X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=dcfccdc5c72c961dba6bc992cf469f0ff666726a;hb=3872c1d3a2d975989e342be389b8260bfcc5ec41;hp=eac5a9874b83ae145289188cf51146f5a8c35bc5;hpb=6f1a71826d05033213bda352f8c6753094093f56;p=freeside.git diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index eac5a9874..dcfccdc5c 100755 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -127,7 +127,7 @@ unless ( $nologin_actions{$action} ) { $cgi->param('password') =~ /^(.{0,$form_max})$/; my $password = $1; - if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) { + if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\+\@]{1,$form_max})\s*$/i ) { my $email = $1; $login_rv = login( @@ -306,8 +306,9 @@ sub process_change_ship { sub process_change_pay { my $postal = $cgi->param( 'postal_invoicing' ); my $payby = $cgi->param( 'payby' ); + $cgi->param('paydate', $cgi->param('year') . '-' . $cgi->param('month') . '-01'); my @list = - qw( payby payinfo payinfo1 payinfo2 month year payname + qw( payby payinfo payinfo1 payinfo2 month year paydate payname custpaybynum address1 address2 city county state zip country auto paytype paystate ss stateid stateid_state invoicing_list ); @@ -325,7 +326,11 @@ sub process_change_pay { }; } - _process_change_info( 'change_pay', @list ); + if (FS::SelfService->can('update_payby')) { + if ($cgi->param( 'custpaybynum' )) { _process_change_payby( 'change_pay', @list ); } + else { _process_insert_payby( 'change_pay', @list ); } + } + else { _process_change_info( 'change_pay', @list ); } } sub view_invoice { @@ -592,40 +597,40 @@ sub make_payment { sub payment_results { - use Business::CreditCard 0.30; + use Business::CreditCard 0.35; #we should only do basic checking here for DoS attacks and things #that couldn't be constructed by the web form... let process_payment() do #the rest, it gives better error messages $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ - or die "Illegal amount: ". $cgi->param('amount'); #!!! + or return { 'error' => "Illegal amount: ". $cgi->param('amount') }; #!!! my $amount = $1; my $payinfo = $cgi->param('payinfo'); $payinfo =~ s/[^\dx]//g; - $payinfo =~ /^([\dx]{13,16}|[\dx]{8,9})$/ + $payinfo =~ /^([\dx]{13,19}|[\dx]{8,9})$/ #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo; - or die "illegal card"; #!!! + or return { 'error' => "illegal card" }; #!!! $payinfo = $1; unless ( $payinfo =~ /x/ ) { validate($payinfo) #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo; - or die "invalid card"; #!!! + or return { 'error' => "invalid card" }; #!!! } if ( $cgi->param('card_type') ) { cardtype($payinfo) eq $cgi->param('card_type') #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type'); - or die "not a ". $cgi->param('card_type'); + or return { 'error' => "not a ". $cgi->param('card_type') }; } $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; my $paycvv = $1; - $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month"; + $cgi->param('month') =~ /^(\d{2})/ or die "illegal month"; my $month = $1; - $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year"; + $cgi->param('year') =~ /^(\d{4})/ or die "illegal year"; my $year = $1; $cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname"; @@ -984,7 +989,7 @@ sub delete_svc { sub view_usage { my $res = list_svcs( 'session_id' => $session_id, - 'svcdb' => [ 'svc_acct', 'svc_phone', 'svc_port', 'svc_pbx' ], + 'svcdb' => [ 'svc_acct', 'svc_broadband', 'svc_phone', 'svc_port', 'svc_pbx' ], 'ncancelled' => 1, ); if ($res->{hide_usage}) { @@ -1123,7 +1128,7 @@ sub validate_password_nologin { $action = 'validate_password'; #use same landing page validate_passwd( map { $_ => scalar($cgi->param($_)) } - qw( fieldid check_password ) + qw( fieldid check_password agentnum ) ) } @@ -1222,5 +1227,3 @@ sub include { ); } - -