fs_selfservice/FS-SelfService/cgi/selfservice.cgi

   1 #!/usr/bin/perl -T
   2 #!/usr/bin/perl -Tw
   3
   4 use strict;
   5 use vars qw($DEBUG $cgi $session_id $form_max $template_dir);
   6 use subs qw(do_template);
   7 use CGI;
   8 use CGI::Carp qw(fatalsToBrowser);
   9 use Text::Template;
  10 use HTML::Entities;
  11 use FS::SelfService qw( login customer_info invoice
  12                         payment_info process_payment
  13                         process_prepay
  14                         list_pkgs
  15                         part_svc_info provision_acct provision_external
  16                         unprovision_svc
  17                         list_svcs myaccount_passwd
  18                       );
  19
  20 $template_dir = '.';
  21
  22 $DEBUG = 1;
  23
  24 $form_max = 255;
  25
  26 $cgi = new CGI;
  27
  28 unless ( defined $cgi->param('session') ) {
  29   do_template('login',{});
  30   exit;
  31 }
  32
  33 if ( $cgi->param('session') eq 'login' ) {
  34
  35   $cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i
  36     or die "illegal username";
  37   my $username = $1;
  38
  39   $cgi->param('domain') =~ /^\s*([\w\-\.]{0,$form_max})\s*$/
  40     or die "illegal domain";
  41   my $domain = $1;
  42
  43   $cgi->param('password') =~ /^(.{0,$form_max})$/
  44     or die "illegal password";
  45   my $password = $1;
  46
  47   my $rv = login(
  48     'username' => $username,
  49     'domain'   => $domain,
  50     'password' => $password,
  51   );
  52   if ( $rv->{error} ) {
  53     do_template('login', {
  54       'error'    => $rv->{error},
  55       'username' => $username,
  56       'domain'   => $domain,
  57     } );
  58     exit;
  59   } else {
  60     $cgi->param('session' => $rv->{session_id} );
  61     $cgi->param('action'  => 'myaccount' );
  62   }
  63 }
  64
  65 $session_id = $cgi->param('session');
  66
  67 #order|pw_list XXX ???
  68 $cgi->param('action') =~
  69     /^(myaccount|view_invoice|make_payment|payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc|change_password|process_change_password)$/
  70   or die "unknown action ". $cgi->param('action');
  71 my $action = $1;
  72
  73 warn "calling $action sub\n"
  74   if $DEBUG;
  75 $FS::SelfService::DEBUG = $DEBUG;
  76 my $result = eval "&$action();";
  77 die $@ if $@;
  78
  79 if ( $result->{error} eq "Can't resume session" ) { #ick
  80   do_template('login',{});
  81   exit;
  82 }
  83
  84 #warn $result->{'open_invoices'};
  85 #warn scalar(@{$result->{'open_invoices'}});
  86
  87 warn "processing template $action\n"
  88   if $DEBUG;
  89 do_template($action, {
  90   'session_id' => $session_id,
  91   'action'     => $action, #so the menu knows what tab we're on...
  92   %{$result}
  93 });
  94
  95 #--
  96
  97 sub myaccount { customer_info( 'session_id' => $session_id ); }
  98
  99 sub view_invoice {
 100
 101   $cgi->param('invnum') =~ /^(\d+)$/ or die "illegal invnum";
 102   my $invnum = $1;
 103
 104   invoice( 'session_id' => $session_id,
 105            'invnum'     => $invnum,
 106          );
 107
 108 }
 109
 110 sub make_payment {
 111   payment_info( 'session_id' => $session_id );
 112 }
 113
 114 sub payment_results {
 115
 116   use Business::CreditCard;
 117
 118   $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
 119     or die "illegal amount"; #!!!
 120   my $amount = $1;
 121
 122   my $payinfo = $cgi->param('payinfo');
 123   $payinfo =~ s/\D//g;
 124   $payinfo =~ /^(\d{13,16})$/
 125     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
 126     or die "illegal card"; #!!!
 127   $payinfo = $1;
 128   validate($payinfo)
 129     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
 130     or die "invalid card"; #!!!
 131   cardtype($payinfo) eq $cgi->param('card_type')
 132     #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type');
 133     or die "not a ". $cgi->param('card_type');
 134
 135   $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month";
 136   my $month = $1;
 137   $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year";
 138   my $year = $1;
 139
 140   $cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname";
 141   my $payname = $1;
 142
 143   $cgi->param('address1') =~ /^(.{0,80})$/ or die "illegal address1";
 144   my $address1 = $1;
 145
 146   $cgi->param('address2') =~ /^(.{0,80})$/ or die "illegal address2";
 147   my $address2 = $1;
 148
 149   $cgi->param('city') =~ /^(.{0,80})$/ or die "illegal city";
 150   my $city = $1;
 151
 152   $cgi->param('state') =~ /^(.{2})$/ or die "illegal state";
 153   my $state = $1;
 154
 155   $cgi->param('zip') =~ /^(.{0,10})$/ or die "illegal zip";
 156   my $zip = $1;
 157
 158   my $save = 0;
 159   $save = 1 if $cgi->param('save');
 160
 161   my $auto = 0;
 162   $auto = 1 if $cgi->param('auto');
 163
 164   $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch";
 165   my $paybatch = $1;
 166
 167   process_payment(
 168     'session_id' => $session_id,
 169     'amount'     => $amount,
 170     'payinfo'    => $payinfo,
 171     'month'      => $month,
 172     'year'       => $year,
 173     'payname'    => $payname,
 174     'address1'   => $address1,
 175     'address2'   => $address2,
 176     'city'       => $city,
 177     'state'      => $state,
 178     'zip'        => $zip,
 179     'save'       => $save,
 180     'auto'       => $auto,
 181     'paybatch'   => $paybatch,
 182   );
 183
 184 }
 185
 186 sub recharge_prepay {
 187   customer_info( 'session_id' => $session_id );
 188 }
 189
 190 sub recharge_results {
 191
 192   my $prepaid_cardnum = $cgi->param('prepaid_cardnum');
 193   $prepaid_cardnum =~ s/\W//g;
 194   $prepaid_cardnum =~ /^(\w*)$/ or die "illegal prepaid card number";
 195   $prepaid_cardnum = $1;
 196
 197   process_prepay ( 'session_id'     => $session_id,
 198                    'prepaid_cardnum' => $prepaid_cardnum,
 199                  );
 200 }
 201
 202 sub logout {
 203   FS::SelfService::logout( 'session_id' => $session_id );
 204 }
 205
 206 sub provision {
 207   my $result = list_pkgs( 'session_id' => $session_id );
 208   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
 209   $result;
 210 }
 211
 212 sub provision_svc {
 213
 214   my $result = part_svc_info(
 215     'session_id' => $session_id,
 216     map { $_ => $cgi->param($_) } qw( pkgnum svcpart ),
 217   );
 218   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
 219
 220   $result->{'svcdb'} =~ /^svc_(.*)$/
 221     #or return { 'error' => 'Unknown svcdb '. $result->{'svcdb'} };
 222     or die 'Unknown svcdb '. $result->{'svcdb'};
 223   $action .= "_$1";
 224
 225   $result;
 226 }
 227
 228 sub process_svc_acct {
 229
 230   my $result = provision_acct (
 231     'session_id' => $session_id,
 232     map { $_ => $cgi->param($_) } qw(
 233       pkgnum svcpart username _password _password2 sec_phrase popnum )
 234   );
 235
 236   if ( exists $result->{'error'} && $result->{'error'} ) {
 237     #warn "$result $result->{'error'}";
 238     $action = 'provision_svc_acct';
 239     return {
 240       $cgi->Vars,
 241       %{ part_svc_info( 'session_id' => $session_id,
 242                         map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
 243                       )
 244       },
 245       'error' => $result->{'error'},
 246     };
 247   } else {
 248     #warn "$result $result->{'error'}";
 249     return $result;
 250   }
 251
 252 }
 253
 254 sub process_svc_external {
 255   provision_external (
 256     'session_id' => $session_id,
 257     map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
 258   );
 259 }
 260
 261 sub delete_svc {
 262   unprovision_svc(
 263     'session_id' => $session_id,
 264     'svcnum'     => $cgi->param('svcnum'),
 265   );
 266 }
 267
 268 sub change_password {
 269   list_svcs(
 270     'session_id' => $session_id,
 271     'svcdb'      => 'svc_acct',
 272   );
 273 };
 274
 275 sub process_change_password {
 276
 277   my $result = myaccount_passwd(
 278     'session_id'    => $session_id,
 279     map { $_ => $cgi->param($_) } qw( svcnum new_password new_password2 )
 280   );
 281
 282   if ( exists $result->{'error'} && $result->{'error'} ) {
 283
 284     $action = 'change_password';
 285     return {
 286       $cgi->Vars,
 287       %{ list_svcs( 'session_id' => $session_id,
 288                     'svcdb'      => 'svc_acct',
 289                   )
 290        },
 291       #'svcnum' => $cgi->param('svcnum'),
 292       'error'  => $result->{'error'}
 293     };
 294
 295  } else {
 296
 297    return $result;
 298
 299  }
 300
 301 }
 302
 303 #--
 304
 305 sub do_template {
 306   my $name = shift;
 307   my $fill_in = shift;
 308
 309   $cgi->delete_all();
 310   $fill_in->{'selfurl'} = $cgi->self_url;
 311   $fill_in->{'cgi'} = \$cgi;
 312
 313   my $template = new Text::Template( TYPE    => 'FILE',
 314                                      SOURCE  => "$template_dir/$name.html",
 315                                      DELIMITERS => [ '<%=', '%>' ],
 316                                      UNTAINT => 1,                    )
 317     or die $Text::Template::ERROR;
 318
 319   print $cgi->header( '-expires' => 'now' ),
 320         $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
 321                             HASH    => $fill_in
 322                           );
 323 }
 324
 325 #*FS::SelfService::_selfservicecgi::include = \&Text::Template::fill_in_file;
 326
 327 package FS::SelfService::_selfservicecgi;
 328
 329 #use FS::SelfService qw(regionselector expselect popselector);
 330 use HTML::Entities;
 331 use FS::SelfService qw(popselector);
 332
 333 #false laziness w/agent.cgi
 334 sub include {
 335   my $name = shift;
 336   my $template = new Text::Template( TYPE   => 'FILE',
 337                                      SOURCE => "$main::template_dir/$name.html",
 338                                      DELIMITERS => [ '<%=', '%>' ],
 339                                      UNTAINT => 1,
 340                                    )
 341     or die $Text::Template::ERROR;
 342
 343   $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
 344                       #HASH    => $fill_in
 345                     );
 346
 347 }
 348