httemplate/misc/process/change-password.html

   1 % if ( $error ) {
   2 %       if ($svcnum) {
   3 %               $cgi->param('svcnum', $svcnum);
   4 %               $cgi->param("changepw${svcnum}_error", $error);
   5 %       }
   6 %       elsif ($contactnum) {
   7 %               $cgi->param('contactnum', $contactnum);
   8 %               $cgi->param("changepw${contactnum}_error", $error);
   9 %       }
  10 %    $cgi->param('error', $error);
  11 % } else {
  12 %       if ($svcnum) { $cgi->query_string($svcnum); }
  13 %       elsif ($contactnum) { $cgi->query_string($contactnum); }
  14 % }
  15
  16 % if (!$popup) {
  17 %   if ($svcnum) {
  18          <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
  19 %   }
  20 %   elsif ($contactnum) {
  21          <% $cgi->redirect($fsurl.'edit/cust_main-contacts.html?'.$cgi->param('custnum')) %>
  22 %   }
  23 % }
  24
  25 <& /elements/header-popup.html, 'Password Set' &>
  26 <SCRIPT TYPE="text/javascript">
  27   topreload();
  28   parent.cClick();
  29 </SCRIPT>
  30
  31 <%init>
  32 my $curuser = $FS::CurrentUser::CurrentUser;
  33
  34 $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum');
  35 my $svcnum = $1;
  36
  37 $cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum');
  38 my $contactnum = $1;
  39
  40 my $popup = $cgi->param('popup');
  41
  42 my $newpass = $cgi->param('password');
  43
  44 my $error;
  45
  46 if ($svcnum) {
  47         my $svc_acct = FS::svc_acct->by_key($svcnum)
  48           or die "svc_acct $svcnum not found";
  49         my $part_svc = $svc_acct->part_svc;
  50         die "access denied" unless (
  51           $curuser->access_right('Provision customer service') or
  52           ( $curuser->access_right('Edit password') and
  53             ! $part_svc->restrict_edit_password )
  54           );
  55
  56         $error = $svc_acct->is_password_allowed($newpass)
  57                 ||  $svc_acct->set_password($newpass)
  58                 ||  $svc_acct->replace;
  59
  60         # annoyingly specific to view/svc_acct.cgi, for now...
  61         $cgi->delete('password');
  62 }
  63 elsif ($contactnum) {
  64         my $contact = qsearchs('contact', { 'contactnum' => $contactnum } )
  65       or return { 'error' => "Contact not found" . $contactnum };
  66
  67         $error = $contact->is_password_allowed($newpass)
  68                 ||  $contact->change_password($newpass);
  69
  70         # annoyingly specific to view/svc_acct.cgi, for now...
  71         #$cgi->delete('password');
  72 }
  73
  74 </%init>