2 % $cgi->param('error', $error);
3 <% $cgi->redirect(popurl(3). 'misc/order_pkg.html?'. $cgi->query_string ) %>
5 % my $frag = "cust_pkg". $cust_pkg->pkgnum;
6 <% header('Package ordered') %>
7 <SCRIPT TYPE="text/javascript">
8 // XXX fancy ajax rebuild table at some point, but a page reload will do for now
10 // XXX chop off trailing #target and replace... ?
11 window.top.location = '<% popurl(3). "view/cust_main.cgi?keywords=$custnum;fragment=$frag#$frag" %>';
20 unless $FS::CurrentUser::CurrentUser->access_right('Order customer package');
22 #untaint custnum (probably not necessary, searching for it is escape enough)
23 $cgi->param('custnum') =~ /^(\d+)$/
24 or die 'illegal custnum '. $cgi->param('custnum');
26 my $cust_main = qsearchs({
27 'table' => 'cust_main',
28 'hashref' => { 'custnum' => $custnum },
29 'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
31 die 'unknown custnum' unless $cust_main;
33 #probably not necessary, taken care of by cust_pkg::check
34 $cgi->param('pkgpart') =~ /^(\d+)$/
35 or die 'illegal pkgpart '. $cgi->param('pkgpart');
37 $cgi->param('refnum') =~ /^(\d*)$/
38 or die 'illegal refnum '. $cgi->param('refnum');
40 $cgi->param('locationnum') =~ /^(\-?\d*)$/
41 or die 'illegal locationnum '. $cgi->param('locationnum');
44 my $cust_pkg = new FS::cust_pkg {
45 'custnum' => $custnum,
46 'pkgpart' => $pkgpart,
48 'locationnum' => $locationnum,
51 my %opt = ( 'cust_pkg' => $cust_pkg );
53 if ( $locationnum == -1 ) {
54 my $cust_location = new FS::cust_location {
55 map { $_ => scalar($cgi->param($_)) }
56 qw( custnum address1 address2 city county state zip country )
58 $opt{'cust_location'} = $cust_location;
61 my $error = $cust_main->order_pkg( %opt );