fs_selfservice/FS-SelfService/cgi/selfservice.cgi

   1 #!/usr/bin/perl -T
   2 #!/usr/bin/perl -Tw
   3
   4 use strict;
   5 use vars qw($DEBUG $cgi $session_id $form_max $template_dir);
   6 use subs qw(do_template);
   7 use CGI;
   8 use CGI::Carp qw(fatalsToBrowser);
   9 use Text::Template;
  10 use HTML::Entities;
  11 use FS::SelfService qw( login customer_info invoice
  12                         payment_info process_payment
  13                         process_prepay
  14                         list_pkgs
  15                         part_svc_info provision_acct provision_external
  16                         unprovision_svc
  17                         list_svcs myaccount_passwd
  18                       );
  19
  20 $template_dir = '.';
  21
  22 $DEBUG = 1;
  23
  24 $form_max = 255;
  25
  26 $cgi = new CGI;
  27
  28 unless ( defined $cgi->param('session') ) {
  29   do_template('login',{});
  30   exit;
  31 }
  32
  33 if ( $cgi->param('session') eq 'login' ) {
  34
  35   $cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i
  36     or die "illegal username";
  37   my $username = $1;
  38
  39   $cgi->param('domain') =~ /^\s*([\w\-\.]{0,$form_max})\s*$/
  40     or die "illegal domain";
  41   my $domain = $1;
  42
  43   $cgi->param('password') =~ /^(.{0,$form_max})$/
  44     or die "illegal password";
  45   my $password = $1;
  46
  47   my $rv = login(
  48     'username' => $username,
  49     'domain'   => $domain,
  50     'password' => $password,
  51   );
  52   if ( $rv->{error} ) {
  53     do_template('login', {
  54       'error'    => $rv->{error},
  55       'username' => $username,
  56       'domain'   => $domain,
  57     } );
  58     exit;
  59   } else {
  60     $cgi->param('session' => $rv->{session_id} );
  61     $cgi->param('action'  => 'myaccount' );
  62   }
  63 }
  64
  65 $session_id = $cgi->param('session');
  66
  67 #order|pw_list XXX ???
  68 $cgi->param('action') =~
  69     /^(myaccount|view_invoice|make_payment|payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc|change_password|process_change_password)$/
  70   or die "unknown action ". $cgi->param('action');
  71 my $action = $1;
  72
  73 warn "calling $action sub\n"
  74   if $DEBUG;
  75 $FS::SelfService::DEBUG = $DEBUG;
  76 my $result = eval "&$action();";
  77 die $@ if $@;
  78
  79 if ( $result->{error} eq "Can't resume session" ) { #ick
  80   do_template('login',{});
  81   exit;
  82 }
  83
  84 #warn $result->{'open_invoices'};
  85 #warn scalar(@{$result->{'open_invoices'}});
  86
  87 warn "processing template $action\n"
  88   if $DEBUG;
  89 do_template($action, {
  90   'session_id' => $session_id,
  91   'action'     => $action, #so the menu knows what tab we're on...
  92   %{$result}
  93 });
  94
  95 #--
  96
  97 sub myaccount { customer_info( 'session_id' => $session_id ); }
  98
  99 sub view_invoice {
 100
 101   $cgi->param('invnum') =~ /^(\d+)$/ or die "illegal invnum";
 102   my $invnum = $1;
 103
 104   invoice( 'session_id' => $session_id,
 105            'invnum'     => $invnum,
 106          );
 107
 108 }
 109
 110 sub make_payment {
 111   payment_info( 'session_id' => $session_id );
 112 }
 113
 114 sub payment_results {
 115
 116   use Business::CreditCard;
 117
 118   $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
 119     or die "illegal amount"; #!!!
 120   my $amount = $1;
 121
 122   my $payinfo = $cgi->param('payinfo');
 123   $payinfo =~ s/\D//g;
 124   $payinfo =~ /^(\d{13,16})$/
 125     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
 126     or die "illegal card"; #!!!
 127   $payinfo = $1;
 128   validate($payinfo)
 129     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
 130     or die "invalid card"; #!!!
 131
 132   if ( $cgi->param('card_type') ) {
 133     cardtype($payinfo) eq $cgi->param('card_type')
 134       #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type');
 135       or die "not a ". $cgi->param('card_type');
 136   }
 137
 138   $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month";
 139   my $month = $1;
 140   $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year";
 141   my $year = $1;
 142
 143   $cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname";
 144   my $payname = $1;
 145
 146   $cgi->param('address1') =~ /^(.{0,80})$/ or die "illegal address1";
 147   my $address1 = $1;
 148
 149   $cgi->param('address2') =~ /^(.{0,80})$/ or die "illegal address2";
 150   my $address2 = $1;
 151
 152   $cgi->param('city') =~ /^(.{0,80})$/ or die "illegal city";
 153   my $city = $1;
 154
 155   $cgi->param('state') =~ /^(.{2})$/ or die "illegal state";
 156   my $state = $1;
 157
 158   $cgi->param('zip') =~ /^(.{0,10})$/ or die "illegal zip";
 159   my $zip = $1;
 160
 161   my $save = 0;
 162   $save = 1 if $cgi->param('save');
 163
 164   my $auto = 0;
 165   $auto = 1 if $cgi->param('auto');
 166
 167   $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch";
 168   my $paybatch = $1;
 169
 170   process_payment(
 171     'session_id' => $session_id,
 172     'amount'     => $amount,
 173     'payinfo'    => $payinfo,
 174     'month'      => $month,
 175     'year'       => $year,
 176     'payname'    => $payname,
 177     'address1'   => $address1,
 178     'address2'   => $address2,
 179     'city'       => $city,
 180     'state'      => $state,
 181     'zip'        => $zip,
 182     'save'       => $save,
 183     'auto'       => $auto,
 184     'paybatch'   => $paybatch,
 185   );
 186
 187 }
 188
 189 sub recharge_prepay {
 190   customer_info( 'session_id' => $session_id );
 191 }
 192
 193 sub recharge_results {
 194
 195   my $prepaid_cardnum = $cgi->param('prepaid_cardnum');
 196   $prepaid_cardnum =~ s/\W//g;
 197   $prepaid_cardnum =~ /^(\w*)$/ or die "illegal prepaid card number";
 198   $prepaid_cardnum = $1;
 199
 200   process_prepay ( 'session_id'     => $session_id,
 201                    'prepaid_cardnum' => $prepaid_cardnum,
 202                  );
 203 }
 204
 205 sub logout {
 206   FS::SelfService::logout( 'session_id' => $session_id );
 207 }
 208
 209 sub provision {
 210   my $result = list_pkgs( 'session_id' => $session_id );
 211   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
 212   $result;
 213 }
 214
 215 sub provision_svc {
 216
 217   my $result = part_svc_info(
 218     'session_id' => $session_id,
 219     map { $_ => $cgi->param($_) } qw( pkgnum svcpart ),
 220   );
 221   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
 222
 223   $result->{'svcdb'} =~ /^svc_(.*)$/
 224     #or return { 'error' => 'Unknown svcdb '. $result->{'svcdb'} };
 225     or die 'Unknown svcdb '. $result->{'svcdb'};
 226   $action .= "_$1";
 227
 228   $result;
 229 }
 230
 231 sub process_svc_acct {
 232
 233   my $result = provision_acct (
 234     'session_id' => $session_id,
 235     map { $_ => $cgi->param($_) } qw(
 236       pkgnum svcpart username _password _password2 sec_phrase popnum )
 237   );
 238
 239   if ( exists $result->{'error'} && $result->{'error'} ) {
 240     #warn "$result $result->{'error'}";
 241     $action = 'provision_svc_acct';
 242     return {
 243       $cgi->Vars,
 244       %{ part_svc_info( 'session_id' => $session_id,
 245                         map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
 246                       )
 247       },
 248       'error' => $result->{'error'},
 249     };
 250   } else {
 251     #warn "$result $result->{'error'}";
 252     return $result;
 253   }
 254
 255 }
 256
 257 sub process_svc_external {
 258   provision_external (
 259     'session_id' => $session_id,
 260     map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
 261   );
 262 }
 263
 264 sub delete_svc {
 265   unprovision_svc(
 266     'session_id' => $session_id,
 267     'svcnum'     => $cgi->param('svcnum'),
 268   );
 269 }
 270
 271 sub change_password {
 272   list_svcs(
 273     'session_id' => $session_id,
 274     'svcdb'      => 'svc_acct',
 275   );
 276 };
 277
 278 sub process_change_password {
 279
 280   my $result = myaccount_passwd(
 281     'session_id'    => $session_id,
 282     map { $_ => $cgi->param($_) } qw( svcnum new_password new_password2 )
 283   );
 284
 285   if ( exists $result->{'error'} && $result->{'error'} ) {
 286
 287     $action = 'change_password';
 288     return {
 289       $cgi->Vars,
 290       %{ list_svcs( 'session_id' => $session_id,
 291                     'svcdb'      => 'svc_acct',
 292                   )
 293        },
 294       #'svcnum' => $cgi->param('svcnum'),
 295       'error'  => $result->{'error'}
 296     };
 297
 298  } else {
 299
 300    return $result;
 301
 302  }
 303
 304 }
 305
 306 #--
 307
 308 sub do_template {
 309   my $name = shift;
 310   my $fill_in = shift;
 311
 312   $cgi->delete_all();
 313   $fill_in->{'selfurl'} = $cgi->self_url;
 314   $fill_in->{'cgi'} = \$cgi;
 315
 316   my $template = new Text::Template( TYPE    => 'FILE',
 317                                      SOURCE  => "$template_dir/$name.html",
 318                                      DELIMITERS => [ '<%=', '%>' ],
 319                                      UNTAINT => 1,                    )
 320     or die $Text::Template::ERROR;
 321
 322   print $cgi->header( '-expires' => 'now' ),
 323         $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
 324                             HASH    => $fill_in
 325                           );
 326 }
 327
 328 #*FS::SelfService::_selfservicecgi::include = \&Text::Template::fill_in_file;
 329
 330 package FS::SelfService::_selfservicecgi;
 331
 332 #use FS::SelfService qw(regionselector expselect popselector);
 333 use HTML::Entities;
 334 use FS::SelfService qw(popselector);
 335
 336 #false laziness w/agent.cgi
 337 sub include {
 338   my $name = shift;
 339   my $template = new Text::Template( TYPE   => 'FILE',
 340                                      SOURCE => "$main::template_dir/$name.html",
 341                                      DELIMITERS => [ '<%=', '%>' ],
 342                                      UNTAINT => 1,
 343                                    )
 344     or die $Text::Template::ERROR;
 345
 346   $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
 347                       #HASH    => $fill_in
 348                     );
 349
 350 }
 351