X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2FClientAPI%2FFreeside.pm;h=dcd3ed6e9a7143f3a0fa6f34131e14dfa7a885c7;hp=90fa55018176cde7e1f040e0ba2b7a4224e8df12;hb=db27e4da24fa49d91215bd8ef7a05895fa58c0f6;hpb=a2408d6aa3cce0e3673ae75d14414178c4c24987

diff --git a/FS/FS/ClientAPI/Freeside.pm b/FS/FS/ClientAPI/Freeside.pm
index 90fa55018..dcd3ed6e9 100644
--- a/FS/FS/ClientAPI/Freeside.pm
+++ b/FS/FS/ClientAPI/Freeside.pm
@@ -8,7 +8,7 @@ use FS::svc_external;
 use FS::webservice_log;
 
 #$DEBUG = 0;
-#$me = '[FS::ClientAPI::PrepaidPhone]';
+#$me = '[FS::ClientAPI:Freeside]';
 
 # inputs:
 #   support-key
@@ -17,6 +17,7 @@ use FS::webservice_log;
 #
 # returns:
 #   error (empty, or error message)
+#   custnum
 
 sub freesideinc_service {
   my $packet = shift;
@@ -36,8 +37,12 @@ sub freesideinc_service {
                      '_password' => $_password,
                    },
     'extra_sql' => "AND svcpart = $svcpart",
-  })
-    or return { 'error' => 'bad support-key' };
+  });
+  unless ( $svc_external ) {
+    warn "bad support-key for $username from $ENV{REMOTE_IP}\n";
+    sleep 5; #ideally also rate-limit and eventually ban their IP
+    return { 'error' => 'bad support-key' };
+  }
 
   #XXX check if some customers can use some API calls, rate-limiting, etc.
   # but for now, everybody can use everything