-<%
-#<!-- $Id: quick-cust_pkg.cgi,v 1.1 2001-09-04 14:44:07 ivan Exp $ -->
+%if ($error) {
+% $cgi->param('error', $error);
+<% $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ) %>
+%} else {
+% my $frag = "cust_pkg". $cust_pkg[0]->pkgnum;
+<% header('Package ordered') %>
+ <SCRIPT TYPE="text/javascript">
+ // XXX fancy ajax rebuild table at some point, but a page reload will do for now
-use strict;
-use vars qw( $cgi $custnum $pkgpart $error ); #@remove_pkgnums @pkgparts
-use CGI;
-use CGI::Carp qw(fatalsToBrowser);
-use FS::UID qw(cgisuidsetup);
-use FS::CGI qw(popurl);
-use FS::cust_pkg;
+ // XXX chop off trailing #target and replace... ?
+ window.top.location = '<% popurl(3). "view/cust_main.cgi?keywords=$custnum;fragment=$frag#$frag" %>';
-$cgi = new CGI; # create form object
-&cgisuidsetup($cgi);
-$error = '';
+ </SCRIPT>
+
+ </BODY></HTML>
+%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Order customer package');
#untaint custnum
$cgi->param('custnum') =~ /^(\d+)$/
or die 'illegal custnum '. $cgi->param('custnum');
-$custnum = $1;
+my $custnum = $1;
$cgi->param('pkgpart') =~ /^(\d+)$/
or die 'illegal pkgpart '. $cgi->param('pkgpart');
-$pkgpart = $1;
+my $pkgpart = $1;
my @cust_pkg = ();
-$error ||= FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, );
-
-if ($error) {
- eidiot($error);
-} else {
- print $cgi->redirect(popurl(3). "view/cust_pkg.cgi?". $cust_pkg[0]->pkgnum );
-}
-
-%>
+my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] );
+</%init>