+% if ( $error ) {
+% if ($svcnum) {
+% $cgi->param('svcnum', $svcnum);
+% $cgi->param("changepw${svcnum}_error", $error);
+% }
+% elsif ($contactnum) {
+% $cgi->param('contactnum', $contactnum);
+% $cgi->param("changepw${contactnum}_error", $error);
+% }
+% $cgi->param('error', $error);
+% } else {
+% if ($svcnum) { $cgi->query_string($svcnum); }
+% elsif ($contactnum) { $cgi->query_string($contactnum); }
+% }
+
+% if (!$popup) {
+% if ($svcnum) {
+ <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
+% }
+% elsif ($contactnum) {
+% my $freeside_status = "Contact ".$contact->{'Hash'}->{'first'}." ".$contact->{'Hash'}->{'last'}." password updated.";
+ <% $cgi->redirect( -uri => popurl(3). "view/cust_main.cgi?". $cgi->param('custnum'),
+ -cookie => CGI::Cookie->new(
+ -name => 'freeside_status',
+ -value => mt($freeside_status),
+ -expires => '+5m',
+ ),
+ )
+%>
+% }
+% }
+
+<& /elements/header-popup.html, 'Password Set' &>
+<SCRIPT TYPE="text/javascript">
+ topreload();
+ parent.cClick();
+</SCRIPT>
+
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" unless $curuser->access_right('Edit password');
+my $contact;
-$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum";
+$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum');
my $svcnum = $1;
-my $svc_acct = FS::svc_acct->by_key($svcnum)
- or die "svc_acct $svcnum not found";
-my $error = $svc_acct->set_password($cgi->param('password'))
- || $svc_acct->replace;
-
-# annoyingly specific to view/svc_acct.cgi, for now...
-$cgi->delete('password');
-</%init>
-% if ( $error ) {
-% $cgi->param('svcnum', $svcnum);
-% $cgi->param("changepw${svcnum}_error", $error);
-% } else {
-% $cgi->query_string($svcnum);
-% }
-<% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
+
+foreach my $prefix (grep /^(.*)(password)$/, $cgi->param) {
+ $cgi->param('password' => $cgi->param($prefix));
+}
+
+$cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum');
+my $contactnum = $1;
+
+my $popup = $cgi->param('popup');
+
+my $newpass = $cgi->param('password');
+
+my $error;
+
+if ($svcnum) {
+ my $svc_acct = FS::svc_acct->by_key($svcnum)
+ or die "svc_acct $svcnum not found";
+ my $part_svc = $svc_acct->part_svc;
+ die "access denied" unless (
+ $curuser->access_right('Provision customer service') or
+ ( $curuser->access_right('Edit password') and
+ ! $part_svc->restrict_edit_password )
+ );
+
+ $error = $svc_acct->is_password_allowed($newpass)
+ || $svc_acct->set_password($newpass)
+ || $svc_acct->replace;
+
+ # annoyingly specific to view/svc_acct.cgi, for now...
+ $cgi->delete('password');
+}
+elsif ($contactnum) {
+ $contact = qsearchs('contact', { 'contactnum' => $contactnum } )
+ or return { 'error' => "Contact not found" . $contactnum };
+
+ $error = $contact->is_password_allowed($newpass)
+ || $contact->change_password($newpass);
+
+ # annoyingly specific to view/svc_acct.cgi, for now...
+ #$cgi->delete('password');
+}
+
+</%init>
\ No newline at end of file