-%
-%
-%#untaint method
-%my $method = $cgi->param('method');
-%$method =~ /^(cancel|expire|suspend)$/ || die "Illegal method";
-%$method = $1;
-
-%#untaint pkgnum
-%my $pkgnum = $cgi->param('pkgnum');
-%$pkgnum =~ /^(\d+)$/ || die "Illegal pkgnum";
-%$pkgnum = $1;
-%
-%#untaint reasonnum
-%my $reasonnum = $cgi->param('reasonnum');
-%$reasonnum =~ /^(-?\d+)$/ || die "Illegal reasonnum";
-%$reasonnum = $1;
-%
-%my $date = time;
-%if ($method eq 'expire'){
-% #untaint date
-% $date = $cgi->param('date');
-% str2time($cgi->param('date')) =~ /^(\d+)$/ || die "Illegal date";
-% $date = $1;
-%}
-%
-%my $cust_pkg = qsearchs( 'cust_pkg', {'pkgnum'=>$pkgnum} );
-%
-%
-%my $oldAutoCommit = $FS::UID::AutoCommit;
-%local $FS::UID::AutoCommit = 0;
-%my $dbh = dbh;
-%
-%my $otaker = $FS::CurrentUser::CurrentUser->name;
-%$otaker = $FS::CurrentUser::CurrentUser->username
-% if ($otaker eq "User, Legacy");
-%
-%my $error;
-%if ($reasonnum == -1) {
-% #untaint new reason
-% my $nr = $cgi->param('newreasonnum');
-% $nr =~ /^([\w\s]+)$/ || die "Illegal new reason";
-% $nr = $1;
-%
-% #untaint new reason type
-% my $nrtype = $cgi->param('newreasonnumT');
-% $nrtype =~ /^(\d+)$/ || die "Illegal new reason type";
-% $nrtype = $1;
-%
-% my $reason = new FS::reason({ 'reason_type' => $nrtype,
-% 'reason' => $nr,
-% });
-% $error = $reason->insert;
-% $reasonnum = $reason->reasonnum
-% unless $error;
-%}
-%
-%unless ($error) {
-% my $cust_pkg_reason = new FS::cust_pkg_reason({ 'pkgnum' => $pkgnum,
-% 'reasonnum' => $reasonnum,
-% 'otaker' => $otaker,
-% 'date' => $date,
-% });
-% $error = $cust_pkg_reason->insert;
-%}
-%
-%unless ($error) {
-% if ($method eq 'expire'){
-% my %hash = $cust_pkg->hash;
-% $hash{'expire'}=$date;
-% my $new = new FS::cust_pkg (\%hash);
-% $error = $new->replace($cust_pkg);
-% }else{
-% $error = $cust_pkg->$method
-% }
-%}
-%
-%if ($error) {
-% $cgi->param('error', $error);
-% $dbh->rollback if $oldAutoCommit;
-% print $cgi->redirect(popurl(2). "cancel_pkg.html?". $cgi->query_string );
-%}
-%
-%$dbh->commit or die $dbh->errstr if $oldAutoCommit;
-%
-% my %past = ( 'cancel' => 'cancelled',
-% 'expire' => 'expired',
-% 'suspend' => 'suspended',
-% );
-<% header("Package $past{$method}") %>
+<% header(emt("Package $past{$method}")) %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
- </BODY></HTML>
+ </BODY>
+</HTML>
+<%once>
+
+my %past = ( 'cancel' => 'cancelled',
+ 'expire' => 'expired',
+ 'suspend' => 'suspended',
+ 'adjourn' => 'adjourned',
+ );
+
+#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html
+my %right = ( 'cancel' => 'Cancel customer package immediately',
+ 'expire' => 'Cancel customer package later',
+ 'suspend' => 'Suspend customer package',
+ 'adjourn' => 'Suspend customer package later',
+ );
+
+</%once>
+<%init>
+
+#untaint method
+my $method = $cgi->param('method');
+$method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method";
+$method = $1;
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right($right{$method});
+
+#untaint pkgnum
+my $pkgnum = $cgi->param('pkgnum');
+$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum";
+$pkgnum = $1;
+
+#untaint reasonnum
+my $reasonnum = $cgi->param('reasonnum');
+$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum";
+$reasonnum = $1;
+
+my $date = time;
+if ($method eq 'expire' || $method eq 'adjourn'){
+ #untaint date
+ $date = $cgi->param('date');
+ parse_datetime($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date";
+ $date = $1;
+ $method = ($method eq 'expire') ? 'cancel' : 'suspend';
+}
+
+my $cust_pkg = qsearchs( 'cust_pkg', {'pkgnum'=>$pkgnum} );
+
+if ($reasonnum == -1) {
+ $reasonnum = {
+ 'typenum' => scalar( $cgi->param('newreasonnumT') ),
+ 'reason' => scalar( $cgi->param('newreasonnum' ) ),
+ };
+}
+
+my $error = $cust_pkg->$method( 'reason' => $reasonnum, 'date' => $date );
+
+if ($error) {
+ $cgi->param('error', $error);
+ print $cgi->redirect(popurl(2). "cancel_pkg.html?". $cgi->query_string );
+}
+</%init>