default to a session cookie instead of setting an explicit timeout, weird timezone...

[freeside.git] / httemplate / misc / process / change-password.html

% if ( $error ) {
%       if ($svcnum) {
%               $cgi->param('svcnum', $svcnum);
%               $cgi->param("changepw${svcnum}_error", $error);
%       }
%       elsif ($contactnum) {
%               $cgi->param('contactnum', $contactnum);
%               $cgi->param("changepw${contactnum}_error", $error);
%       }
%    $cgi->param('error', $error);
% } else {
%       if ($svcnum) { $cgi->query_string($svcnum); }
%       elsif ($contactnum) { $cgi->query_string($contactnum); }
% }

% if (!$popup) {
%   if ($svcnum) { 
         <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
%   }
%   elsif ($contactnum) { 
%     my $freeside_status = "Contact ".$contact->{'Hash'}->{'first'}." ".$contact->{'Hash'}->{'last'}." password updated.";
         <% $cgi->redirect( -uri    => popurl(3). "view/cust_main.cgi?". $cgi->param('custnum'),
                   -cookie => CGI::Cookie->new(
                     -name    => 'freeside_status',
                     -value   => mt($freeside_status),
                     -expires => '+5m',
                   ),
   )
%>
%   }
% }

<& /elements/header-popup.html, 'Password Set' &>
<SCRIPT TYPE="text/javascript">
  topreload();
  parent.cClick();
</SCRIPT>

<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
my $contact;

$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum');
my $svcnum = $1;

foreach my $prefix (grep /^(.*)(password)$/, $cgi->param) {
     $cgi->param('password' => $cgi->param($prefix));
}

$cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum');
my $contactnum = $1;

my $popup = $cgi->param('popup');

my $newpass = $cgi->param('password');

my $error;

if ($svcnum) {
        my $svc_acct = FS::svc_acct->by_key($svcnum)
          or die "svc_acct $svcnum not found";
        my $part_svc = $svc_acct->part_svc;
        die "access denied" unless (
          $curuser->access_right('Provision customer service') or
          ( $curuser->access_right('Edit password') and 
            ! $part_svc->restrict_edit_password )
          );

        $error = $svc_acct->is_password_allowed($newpass)
                ||  $svc_acct->set_password($newpass)
                ||  $svc_acct->replace;

        # annoyingly specific to view/svc_acct.cgi, for now...
        $cgi->delete('password');
}
elsif ($contactnum) {
        $contact = qsearchs('contact', { 'contactnum' => $contactnum } )
      or return { 'error' => "Contact not found" . $contactnum };

        $error = $contact->is_password_allowed($newpass)
                ||  $contact->change_password($newpass);

        # annoyingly specific to view/svc_acct.cgi, for now...
        #$cgi->delete('password');
}

</%init>