X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fmisc%2Fprocess%2Fchange-password.html;h=61a1a5e16b82ddc38ef5d6d26463d9779d10d420;hb=2c23904b0cc9dcd02740b0b7edb980d70d28df1b;hp=7005439ccc2ba00f5c283a7fac734034ee358108;hpb=a5e611f5ffc045a59fee9e1b03f8ac79ef794d00;p=freeside.git

diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html
index 7005439cc..61a1a5e16 100644
--- a/httemplate/misc/process/change-password.html
+++ b/httemplate/misc/process/change-password.html
@@ -1,21 +1,79 @@
+% if ( $error ) {
+%	if ($svcnum) {
+%   		$cgi->param('svcnum', $svcnum);
+%   		$cgi->param("changepw${svcnum}_error", $error);
+%	}
+%	elsif ($contactnum) {
+%   		$cgi->param('contactnum', $contactnum);
+%   		$cgi->param("changepw${contactnum}_error", $error);
+%	}
+%    $cgi->param('error', $error);
+% } else {
+%	if ($svcnum) { $cgi->query_string($svcnum); }
+%	elsif ($contactnum) { $cgi->query_string($contactnum); }
+% }
+
+% if (!$popup) {
+%   if ($svcnum) { 
+	 <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
+%   }
+%   elsif ($contactnum) {
+      <% $cgi->redirect($fsurl.'view/cust_main.cgi?'.$cgi->param('custnum')) %>
+%   }
+% }
+
+<& /elements/header-popup.html, 'Password Set' &>
+<SCRIPT TYPE="text/javascript">
+  topreload();
+  parent.cClick();
+</SCRIPT>
+
 <%init>
 my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" unless $curuser->access_right('Edit password');
+my $contact;
 
-$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum";
+$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum');
 my $svcnum = $1;
-my $svc_acct = FS::svc_acct->by_key($svcnum)
-  or die "svc_acct $svcnum not found";
-my $error = $svc_acct->set_password($cgi->param('password'))
-        ||  $svc_acct->replace;
-
-# annoyingly specific to view/svc_acct.cgi, for now...
-$cgi->delete('password');
-</%init>
-% if ( $error ) {
-%   $cgi->param('svcnum', $svcnum);
-%   $cgi->param("changepw${svcnum}_error", $error);
-% } else {
-%   $cgi->query_string($svcnum);
-% }
-<% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
+
+foreach my $prefix (grep /^(.*)(password)$/, $cgi->param) {
+     $cgi->param('password' => $cgi->param($prefix));
+}
+
+$cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum');
+my $contactnum = $1;
+
+my $popup = $cgi->param('popup');
+
+my $newpass = $cgi->param('password');
+
+my $error;
+
+if ($svcnum) {
+	my $svc_acct = FS::svc_acct->by_key($svcnum)
+	  or die "svc_acct $svcnum not found";
+	my $part_svc = $svc_acct->part_svc;
+	die "access denied" unless (
+	  $curuser->access_right('Provision customer service') or
+	  ( $curuser->access_right('Edit password') and 
+	    ! $part_svc->restrict_edit_password )
+	  );
+
+	$error = $svc_acct->is_password_allowed($newpass)
+	        ||  $svc_acct->set_password($newpass)
+	        ||  $svc_acct->replace;
+
+	# annoyingly specific to view/svc_acct.cgi, for now...
+	$cgi->delete('password');
+}
+elsif ($contactnum) {
+	$contact = qsearchs('contact', { 'contactnum' => $contactnum } )
+      or return { 'error' => "Contact not found" . $contactnum };
+
+	$error = $contact->is_password_allowed($newpass)
+	        ||  $contact->change_password($newpass);
+
+	# annoyingly specific to view/svc_acct.cgi, for now...
+	#$cgi->delete('password');
+}
+
+</%init>
\ No newline at end of file