum') =~ /^(\d+)$/;
-$custnum = $1;
+my $custnum = $1;
-@remove_pkgnums = map {
+my @remove_pkgnums = map {
/^(\d+)$/ or die "Illegal remove_pkg value!";
$1;
} $cgi->param('remove_pkg');
-foreach $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
+my( $action, $error_redirect ) = ( '', '' );
+my @pkgparts = ();
+
+foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
my $num_pkgs = $1;
while ( $num_pkgs-- ) {
$error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums);
-if ($error) {
- $cgi->param('error', $error);
- print $cgi->redirect(popurl(2). "cust_pkg.cgi?". $cgi->query_string );
-} else {
- print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-}
-
-%>
+</%init>