httemplate/misc/process/change-password.html

   1 % if ( $error ) {
   2 %       if ($svcnum) {
   3 %               $cgi->param('svcnum', $svcnum);
   4 %               $cgi->param("changepw${svcnum}_error", $error);
   5 %       }
   6 %       elsif ($contactnum) {
   7 %               $cgi->param('contactnum', $contactnum);
   8 %               $cgi->param("changepw${contactnum}_error", $error);
   9 %       }
  10 %    $cgi->param('error', $error);
  11 % } else {
  12 %       if ($svcnum) { $cgi->query_string($svcnum); }
  13 %       elsif ($contactnum) { $cgi->query_string($contactnum); }
  14 % }
  15
  16 % if (!$popup) {
  17 %   if ($svcnum) {
  18          <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
  19 %   }
  20 %   elsif ($contactnum) {
  21          <% $cgi->redirect($fsurl.'view/cust_main.cgi?'.$cgi->param('custnum')) %>
  22 %   }
  23 % }
  24
  25 <& /elements/header-popup.html, 'Password Set' &>
  26 <SCRIPT TYPE="text/javascript">
  27   topreload();
  28   parent.cClick();
  29 </SCRIPT>
  30
  31 <%init>
  32 my $curuser = $FS::CurrentUser::CurrentUser;
  33
  34 $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum');
  35 my $svcnum = $1;
  36
  37 foreach my $prefix (grep /^(.*)(password)$/, $cgi->param) {
  38      $cgi->param('password' => $cgi->param($prefix));
  39 }
  40
  41 $cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum');
  42 my $contactnum = $1;
  43
  44 my $popup = $cgi->param('popup');
  45
  46 my $newpass = $cgi->param('password');
  47
  48 my $error;
  49
  50 if ($svcnum) {
  51         my $svc_acct = FS::svc_acct->by_key($svcnum)
  52           or die "svc_acct $svcnum not found";
  53         my $part_svc = $svc_acct->part_svc;
  54         die "access denied" unless (
  55           $curuser->access_right('Provision customer service') or
  56           ( $curuser->access_right('Edit password') and
  57             ! $part_svc->restrict_edit_password )
  58           );
  59
  60         $error = $svc_acct->is_password_allowed($newpass)
  61                 ||  $svc_acct->set_password($newpass)
  62                 ||  $svc_acct->replace;
  63
  64         # annoyingly specific to view/svc_acct.cgi, for now...
  65         $cgi->delete('password');
  66 }
  67 elsif ($contactnum) {
  68         my $contact = qsearchs('contact', { 'contactnum' => $contactnum } )
  69       or return { 'error' => "Contact not found" . $contactnum };
  70
  71         $error = $contact->is_password_allowed($newpass)
  72                 ||  $contact->change_password($newpass);
  73
  74         # annoyingly specific to view/svc_acct.cgi, for now...
  75         #$cgi->delete('password');
  76 }
  77
  78 </%init>