X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=c232c4584b289af22751d1575cfef2ab3390aee8;hb=554764806458d61d12b2a0077d4b6a8b5c5492c5;hp=71af4eb1173c28eab52dc379db117db783d9e67f;hpb=4074e6d51d10bf10926d21cff46c88bc193bc8af;p=freeside.git

diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index 71af4eb11..c232c4584 100755
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -88,12 +88,17 @@ my @nologin_actions = (qw(
   do_forgot_password
   process_forgot_password
   do_process_forgot_password
+  process_forgot_password_session
 ));
 push @actions, @nologin_actions;
 my %nologin_actions = map { $_=>1 } @nologin_actions;
 
 my $action = 'myaccount'; # sensible default
-if ( $cgi->param('action') =~ /^(\w+)$/ ) {
+
+if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) {
+  $action = 'process_forgot_password_session';
+  $session_id = $1;
+} elsif ( $cgi->param('action') =~ /^(\w+)$/ ) {
   if (grep {$_ eq $1} @actions) {
     $action = $1;
   } else {
@@ -124,7 +129,15 @@ unless ( $nologin_actions{$action} ) {
           'email'    => $email,
           'password' => $password
         );
-        $session_id = $login_rv->{'session_id'};
+
+	if ( $login_rv->{'error'} ) {
+	  my $ip = $cgi->remote_addr();
+	  warn("login failure [email $email] [ip $ip] [error $login_rv->{error}]");
+	} else {
+	  #successful login
+	}
+
+	$session_id = $login_rv->{'session_id'};
 
       } else {
 
@@ -306,6 +319,7 @@ sub process_change_pay {
             'error' => '<FONT COLOR="#FF0000">Postal or email required.</FONT>',
           };
         }
+
         _process_change_info( 'change_pay', @list );
 }
 
@@ -627,7 +641,10 @@ sub payment_results {
   my $auto = 0;
   $auto = 1 if $cgi->param('auto');
 
-  $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch";
+  $cgi->param('payunique') =~ /^([\w\-\.]*)$/ or die "illegal payunique";
+  my $payunique = $1;
+
+  $cgi->param('paybatch') =~ /^([\w\-\.]*)$/ or die "illegal paybatch";
   my $paybatch = $1;
 
   $cgi->param('discount_term') =~ /^(\d*)$/ or die "illegal discount_term";
@@ -651,6 +668,7 @@ sub payment_results {
     'country'    => $country,
     'save'       => $save,
     'auto'       => $auto,
+    'payunique'  => $payunique,
     'paybatch'   => $paybatch,
     'discount_term' => $discount_term,
   );
@@ -923,11 +941,17 @@ sub delete_svc {
 }
 
 sub view_usage {
-  list_svcs(
+  my $res = list_svcs(
     'session_id'  => $session_id,
     'svcdb'       => [ 'svc_acct', 'svc_phone', 'svc_port', ],
     'ncancelled'  => 1,
   );
+  if ($res->{hide_usage}) {
+    $action = 'myaccount';
+    return myaccount();
+  } else {
+    return $res;
+  }
 }
 
 sub real_port_graph {
@@ -1032,6 +1056,13 @@ sub process_forgot_password {
   );
 }
 
+sub process_forgot_password_session {
+  $action = 'process_forgot_password';
+  check_reset_passwd(
+    'session_id' => $session_id,
+  );
+}
+
 sub do_process_forgot_password {
   process_reset_passwd(
     map { $_ => scalar($cgi->param($_)) }