don't redirect to a GET with sensitive data, RT#26099

[freeside.git] / httemplate / view / svc_acct / basics.html
diff --git a/httemplate/view/svc_acct/basics.html b/httemplate/view/svc_acct/basics.html

index a253e3b..a786bb2 100644 (file)
--- a/httemplate/view/svc_acct/basics.html
+++ b/httemplate/view/svc_acct/basics.html
@@ -1,6 +1,9 @@
  <% &ntable("#cccccc") %><TR><TD><% &ntable("#cccccc",2) %>
  
  <& /view/elements/tr.html, label=>mt('Service'),  value=>$part_svc->svc &>
+% if ( $opt{cust_svc}->agent_svcid ) {
+  <& /view/elements/tr.html, label=>mt('Legacy ID'),  value=>$opt{cust_svc}->agent_svcid &>
+% }
  <& /view/elements/tr.html, label=>mt('Username'), value=>$svc_acct->username &>
  <& /view/elements/tr.html, label=>mt('Domain'),   value=>$domain &>
  
@@ -17,7 +20,7 @@
  % if ( $password =~ /^\*\w+\* (.*)$/ ) {
  %   $password = $1;
  %   $show_pw .= '<I>('. mt('login disabled') .')</I> ';
-% } 
+% }
  % if ( ! $password
  %      && $svc_acct->_password_encryption ne 'plain'
  %      && $svc_acct->_password
@@ -25,13 +28,27 @@
  % {
  %   $show_pw .= '<I>('. uc($svc_acct->_password_encryption). ' '.mt('encrypted').')</I>';
  % } elsif ( $conf->exists('showpasswords') ) { 
-%   $show_pw .= '<PRE>'. encode_entities($password). '</PRE>';
+%   $show_pw .= '<SPAN >'. encode_entities($password). '</PRE>';
  % } else { 
+%   $password = '';
  %   $show_pw .= '<I>('. mt('hidden') .')</I>';
-% } 
-% $password = ''; 
-<& /view/elements/tr.html, label=>mt('Password'), value=>$show_pw &>
-
+% }
+<TR>
+  <TD ALIGN="right"><% mt('Password') %></TD>
+  <TD STYLE="background-color: #ffffff; white-space: nowrap">
+  <% $show_pw %>
+% my $curuser = $FS::CurrentUser::CurrentUser;
+% if ( $curuser->access_right('Provision customer service') or
+%     ($curuser->access_right('Edit password') and
+%      ! $part_svc->restrict_edit_password) )
+% {
+  <& /elements/change_password.html,
+      'svc_acct'    => $svc_acct,
+      'curr_value'  => $password,
+  &>
+% }
+  </TD>
+</TR>
  
  % if ( $conf->exists('security_phrase') ) {
    <& /view/elements/tr.html, label=>mt('Security phrase'), value=>$svc_acct->sec_phrase &>
@@ -42,6 +59,17 @@
      <& /view/elements/tr.html, label=>mt('Access number'), value=>$svc_acct_pop->text &>
  % } 
  
+% if ( $svc_acct->sectornum && $conf->exists('svc_acct-tower_sector') ) {
+%   my $tower_sector = $svc_acct->tower_sector;
+%   my $link = $tower_sector->ip_addr
+%                ? '<A HREF="http://'. $tower_sector->ip_addr. '">'
+%                : '';
+    <& /view/elements/tr.html,
+        label => mt('Tower sector'),
+        value => $link. $tower_sector->description. ($link ? '</A>' : ''),
+    &>
+% }
+
  % if ($svc_acct->uid ne '') { 
    <& /view/elements/tr.html, label=>mt('UID'), value=>$svc_acct->uid &>
  % } 
@@ -77,7 +105,10 @@
         label=>mt('IP address'),
         value=> ( $svc_acct->slipip eq "0.0.0.0" || $svc_acct->slipip eq '0e0' )
                   ? "<I>(".mt('Dynamic').")</I>"
-                 : $svc_acct->slipip
+                 : $svc_acct->slipip. ' '.
+                   include('/elements/popup_link-ping.html',
+                             'ip'=>$svc_acct->slipip,
+                          )
    &>
  % }