X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fquick-charge.cgi;h=4c4927f4d26b995eabef91671a8f13d70943e6c9;hb=1203e278e2ec38fcf1468da2e4f10862004bebeb;hp=9d9aa980a726c6ff805656dbe48db869372eec6e;hpb=7a97ed31c38e975c6548083039ff2ce31c6d8cf3;p=freeside.git

diff --git a/httemplate/edit/process/quick-charge.cgi b/httemplate/edit/process/quick-charge.cgi
index 9d9aa980a..4c4927f4d 100644
--- a/httemplate/edit/process/quick-charge.cgi
+++ b/httemplate/edit/process/quick-charge.cgi
@@ -1,41 +1,56 @@
-<%
+% if ( $error ) {
+%   $cgi->param('error', $error );
+<% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %>
+% } else {
+<% header("One-time charge added") %>
+  <SCRIPT TYPE="text/javascript">
+    window.top.location.reload();
+  </SCRIPT>
+  </BODY></HTML>
+% }
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
+my $error = '';
+my $param = $cgi->Vars;
+
+my @description = ();
+for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
+  push @description, $param->{"description$row"}
+    if ($param->{"description$row"} =~ /\S/);
+}
 
-#untaint custnum
-$cgi->param('custnum') =~ /^(\d+)$/
-  or die 'illegal custnum '. $cgi->param('custnum');
+$param->{"custnum"} =~ /^(\d+)$/
+  or $error .= "Illegal customer number " . $param->{"custnum"} . "  ";
 my $custnum = $1;
 
-$cgi->param('amount') =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
-  or die 'illegal amount '. $cgi->param('amount');
+$param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
+  or $error .= "Illegal amount " . $param->{"amount"} . "  ";
 my $amount = $1;
 
-my( $error, $cust_main);
-if ( $cgi->param('taxclass') eq '(select)' ) {
-
-
- $error = "Must select a tax class";
-} else {
-
-  my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-    or die "unknown custnum $custnum";
-
-  $error = $cust_main->charge(
-    $amount,
-    $cgi->param('pkg'),
-    '$'. sprintf("%.2f",$amount),
-    $cgi->param('taxclass')
-  );
-
+my $quantity = 1;
+if ( $cgi->param('quantity') =~ /^\s*(\d+)\s*$/ ) {
+  $quantity = $1;
 }
 
-if ($error) {
-%>
-<!-- mason kludge -->
-<%
-  eidiot($error);
-} else {
-  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum" );
+if ( $param->{'taxclass'} eq '(select)' ) {
+  $error .= "Must select a tax class.  ";
 }
 
-%>
+unless ( $error ) {
+  my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+    or $error .= "Unknown customer number $custnum.  ";
+
+  $error ||= $cust_main->charge( {
+    'amount'     => $amount,
+    'quantity'   => $quantity,
+    'pkg'        => scalar($cgi->param('pkg')),
+    'taxclass'   => scalar($cgi->param('taxclass')),
+    'classnum'   => scalar($cgi->param('classnum')),
+    'additional' => \@description,
+  } );
+}
 
+</%init>