prevent stuff passed from template/user from being used in searches by signup server

[freeside.git] / fs_signup / fs_signup_server

#!/usr/bin/perl -Tw
#
# fs_signup_server
#

use strict;
use vars qw($pid);
use IO::Handle;
use Storable qw(nstore_fd fd_retrieve);
use Tie::RefHash;
use Net::SSH qw(sshopen2);
use FS::UID qw(adminsuidsetup);
use FS::Conf;
use FS::Record qw( qsearch qsearchs );
use FS::cust_main_county;
use FS::cust_main;
use FS::Msgcat qw(gettext);

use vars qw( $opt $Debug );

$Debug = 2;

my $user = shift or die &usage;
&adminsuidsetup( $user ); 

my $conf = new FS::Conf;

#my @payby = qw(CARD PREPAY);
my @payby = $conf->config('signup_server-payby');
my $smtpmachine = $conf->config('smtpmachine');

my $machine = shift or die &usage;

my $agentnum = shift or die &usage;
my $agent = qsearchs( 'agent', { 'agentnum' => $agentnum } ) or die &usage;
my $pkgpart_href = $agent->pkgpart_hashref;

my $refnum = shift or die &usage;

#causing trouble for some folks
#$SIG{CHLD} = sub { wait() };

$SIG{HUP} = \&killssh;
$SIG{INT} = \&killssh;
$SIG{QUIT} = \&killssh;
$SIG{TERM} = \&killssh;
$SIG{PIPE} = \&killssh;
sub killssh { kill 'TERM', $pid if $pid; exit; };

my($fs_signupd)="/usr/local/sbin/fs_signupd";

while (1) {
  my($reader,$writer)=(new IO::Handle, new IO::Handle);
  #seems to be broken - calling ->flush explicitly# $writer->autoflush(1);
  warn "[fs_signup_server] Connecting to $machine...\n" if $Debug;
  $pid = sshopen2($machine,$reader,$writer,$fs_signupd);

  my @pops = qsearch('svc_acct_pop',{} );
  my $init_data = {

    #'_protocol' => 'signup',
    #'_version' => '0.1',
    #'_packet' => 'init'
  
    'cust_main_county' =>
      [ map { $_->hashref } qsearch('cust_main_county', {}) ],
      
    'part_pkg' =>
      [
        #map { $_->hashref }
        map { { 'payby' => [ $_->payby ], %{$_->hashref} } }
          grep { $_->svcpart('svc_acct') && $pkgpart_href->{ $_->pkgpart } }
            qsearch( 'part_pkg', { 'disabled' => '' } )
      ],

    'agentnum2part_pkg' =>
      {
        map {
          my $href = $_->pkgpart_hashref;
          $_->agentnum =>
            [
              map { { 'payby' => [ $_->payby ], %{$_->hashref} } }
                grep { $_->svcpart('svc_acct') && $href->{ $_->pkgpart } }
                  qsearch( 'part_pkg', { 'disabled' => '' } )
            ];
        } qsearch('agent', {} )
      },

    'svc_acct_pop' => [ map { $_->hashref } @pops ],

    'security_phrase' => $conf->exists('security_phrase'),

    'payby' => [ $conf->config('signup_server-payby') ],

    'msgcat' => { map { $_=>gettext($_) } qw(
      passwords_dont_match invalid_card unknown_card_type not_a
    ) }

  };

  warn "[fs_signup_server] Sending init data...\n" if $Debug;
  nstore_fd($init_data, $writer) or die "can't send init data: $!";
  $writer->flush;

  warn "[fs_signup_server] Entering main loop...\n" if $Debug;
  while (1) {
    warn "[fs_signup_server] Reading (waiting for) signup data...\n" if $Debug;
    my $signup_data = fd_retrieve($reader);

    if ( $Debug > 1 ) {
      warn join('',
        map { "  $_ => ". $signup_data->{$_}. "\n" } keys %$signup_data );
    }

    warn "[fs_signup_server] Processing signup...\n" if $Debug;

    my $error = '';

    #things that aren't necessary in base class, but are for signup server
      #return "Passwords don't match"
      #  if $hashref->{'_password'} ne $hashref->{'_password2'}
    $error ||= gettext('empty_password') unless $signup_data->{'_password'};
    $error ||= gettext('no_access_number_selected')
      unless $signup_data->{'popnum'} || !scalar(@pops);

    #shares some stuff with htdocs/edit/process/cust_main.cgi... take any
    # common that are still here and library them.
    my $cust_main = new FS::cust_main ( {
      #'custnum'          => '',
      'agentnum'         => $signup_data->{agentnum} || $agentnum,
      'refnum'           => $refnum,

      map { $_ => $signup_data->{$_} } qw(
        last first ss company address1 address2 city county state zip country
        daytime night fax payby payinfo paydate payname referral_custnum
      ),

    } );

    $error ||= "Illegal payment type"
      unless grep { $_ eq $signup_data->{'payby'} } @payby;

    my @invoicing_list = split( /\s*\,\s*/, $signup_data->{'invoicing_list'} );

    $signup_data->{'pkgpart'} =~ /^(\d+)$/ or '' =~ /^()$/;
    my $pkgpart = $1;

    my $part_pkg =
      qsearchs( 'part_pkg', { 'pkgpart' => $pkgpart } )
        or $error ||= "WARNING: unknown pkgpart: $pkgpart";
    my $svcpart = $part_pkg->svcpart unless $error;

    my $cust_pkg = new FS::cust_pkg ( {
      #later#'custnum' => $custnum,
      'pkgpart' => $signup_data->{'pkgpart'},
    } );
    $error ||= $cust_pkg->check;

    my $svc_acct = new FS::svc_acct ( {
      'svcpart'   => $svcpart,
      map { $_ => $signup_data->{$_} }
        qw( username _password sec_phrase popnum ),
    } );

    my $y = $svc_acct->setdefault; # arguably should be in new method
    $error ||= $y unless ref($y);

    $error ||= $svc_acct->check;

    use Tie::RefHash;
    tie my %hash, 'Tie::RefHash';
    %hash = ( $cust_pkg => [ $svc_acct ] );
    $error ||= $cust_main->insert( \%hash, \@invoicing_list ); #msgcat

    if ( ! $error && $conf->exists('signup_server-realtime') ) {

      warn "[fs_signup_server] Billing customer...\n" if $Debug;

      my $bill_error = $cust_main->bill;
      warn "[fs_signup_server] error billing new customer: $bill_error"
        if $bill_error;

      $cust_main->apply_payments;
      $cust_main->apply_credits;

      $bill_error = $cust_main->collect;
      warn "[fs_signup_server] error collecting from new customer: $bill_error"
        if $bill_error;

      if ( $cust_main->balance > 0 ) {
        #should check list for errors...
        #$cust_main->suspend;
        $cust_main->cancel;
        $error = '_decline';
      }
    }

    warn "[fs_signup_server] Sending results...\n" if $Debug;
    print $writer $error, "\n";

    next if $error;

    if ( $conf->config('signup_server-email') ) {
      warn "[fs_signup_server] Sending email...\n" if $Debug;

      #false laziness w/FS::cust_bill::send & FS::cust_pay::delete
      use Mail::Header;
      use Mail::Internet;
      use Date::Format;
      my $from = $conf->config('invoice_from'); #??? as good as any
      $ENV{MAILADDRESS} = $from;
      my $header = new Mail::Header ( [
        "From: $from",
        "To: ". $conf->config('signup_server-email'),
        "Sender: $from",
        "Reply-To: $from",
        "Date: ". time2str("%a, %d %b %Y %X %z", time),
        "Subject: FREESIDE NOTIFICATION: Signup Server",
      ] );
      my $body = [
        "This is an automatic message from your Freeside installation\n",
        "informing you a customer has signed up via the signup server:\n",
        "\n",
        'custnum: '. $cust_main->custnum. "\n",
        'Name   : '. $cust_main->last. ", ". $cust_main->first. "\n",
        'Agent  : '. $cust_main->agent->agent. "\n",
        "\n",
      ];
      if ( $cust_main->balance > 0 ) {
        push @$body,
          "This customer has an outstanding balance and has been suspended.\n";
      }
      my $message = new Mail::Internet ( 'Header' => $header, 'Body' => $body );
      $!=0;
      $message->smtpsend( Host => $smtpmachine )
        or $message->smtpsend( Host => $smtpmachine, Debug => 1 )
          or warn "[fs_signup_server] can't send email to ".
                   $conf->config('signup_server-email').
                   " via server $smtpmachine with SMTP: $!";
      #end-of-send mail
    }

  }
  close $writer;
  close $reader;
  warn "connection to $machine lost!  waiting 60 seconds...\n";
  sleep 60;
  warn "reconnecting...\n";
}

sub usage {
  die "Usage:\n\n  fs_signup_server user machine agentnum refnum\n";
}