X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fquick-charge.cgi;h=38f06e1e92777fb0e9d687332d5e71bf1f72d48d;hb=4cd40172ccbfce9cfa49bff5a6338f3c6c978f4b;hp=49175d848e0591ce2e814db4f10fcd9587f014cd;hpb=ecb895ccbbf52ed2babc0885c9925022175e33a0;p=freeside.git

diff --git a/httemplate/edit/process/quick-charge.cgi b/httemplate/edit/process/quick-charge.cgi
index 49175d848..38f06e1e9 100644
--- a/httemplate/edit/process/quick-charge.cgi
+++ b/httemplate/edit/process/quick-charge.cgi
@@ -1,27 +1,75 @@
-<%
+% if ( $error ) {
+%   $cgi->param('error', $error );
+<% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %>
+% } else {
+<% header(emt("One-time charge added")) %>
+  <SCRIPT TYPE="text/javascript">
+    window.top.location.reload();
+  </SCRIPT>
+  </BODY></HTML>
+% }
+<%init>
 
-#untaint custnum
-$cgi->param('custnum') =~ /^(\d+)$/
-  or die 'illegal custnum '. $cgi->param('custnum');
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
+my $error = '';
+my $conf = new FS::conf;
+my $param = $cgi->Vars;
+
+my @description = ();
+for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
+  push @description, $param->{"description$row"}
+    if ($param->{"description$row"} =~ /\S/);
+}
+
+$param->{"custnum"} =~ /^(\d+)$/
+  or $error .= "Illegal customer number " . $param->{"custnum"} . "  ";
 my $custnum = $1;
 
-$cgi->param('amount') =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
-  or die 'illegal amount '. $cgi->param('amount');
+$param->{"amount"} =~ /^\s*(\d*(?:\.?\d{1,2}))\s*$/
+  or $error .= "Illegal amount " . $param->{"amount"} . "  ";
 my $amount = $1;
 
-my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-  or die "unknown custnum $custnum";
+my $quantity = 1;
+if ( $cgi->param('quantity') =~ /^\s*(\d+)\s*$/ ) {
+  $quantity = $1;
+}
 
-my $error = $cust_main->charge( $amount, $cgi->param('pkg') );
+$param->{'tax_override'} =~ /^\s*([,\d]*)\s*$/
+  or $error .= "Illegal tax override " . $param->{"tax_override"} . "  ";
+my $override = $1;
 
-if ($error) {
-%>
-<!-- mason kludge -->
-<%
-  eidiot($error);
-} else {
-  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum" );
+if ( $param->{'taxclass'} eq '(select)' ) {
+  $error .= "Must select a tax class.  "
+    unless ($conf->exists('enable_taxproducts') &&
+             ( $override || $param->{taxproductnum} )
+           );
+  $cgi->param('taxclass', '');
 }
 
-%>
+unless ( $error ) {
+  my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+    or $error .= "Unknown customer number $custnum.  ";
+
+  $error ||= $cust_main->charge( {
+    'amount'        => $amount,
+    'quantity'      => $quantity,
+    'bill_now'      => scalar($cgi->param('bill_now')),
+    'invoice_terms' => scalar($cgi->param('invoice_terms')),
+    'start_date'    => ( scalar($cgi->param('start_date'))
+                           ? parse_datetime($cgi->param('start_date'))
+                           : ''
+                       ),
+    'no_auto'       => scalar($cgi->param('no_auto')),
+    'pkg'           => scalar($cgi->param('pkg')),
+    'setuptax'      => scalar($cgi->param('setuptax')),
+    'taxclass'      => scalar($cgi->param('taxclass')),
+    'taxproductnum' => scalar($cgi->param('taxproductnum')),
+    'tax_override'  => $override,
+    'classnum'      => scalar($cgi->param('classnum')),
+    'additional'    => \@description,
+  } );
+}
 
+</%init>