From: Christopher Burger <burgerc@freeside.biz>
Date: Thu, 3 Aug 2017 15:53:07 +0000 (-0400)
Subject: Merge branch 'FREESIDE_3_BRANCH' of freeside.biz:/home/git/freeside into FREESIDE_3_B... 
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=184b8e2c118ef3bd17f36b59f2a3f9690bf3d1bc;hp=c5bafe5c81eed4223adad4b313d060fc14d88bc2

Merge branch 'FREESIDE_3_BRANCH' of freeside.biz:/home/git/freeside into FREESIDE_3_BRANCH
---

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 558e694b2..d604491af 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -722,6 +722,11 @@ sub edit_info {
   my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
     or return { 'error' => "unknown custnum $custnum" };
 
+  my $conf = new FS::Conf;
+  if (($p->{payby} eq "CHEK" || $p->{payby} eq "DCHK") && $conf->exists('selfservice-ACH_info_readonly')) {
+    return { 'error' => "You do not have authority to add a bank account" };
+  }
+
   my $new = new FS::cust_main { $cust_main->hash };
 
   $new->set( $_ => $p->{$_} )
@@ -756,8 +761,6 @@ sub edit_info {
     $payby = $1;
   }
 
-  my $conf = new FS::Conf;
-
   if ( $payby =~ /^(CARD|DCRD)$/ ) {
 
     $new->paydate($p->{'year'}. '-'. $p->{'month'}. '-01');
@@ -867,6 +870,7 @@ sub payment_info {
       'show_paystate' => $conf->exists('show_bankstate'),
 
       'save_unchecked' => $conf->exists('selfservice-save_unchecked'),
+      'ach_read_only' => $conf->exists('selfservice-ACH_info_readonly'),
 
     };
 
@@ -1010,6 +1014,16 @@ sub validate_payment {
 
     $payinfo = $cust_main->payinfo
       if $cust_main->paymask eq $payinfo;
+
+    my $achonfile = 0;
+      if ( $cust_main->paymask eq $payinfo ) {
+        $payinfo = $cust_main->payinfo;
+        $achonfile = 1;
+      }
+
+    if ($conf->exists('selfservice-ACH_info_readonly') && !$achonfile) {
+      return { 'error' => "You are not allowed to change your payment information." };
+    }
    
   } elsif ( $payby eq 'CARD' || $payby eq 'DCRD' ) {
    
@@ -1637,6 +1651,128 @@ sub payment_receipt {
          };
 }
 
+sub list_payby {
+  my $p = shift;
+
+  my($context, $session, $custnum) = _custoragent_session_custnum($p);
+  return { 'error' => $session } if $context eq 'error';
+
+  my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+    or return { 'error' => "unknown custnum $custnum" };
+
+  return {
+    'payby' => [ map {
+                       my $cust_payby = $_;
+                       +{
+                          map { $_ => $cust_payby->$_ }
+                            qw( custpaybynum weight payby paymask paydate
+                                payname paystate paytype
+                              )
+                        };
+                     }
+                   $cust_main->cust_payby
+               ],
+  };
+}
+
+sub insert_payby {
+  my $p = shift;
+
+  my($context, $session, $custnum) = _custoragent_session_custnum($p);
+  return { 'error' => $session } if $context eq 'error';
+
+  #XXX payinfo1 + payinfo2 for CHEK?
+  #or take the opportunity to use separate, more well- named fields?
+  # my $payinfo;
+  # $p->{'payinfo1'} =~ /^([\dx]+)$/
+  #   or return { 'error' => "illegal account number ". $p->{'payinfo1'} };
+  # my $payinfo1 = $1;
+  #  $p->{'payinfo2'} =~ /^([\dx\.]+)$/ # . turned on by echeck-country CA ?
+  #   or return { 'error' => "illegal ABA/routing number ". $p->{'payinfo2'} };
+  # my $payinfo2 = $1;
+  # $payinfo = $payinfo1. '@'. $payinfo2;
+
+  my $cust_payby = new FS::cust_payby {
+    'custnum' => $custnum,
+    map { $_ => $p->{$_} } qw( weight payby payinfo paycvv paydate payname
+                               paystate paytype payip 
+                             ),
+  };
+
+  my $error = $cust_payby->insert;
+  if ( $error ) {
+    return { 'error' => $error };
+  } else {
+    return { 'custpaybynum' => $cust_payby->custpaybynum };
+  }
+  
+}
+
+sub update_payby {
+  my $p = shift;
+
+  my($context, $session, $custnum) = _custoragent_session_custnum($p);
+  return { 'error' => $session } if $context eq 'error';
+
+  my $cust_payby = qsearchs('cust_payby', {
+                              'custnum'      => $custnum,
+                              'custpaybynum' => $p->{'custpaybynum'},
+                           })
+    or return { 'error' => 'unknown custpaybynum '. $p->{'custpaybynum'} };
+
+  foreach my $field (
+    qw( weight payby payinfo paycvv paydate payname paystate paytype payip )
+  ) {
+    next unless exists($p->{$field});
+    $cust_payby->set($field,$p->{$field});
+  }
+
+  my $error = $cust_payby->replace;
+  if ( $error ) {
+    return { 'error' => $error };
+  } else {
+    return { 'custpaybynum' => $cust_payby->custpaybynum };
+  }
+  
+}
+
+sub verify_payby {
+  my $p = shift;
+
+  my($context, $session, $custnum) = _custoragent_session_custnum($p);
+  return { 'error' => $session } if $context eq 'error';
+
+  my $cust_payby = qsearchs('cust_payby', {
+                              'custnum'      => $custnum,
+                              'custpaybynum' => $p->{'custpaybynum'},
+                           })
+    or return { 'error' => 'unknown custpaybynum '. $p->{'custpaybynum'} };
+
+  return { 'error' => $cust_payby->verify };
+  
+}
+
+sub delete_payby {
+  my $p = shift;
+
+  my($context, $session, $custnum) = _custoragent_session_custnum($p);
+  return { 'error' => $session } if $context eq 'error';
+
+  my $cust_payby = qsearchs('cust_payby', {
+                              'custnum'      => $custnum,
+                              'custpaybynum' => $p->{'custpaybynum'},
+                           })
+    or return { 'error' => 'unknown custpaybynum '. $p->{'custpaybynum'} };
+
+  my $conf = new FS::Conf;
+  if (($cust_payby->payby eq "DCHK" || $cust_payby->payby eq "CHEK") && $conf->exists('selfservice-ACH_info_readonly')) {
+    return { 'error' => "Sorry you do not have permission to delete bank information." };
+  }
+  else {
+    return { 'error' => $cust_payby->delete };
+  }
+}
+
 sub cancel {
   my $p = shift;
   my $session = _cache->get($p->{'session_id'})
diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index c0e7cd0be..77add5d97 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -6109,6 +6109,13 @@ and customer address. Include units.',
   },
 
   {
+    'key'         => 'selfservice-ACH_info_readonly',
+    'section'     => 'self-service',
+    'description' => 'make ACH on self service portal read only',
+    'type'        => 'checkbox',
+  },
+
+  {
     'key'         => 'selfservice-announcement',
     'section'     => 'self-service',
     'description' => 'HTML announcement to display to all authenticated users on account overview page',
diff --git a/fs_selfservice/FS-SelfService/cgi/change_pay.html b/fs_selfservice/FS-SelfService/cgi/change_pay.html
index 6898dc7f8..e38ba762d 100644
--- a/fs_selfservice/FS-SelfService/cgi/change_pay.html
+++ b/fs_selfservice/FS-SelfService/cgi/change_pay.html
@@ -37,6 +37,11 @@
                       'PREP'   => qq/Prepaid Card/,
                       'PREPAY' => qq/Prepaid Card/,
                     );
+
+  ## Don't show CHEK or DCHK option if ACH is read only
+  delete( $payby_index{'CHEK'} ) unless !$ach_read_only;
+  delete( $payby_index{'DCHK'} ) unless !$ach_read_only;
+
   tie my %options, 'Tie::IxHash', ();
   foreach my $payby_option ( grep { exists( $payby_index{$_} ) } @paybys ) {
     $options{$payby_option} = $payby_index{$payby_option};
@@ -55,6 +60,9 @@
   delete $options{'DCRD'} unless $payby eq 'DCRD' || ! exists $options{'CARD'};
   delete $options{'DCHK'} unless $payby eq 'DCHK' || ! exists $options{'CHEK'};
 
+  ## setting payby to default to layer if only one.  should we always display first layer?
+  if (keys %options == 1) { @p = keys %options; $payby = $p[0]; }
+
   HTML::Widgets::SelectLayers->new(
     options => \%options,
     selected_layer => $payby,
diff --git a/fs_selfservice/FS-SelfService/cgi/check.html b/fs_selfservice/FS-SelfService/cgi/check.html
index 68753fe08..17635c306 100644
--- a/fs_selfservice/FS-SelfService/cgi/check.html
+++ b/fs_selfservice/FS-SelfService/cgi/check.html
@@ -1,54 +1,97 @@
 <TR>
   <TD ALIGN="right">Account&nbsp;type</TD>
-  <TD>
-    <SELECT NAME="paytype">
-      <%= foreach ( @paytypes ) {
-            $selected = $paytype eq $_ ? ' SELECTED' : '';
-            $OUT .= qq(<OPTION$selected VALUE="$_">$_\n);
-      } %>
-    </SELECT>
+  <TD <%= ($ach_read_only ? ' BGCOLOR="#ffffff"' : '') %> >
+  <%=
+    if ($ach_read_only) {
+      $OUT = $paytype . '<INPUT TYPE="hidden" NAME="paytype" VALUE="' . $paytype . '">';
+    } else {
+      $OUT .= '<SELECT NAME="paytype">';
+      foreach ( @paytypes ) {
+        $selected = $paytype eq $_ ? ' SELECTED' : '';
+        $OUT .= qq(<OPTION$selected VALUE="$_">$_\n);
+      }
+      $OUT .= '</SELECT>';
+    }
+  %>
   </TD>
-</TD><TR>
+</TR><TR>
   <TD ALIGN="right">Account&nbsp;number</TD>
-  <TD><INPUT TYPE="text" NAME="payinfo1" SIZE=10 MAXLENGTH=20 VALUE="<%=$payinfo1%>"></TD>
-</TD><TR>
+  <TD <%= ($ach_read_only ? ' BGCOLOR="#ffffff"' : '') %> >
+  <%= if ($ach_read_only) {
+      $OUT = qq! $payinfo1 <INPUT TYPE="hidden" NAME="payinfo1" VALUE="$payinfo1"> !;
+    } else {
+      $OUT = qq! <INPUT TYPE="text" NAME="payinfo1" SIZE=10 MAXLENGTH=20 VALUE="$payinfo1"> !;
+    }
+  %>
+  </TD>
+</TR><TR>
   <TD ALIGN="right">ABA/Routing&nbsp;number</TD>
-  <TD><INPUT TYPE="text" NAME="payinfo2" SIZE=10 MAXLENGTH=9 VALUE="<%=$payinfo2%>"></TD>
+  <TD <%= ($ach_read_only ? ' BGCOLOR="#ffffff"' : '') %> >
+  <%=
+    if ($ach_read_only) {
+      $OUT = qq! $payinfo2 <INPUT TYPE="hidden" NAME="payinfo2" VALUE="$payinfo2"> !;
+    } else {
+      $OUT = qq! <INPUT TYPE="text" NAME="payinfo2" SIZE=10 MAXLENGTH=20 VALUE="$payinfo2"> !;
+    }
+  %>
+  </TD>
 </TR><TR>
   <TD ALIGN="right">Bank&nbsp;name</TD>
-  <TD><INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="payname" VALUE="<%=$payname%>"></TD>
-</TR><TR>
+  <TD <%= ($ach_read_only ? ' BGCOLOR="#ffffff"' : '') %> >
+  <%=
+    if ($ach_read_only) {
+      $OUT = qq! $payname <INPUT TYPE="hidden" NAME="payname" VALUE="$payname"> !;
+    } else {
+      $OUT = qq! <INPUT TYPE="text" NAME="payname" SIZE=10 MAXLENGTH=20 VALUE="$payname"> !;
+    }
+  %>
+  </TD>
+</TR>
   <%=
     $OUT = '';
     if ($show_paystate) {
-      $OUT .= qq!<TD ALIGN="right">Bank state</TD><TD><SELECT NAME="paystate">!;
-      for ( @states ) {
-        $OUT .= '<OPTION'. ($_ eq $paystate ? ' SELECTED' : '' ). ">$_\n";
+      $OUT .= '<TR><TD ALIGN="right">Bank state</TD><TD' . ($ach_read_only ? ' BGCOLOR="#ffffff"' : '') . '>';
+      if ($ach_read_only) {
+        $OUT .= qq! $paystate <INPUT TYPE="hidden" NAME="paystate" VALUE="$paystate"> !;
+      } else {
+        $OUT .= '<SELECT NAME="paystate">';
+        for ( @states ) {
+          $OUT .= '<OPTION'. ($_ eq $paystate ? ' SELECTED' : '' ). ">$_\n";
+        }
+        $OUT .= '</SELECT>';
       }
-      $OUT .= '</SELECT></TD></TR><TR>';
+      $OUT .= '</TD></TR>';
     }
   %>
   <%=
     $OUT = '';
     if ($show_ss) {
-      $OUT .= '<TD ALIGN="right">Account&nbsp;holder<BR>Social&nbsp;';
-      $OUT .= 'security&nbsp;or&nbsp;tax&nbsp;ID&nbsp;#</TD><TD>';
-      $OUT .= qq!<INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="ss" VALUE="$ss">!;
-      $OUT .= '</TD></TR><TR>';
+      $OUT .= '<TR><TD ALIGN="right">Account&nbsp;holder<BR>Social&nbsp;';
+      $OUT .= 'security&nbsp;or&nbsp;tax&nbsp;ID&nbsp;#</TD><TD' . ($ach_read_only ? ' BGCOLOR="#ffffff"' : '') . '>';
+      if ($ach_read_only) {
+        $OUT .= qq! $ss <INPUT TYPE="hidden" NAME="ss" VALUE="$ss">!;
+      } else {
+        $OUT .= qq!<INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="ss" VALUE="$ss">!;
+      }
+      $OUT .= '</TD></TR>';
     }
   %>
   <%=
     $OUT = '';
     if ($show_stateid) {
-      $OUT .= '<TD ALIGN="right">';
-      $OUT .= qq!Account&nbsp;holder<BR>$stateid_label</TD><TD>!;
-      $OUT .= qq!<INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="stateid" VALUE="$stateid"></TD>!;
-      $OUT .= qq!<TD ALIGN="right">$stateid_state_label</TD>!;
-      $OUT .= '<TD><SELECT NAME="stateid_state">';
-      for ( @states ) {
-        $OUT .= '<OPTION'. ($_ eq $stateid_state ? ' SELECTED' : '' ). ">$_\n";
+      $OUT .= qq!<TR><TD ALIGN="right">Account&nbsp;holder<BR>$stateid_label</TD>!;
+      $OUT .= '<TD' . ($ach_read_only ? ' BGCOLOR="#ffffff"' : '') . '>';
+      if ($ach_read_only) {
+        $OUT .= qq! $stateid <INPUT TYPE="hidden" NAME="stateid" VALUE="$stateid">!;
+      } else {
+        $OUT .= qq!<INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="stateid" VALUE="$stateid"></TD>!;
+        $OUT .= qq!<TD ALIGN="right">$stateid_state_label</TD>!;
+        $OUT .= '<TD><SELECT NAME="stateid_state">';
+        for ( @states ) {
+          $OUT .= '<OPTION'. ($_ eq $stateid_state ? ' SELECTED' : '' ). ">$_\n";
+        }
+        $OUT .='</SELECT>';
       }
-      $OUT .='</SELECT></TD></TR><TR>';
+      $OUT .='</TD></TR>';
     }
   %>
-</TR>
diff --git a/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html b/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html
index 8c2dfe305..1183b2ba0 100644
--- a/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html
+++ b/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html
@@ -20,24 +20,28 @@ EOF
 <TR>
   <TD ALIGN="right">Payment&nbsp;amount</TD>
   <TD>
-    <TABLE><TR><TD BGCOLOR="#ffffff">
+    <TABLE><TR><TD>
       <%= $money_char %><INPUT TYPE="text" NAME="amount" SIZE=8 VALUE="<%= ($balance > 0) ? $balance : '' %>">
     </TD></TR></TABLE>
   </TD>
 </TR>
 <%= include('discount_term') %>
 <%= include('check') %>
-<TR>
-  <TD COLSPAN=2>
-    <INPUT TYPE="checkbox" <%= $save_unchecked ? '' : 'CHECKED' %> NAME="save" VALUE="1">
-    Remember this information
-  </TD>
-</TR><TR>
-  <TD COLSPAN=2>
-    <INPUT TYPE="checkbox"<%= $payby eq 'CHEK' ? ' CHECKED' : '' %> NAME="auto" VALUE="1" onClick="if (this.checked) { document.OneTrueForm.save.checked=true; }">
-    Charge future payments to this account automatically
-  </TD>
-</TR>
+
+<%=
+  $OUT = '';
+  if ($ach_read_only) {
+    if ($payby eq 'CHEK') {
+      $OUT .= '<TR><TD COLSPAN=2><INPUT TYPE="hidden" NAME="auto" VALUE="1"></TD></TR>';
+    }
+  } else {
+    $OUT .= '<TR><TD COLSPAN=2><INPUT TYPE="checkbox"' . ($save_unchecked ? '' : 'CHECKED ') . 'NAME="save" VALUE="1">';
+    $OUT .= 'Remember this information</TD></TR>';
+    $OUT .= '<TR><TD COLSPAN=2><INPUT TYPE="checkbox"' . ($payby eq 'CHEK' ? ' CHECKED' : '') . 'NAME="auto" VALUE="1"  onClick="if (this.checked) { document.OneTrueForm.save.checked=true; }">';
+    $OUT .= 'Charge future payments to this account automatically</TD></TR>';
+  }
+%>
+
 </TABLE>
 <BR>
 <INPUT TYPE="hidden" NAME="paybatch" VALUE="<%=$paybatch%>">
diff --git a/fs_selfservice/FS-SelfService/cgi/process_change_pay.html b/fs_selfservice/FS-SelfService/cgi/process_change_pay.html
index 8fb33b299..11fda9043 100644
--- a/fs_selfservice/FS-SelfService/cgi/process_change_pay.html
+++ b/fs_selfservice/FS-SelfService/cgi/process_change_pay.html
@@ -1,3 +1,12 @@
 <%= include('header', 'Information updated successfully' ) %>
-<FONT SIZE=4>Information updated successfully.</FONT>
+
+<%=
+  if ($error) {
+    $OUT = $error;
+  }
+  else {
+    $OUT = '<FONT SIZE=4>Information updated successfully.</FONT>';
+  }
+ %>
+
 <%= include('footer') %>
diff --git a/ng_selfservice/elements/check.php b/ng_selfservice/elements/check.php
index b026c92e4..fd0cd6d91 100644
--- a/ng_selfservice/elements/check.php
+++ b/ng_selfservice/elements/check.php
@@ -1,50 +1,88 @@
+<? if ($ach_read_only) { $bgShade = 'BGCOLOR="#ffffff"';  } ?>
 <TR>
   <TD ALIGN="right">Account&nbsp;type</TD>
-  <TD>
-    <SELECT NAME="paytype">
+  <TD <? echo $bgShade; ?>>
+    <? if ($ach_read_only) { echo htmlspecialchars($paytype); ?>
+      <INPUT TYPE="hidden" NAME="paytype" VALUE="<? echo $paytype; ?>">
+    <? } else { ?>
+     <SELECT NAME="paytype">
       <? foreach ( $paytypes AS $pt ) { ?>
            <OPTION <? if ($pt == $paytype ) { echo 'SELECTED'; } ?> VALUE="<? echo $pt; ?>"><? echo $pt; ?>
       <? } ?>
-    </SELECT>
+     </SELECT>
+    <? } ?>
   </TD>
 </TR><TR>
   <TD ALIGN="right">Account&nbsp;number</TD>
-  <TD><INPUT TYPE="text" NAME="payinfo1" SIZE=10 MAXLENGTH=20 VALUE="<? echo $payinfo1; ?>"></TD>
-</TD><TR>
+  <TD <? echo $bgShade; ?>>
+    <? if ($ach_read_only) { echo htmlspecialchars($payinfo1); ?>
+      <INPUT TYPE="hidden" NAME="payinfo1" VALUE="<? echo $payinfo1; ?>">
+    <? } else { ?>
+      <INPUT TYPE="text" NAME="payinfo1" SIZE=10 MAXLENGTH=20 VALUE="<? echo $payinfo1; ?>">
+    <? } ?>
+  </TD>
+</TR><TR>
   <TD ALIGN="right">ABA/Routing&nbsp;number</TD>
-  <TD><INPUT TYPE="text" NAME="payinfo2" SIZE=10 MAXLENGTH=9 VALUE="<? echo $payinfo2; ?>"></TD>
+  <TD <? echo $bgShade; ?>>
+    <? if ($ach_read_only) { echo htmlspecialchars($payinfo2); ?>
+      <INPUT TYPE="hidden" NAME="payinfo2" VALUE="<? echo $payinfo2; ?>">
+    <? } else { ?>
+      <INPUT TYPE="text" NAME="payinfo2" SIZE=10 MAXLENGTH=9 VALUE="<? echo $payinfo2; ?>"></TD>
+    <? } ?>
 </TR><TR>
   <TD ALIGN="right">Bank&nbsp;name</TD>
-  <TD><INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="payname" VALUE="<? echo $payname; ?>"></TD>
+  <TD <? echo $bgShade; ?>>
+    <? if ($ach_read_only) { echo htmlspecialchars($payname); ?>
+      <INPUT TYPE="hidden" NAME="payname" VALUE="<? echo $payname; ?>"></TD>
+    <? } else { ?>
+      <INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="payname" VALUE="<? echo $payname; ?>"></TD>
+    <? } ?>
 </TR><TR>
 
   <? if ($show_paystate) { ?>
-       <TD ALIGN="right">Bank state</TD>
-       <TD>
-         <SELECT NAME="paystate">
-           <? foreach ( $states AS $s ) { ?>
-              <OPTION <? if ($s == $paystate ) { echo 'SELECTED'; } ?>><? echo $s; ?>
-           <? } ?>
-         </SELECT>
-       </TD>
-       </TR><TR>
+    <TR>
+      <TD ALIGN="right">Bank state</TD>
+      <TD <? echo $bgShade; ?>>
+      <? if ($ach_read_only) { echo htmlspecialchars($paystate); ?>
+        <INPUT TYPE="hidden" NAME="paystate" VALUE="<? echo $paystate; ?>"></TD>
+      <? } else { ?>
+        <SELECT NAME="paystate">
+          <? foreach ( $states AS $s ) { ?>
+            <OPTION <? if ($s == $paystate ) { echo 'SELECTED'; } ?>><? echo $s; ?>
+          <? } ?>
+        </SELECT></TD>
+      <? } ?>
+    </TR>
   <? } ?>
 
   <? if ($show_ss) { ?>
-      <TD ALIGN="right">Account&nbsp;holder<BR>Social&nbsp;security&nbsp;or&nbsp;tax&nbsp;ID&nbsp;#</TD><TD>
-      <INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="ss" VALUE="<? echo $ss; ?>">
-      </TD></TR><TR>
+    <TR>
+      <TD ALIGN="right">Account&nbsp;holder<BR>Social&nbsp;security&nbsp;or&nbsp;tax&nbsp;ID&nbsp;#</TD>
+      <TD <? echo $bgShade; ?>>
+      <? if ($ach_read_only) { echo htmlspecialchars($ss); ?>
+        <INPUT TYPE="hidden" NAME="ss" VALUE="<? echo $ss; ?>"></TD>
+      <? } else { ?>
+        <INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="ss" VALUE="<? echo $ss; ?>"></TD>
+      <? } ?>
+    </TR>
   <? } ?>
 
   <? if ($show_stateid) { ?>
-      <TD ALIGN="right">
-      Account&nbsp;holder<BR><? echo $stateid_label; ?></TD><TD>
-      <INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="stateid" VALUE="<? echo $stateid; ?>"></TD>
-      <TD ALIGN="right"><? echo $stateid_state_label; ?></TD>
-      <TD><SELECT NAME="stateid_state">
-      <? foreach ( $states AS $s ) { ?>
-           <OPTION <? if ($s == $stateid_state ) { echo 'SELECTED'; } ?>><? echo $s; ?>
+    <TR>
+      <TD ALIGN="right">Account&nbsp;holder<BR><? echo $stateid_label; ?></TD>
+      <TD <? echo $bgShade; ?>>
+      <? if ($ach_read_only) { echo htmlspecialchars($stateid); ?>
+        <INPUT TYPE="hidden" NAME="stateid" VALUE="<? echo $stateid; ?>"></TD>
+        <TD <? echo $bgShade; ?>> <? echo $stateid_state; ?>
+          <INPUT TYPE="hidden" NAME="stateid_state" VALUE="<? echo $stateid_state; ?>"></TD>
+      <? } else { ?>
+        <INPUT TYPE="text" SIZE=32 MAXLENGTH=80 NAME="stateid" VALUE="<? echo $stateid; ?>"></TD>
+        <TD ALIGN="right"><? echo $stateid_state_label; ?></TD>
+        <TD><SELECT NAME="stateid_state">
+          <? foreach ( $states AS $s ) { ?>
+            <OPTION <? if ($s == $stateid_state ) { echo 'SELECTED'; } ?>><? echo $s; ?>
+          <? } ?>
+        </SELECT></TD>
       <? } ?>
-      </SELECT></TD></TR><TR>
+    </TR>
   <? } ?>
-</TR>
diff --git a/ng_selfservice/payment_accounts.php b/ng_selfservice/payment_accounts.php
new file mode 100644
index 000000000..e70142a0a
--- /dev/null
+++ b/ng_selfservice/payment_accounts.php
@@ -0,0 +1,78 @@
+<? $title ='Payment Accounts'; include('elements/header.php'); ?>
+<? $current_menu = 'payment_accounts.php'; include('elements/menu.php'); ?>
+<H1>My Payment Accounts</H1>
+<br>
+
+<?
+if ( isset($_GET['action']) && $_GET['action'] ) {
+  $action = $_GET['action'];
+}
+
+if ($action == 'deleteaccount') {
+
+    if ( isset($_GET['paybynum']) && $_GET['paybynum'] ) {
+      if ( preg_match( '/^(\d+)$/', $_GET['paybynum'] ) ) {
+        $paybynum = $_GET['paybynum'];
+        $error = $freeside->delete_payby( array(
+          'session_id' => $_COOKIE['session_id'],
+          'custpaybynum' => $paybynum,
+        ) );
+      }
+      else {
+        $error['error'] = 'Bad Payby Number';
+      }
+    }
+
+  if ( isset($error['error']) && $error['error'] ) {
+    $error = $error['error'];
+  }
+  else {
+    $error = "Account " . $paybynum . " Deleted";
+  }
+
+?>
+   <FONT COLOR="red"><? echo $error ?></FONT>
+   <P>
+<?
+}
+
+  $payment_info = $freeside->list_payby( array(
+    'session_id' => $_COOKIE['session_id'],
+  ) );
+
+  if ( isset($payment_info['error']) && $payment_info['error'] ) {
+    $error = $payment_info['error'];
+    header('Location:index.php?error='. urlencode($error));
+    die();
+  }
+
+  extract($payment_info);
+?>
+
+<TABLE>
+ <TR>
+   <TD>&nbsp;</TD>
+   <TD>Type</TD>
+   <TD>Account Type</TD>
+   <TD>Account Mask</TD>
+   <TD>Bank Name</TD>
+ </TR>
+
+<?
+  foreach ($payby as $payaccount) {
+?>
+    <TR>
+      <TD><A HREF="payment_accounts.php?action=deleteaccount&paybynum=<? echo $payaccount['custpaybynum'] ?>">delete</A></TD>
+      <TD><? echo $payaccount['payby'] ?></TD>
+      <TD><? echo $payaccount['paytype'] ?></TD>
+      <TD><? echo $payaccount['paymask'] ?></TD>
+      <TD><? echo htmlspecialchars($payaccount['payname']) ?></TD>
+     </TR>
+ <?
+  }
+ ?>
+
+</TABLE>
+
+<? include('elements/menu_footer.php'); ?>
+<? include('elements/footer.php'); ?>
diff --git a/ng_selfservice/payment_ach.php b/ng_selfservice/payment_ach.php
index e58664f81..aebb5e3e9 100644
--- a/ng_selfservice/payment_ach.php
+++ b/ng_selfservice/payment_ach.php
@@ -53,7 +53,7 @@ if ( $receipt_html ) { ?>
 
   $error = $payment_error;
 
-  ?>
+?>
 
   <? include('elements/error.php'); ?>
 
@@ -81,6 +81,12 @@ if ( $receipt_html ) { ?>
 
   <? include('elements/check.php') ?>
 
+  <? if ($ach_read_only) { ?>
+    <? if ( $payby == 'CARD' ) { ?>
+      <INPUT TYPE="hidden" NAME="auto" VALUE="1">
+    <? } ?>
+    </TD></TR>
+  <? } else { ?>
   <TR>
     <TD COLSPAN=2>
       <INPUT TYPE="checkbox" <? if ( ! $save_unchecked ) { echo 'CHECKED'; } ?> NAME="save" VALUE="1">
@@ -92,6 +98,8 @@ if ( $receipt_html ) { ?>
       Charge future payments to this account automatically
     </TD>
   </TR>
+  <? } ?>
+
   </TABLE>
   <BR>
   <INPUT TYPE="hidden" NAME="paybatch" VALUE="<? echo $paybatch; ?>">