2 Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is
3 only acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise
4 create an empty dummy svc_acct), 'pkgnum' (for when the svc_acct isn't yet
5 inserted), and 'fieldid' (for html post-processing, passed along in results
8 Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is
9 valid), 'error' (error text if password is invalid) or 'syserror' (error text
10 if password could not be validated.) Only one of these keys will be set.
11 Will also set 'fieldid' if it was passed.
14 <% encode_json($result) %>
18 my $validate_password = sub {
19 my %arg = $cgi->param('arg');
22 $result{'fieldid'} = $arg{'fieldid'}
23 if $arg{'fieldid'} =~ /^\w+$/;
25 $result{'syserror'} = 'Request is not POST' unless $cgi->request_method eq 'POST';
26 return \%result if $result{'syserror'};
28 my $password = $arg{'password'};
29 $result{'syserror'} = 'Invoked without password' unless $password;
30 return \%result if $result{'syserror'};
32 my $svcnum = $arg{'svcnum'};
33 $result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/;
34 return \%result if $result{'syserror'};
36 my $pkgnum = $arg{'pkgnum'};
37 $result{'syserror'} = 'Invalid pkgnum' unless $pkgnum =~ /^\d*$/;
38 return \%result if $result{'syserror'};
40 my $svc_acct = $svcnum
41 ? qsearchs('svc_acct',{'svcnum' => $svcnum})
42 : FS::svc_acct->new({ 'pkgnum' => $pkgnum });
43 $result{'syserror'} = 'Could not find service' unless $svc_acct;
44 return \%result if $result{'syserror'};
46 $result{'error'} = $svc_acct->is_password_allowed($password);
47 $result{'valid'} = 1 unless $result{'error'};
51 my $result = ($cgi->param('sub') eq 'validate_password')
52 ? &$validate_password()
53 : { 'syserror' => 'Invalid sub' };
projects / freeside.git / blob