prevent stuff passed from template/user from being used in searches by signup server

[freeside.git] / fs_signup / fs_signup_server

diff --git a/fs_signup/fs_signup_server b/fs_signup/fs_signup_server
index 4abdafc..70045e6 100755 (executable)
--- a/fs_signup/fs_signup_server
+++ b/fs_signup/fs_signup_server
@@ -67,11 +67,25 @@ while (1) {
       
     'part_pkg' =>
       [
-        map { $_->hashref }
+        #map { $_->hashref }
+        map { { 'payby' => [ $_->payby ], %{$_->hashref} } }
           grep { $_->svcpart('svc_acct') && $pkgpart_href->{ $_->pkgpart } }
             qsearch( 'part_pkg', { 'disabled' => '' } )
       ],
 
+    'agentnum2part_pkg' =>
+      {
+        map {
+          my $href = $_->pkgpart_hashref;
+          $_->agentnum =>
+            [
+              map { { 'payby' => [ $_->payby ], %{$_->hashref} } }
+                grep { $_->svcpart('svc_acct') && $href->{ $_->pkgpart } }
+                  qsearch( 'part_pkg', { 'disabled' => '' } )
+            ];
+        } qsearch('agent', {} )
+      },
+
     'svc_acct_pop' => [ map { $_->hashref } @pops ],
 
     'security_phrase' => $conf->exists('security_phrase'),
@@ -128,18 +142,14 @@ while (1) {
 
     my @invoicing_list = split( /\s*\,\s*/, $signup_data->{'invoicing_list'} );
 
+    $signup_data->{'pkgpart'} =~ /^(\d+)$/ or '' =~ /^()$/;
+    my $pkgpart = $1;
+
     my $part_pkg =
-      qsearchs( 'part_pkg', { 'pkgpart' => $signup_data->{'pkgpart'} } )
-        or $error ||= "WARNING: unknown pkgpart ". $signup_data->{pkgpart};
+      qsearchs( 'part_pkg', { 'pkgpart' => $pkgpart } )
+        or $error ||= "WARNING: unknown pkgpart: $pkgpart";
     my $svcpart = $part_pkg->svcpart unless $error;
 
-    # this should wind up in FS::cust_pkg!
-    my $agent = qsearchs( 'agent', { 'agentnum' => $agentnum } );
-    #my $pkgpart_href = $agent->pkgpart_hashref;
-    $error ||= "WARNING: agent $agentnum can't purchase pkgpart ".
-               $signup_data->{pkgpart}
-      unless $pkgpart_href->{ $signup_data->{pkgpart} };
-
     my $cust_pkg = new FS::cust_pkg ( {
       #later#'custnum' => $custnum,
       'pkgpart' => $signup_data->{'pkgpart'},
@@ -162,12 +172,7 @@ while (1) {
     %hash = ( $cust_pkg => [ $svc_acct ] );
     $error ||= $cust_main->insert( \%hash, \@invoicing_list ); #msgcat
 
-    warn "[fs_signup_server] Sending results...\n" if $Debug;
-    print $writer $error, "\n";
-
-    next if $error;
-
-    if ( $conf->exists('signup_server-realtime') ) {
+    if ( ! $error && $conf->exists('signup_server-realtime') ) {
 
       warn "[fs_signup_server] Billing customer...\n" if $Debug;
 
@@ -182,12 +187,19 @@ while (1) {
       warn "[fs_signup_server] error collecting from new customer: $bill_error"
         if $bill_error;
 
-      if ( $cust_main->balance ) {
+      if ( $cust_main->balance > 0 ) {
         #should check list for errors...
-        $cust_main->suspend;
+        #$cust_main->suspend;
+        $cust_main->cancel;
+        $error = '_decline';
       }
     }
 
+    warn "[fs_signup_server] Sending results...\n" if $Debug;
+    print $writer $error, "\n";
+
+    next if $error;
+
     if ( $conf->config('signup_server-email') ) {
       warn "[fs_signup_server] Sending email...\n" if $Debug;
 
@@ -214,7 +226,7 @@ while (1) {
         'Agent  : '. $cust_main->agent->agent. "\n",
         "\n",
       ];
-      if ( $cust_main->balance ) {
+      if ( $cust_main->balance > 0 ) {
         push @$body,
           "This customer has an outstanding balance and has been suspended.\n";
       }