projects / freeside.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
self-service interface: add proper password changer and prevent "Setup my services...
[freeside.git] / fs_selfservice / FS-SelfService / cgi / selfservice.cgi
1 #!/usr/bin/perl -Tw
2
3 use strict;
4 use vars qw($cgi $session_id $form_max $template_dir);
5 use subs qw(do_template);
6 use CGI;
7 use CGI::Carp qw(fatalsToBrowser);
8 use Text::Template;
9 use HTML::Entities;
10 use FS::SelfService qw( login customer_info invoice
11                         payment_info process_payment 
12                         process_prepay
13                         list_pkgs
14                         part_svc_info provision_acct provision_external
15                         unprovision_svc
16                         list_svcs myaccount_passwd
17                       );
18
19 $template_dir = '.';
20
21 $form_max = 255;
22
23 $cgi = new CGI;
24
25 unless ( defined $cgi->param('session') ) {
26   do_template('login',{});
27   exit;
28 }
29
30 if ( $cgi->param('session') eq 'login' ) {
31
32   $cgi->param('username') =~ /^\s*([a-z0-9_\-\.\&]{0,$form_max})\s*$/i
33     or die "illegal username";
34   my $username = $1;
35
36   $cgi->param('domain') =~ /^\s*([\w\-\.]{0,$form_max})\s*$/
37     or die "illegal domain";
38   my $domain = $1;
39
40   $cgi->param('password') =~ /^(.{0,$form_max})$/
41     or die "illegal password";
42   my $password = $1;
43
44   my $rv = login(
45     'username' => $username,
46     'domain'   => $domain,
47     'password' => $password,
48   );
49   if ( $rv->{error} ) {
50     do_template('login', {
51       'error'    => $rv->{error},
52       'username' => $username,
53       'domain'   => $domain,
54     } );
55     exit;
56   } else {
57     $cgi->param('session' => $rv->{session_id} );
58     $cgi->param('action'  => 'myaccount' );
59   }
60 }
61
62 $session_id = $cgi->param('session');
63
64 #order|pw_list XXX ???
65 $cgi->param('action') =~
66     /^(myaccount|view_invoice|make_payment|payment_results|recharge_prepay|recharge_results|logout|change_bill|change_ship|provision|provision_svc|process_svc_acct|process_svc_external|delete_svc|change_password|process_change_password)$/
67   or die "unknown action ". $cgi->param('action');
68 my $action = $1;
69
70 my $result = eval "&$action();";
71 die $@ if $@;
72
73 if ( $result->{error} eq "Can't resume session" ) { #ick
74   do_template('login',{});
75   exit;
76 }
77
78 #warn $result->{'open_invoices'};
79 #warn scalar(@{$result->{'open_invoices'}});
80
81 warn "processing template $action\n";
82 do_template($action, {
83   'session_id' => $session_id,
84   'action'     => $action, #so the menu knows what tab we're on...
85   %{$result}
86 });
87
88 #--
89
90 sub myaccount { customer_info( 'session_id' => $session_id ); }
91
92 sub view_invoice {
93
94   $cgi->param('invnum') =~ /^(\d+)$/ or die "illegal invnum";
95   my $invnum = $1;
96
97   invoice( 'session_id' => $session_id,
98            'invnum'     => $invnum,
99          );
100
101 }
102
103 sub make_payment {
104   payment_info( 'session_id' => $session_id );
105 }
106
107 sub payment_results {
108
109   use Business::CreditCard;
110
111   $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
112     or die "illegal amount"; #!!!
113   my $amount = $1;
114
115   my $payinfo = $cgi->param('payinfo');
116   $payinfo =~ s/\D//g;
117   $payinfo =~ /^(\d{13,16})$/
118     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
119     or die "illegal card"; #!!!
120   $payinfo = $1;
121   validate($payinfo)
122     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
123     or die "invalid card"; #!!!
124   cardtype($payinfo) eq $cgi->param('card_type')
125     #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type');
126     or die "not a ". $cgi->param('card_type');
127
128   $cgi->param('month') =~ /^(\d{2})$/ or die "illegal month";
129   my $month = $1;
130   $cgi->param('year') =~ /^(\d{4})$/ or die "illegal year";
131   my $year = $1;
132
133   $cgi->param('payname') =~ /^(.{0,80})$/ or die "illegal payname";
134   my $payname = $1;
135
136   $cgi->param('address1') =~ /^(.{0,80})$/ or die "illegal address1";
137   my $address1 = $1;
138
139   $cgi->param('address2') =~ /^(.{0,80})$/ or die "illegal address2";
140   my $address2 = $1;
141
142   $cgi->param('city') =~ /^(.{0,80})$/ or die "illegal city";
143   my $city = $1;
144
145   $cgi->param('state') =~ /^(.{2})$/ or die "illegal state";
146   my $state = $1;
147
148   $cgi->param('zip') =~ /^(.{0,10})$/ or die "illegal zip";
149   my $zip = $1;
150
151   my $save = 0;
152   $save = 1 if $cgi->param('save');
153
154   my $auto = 0;
155   $auto = 1 if $cgi->param('auto');
156
157   $cgi->param('paybatch') =~ /^([\w\-\.]+)$/ or die "illegal paybatch";
158   my $paybatch = $1;
159
160   process_payment(
161     'session_id' => $session_id,
162     'amount'     => $amount,
163     'payinfo'    => $payinfo,
164     'month'      => $month,
165     'year'       => $year,
166     'payname'    => $payname,
167     'address1'   => $address1,
168     'address2'   => $address2,
169     'city'       => $city,
170     'state'      => $state,
171     'zip'        => $zip,
172     'save'       => $save,
173     'auto'       => $auto,
174     'paybatch'   => $paybatch,
175   );
176
177 }
178
179 sub recharge_prepay {
180   customer_info( 'session_id' => $session_id );
181 }
182
183 sub recharge_results {
184
185   my $prepaid_cardnum = $cgi->param('prepaid_cardnum');
186   $prepaid_cardnum =~ s/\W//g;
187   $prepaid_cardnum =~ /^(\w*)$/ or die "illegal prepaid card number";
188   $prepaid_cardnum = $1;
189
190   process_prepay ( 'session_id'     => $session_id,
191                    'prepaid_cardnum' => $prepaid_cardnum,
192                  );
193 }
194
195 sub logout {
196   FS::SelfService::logout( 'session_id' => $session_id );
197 }
198
199 sub provision {
200   my $result = list_pkgs( 'session_id' => $session_id );
201   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
202   $result;
203 }
204
205 sub provision_svc {
206
207   my $result = part_svc_info(
208     'session_id' => $session_id,
209     map { $_ => $cgi->param($_) } qw( pkgnum svcpart ),
210   );
211   die $result->{'error'} if exists $result->{'error'} && $result->{'error'};
212
213   $result->{'svcdb'} =~ /^svc_(.*)$/
214     #or return { 'error' => 'Unknown svcdb '. $result->{'svcdb'} };
215     or die 'Unknown svcdb '. $result->{'svcdb'};
216   $action .= "_$1";
217
218   $result;
219 }
220
221 sub process_svc_acct {
222
223   my $result = provision_acct (
224     'session_id' => $session_id,
225     map { $_ => $cgi->param($_) } qw(
226       pkgnum svcpart username _password _password2 sec_phrase popnum )
227   );
228
229   if ( exists $result->{'error'} && $result->{'error'} ) { 
230     #warn "$result $result->{'error'}"; 
231     $action = 'provision_svc_acct';
232     return {
233       $cgi->Vars,
234       %{ part_svc_info( 'session_id' => $session_id,
235                         map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
236                       )
237       },
238       'error' => $result->{'error'},
239     };
240   } else {
241     #warn "$result $result->{'error'}"; 
242     return $result;
243   }
244
245 }
246
247 sub process_svc_external {
248   provision_external (
249     'session_id' => $session_id,
250     map { $_ => $cgi->param($_) } qw( pkgnum svcpart )
251   );
252 }
253
254 sub delete_svc {
255   unprovision_svc(
256     'session_id' => $session_id,
257     'svcnum'     => $cgi->param('svcnum'),
258   );
259 }
260
261 sub change_password {
262   list_svcs(
263     'session_id' => $session_id,
264     'svcdb'      => 'svc_acct',
265   );
266 };
267
268 sub process_change_password {
269
270   my $result = myaccount_passwd(
271     'session_id'    => $session_id,
272     map { $_ => $cgi->param($_) } qw( svcnum new_password new_password2 )
273   );
274
275   if ( exists $result->{'error'} && $result->{'error'} ) { 
276
277     $action = 'change_password';
278     return {
279       $cgi->Vars,
280       %{ list_svcs( 'session_id' => $session_id,
281                     'svcdb'      => 'svc_acct',
282                   )
283        },
284       #'svcnum' => $cgi->param('svcnum'),
285       'error'  => $result->{'error'}
286     };
287
288  } else {
289
290    return $result;
291
292  }
293
294 }
295
296 #--
297
298 sub do_template {
299   my $name = shift;
300   my $fill_in = shift;
301
302   $cgi->delete_all();
303   $fill_in->{'selfurl'} = $cgi->self_url;
304   $fill_in->{'cgi'} = \$cgi;
305
306   my $template = new Text::Template( TYPE    => 'FILE',
307                                      SOURCE  => "$template_dir/$name.html",
308                                      DELIMITERS => [ '<%=', '%>' ],
309                                      UNTAINT => 1,                    )
310     or die $Text::Template::ERROR;
311
312   print $cgi->header( '-expires' => 'now' ),
313         $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
314                             HASH    => $fill_in
315                           );
316 }
317
318 #*FS::SelfService::_selfservicecgi::include = \&Text::Template::fill_in_file;
319
320 package FS::SelfService::_selfservicecgi;
321
322 #use FS::SelfService qw(regionselector expselect popselector);
323 use HTML::Entities;
324 use FS::SelfService qw(popselector);
325
326 #false laziness w/agent.cgi
327 sub include {
328   my $name = shift;
329   my $template = new Text::Template( TYPE   => 'FILE',
330                                      SOURCE => "$main::template_dir/$name.html",
331                                      DELIMITERS => [ '<%=', '%>' ],
332                                      UNTAINT => 1,                   
333                                    )
334     or die $Text::Template::ERROR;
335
336   $template->fill_in( PACKAGE => 'FS::SelfService::_selfservicecgi',
337                       #HASH    => $fill_in
338                     );
339
340 }
341
Freeside billing, trouble ticketing, network monitoring and provisioning