fs_selfservice/FS-SelfService/cgi/selfservice.cgi

   1 #!/usr/bin/perl -Tw
   2
   3 use strict;
   4 use vars qw($cgi $session_id $form_max $template_dir);
   5 use subs qw(do_template);
   6 use CGI;
   7 use CGI::Carp qw(fatalsToBrowser);
   8 use Text::Template;
   9 use HTML::Entities;
  10 use FS::SelfService qw( login customer_info invoice
  11                         payment_info process_payment
  12                         process_prepay
  13                         list_pkgs
  14                         part_svc_info provision_acct provision_external
  15                         unprovision_svc
  16                       );
  17
  18 $template_dir = '.';
  19
  20 $form_max = 255;
  21
  22 $cgi = new CGI;
  23
  24 unless ( defined $cgi->param('session') ) {
  25   do_template('login',{});
  26   exit;
  27 }
  28
  29 if ( $cgi->param('session') eq 'login' ) {
  30
  31   $cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i
  32     or die "illegal username";
  33   my $username = $1;
  34
  35   $cgi->param('domain') =~ /^\s*([\w\-\.]{0,$form_max})\s*$/
  36     or die "illegal domain";
  37   my $domain = $1;
  38
  39   $cgi->param('password') =~ /^(.{0,$form_max})$/
  40     or die "illegal password";
  41   my $password = $1;
  42
  43   my $rv = login(
  44     'username' => $username,
  45     'domain'   => $domain,
  46     'password' => $password,
  47   );
  48   if ( $rv->{error} ) {
  49     do_template('login', {
  50       'error'    => $rv->{error},
  51       'username' => $username,
  52       'domain'   => $domain,
  53     } );
  54     exit;
  55   } else {
  56     $cgi->param('session' => $rv->{session_id} );
  57     $cgi->param('action'  => 'myaccount' );
  58   }
  59 }
  60
  61 $session_id = $cgi->param('session');
  62
  63 #order|pw_list XXX ???
  64 $cgi->param('action') =~
  65     /^(myaccount|view_invoice|make_payment|payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc)$/
  66   or die "unknown action ". $cgi->param('action');
  67 my $action = $1;
  68
  69 my $result = eval "&$action();";
  70 die $@ if $@;
  71
  72 if ( $result->{error} eq "Can't resume session" ) { #ick
  73   do_template('login',{});
  74   exit;
  75 }
  76
  77 #warn $result->{'open_invoices'};
  78 #warn scalar(@{$result->{'open_invoices'}});
  79
  80 warn "processing template $action\n";
  81 do_template($action, {
  82   'session_id' => $session_id,
  83   'action'     => $action, #so the menu knows what tab we're on...
  84   %{$result}
  85 });
  86
  87 #--
  88
  89 sub myaccount { customer_info( 'session_id' => $session_id ); }
  90
  91 sub view_invoice {
  92
  93   $cgi->param('invnum') =~ /^(\d+)$/ or die "illegal invnum";
  94   my $invnum = $1;
  95
  96   invoice( 'session_id' => $session_id,
  97            'invnum'     => $invnum,
  98          );
  99
 100 }
 101
 102 sub make_payment {
 103   payment_info( 'session_id' => $session_id );
 104 }
 105
 106 sub payment_results {
 107
 108   use Business::CreditCard;
 109
 110   $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
 111     or die "illegal amount"; #!!!
 112   my $amount = $1;
 113
 114   my $payinfo = $cgi->param('payinfo');
 115   $payinfo =~ s/\D//g;
 116   $payinfo =~ /^(\d{13,16})$/
 117     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
 118     or die "illegal card"; #!!!
 119   $payinfo = $1;
 120   validate($payinfo)
 121     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
 122     or die "invalid card"; #!!!
 123   cardtype($payinfo) eq $cgi->param('card_type')
 124     #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type');
 125     or die "not a ". $cgi->param('card_type');
 126
 127   $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month";
 128   my $month = $1;
 129   $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year";
 130   my $year = $1;
 131
 132   $cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname";
 133   my $payname = $1;
 134
 135   $cgi->param('address1') =~ /^(.{0,80})$/ or die "illegal address1";
 136   my $address1 = $1;
 137
 138   $cgi->param('address2') =~ /^(.{0,80})$/ or die "illegal address2";
 139   my $address2 = $1;
 140
 141   $cgi->param('city') =~ /^(.{0,80})$/ or die "illegal city";
 142   my $city = $1;
 143
 144   $cgi->param('state') =~ /^(.{2})$/ or die "illegal state";
 145   my $state = $1;
 146
 147   $cgi->param('zip') =~ /^(.{0,10})$/ or die "illegal zip";
 148   my $zip = $1;
 149
 150   my $save = 0;
 151   $save = 1 if $cgi->param('save');
 152
 153   my $auto = 0;
 154   $auto = 1 if $cgi->param('auto');
 155
 156   $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch";
 157   my $paybatch = $1;
 158
 159   process_payment(
 160     'session_id' => $session_id,
 161     'amount'     => $amount,
 162     'payinfo'    => $payinfo,
 163     'month'      => $month,
 164     'year'       => $year,
 165     'payname'    => $payname,
 166     'address1'   => $address1,
 167     'address2'   => $address2,
 168     'city'       => $city,
 169     'state'      => $state,
 170     'zip'        => $zip,
 171     'save'       => $save,
 172     'auto'       => $auto,
 173     'paybatch'   => $paybatch,
 174   );
 175
 176 }
 177
 178 sub recharge_prepay {
 179   customer_info( 'session_id' => $session_id );
 180 }
 181
 182 sub recharge_results {
 183
 184   my $prepaid_cardnum = $cgi->param('prepaid_cardnum');
 185   $prepaid_cardnum =~ s/\W//g;
 186   $prepaid_cardnum =~ /^(\w*)$/ or die "illegal prepaid card number";
 187   $prepaid_cardnum = $1;
 188
 189   process_prepay ( 'session_id'     => $session_id,
 190                    'prepaid_cardnum' => $prepaid_cardnum,
 191                  );
 192 }
 193
 194 sub logout {
 195   FS::SelfService::logout( 'session_id' => $session_id );
 196 }
 197
 198 sub provision {
 199   my $result = list_pkgs( 'session_id' => $session_id );
 200   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
 201   $result;
 202 }
 203
 204 sub provision_svc {
 205
 206   my $result = part_svc_info(
 207     'session_id' => $session_id,
 208     map { $_ => $cgi->param($_) } qw( pkgnum svcpart ),
 209   );
 210   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
 211
 212   $result->{'svcdb'} =~ /^svc_(.*)$/
 213     #or return { 'error' => 'Unknown svcdb '. $result->{'svcdb'} };
 214     or die 'Unknown svcdb '. $result->{'svcdb'};
 215   $action .= "_$1";
 216
 217   $result;
 218 }
 219
 220 sub process_svc_acct {
 221
 222   my $result = provision_acct (
 223     'session_id' => $session_id,
 224     map { $_ => $cgi->param($_) } qw(
 225       pkgnum svcpart username _password _password2 sec_phrase popnum )
 226   );
 227
 228   if ( exists $result->{'error'} && $result->{'error'} ) {
 229     #warn "$result $result->{'error'}";
 230     $action = 'provision_svc_acct';
 231     return {
 232       $cgi->Vars,
 233       %{ part_svc_info( 'session_id' => $session_id,
 234                         map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
 235                       )
 236       },
 237       'error' => $result->{'error'},
 238     };
 239   } else {
 240     #warn "$result $result->{'error'}";
 241     return $result;
 242   }
 243
 244 }
 245
 246 sub process_svc_external {
 247   provision_external (
 248     'session_id' => $session_id,
 249     map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
 250   );
 251 }
 252
 253 sub delete_svc {
 254   unprovision_svc(
 255     'session_id' => $session_id,
 256     'svcnum'     => $cgi->param('svcnum'),
 257   );
 258 }
 259
 260 #--
 261
 262 sub do_template {
 263   my $name = shift;
 264   my $fill_in = shift;
 265
 266   $cgi->delete_all();
 267   $fill_in->{'selfurl'} = $cgi->self_url;
 268   $fill_in->{'cgi'} = \$cgi;
 269
 270   my $template = new Text::Template( TYPE    => 'FILE',
 271                                      SOURCE  => "$template_dir/$name.html",
 272                                      DELIMITERS => [ '<%=', '%>' ],
 273                                      UNTAINT => 1,                    )
 274     or die $Text::Template::ERROR;
 275
 276   print $cgi->header( '-expires' => 'now' ),
 277         $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
 278                             HASH    => $fill_in
 279                           );
 280 }
 281
 282 #*FS::SelfService::_selfservicecgi::include = \&Text::Template::fill_in_file;
 283
 284 package FS::SelfService::_selfservicecgi;
 285
 286 #use FS::SelfService qw(regionselector expselect popselector);
 287 use HTML::Entities;
 288 use FS::SelfService qw(popselector);
 289
 290 #false laziness w/agent.cgi
 291 sub include {
 292   my $name = shift;
 293   my $template = new Text::Template( TYPE   => 'FILE',
 294                                      SOURCE => "$main::template_dir/$name.html",
 295                                      DELIMITERS => [ '<%=', '%>' ],
 296                                      UNTAINT => 1,
 297                                    )
 298     or die $Text::Template::ERROR;
 299
 300   $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
 301                       #HASH    => $fill_in
 302                     );
 303
 304 }
 305