-% my $error = '';
-%
-% my $access_user;
-% if ( grep { $cgi->param($_) !~ /^\s*$/ }
-% qw(_password new_password new_password2)
-% ) {
-%
-% my $access_user = qsearchs( 'access_user', {
-% 'username' => getotaker,
-% '_password' => $cgi->param('_password'),
-% } );
-%
-% $error = 'Current password incorrect; password not changed'
-% unless $access_user;
-%
-% $error ||= "New passwords don't match"
-% unless $cgi->param('new_password') eq $cgi->param('new_password2');
-%
-% $error ||= "No new password entered"
-% unless length($cgi->param('new_password'));
-%
-% $access_user->_password($cgi->param('new_password')) unless $error;
-%
-% } else {
-%
-% $access_user = $FS::CurrentUser::CurrentUser;
-%
-% }
-%
-% $error ||= $access_user->replace( { map { $_ => scalar($cgi->param($_)) }
-% qw( menu_position ) #XXX autogen
-% }
-% );
-%
% if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string );
+<% $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string ) %>
% } else {
<% include('/elements/header.html', 'Preferences updated') %>
<% include('/elements/footer.html') %>
% }
+<%init>
+
+if ( FS::Conf->new->exists('disable_acl_changes') ) {
+ errorpage("Preference changes disabled in public demo");
+ die "shouldn't be reached";
+}
+
+my $error = '';
+my $access_user = '';
+
+if ( grep { $cgi->param($_) !~ /^\s*$/ }
+ qw(_password new_password new_password2)
+ ) {
+
+ $access_user = qsearchs( 'access_user', {
+ 'usernum' => $FS::CurrentUser::CurrentUser->usernum,
+ 'username' => $FS::CurrentUser::CurrentUser->username,
+ '_password' => scalar($cgi->param('_password')),
+ } );
+
+ $error = 'Current password incorrect; password not changed'
+ unless $access_user;
+
+ $error ||= "New passwords don't match"
+ unless $cgi->param('new_password') eq $cgi->param('new_password2');
+
+ $error ||= "No new password entered"
+ unless length($cgi->param('new_password'));
+
+ $access_user->_password($cgi->param('new_password')) unless $error;
+
+} else {
+
+ $access_user = $FS::CurrentUser::CurrentUser;
+
+}
+
+#well, if you got your password change wrong, you don't get anything else
+#changed right now. but it should be sticky on the form
+unless ( $error ) { # if ($access_user) {
+
+ my %param = $access_user->options;
+
+ #XXX autogen
+ my @paramlist = qw( locale menu_position default_customer_view
+ history_order
+ spreadsheet_format mobile_menu
+ enable_fuzzy_on_exact
+ disable_html_editor disable_enter_submit_onetimecharge
+ email_address
+ snom-ip snom-username snom-password
+ vonage-fromnumber vonage-username vonage-password
+ cust_pkg-display_times
+ show_pkgnum show_confitem_counts export_getsettings
+ show_db_profile save_db_profile save_tmp_typesetting
+ height width availHeight availWidth colorDepth
+ );
+
+ foreach (@paramlist) {
+ scalar($cgi->param($_)) =~ /^[,.\-\@\w]*$/ && next;
+ $error ||= "Illegal value for parameter $_";
+ last;
+ }
+
+ foreach (@paramlist) {
+ $param{$_} = scalar($cgi->param($_));
+ }
+
+ $error ||= $access_user->replace( \%param );
+
+}
+
+if ( !$error and ($FS::TicketSystem::system || '') eq 'RT_Internal' ) {
+ # sync RT user locale on every update
+ my $locale = $access_user->option('locale');
+ FS::TicketSystem->init;
+ my $UserObj = FS::TicketSystem->session('')->{'CurrentUser'}->UserObj;
+ # Bypass RT ModifySelf ACL
+ $UserObj->CurrentUser( RT::SystemUser );
+ if ( $UserObj->Lang ne $locale ) {
+ my ($val, $msg) = $UserObj->SetLang($locale);
+ $error = $msg if !$val;
+ }
+}
+</%init>
projects / freeside.git / blobdiff