X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=f194746c5e5c528fb9b2eab697ad1281e8accdd8;hp=4ccf1de82acfcf7a7e7cc823ae2bcf151fb5d23d;hb=8f1188e8550992bf3d9078e7a6042420eaf92bd5;hpb=1401eef8b37ea9ffc6a44819a0778697c775dac3 diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 4ccf1de82..f194746c5 100755 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -1,7 +1,7 @@ #!/usr/bin/perl -w use strict; -use vars qw($DEBUG $cgi $session_id $form_max $template_dir); +use vars qw($DEBUG $cgi $session_id $pw_session_id $form_max $template_dir); use subs qw(do_template); use CGI; use CGI::Carp qw(fatalsToBrowser); @@ -12,10 +12,10 @@ use Date::Format; use Date::Parse 'str2time'; use Number::Format 1.50; use FS::SelfService qw( - access_info login_info login customer_info edit_info invoice - payment_info process_payment realtime_collect process_prepay + access_info login_info login customer_info edit_info insert_payby update_payby + invoice payment_info process_payment realtime_collect process_prepay list_pkgs order_pkg signup_info order_recharge - part_svc_info provision_acct provision_external provision_phone + part_svc_info provision_acct provision_external provision_phone provision_forward unprovision_svc change_pkg suspend_pkg domainselector list_svcs list_svc_usage list_cdr_usage list_support_usage myaccount_passwd list_invoices create_ticket get_ticket did_report @@ -23,6 +23,8 @@ use FS::SelfService qw( mason_comp port_graph start_thirdparty finish_thirdparty reset_passwd check_reset_passwd process_reset_passwd + validate_passwd + billing_history ); $template_dir = '.'; @@ -57,6 +59,10 @@ my @actions = ( qw( change_bill change_ship change_pay + change_creditcard_pay + change_check_pay + process_change_creditcard_pay + process_change_check_pay process_change_bill process_change_ship process_change_pay @@ -70,6 +76,7 @@ my @actions = ( qw( process_svc_acct process_svc_phone process_svc_external + process_svc_forward delete_svc view_usage view_usage_details @@ -81,6 +88,9 @@ my @actions = ( qw( process_change_password customer_suspend_pkg process_suspend_pkg + switch_cust + history + validate_password )); my @nologin_actions = (qw( @@ -89,6 +99,7 @@ my @nologin_actions = (qw( process_forgot_password do_process_forgot_password process_forgot_password_session + validate_password_nologin )); push @actions, @nologin_actions; my %nologin_actions = map { $_=>1 } @nologin_actions; @@ -97,7 +108,7 @@ my $action = 'myaccount'; # sensible default if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) { $action = 'process_forgot_password_session'; - $session_id = $1; + $pw_session_id = $1; } elsif ( $cgi->param('action') =~ /^(\w+)$/ ) { if (grep {$_ eq $1} @actions) { $action = $1; @@ -105,7 +116,6 @@ if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) { warn "WARNING: unrecognized action '$1'\n"; } } - unless ( $nologin_actions{$action} ) { my %cookies = CGI::Cookie->fetch; @@ -122,7 +132,7 @@ unless ( $nologin_actions{$action} ) { $cgi->param('password') =~ /^(.{0,$form_max})$/; my $password = $1; - if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) { + if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\+\@]{1,$form_max})\s*$/i ) { my $email = $1; $login_rv = login( @@ -204,6 +214,12 @@ unless ( $nologin_actions{$action} ) { # at this point $session_id is a real session + if ( ! $login_rv->{'custnum'} && ! $login_rv->{'svcnum'} && $login_rv->{'customers'} ) { + #select a customer if we're a multi-contact customer + do_template('select_cust', { %$login_rv } ); + exit; + } + } warn "calling $action sub\n" @@ -212,6 +228,7 @@ $FS::SelfService::DEBUG = $DEBUG; my $result = eval "&$action();"; die $@ if $@; +use Data::Dumper; warn Dumper($result) if $DEBUG; if ( $result->{error} && ( $result->{error} eq "Can't resume session" @@ -237,24 +254,41 @@ do_template($action, { #-- -use Data::Dumper; +sub switch_cust { + $action = 'myaccount'; + FS::SelfService::switch_cust( 'session_id' => $session_id, + 'custnum' => scalar($cgi->param('custnum')), + ); +} + sub myaccount { customer_info( 'session_id' => $session_id ); } -sub change_bill { my $payment_info = - payment_info( 'session_id' => $session_id ); - return $payment_info if ( $payment_info->{'error'} ); - my $customer_info = - customer_info( 'session_id' => $session_id ); - return { - %$payment_info, - %$customer_info, - }; - } +sub change_bill { + my $payby = shift; + my $payment_info; + if ($payby) { + $payment_info = payment_info( 'session_id' => $session_id, 'payment_payby' => $payby, ); + } + else { + $payment_info = payment_info( 'session_id' => $session_id, ); + } + + return $payment_info if ( $payment_info->{'error'} ); + my $customer_info = + customer_info( 'session_id' => $session_id ); + return { + %$payment_info, + %$customer_info, + }; +} sub change_ship { change_bill(@_); } sub change_pay { change_bill(@_); } +sub change_creditcard_pay { change_bill('CARD'); } +sub change_check_pay { change_bill('CHEK'); } + sub _process_change_info { my ($erroraction, @fields) = @_; @@ -279,6 +313,30 @@ sub _process_change_info { } } +sub _process_change_payby { + my ($erroraction, @fields) = @_; + + my $results = ''; + + $results ||= update_payby ( + 'session_id' => $session_id, + map { ($_ => $cgi->param($_)) } grep { defined($cgi->param($_)) } @fields, + ); + + + if ( $results->{'error'} ) { + no strict 'refs'; + $action = $erroraction; + return { + $cgi->Vars, + %{&$action()}, + 'error' => ''. $results->{'error'}. '', + }; + } else { + return $results; + } +} + sub process_change_bill { _process_change_info( 'change_bill', qw( first last company address1 address2 city state @@ -323,6 +381,30 @@ sub process_change_pay { _process_change_info( 'change_pay', @list ); } +sub process_change_creditcard_pay { + my $payby = $cgi->param( 'payby' ); + $cgi->param('paydate', $cgi->param('year') . '-' . $cgi->param('month') . '-01'); + my @list = + qw( payby payinfo payinfo1 payinfo2 paydate payname custpaybynum + address1 address2 city county state zip country auto paytype + paystate ss stateid stateid_state invoicing_list + ); + + _process_change_payby( 'change_creditcard_pay', @list ); +} + +sub process_change_check_pay { + my $payby = $cgi->param( 'payby' ); + $cgi->param('paydate', $cgi->param('year') . '-' . $cgi->param('month') . '-01'); + my @list = + qw( payby payinfo payinfo1 payinfo2 paydate payname custpaybynum + address1 address2 city county state zip country auto paytype + paystate ss stateid stateid_state invoicing_list + ); + + _process_change_payby( 'change_check_pay', @list ); +} + sub view_invoice { $cgi->param('invnum') =~ /^(\d+)$/ or die "illegal invnum"; @@ -338,6 +420,10 @@ sub invoices { list_invoices( 'session_id' => $session_id, ); } +sub history { + billing_history( 'session_id' => $session_id, ); +} + sub tktcreate { my $customer_info = customer_info( 'session_id' => $session_id ); return $customer_info if ( $customer_info->{'error'} ); @@ -560,12 +646,17 @@ sub process_order_recharge { sub make_payment { - my $payment_info = payment_info( 'session_id' => $session_id ); + my $payment_info = payment_info( 'session_id' => $session_id, 'payment_payby' => 'CARD' ); + + my $amount = + ($payment_info->{'balance'} && ($payment_info->{'balance'} > 0)) + ? $payment_info->{'balance'} + : ''; my $tr_amount_fee = mason_comp( 'session_id' => $session_id, 'comp' => '/elements/tr-amount_fee.html', - 'args' => [ 'amount' => $payment_info->{'balance'}, + 'args' => [ 'amount' => $amount, ], ); @@ -578,32 +669,32 @@ sub make_payment { sub payment_results { - use Business::CreditCard 0.30; + use Business::CreditCard 0.35; #we should only do basic checking here for DoS attacks and things #that couldn't be constructed by the web form... let process_payment() do #the rest, it gives better error messages $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ - or die "Illegal amount: ". $cgi->param('amount'); #!!! + or return { 'error' => "Illegal amount: ". $cgi->param('amount') }; #!!! my $amount = $1; my $payinfo = $cgi->param('payinfo'); $payinfo =~ s/[^\dx]//g; - $payinfo =~ /^([\dx]{13,16}|[\dx]{8,9})$/ + $payinfo =~ /^([\dx]{13,19}|[\dx]{8,9})$/ #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo; - or die "illegal card"; #!!! + or return { 'error' => "illegal card" }; #!!! $payinfo = $1; unless ( $payinfo =~ /x/ ) { validate($payinfo) #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo; - or die "invalid card"; #!!! + or return { 'error' => "invalid card" }; #!!! } if ( $cgi->param('card_type') ) { cardtype($payinfo) eq $cgi->param('card_type') #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type'); - or die "not a ". $cgi->param('card_type'); + or return { 'error' => "not a ". $cgi->param('card_type') }; } $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; @@ -676,7 +767,7 @@ sub payment_results { } sub make_ach_payment { - payment_info( 'session_id' => $session_id ); + payment_info( 'session_id' => $session_id, 'payment_payby' => 'CHEK' ); } sub ach_payment_results { @@ -847,7 +938,7 @@ sub provision_svc { my $result = part_svc_info( 'session_id' => $session_id, - map { $_ => $cgi->param($_) } qw( pkgnum svcpart svcnum ), + map { $_ => ($cgi->param($_) || '') } qw( pkgnum svcpart svcnum ), ); die $result->{'error'} if exists $result->{'error'} && $result->{'error'}; @@ -933,6 +1024,33 @@ sub process_svc_external { ); } +sub process_svc_forward { + + my $result = provision_forward ( + 'session_id' => $session_id, + map { $_ => $cgi->param($_) || '' } qw( + pkgnum svcpart srcsvc src dstsvc dst ) + ); + + if ( exists $result->{'error'} && $result->{'error'} ) { + #warn "$result $result->{'error'}"; + $action = 'provision_svc_forward'; + return { + $cgi->Vars, + %{ part_svc_info( 'session_id' => $session_id, + map { $_ => $cgi->param($_) } qw( svcnum pkgnum svcpart ) + ) + }, + 'error' => $result->{'error'}, + }; + } else { + #just go to setup services page, results will be visible there + $action = 'provision'; + return provision(); + } + +} + sub delete_svc { unprovision_svc( 'session_id' => $session_id, @@ -943,7 +1061,7 @@ sub delete_svc { sub view_usage { my $res = list_svcs( 'session_id' => $session_id, - 'svcdb' => [ 'svc_acct', 'svc_phone', 'svc_port', ], + 'svcdb' => [ 'svc_acct', 'svc_broadband', 'svc_phone', 'svc_port', 'svc_pbx' ], 'ncancelled' => 1, ); if ($res->{hide_usage}) { @@ -1057,8 +1175,9 @@ sub process_forgot_password { } sub process_forgot_password_session { + $action = 'process_forgot_password'; check_reset_passwd( - 'session_id' => $session_id, + 'session_id' => $pw_session_id, ); } @@ -1069,6 +1188,22 @@ sub do_process_forgot_password { ); } +sub validate_password { + validate_passwd( + 'session_id' => $session_id, + map { $_ => scalar($cgi->param($_)) } + qw( fieldid svcnum check_password ) + ) +} + +sub validate_password_nologin { + $action = 'validate_password'; #use same landing page + validate_passwd( + map { $_ => scalar($cgi->param($_)) } + qw( fieldid check_password ) + ) +} + #-- sub do_template { @@ -1142,7 +1277,7 @@ package FS::SelfService::_selfservicecgi; use HTML::Entities; use FS::SelfService qw( - regionselector popselector domainselector location_form didselector + regionselector popselector domainselector location_form didselector mason_comp ); #false laziness w/agent.cgi