X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=5cf0fa0a1dbd5e2e9cc65b193ef2e29c4514a28f;hb=refs%2Fheads%2FFREESIDE_4_BRANCH;hp=5c0190f96c43fb39fc85026f657c501961da00c7;hpb=dd03181dde5f641d81b5e50643bbd0f81ca09877;p=freeside.git
diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index 5c0190f96..5cf0fa0a1 100755
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -1,7 +1,7 @@
#!/usr/bin/perl -w
use strict;
-use vars qw($DEBUG $cgi $session_id $form_max $template_dir);
+use vars qw($DEBUG $cgi $session_id $pw_session_id $form_max $template_dir);
use subs qw(do_template);
use CGI;
use CGI::Carp qw(fatalsToBrowser);
@@ -12,10 +12,10 @@ use Date::Format;
use Date::Parse 'str2time';
use Number::Format 1.50;
use FS::SelfService qw(
- access_info login_info login customer_info edit_info invoice
- payment_info process_payment realtime_collect process_prepay
+ access_info login_info login customer_info edit_info insert_payby update_payby
+ invoice payment_info process_payment realtime_collect process_prepay
list_pkgs order_pkg signup_info order_recharge
- part_svc_info provision_acct provision_external provision_phone
+ part_svc_info provision_acct provision_external provision_phone provision_forward
unprovision_svc change_pkg suspend_pkg domainselector
list_svcs list_svc_usage list_cdr_usage list_support_usage
myaccount_passwd list_invoices create_ticket get_ticket did_report
@@ -23,6 +23,8 @@ use FS::SelfService qw(
mason_comp port_graph
start_thirdparty finish_thirdparty
reset_passwd check_reset_passwd process_reset_passwd
+ validate_passwd
+ billing_history
);
$template_dir = '.';
@@ -57,6 +59,10 @@ my @actions = ( qw(
change_bill
change_ship
change_pay
+ change_creditcard_pay
+ change_check_pay
+ process_change_creditcard_pay
+ process_change_check_pay
process_change_bill
process_change_ship
process_change_pay
@@ -70,6 +76,7 @@ my @actions = ( qw(
process_svc_acct
process_svc_phone
process_svc_external
+ process_svc_forward
delete_svc
view_usage
view_usage_details
@@ -81,6 +88,9 @@ my @actions = ( qw(
process_change_password
customer_suspend_pkg
process_suspend_pkg
+ switch_cust
+ history
+ validate_password
));
my @nologin_actions = (qw(
@@ -88,19 +98,24 @@ my @nologin_actions = (qw(
do_forgot_password
process_forgot_password
do_process_forgot_password
+ process_forgot_password_session
+ validate_password_nologin
));
push @actions, @nologin_actions;
my %nologin_actions = map { $_=>1 } @nologin_actions;
my $action = 'myaccount'; # sensible default
-if ( $cgi->param('action') =~ /^(\w+)$/ ) {
+
+if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) {
+ $action = 'process_forgot_password_session';
+ $pw_session_id = $1;
+} elsif ( $cgi->param('action') =~ /^(\w+)$/ ) {
if (grep {$_ eq $1} @actions) {
$action = $1;
} else {
warn "WARNING: unrecognized action '$1'\n";
}
}
-
unless ( $nologin_actions{$action} ) {
my %cookies = CGI::Cookie->fetch;
@@ -117,21 +132,23 @@ unless ( $nologin_actions{$action} ) {
$cgi->param('password') =~ /^(.{0,$form_max})$/;
my $password = $1;
- if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) {
+ if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\+\@]{1,$form_max})\s*$/i ) {
my $email = $1;
$login_rv = login(
'email' => $email,
'password' => $password
);
+
if ( $login_rv->{'error'} ) {
my $ip = $cgi->remote_addr();
- warn("login failure [email $email] [ip $ip]");
+ warn("login failure [email $email] [ip $ip] [error $login_rv->{error}]");
} else {
#successful login
- $session_id = $login_rv->{'session_id'};
}
+ $session_id = $login_rv->{'session_id'};
+
} else {
$cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i;
@@ -197,6 +214,12 @@ unless ( $nologin_actions{$action} ) {
# at this point $session_id is a real session
+ if ( ! $login_rv->{'custnum'} && ! $login_rv->{'svcnum'} && $login_rv->{'customers'} ) {
+ #select a customer if we're a multi-contact customer
+ do_template('select_cust', { %$login_rv } );
+ exit;
+ }
+
}
warn "calling $action sub\n"
@@ -205,6 +228,7 @@ $FS::SelfService::DEBUG = $DEBUG;
my $result = eval "&$action();";
die $@ if $@;
+use Data::Dumper;
warn Dumper($result) if $DEBUG;
if ( $result->{error} && ( $result->{error} eq "Can't resume session"
@@ -230,24 +254,41 @@ do_template($action, {
#--
-use Data::Dumper;
+sub switch_cust {
+ $action = 'myaccount';
+ FS::SelfService::switch_cust( 'session_id' => $session_id,
+ 'custnum' => scalar($cgi->param('custnum')),
+ );
+}
+
sub myaccount {
customer_info( 'session_id' => $session_id );
}
-sub change_bill { my $payment_info =
- payment_info( 'session_id' => $session_id );
- return $payment_info if ( $payment_info->{'error'} );
- my $customer_info =
- customer_info( 'session_id' => $session_id );
- return {
- %$payment_info,
- %$customer_info,
- };
- }
+sub change_bill {
+ my $payby = shift;
+ my $payment_info;
+ if ($payby) {
+ $payment_info = payment_info( 'session_id' => $session_id, 'payment_payby' => $payby, );
+ }
+ else {
+ $payment_info = payment_info( 'session_id' => $session_id, );
+ }
+
+ return $payment_info if ( $payment_info->{'error'} );
+ my $customer_info =
+ customer_info( 'session_id' => $session_id );
+ return {
+ %$payment_info,
+ %$customer_info,
+ };
+}
sub change_ship { change_bill(@_); }
sub change_pay { change_bill(@_); }
+sub change_creditcard_pay { change_bill('CARD'); }
+sub change_check_pay { change_bill('CHEK'); }
+
sub _process_change_info {
my ($erroraction, @fields) = @_;
@@ -272,6 +313,56 @@ sub _process_change_info {
}
}
+sub _process_change_payby {
+ my ($erroraction, @fields) = @_;
+
+ my $results = '';
+
+ $results ||= update_payby (
+ 'session_id' => $session_id,
+ map { ($_ => $cgi->param($_)) } grep { defined($cgi->param($_)) } @fields,
+ );
+
+
+ if ( $results->{'error'} ) {
+ no strict 'refs';
+ $action = $erroraction;
+ return {
+ $cgi->Vars,
+ %{&$action()},
+ 'error' => ''. $results->{'error'}. '',
+ };
+ } else {
+ return $results;
+ }
+}
+
+sub _process_insert_payby {
+ my ($erroraction, @fields) = @_;
+
+ my $results = '';
+
+ $results ||= insert_payby (
+ 'session_id' => $session_id,
+ map { ($_ => $cgi->param($_)) } grep { defined($cgi->param($_)) } @fields,
+ );
+
+ ## check error
+
+
+ if ( $results->{'error'} ) {
+ no strict 'refs';
+ $action = $erroraction;
+ return {
+ $cgi->Vars,
+ %{&$action()},
+ 'error' => ''. $results->{'error'}. '',
+ };
+ } else {
+ return $results;
+ }
+}
+
sub process_change_bill {
_process_change_info( 'change_bill',
qw( first last company address1 address2 city state
@@ -294,8 +385,9 @@ sub process_change_ship {
sub process_change_pay {
my $postal = $cgi->param( 'postal_invoicing' );
my $payby = $cgi->param( 'payby' );
+ $cgi->param('paydate', $cgi->param('year') . '-' . $cgi->param('month') . '-01');
my @list =
- qw( payby payinfo payinfo1 payinfo2 month year payname
+ qw( payby payinfo payinfo1 payinfo2 month year paydate payname custpaybynum
address1 address2 city county state zip country auto paytype
paystate ss stateid stateid_state invoicing_list
);
@@ -312,7 +404,36 @@ sub process_change_pay {
'error' => 'Postal or email required.',
};
}
- _process_change_info( 'change_pay', @list );
+
+ if (FS::SelfService->can('update_payby')) {
+ if ($cgi->param( 'custpaybynum' )) { _process_change_payby( 'change_pay', @list ); }
+ else { _process_insert_payby( 'change_pay', @list ); }
+ }
+ else { _process_change_info( 'change_pay', @list ); }
+}
+
+sub process_change_creditcard_pay {
+ my $payby = $cgi->param( 'payby' );
+ $cgi->param('paydate', $cgi->param('year') . '-' . $cgi->param('month') . '-01');
+ my @list =
+ qw( payby payinfo payinfo1 payinfo2 paydate payname custpaybynum
+ address1 address2 city county state zip country auto paytype
+ paystate ss stateid stateid_state invoicing_list
+ );
+ if ($cgi->param( 'custpaybynum' )) { _process_change_payby( 'change_creditcard_pay', @list ); }
+ else { _process_insert_payby( 'change_creditcard_pay', @list ); }
+}
+
+sub process_change_check_pay {
+ my $payby = $cgi->param( 'payby' );
+ #$cgi->param('paydate', '2039-12-01');
+ my @list =
+ qw( payby payinfo payinfo1 payinfo2 paydate payname custpaybynum
+ address1 address2 city county state zip country auto paytype
+ paystate ss stateid stateid_state invoicing_list
+ );
+ if ($cgi->param( 'custpaybynum' )) { _process_change_payby( 'change_check_pay', @list ); }
+ else { _process_insert_payby( 'change_check_pay', @list ); }
}
sub view_invoice {
@@ -330,6 +451,10 @@ sub invoices {
list_invoices( 'session_id' => $session_id, );
}
+sub history {
+ billing_history( 'session_id' => $session_id, );
+}
+
sub tktcreate {
my $customer_info = customer_info( 'session_id' => $session_id );
return $customer_info if ( $customer_info->{'error'} );
@@ -552,12 +677,17 @@ sub process_order_recharge {
sub make_payment {
- my $payment_info = payment_info( 'session_id' => $session_id );
+ my $payment_info = payment_info( 'session_id' => $session_id, 'payment_payby' => 'CARD' );
+
+ my $amount =
+ ($payment_info->{'balance'} && ($payment_info->{'balance'} > 0))
+ ? $payment_info->{'balance'}
+ : '';
my $tr_amount_fee = mason_comp(
'session_id' => $session_id,
'comp' => '/elements/tr-amount_fee.html',
- 'args' => [ 'amount' => $payment_info->{'balance'},
+ 'args' => [ 'amount' => $amount,
],
);
@@ -570,40 +700,40 @@ sub make_payment {
sub payment_results {
- use Business::CreditCard 0.30;
+ use Business::CreditCard 0.35;
#we should only do basic checking here for DoS attacks and things
#that couldn't be constructed by the web form... let process_payment() do
#the rest, it gives better error messages
$cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
- or die "Illegal amount: ". $cgi->param('amount'); #!!!
+ or return { 'error' => "Illegal amount: ". $cgi->param('amount') }; #!!!
my $amount = $1;
my $payinfo = $cgi->param('payinfo');
$payinfo =~ s/[^\dx]//g;
- $payinfo =~ /^([\dx]{13,16}|[\dx]{8,9})$/
+ $payinfo =~ /^([\dx]{13,19}|[\dx]{8,9})$/
#or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
- or die "illegal card"; #!!!
+ or return { 'error' => "illegal card" }; #!!!
$payinfo = $1;
unless ( $payinfo =~ /x/ ) {
validate($payinfo)
#or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
- or die "invalid card"; #!!!
+ or return { 'error' => "invalid card" }; #!!!
}
if ( $cgi->param('card_type') ) {
cardtype($payinfo) eq $cgi->param('card_type')
#or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type');
- or die "not a ". $cgi->param('card_type');
+ or return { 'error' => "not a ". $cgi->param('card_type') };
}
$cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2";
my $paycvv = $1;
- $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month";
+ $cgi->param('month') =~ /^(\d{2})/ or die "illegal month";
my $month = $1;
- $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year";
+ $cgi->param('year') =~ /^(\d{4})/ or die "illegal year";
my $year = $1;
$cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname";
@@ -668,7 +798,7 @@ sub payment_results {
}
sub make_ach_payment {
- payment_info( 'session_id' => $session_id );
+ payment_info( 'session_id' => $session_id, 'payment_payby' => 'CHEK' );
}
sub ach_payment_results {
@@ -839,7 +969,7 @@ sub provision_svc {
my $result = part_svc_info(
'session_id' => $session_id,
- map { $_ => $cgi->param($_) } qw( pkgnum svcpart svcnum ),
+ map { $_ => ($cgi->param($_) || '') } qw( pkgnum svcpart svcnum ),
);
die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
@@ -925,6 +1055,33 @@ sub process_svc_external {
);
}
+sub process_svc_forward {
+
+ my $result = provision_forward (
+ 'session_id' => $session_id,
+ map { $_ => $cgi->param($_) || '' } qw(
+ pkgnum svcpart srcsvc src dstsvc dst )
+ );
+
+ if ( exists $result->{'error'} && $result->{'error'} ) {
+ #warn "$result $result->{'error'}";
+ $action = 'provision_svc_forward';
+ return {
+ $cgi->Vars,
+ %{ part_svc_info( 'session_id' => $session_id,
+ map { $_ => $cgi->param($_) } qw( svcnum pkgnum svcpart )
+ )
+ },
+ 'error' => $result->{'error'},
+ };
+ } else {
+ #just go to setup services page, results will be visible there
+ $action = 'provision';
+ return provision();
+ }
+
+}
+
sub delete_svc {
unprovision_svc(
'session_id' => $session_id,
@@ -933,11 +1090,17 @@ sub delete_svc {
}
sub view_usage {
- list_svcs(
+ my $res = list_svcs(
'session_id' => $session_id,
- 'svcdb' => [ 'svc_acct', 'svc_phone', 'svc_port', ],
+ 'svcdb' => [ 'svc_acct', 'svc_broadband', 'svc_phone', 'svc_port', 'svc_pbx' ],
'ncancelled' => 1,
);
+ if ($res->{hide_usage}) {
+ $action = 'myaccount';
+ return myaccount();
+ } else {
+ return $res;
+ }
}
sub real_port_graph {
@@ -1042,6 +1205,13 @@ sub process_forgot_password {
);
}
+sub process_forgot_password_session {
+ $action = 'process_forgot_password';
+ check_reset_passwd(
+ 'session_id' => $pw_session_id,
+ );
+}
+
sub do_process_forgot_password {
process_reset_passwd(
map { $_ => scalar($cgi->param($_)) }
@@ -1049,6 +1219,22 @@ sub do_process_forgot_password {
);
}
+sub validate_password {
+ validate_passwd(
+ 'session_id' => $session_id,
+ map { $_ => scalar($cgi->param($_)) }
+ qw( fieldid svcnum check_password )
+ )
+}
+
+sub validate_password_nologin {
+ $action = 'validate_password'; #use same landing page
+ validate_passwd(
+ map { $_ => scalar($cgi->param($_)) }
+ qw( fieldid check_password )
+ )
+}
+
#--
sub do_template {
@@ -1066,10 +1252,8 @@ sub do_template {
$fill_in->{$_} = $access_info->{$_} foreach keys %$access_info;
# update the user's authentication
- my $timeout = $access_info->{'timeout'} || '3600';
my $cookie = CGI::Cookie->new('-name' => 'session',
'-value' => $session_id,
- '-expires' => '+'.$timeout.'s',
#'-secure' => 1, # would be a good idea...
);
if ( $name eq 'logout' ) {
@@ -1122,7 +1306,7 @@ package FS::SelfService::_selfservicecgi;
use HTML::Entities;
use FS::SelfService qw(
- regionselector popselector domainselector location_form didselector
+ regionselector popselector domainselector location_form didselector mason_comp
);
#false laziness w/agent.cgi
@@ -1144,5 +1328,3 @@ sub include {
);
}
-
-