X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=10a489f3604afe4befdf5417b1050ed9fe903b52;hb=6e6db2d85947d7d1355e6a863d3a73af76467566;hp=ed6d623d9d1915032a50ad9c586aa61a311b0cdf;hpb=7d5f7731cd62642051cfa8915924eda1f70a267d;p=freeside.git diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index ed6d623d9..10a489f36 100644 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -1,4 +1,3 @@ -#!/usr/bin/perl -T #!/usr/bin/perl -Tw use strict; @@ -8,13 +7,15 @@ use CGI; use CGI::Carp qw(fatalsToBrowser); use Text::Template; use HTML::Entities; +use Date::Format; +use Number::Format; use FS::SelfService qw( login customer_info invoice payment_info process_payment process_prepay - list_pkgs + list_pkgs order_pkg signup_info order_recharge part_svc_info provision_acct provision_external - unprovision_svc - list_svcs myaccount_passwd + unprovision_svc change_pkg + list_svcs list_svc_usage myaccount_passwd ); $template_dir = '.'; @@ -66,7 +67,7 @@ $session_id = $cgi->param('session'); #order|pw_list XXX ??? $cgi->param('action') =~ - /^(myaccount|view_invoice|make_payment|payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc|change_password|process_change_password)$/ + /^(myaccount|view_invoice|make_payment|make_ach_payment|payment_results|ach_payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|customer_order_pkg|process_order_pkg|customer_change_pkg|process_change_pkg|process_order_recharge|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc|view_usage|view_usage_details|change_password|process_change_password)$/ or die "unknown action ". $cgi->param('action'); my $action = $1; @@ -76,7 +77,9 @@ $FS::SelfService::DEBUG = $DEBUG; my $result = eval "&$action();"; die $@ if $@; -if ( $result->{error} eq "Can't resume session" ) { #ick +if ( $result->{error} eq "Can't resume session" + || $result->{error} eq "Expired session" ) { #ick + do_template('login',{}); exit; } @@ -107,6 +110,127 @@ sub view_invoice { } +sub customer_order_pkg { + my $init_data = signup_info( 'customer_session_id' => $session_id ); + return $init_data if ( $init_data->{'error'} ); + + my $customer_info = customer_info( 'session_id' => $session_id ); + return $customer_info if ( $customer_info->{'error'} ); + + return { + ( map { $_ => $init_data->{$_} } + qw( part_pkg security_phrase svc_acct_pop ), + ), + %$customer_info, + }; +} + +sub customer_change_pkg { + my $init_data = signup_info( 'customer_session_id' => $session_id ); + return $init_data if ( $init_data->{'error'} ); + + my $customer_info = customer_info( 'session_id' => $session_id ); + return $customer_info if ( $customer_info->{'error'} ); + + return { + ( map { $_ => $init_data->{$_} } + qw( part_pkg security_phrase svc_acct_pop ), + ), + ( map { $_ => $cgi->param($_) } + qw( pkgnum pkg ) + ), + %$customer_info, + }; +} + +sub process_order_pkg { + + my $results = ''; + + unless ( length($cgi->param('_password')) ) { + my $init_data = signup_info( 'customer_session_id' => $session_id ); + $results = { 'error' => $init_data->{msgcat}{empty_password} }; + $results = { 'error' => $init_data->{error} } if($init_data->{error}); + } + if ( $cgi->param('_password') ne $cgi->param('_password2') ) { + my $init_data = signup_info( 'customer_session_id' => $session_id ); + $results = { 'error' => $init_data->{msgcat}{passwords_dont_match} }; + $results = { 'error' => $init_data->{error} } if($init_data->{error}); + $cgi->param('_password', ''); + $cgi->param('_password2', ''); + } + + $results ||= order_pkg ( + 'session_id' => $session_id, + map { $_ => $cgi->param($_) } + qw( custnum pkgpart username _password _password2 sec_phrase popnum ) + ); + + + if ( $results->{'error'} ) { + $action = 'customer_order_pkg'; + return { + $cgi->Vars, + %{customer_order_pkg()}, + 'error' => ''. $results->{'error'}. '', + }; + } else { + return $results; + } + +} + +sub process_change_pkg { + + my $results = ''; + + $results ||= change_pkg ( + 'session_id' => $session_id, + map { $_ => $cgi->param($_) } + qw( pkgpart pkgnum ) + ); + + + if ( $results->{'error'} ) { + $action = 'customer_change_pkg'; + return { + $cgi->Vars, + %{customer_change_pkg()}, + 'error' => ''. $results->{'error'}. '', + }; + } else { + return $results; + } + +} + +sub process_order_recharge { + + my $results = ''; + + $results ||= order_recharge ( + 'session_id' => $session_id, + map { $_ => $cgi->param($_) } + qw( svcnum ) + ); + + + if ( $results->{'error'} ) { + $action = 'view_usage'; + if ($results->{'error'} eq '_decline') { + $results->{'error'} = "There has been an error processing your account. Please contact customer support." + } + return { + $cgi->Vars, + %{view_usage()}, + 'error' => ''. $results->{'error'}. '', + }; + } else { + return $results; + } + +} + sub make_payment { payment_info( 'session_id' => $session_id ); } @@ -115,6 +239,10 @@ sub payment_results { use Business::CreditCard; + #we should only do basic checking here for DoS attacks and things + #that couldn't be constructed by the web form... let process_payment() do + #the rest, it gives better error messages + $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ or die "illegal amount"; #!!! my $amount = $1; @@ -135,6 +263,9 @@ sub payment_results { or die "not a ". $cgi->param('card_type'); } + $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; + my $paycvv = $1; + $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month"; my $month = $1; $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year"; @@ -169,8 +300,10 @@ sub payment_results { process_payment( 'session_id' => $session_id, + 'payby' => 'CARD', 'amount' => $amount, 'payinfo' => $payinfo, + 'paycvv' => $paycvv, 'month' => $month, 'year' => $year, 'payname' => $payname, @@ -186,6 +319,78 @@ sub payment_results { } +sub make_ach_payment { + payment_info( 'session_id' => $session_id ); +} + +sub ach_payment_results { + + #we should only do basic checking here for DoS attacks and things + #that couldn't be constructed by the web form... let process_payment() do + #the rest, it gives better error messages + + $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ + or die "illegal amount"; #!!! + my $amount = $1; + + my $payinfo1 = $cgi->param('payinfo1'); + $payinfo1=~ /^(\d+)$/ + or die "illegal account"; #!!! + $payinfo1= $1; + + my $payinfo2 = $cgi->param('payinfo2'); + $payinfo2=~ /^(\d+)$/ + or die "illegal ABA/routing code"; #!!! + $payinfo2= $1; + + $cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname"; + my $payname = $1; + + $cgi->param('paystate') =~ /^(.{0,2})$/ or die "illegal paystate"; + my $paystate = $1; + + $cgi->param('paytype') =~ /^(.{0,80})$/ or die "illegal paytype"; + my $paytype = $1; + + $cgi->param('ss') =~ /^(.{0,80})$/ or die "illegal ss"; + my $ss = $1; + + $cgi->param('stateid') =~ /^(.{0,80})$/ or die "illegal stateid"; + my $stateid = $1; + + $cgi->param('stateid_state') =~ /^(.{0,2})$/ or die "illegal stateid_state"; + my $stateid_state = $1; + + my $save = 0; + $save = 1 if $cgi->param('save'); + + my $auto = 0; + $auto = 1 if $cgi->param('auto'); + + $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch"; + my $paybatch = $1; + + process_payment( + 'session_id' => $session_id, + 'payby' => 'CHEK', + 'amount' => $amount, + 'payinfo1' => $payinfo1, + 'payinfo2' => $payinfo2, + 'month' => '12', + 'year' => '2037', + 'payname' => $payname, + 'paytype' => $paytype, + 'paystate' => $paystate, + 'ss' => $ss, + 'stateid' => $stateid, + 'stateid_state' => $stateid_state, + 'save' => $save, + 'auto' => $auto, + 'paybatch' => $paybatch, + ); + +} + sub recharge_prepay { customer_info( 'session_id' => $session_id ); } @@ -268,6 +473,23 @@ sub delete_svc { ); } +sub view_usage { + list_svcs( + 'session_id' => $session_id, + 'svcdb' => 'svc_acct', + 'ncancelled' => 1, + ); +} + +sub view_usage_details { + list_svc_usage( + 'session_id' => $session_id, + 'svcnum' => $cgi->param('svcnum'), + 'beginning' => $cgi->param('beginning') || '', + 'ending' => $cgi->param('ending') || '', + ); +} + sub change_password { list_svcs( 'session_id' => $session_id,