19 digit visa and discover cards

[freeside.git] / fs_selfservice / FS-SelfService / cgi / selfservice.cgi

diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index b2ebaef..3915dca 100755 (executable)
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -23,6 +23,7 @@ use FS::SelfService qw(
   mason_comp port_graph
   start_thirdparty finish_thirdparty
   reset_passwd check_reset_passwd process_reset_passwd
+  validate_passwd
   billing_history
 );
 
@@ -85,6 +86,7 @@ my @actions = ( qw(
   process_suspend_pkg
   switch_cust
   history
+  validate_password
 ));
 
 my @nologin_actions = (qw(
@@ -93,6 +95,7 @@ my @nologin_actions = (qw(
   process_forgot_password
   do_process_forgot_password
   process_forgot_password_session
+  validate_password_nologin
 ));
 push @actions, @nologin_actions;
 my %nologin_actions = map { $_=>1 } @nologin_actions;
@@ -109,7 +112,6 @@ if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) {
     warn "WARNING: unrecognized action '$1'\n";
   }
 }
-
 unless ( $nologin_actions{$action} ) {
 
   my %cookies = CGI::Cookie->fetch;
@@ -581,7 +583,7 @@ sub process_order_recharge {
 
 sub make_payment {
 
-  my $payment_info = payment_info( 'session_id' => $session_id );
+  my $payment_info = payment_info( 'session_id' => $session_id, 'payment_payby' => 'CARD' );
 
   my $amount = 
     ($payment_info->{'balance'} && ($payment_info->{'balance'} > 0))
@@ -604,32 +606,32 @@ sub make_payment {
 
 sub payment_results {
 
-  use Business::CreditCard 0.30;
+  use Business::CreditCard 0.35;
 
   #we should only do basic checking here for DoS attacks and things
   #that couldn't be constructed by the web form...  let process_payment() do
   #the rest, it gives better error messages
 
   $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
-    or die "Illegal amount: ". $cgi->param('amount'); #!!!
+    or return { 'error' => "Illegal amount: ". $cgi->param('amount') }; #!!!
   my $amount = $1;
 
   my $payinfo = $cgi->param('payinfo');
   $payinfo =~ s/[^\dx]//g;
-  $payinfo =~ /^([\dx]{13,16}|[\dx]{8,9})$/
+  $payinfo =~ /^([\dx]{13,19}|[\dx]{8,9})$/
     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
-    or die "illegal card"; #!!!
+    or return { 'error' => "illegal card" }; #!!!
   $payinfo = $1;
   unless ( $payinfo =~ /x/ ) {
     validate($payinfo)
       #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
-      or die "invalid card"; #!!!
+      or return { 'error' => "invalid card" }; #!!!
   }
 
   if ( $cgi->param('card_type') ) {
     cardtype($payinfo) eq $cgi->param('card_type')
       #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type');
-      or die "not a ". $cgi->param('card_type');
+      or return { 'error' => "not a ". $cgi->param('card_type') };
   }
 
   $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2";
@@ -702,7 +704,7 @@ sub payment_results {
 }
 
 sub make_ach_payment {
-  payment_info( 'session_id' => $session_id );
+  payment_info( 'session_id' => $session_id, 'payment_payby' => 'CHEK' );
 }
 
 sub ach_payment_results {
@@ -996,7 +998,7 @@ sub delete_svc {
 sub view_usage {
   my $res = list_svcs(
     'session_id'  => $session_id,
-    'svcdb'       => [ 'svc_acct', 'svc_phone', 'svc_port', 'svc_pbx' ],
+    'svcdb'       => [ 'svc_acct', 'svc_broadband', 'svc_phone', 'svc_port', 'svc_pbx' ],
     'ncancelled'  => 1,
   );
   if ($res->{hide_usage}) {
@@ -1123,6 +1125,22 @@ sub do_process_forgot_password {
   );
 }
 
+sub validate_password {
+  validate_passwd(
+    'session_id' => $session_id,
+    map { $_ => scalar($cgi->param($_)) }
+      qw( fieldid svcnum check_password )
+  )
+}
+
+sub validate_password_nologin {
+  $action = 'validate_password'; #use same landing page
+  validate_passwd(
+    map { $_ => scalar($cgi->param($_)) }
+      qw( fieldid check_password )
+  )
+}
+
 #--
 
 sub do_template {