<%doc> Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is only acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise create an empty dummy svc_acct) and 'fieldid' (for html post-processing, passed along in results for convenience.) Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is valid), 'error' (error text if password is invalid) or 'syserror' (error text if password could not be validated.) Only one of these keys will be set. Will also set 'fieldid' if it was passed. <% encode_json($result) %> <%init> my $validate_password = sub { my %arg = $cgi->param('arg'); my %result; $result{'fieldid'} = $arg{'fieldid'} if $arg{'fieldid'} =~ /^\w+$/; $result{'syserror'} = 'Request is not POST' unless $cgi->request_method eq 'POST'; return \%result if $result{'syserror'}; my $password = $arg{'password'}; $result{'syserror'} = 'Invoked without password' unless $password; return \%result if $result{'syserror'}; if ($arg{'contactnum'}) { my $contactnum = $arg{'contactnum'}; $result{'syserror'} = 'Invalid contactnum' unless $contactnum =~ /^\d*$/; return \%result if $result{'syserror'}; my $contact = $contactnum ? qsearchs('contact',{'contactnum' => $contactnum}) : ''; $result{'error'} = $contact->is_password_allowed($password); } if ($arg{'svcnum'}) { my $svcnum = $arg{'svcnum'}; $result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/; return \%result if $result{'syserror'}; my $svc_acct = $svcnum ? qsearchs('svc_acct',{'svcnum' => $svcnum}) : (new FS::svc_acct {}); $result{'syserror'} = 'Could not find service' unless $svc_acct; return \%result if $result{'syserror'}; $result{'error'} = $svc_acct->is_password_allowed($password); } # $result{'error'} = $svc_acct->is_password_allowed($password); $result{'valid'} = 1 unless $result{'error'}; return \%result; }; my $result = ($cgi->param('sub') eq 'validate_password') ? &$validate_password() : { 'syserror' => 'Invalid sub' };