X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fpref%2Fpref-process.html;h=1b18d2ec8b850ccea0d6df23a2df22626483693f;hp=09eb71a7e783ea29011938f84e0223749bd275e4;hb=11bbf29de447fe39e9d7155fe280a0df70fa8c3c;hpb=b96629eb08231f78f334f78c0bd6c277c60844fa

diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html
index 09eb71a7e..1b18d2ec8 100644
--- a/httemplate/pref/pref-process.html
+++ b/httemplate/pref/pref-process.html
@@ -1,57 +1,100 @@
-% my $error = '';
-%
-% my $access_user;
-% if ( grep { $cgi->param($_) !~ /^\s*$/ }
-%           qw(_password new_password new_password2)
-%    ) {
-%
-%   $access_user = qsearchs( 'access_user', {
-%     'username'  => getotaker,
-%     '_password' => $cgi->param('_password'),
-%   } );
-%
-%   $error = 'Current password incorrect; password not changed'
-%     unless $access_user;
-%
-%   $error ||= "New passwords don't match"
-%     unless $cgi->param('new_password') eq $cgi->param('new_password2');
-%
-%   $error ||= "No new password entered"
-%    unless length($cgi->param('new_password'));
-% 
-%   $access_user->_password($cgi->param('new_password')) unless $error;
-%
-% } else {
-%
-%   $access_user = $FS::CurrentUser::CurrentUser;
-%
-% }
-%
-% my %param = $access_user->options;
-%
-% #XXX autogen
-% my @paramlist = qw( menu_position show_pkgnum
-%                     email_address
-%                     vonage-fromnumber vonage-username vonage-password
-%                     height width availHeight availWidth colorDepth
-%                   );
-%
-% foreach (@paramlist) {
-%   scalar($cgi->param($_)) =~ /^[,.\-\@\w]*$/ && next;
-%   $error ||= "Illegal value for parameter $_";
-%   last;
-% }
-%
-% foreach (@paramlist) {
-%   $param{$_} = scalar($cgi->param($_));
-% }
-%
-% $error ||= $access_user->replace( \%param );
-%
 % if ( $error ) {
 %   $cgi->param('error', $error);
-%   print $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string );
+    <% $cgi->redirect(popurl(1). "pref.html?". $cgi->query_string ) %>
 % } else {
-<% include('/elements/header.html', 'Preferences updated') %>
-<% include('/elements/footer.html') %>
+    <% $cgi->redirect( -uri    => popurl(1). "pref.html",
+                   -cookie => CGI::Cookie->new(
+                     -name    => 'freeside_status',
+                     -value   => mt('Preferences updated'),
+                     -expires => '+5m',
+                   ),
+       )
+    %>
 % }
+<%init>
+
+my $access_user = $FS::CurrentUser::CurrentUser;
+
+if ( FS::Conf->new->exists('disable_acl_changes') ) {
+  errorpage("Preference changes disabled in public demo");
+  die "shouldn't be reached";
+}
+
+my $error = '';
+
+if ( FS::Auth->auth_class->can('change_password')
+       && grep { $cgi->param($_) !~ /^\s*$/ }
+            qw(_password new_password new_password2)
+   ) {
+
+  my $oldpass = $cgi->param('_password');
+  my $newpass = $cgi->param('new_password');
+
+  if ( $newpass ne $cgi->param('new_password2') ) {
+    $error = mt("New passwords don't match");
+
+  } elsif ( ! length($newpass) ) {
+    $error = mt('No new password entered');
+
+  } elsif ( ! FS::Auth->authenticate( $access_user, $oldpass ) ) {
+    $error = mt('Current password incorrect; password not changed');
+
+  } else {
+
+    $error = $access_user->is_password_allowed($newpass)
+          || $access_user->change_password($newpass);
+
+  }
+
+}
+
+#well, if you got your password change wrong, you don't get anything else
+#changed right now.  but it should be sticky on the form
+unless ( $error ) { # if ($access_user) {
+
+  my %param = $access_user->options;
+
+  #XXX autogen
+  my @paramlist = qw( locale menu_position default_customer_view 
+                      history_order
+                      spreadsheet_format mobile_menu
+                      disable_html_editor disable_enter_submit_onetimecharge
+                      enable_mask_clipboard_hack dashboard_customers
+                      customer_view_emails
+                      printtofit
+                      email_address
+                      snom-ip snom-username snom-password
+                      vonage-fromnumber vonage-username vonage-password
+                      cust_pkg-display_times
+                      show_pkgnum show_confitem_counts export_getsettings
+                      show_db_profile save_db_profile save_tmp_typesetting
+                      height width availHeight availWidth colorDepth
+                    );
+
+  foreach (@paramlist) {
+    scalar($cgi->param($_)) =~ /^[,.\-\@\w]*$/ && next;
+    $error ||= mt("Illegal value for parameter")." $_";
+    last;
+  }
+
+  foreach (@paramlist) {
+    $param{$_} = scalar($cgi->param($_));
+  }
+
+  $error ||= $access_user->replace( \%param );
+
+}
+
+if ( !$error and ($FS::TicketSystem::system || '') eq 'RT_Internal' ) {
+  # sync RT user locale on every update
+  my $locale = $access_user->option('locale');
+  FS::TicketSystem->init;
+  my $UserObj = FS::TicketSystem->session('')->{'CurrentUser'}->UserObj;
+  # Bypass RT ModifySelf ACL
+  $UserObj->CurrentUser( $RT::SystemUser );
+  if ( $UserObj->Lang ne $locale ) {
+    my ($val, $msg) = $UserObj->SetLang($locale);
+    $error = $msg if !$val;
+  }
+}
+</%init>