httemplate/misc/process/change-password.html

   1 % if ( $error ) {
   2 %       if ($svcnum) {
   3 %               $cgi->param('svcnum', $svcnum);
   4 %               $cgi->param("changepw${svcnum}_error", $error);
   5 %       }
   6 %       elsif ($contactnum) {
   7 %               $cgi->param('contactnum', $contactnum);
   8 %               $cgi->param("changepw${contactnum}_error", $error);
   9 %       }
  10 %    $cgi->param('error', $error);
  11 % } else {
  12 %       if ($svcnum) { $cgi->query_string($svcnum); }
  13 %       elsif ($contactnum) { $cgi->query_string($contactnum); }
  14 % }
  15
  16 % if (!$popup) {
  17 %   if ($svcnum) {
  18          <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
  19 %   }
  20 %   elsif ($contactnum) {
  21       <% $cgi->redirect($fsurl.'view/cust_main.cgi?'.$cgi->param('custnum')) %>
  22 %   }
  23 % }
  24
  25 <& /elements/header-popup.html, 'Password Set' &>
  26 <SCRIPT TYPE="text/javascript">
  27   topreload();
  28   parent.cClick();
  29 </SCRIPT>
  30
  31 <%init>
  32 my $curuser = $FS::CurrentUser::CurrentUser;
  33 my $contact;
  34
  35 $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum');
  36 my $svcnum = $1;
  37
  38 foreach my $prefix (grep /^(.*)(password)$/, $cgi->param) {
  39      $cgi->param('password' => $cgi->param($prefix));
  40 }
  41
  42 $cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum');
  43 my $contactnum = $1;
  44
  45 my $popup = $cgi->param('popup');
  46
  47 my $newpass = $cgi->param('password');
  48
  49 my $error;
  50
  51 if ($svcnum) {
  52         my $svc_acct = FS::svc_acct->by_key($svcnum)
  53           or die "svc_acct $svcnum not found";
  54         my $part_svc = $svc_acct->part_svc;
  55         die "access denied" unless (
  56           $curuser->access_right('Provision customer service') or
  57           ( $curuser->access_right('Edit password') and
  58             ! $part_svc->restrict_edit_password )
  59           );
  60
  61         $error = $svc_acct->is_password_allowed($newpass)
  62                 ||  $svc_acct->set_password($newpass)
  63                 ||  $svc_acct->replace;
  64
  65         # annoyingly specific to view/svc_acct.cgi, for now...
  66         $cgi->delete('password');
  67 }
  68 elsif ($contactnum) {
  69         $contact = qsearchs('contact', { 'contactnum' => $contactnum } )
  70       or return { 'error' => "Contact not found" . $contactnum };
  71
  72         $error = $contact->is_password_allowed($newpass)
  73                 ||  $contact->change_password($newpass);
  74
  75         # annoyingly specific to view/svc_acct.cgi, for now...
  76         #$cgi->delete('password');
  77 }
  78
  79 </%init>