X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=4e21ad8df944e7ce4cabac8110943cb949c4866b;hb=98ea15536afc6896cce08a41b877d6cb52444d14;hp=f62f1a5ccc28fd6deddda0c95a41f4db549ce3ae;hpb=2cefad7f1ba75c13574f9bce5e5d8211c301c995;p=freeside.git

diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index f62f1a5cc..4e21ad8df 100755
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -124,7 +124,15 @@ unless ( $nologin_actions{$action} ) {
           'email'    => $email,
           'password' => $password
         );
-        $session_id = $login_rv->{'session_id'};
+
+	if ( $login_rv->{'error'} ) {
+	  my $ip = $cgi->remote_addr();
+	  warn("login failure [email $email] [ip $ip] [error $login_rv->{error}]");
+	} else {
+	  #successful login
+	}
+
+	$session_id = $login_rv->{'session_id'};
 
       } else {
 
@@ -181,9 +189,6 @@ unless ( $nologin_actions{$action} ) {
   } # else there is no session cookie
 
   if ( !$session_id ) {
-    # XXX why are we getting agentnum from a CGI param? surely it should 
-    # be some kind of configuration option.
-    #
     # show the login page
     $session_id = 'login'; # set state
     my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) );
@@ -208,7 +213,7 @@ if ( $result->{error} && ( $result->{error} eq "Can't resume session"
   || $result->{error} eq "Expired session") ) { #ick
 
   $session_id = 'login';
-  my $login_info = login_info();
+  my $login_info = login_info( 'agentnum' => scalar($cgi->param('agentnum')) );
   do_template('login', $login_info);
   exit;
 }
@@ -309,6 +314,7 @@ sub process_change_pay {
             'error' => '<FONT COLOR="#FF0000">Postal or email required.</FONT>',
           };
         }
+
         _process_change_info( 'change_pay', @list );
 }
 
@@ -630,7 +636,10 @@ sub payment_results {
   my $auto = 0;
   $auto = 1 if $cgi->param('auto');
 
-  $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch";
+  $cgi->param('payunique') =~ /^([\w\-\.]*)$/ or die "illegal payunique";
+  my $payunique = $1;
+
+  $cgi->param('paybatch') =~ /^([\w\-\.]*)$/ or die "illegal paybatch";
   my $paybatch = $1;
 
   $cgi->param('discount_term') =~ /^(\d*)$/ or die "illegal discount_term";
@@ -654,6 +663,7 @@ sub payment_results {
     'country'    => $country,
     'save'       => $save,
     'auto'       => $auto,
+    'payunique'  => $payunique,
     'paybatch'   => $paybatch,
     'discount_term' => $discount_term,
   );