X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=9cf8c4b1e35f9e10ed94586ca4efd88dcbddc8bc;hb=2f3b4161da680cd0fff8c91dbdc50fe5e974610e;hp=e2fd7f6a42b5eff9ce3467344396d8814d1b2900;hpb=6194551336a925ae5455cede68a7f73660b06bb6;p=freeside.git diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index e2fd7f6a4..9cf8c4b1e 100644 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -7,13 +7,16 @@ use CGI; use CGI::Carp qw(fatalsToBrowser); use Text::Template; use HTML::Entities; +use Date::Format; +use Number::Format 1.50; use FS::SelfService qw( login customer_info invoice payment_info process_payment process_prepay list_pkgs order_pkg signup_info order_recharge part_svc_info provision_acct provision_external - unprovision_svc - list_svcs myaccount_passwd + unprovision_svc change_pkg + list_svcs list_svc_usage list_support_usage + myaccount_passwd ); $template_dir = '.'; @@ -65,7 +68,7 @@ $session_id = $cgi->param('session'); #order|pw_list XXX ??? $cgi->param('action') =~ - /^(myaccount|view_invoice|make_payment|payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|customer_order_pkg|process_order_pkg|process_order_recharge|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc|view_usage||change_password|process_change_password)$/ + /^(myaccount|view_invoice|make_payment|make_ach_payment|payment_results|ach_payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|customer_order_pkg|process_order_pkg|customer_change_pkg|process_change_pkg|process_order_recharge|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc|view_usage|view_usage_details|view_support_details|change_password|process_change_password)$/ or die "unknown action ". $cgi->param('action'); my $action = $1; @@ -123,6 +126,24 @@ sub customer_order_pkg { }; } +sub customer_change_pkg { + my $init_data = signup_info( 'customer_session_id' => $session_id ); + return $init_data if ( $init_data->{'error'} ); + + my $customer_info = customer_info( 'session_id' => $session_id ); + return $customer_info if ( $customer_info->{'error'} ); + + return { + ( map { $_ => $init_data->{$_} } + qw( part_pkg security_phrase svc_acct_pop ), + ), + ( map { $_ => $cgi->param($_) } + qw( pkgnum pkg ) + ), + %$customer_info, + }; +} + sub process_order_pkg { my $results = ''; @@ -160,6 +181,30 @@ sub process_order_pkg { } +sub process_change_pkg { + + my $results = ''; + + $results ||= change_pkg ( + 'session_id' => $session_id, + map { $_ => $cgi->param($_) } + qw( pkgpart pkgnum ) + ); + + + if ( $results->{'error'} ) { + $action = 'customer_change_pkg'; + return { + $cgi->Vars, + %{customer_change_pkg()}, + 'error' => ''. $results->{'error'}. '', + }; + } else { + return $results; + } + +} + sub process_order_recharge { my $results = ''; @@ -195,8 +240,12 @@ sub payment_results { use Business::CreditCard; + #we should only do basic checking here for DoS attacks and things + #that couldn't be constructed by the web form... let process_payment() do + #the rest, it gives better error messages + $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ - or die "illegal amount"; #!!! + or die "Illegal amount: ". $cgi->param('amount'); #!!! my $amount = $1; my $payinfo = $cgi->param('payinfo'); @@ -215,6 +264,9 @@ sub payment_results { or die "not a ". $cgi->param('card_type'); } + $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; + my $paycvv = $1; + $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month"; my $month = $1; $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year"; @@ -249,8 +301,10 @@ sub payment_results { process_payment( 'session_id' => $session_id, + 'payby' => 'CARD', 'amount' => $amount, 'payinfo' => $payinfo, + 'paycvv' => $paycvv, 'month' => $month, 'year' => $year, 'payname' => $payname, @@ -266,6 +320,78 @@ sub payment_results { } +sub make_ach_payment { + payment_info( 'session_id' => $session_id ); +} + +sub ach_payment_results { + + #we should only do basic checking here for DoS attacks and things + #that couldn't be constructed by the web form... let process_payment() do + #the rest, it gives better error messages + + $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ + or die "illegal amount"; #!!! + my $amount = $1; + + my $payinfo1 = $cgi->param('payinfo1'); + $payinfo1=~ /^(\d+)$/ + or die "illegal account"; #!!! + $payinfo1= $1; + + my $payinfo2 = $cgi->param('payinfo2'); + $payinfo2=~ /^(\d+)$/ + or die "illegal ABA/routing code"; #!!! + $payinfo2= $1; + + $cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname"; + my $payname = $1; + + $cgi->param('paystate') =~ /^(.{0,2})$/ or die "illegal paystate"; + my $paystate = $1; + + $cgi->param('paytype') =~ /^(.{0,80})$/ or die "illegal paytype"; + my $paytype = $1; + + $cgi->param('ss') =~ /^(.{0,80})$/ or die "illegal ss"; + my $ss = $1; + + $cgi->param('stateid') =~ /^(.{0,80})$/ or die "illegal stateid"; + my $stateid = $1; + + $cgi->param('stateid_state') =~ /^(.{0,2})$/ or die "illegal stateid_state"; + my $stateid_state = $1; + + my $save = 0; + $save = 1 if $cgi->param('save'); + + my $auto = 0; + $auto = 1 if $cgi->param('auto'); + + $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch"; + my $paybatch = $1; + + process_payment( + 'session_id' => $session_id, + 'payby' => 'CHEK', + 'amount' => $amount, + 'payinfo1' => $payinfo1, + 'payinfo2' => $payinfo2, + 'month' => '12', + 'year' => '2037', + 'payname' => $payname, + 'paytype' => $paytype, + 'paystate' => $paystate, + 'ss' => $ss, + 'stateid' => $stateid, + 'stateid_state' => $stateid_state, + 'save' => $save, + 'auto' => $auto, + 'paybatch' => $paybatch, + ); + +} + sub recharge_prepay { customer_info( 'session_id' => $session_id ); } @@ -356,6 +482,24 @@ sub view_usage { ); } +sub view_usage_details { + list_svc_usage( + 'session_id' => $session_id, + 'svcnum' => $cgi->param('svcnum'), + 'beginning' => $cgi->param('beginning') || '', + 'ending' => $cgi->param('ending') || '', + ); +} + +sub view_support_details { + list_support_usage( + 'session_id' => $session_id, + 'svcnum' => $cgi->param('svcnum'), + 'beginning' => $cgi->param('beginning') || '', + 'ending' => $cgi->param('ending') || '', + ); +} + sub change_password { list_svcs( 'session_id' => $session_id,