From: Mark Wells <mark@freeside.biz>
Date: Wed, 27 Feb 2013 20:34:17 +0000 (-0800)
Subject: "Edit password" ACL, #21178, part 1
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=a5e611f5ffc045a59fee9e1b03f8ac79ef794d00;hp=bb79bc808b080e3c9fb9ebe3275c75343a3385bd

"Edit password" ACL, #21178, part 1
---

diff --git a/httemplate/elements/change_password.html b/httemplate/elements/change_password.html
new file mode 100644
index 000000000..625ba1fb5
--- /dev/null
+++ b/httemplate/elements/change_password.html
@@ -0,0 +1,41 @@
+<STYLE>
+.passwordbox {
+  border: 1px solid #7e0079;
+  padding: 2px;
+  position: absolute;
+  font-size: 80%;
+  background-color: #ffffff;
+  display: none;
+}
+</STYLE>
+<A ID="<%$pre%>link" HREF="#" onclick="<%$pre%>toggle(true)">(<% mt('change') %>)</A>
+<DIV ID="<%$pre%>form" CLASS="passwordbox">
+  <FORM METHOD="POST" ACTION="<%$fsurl%>misc/process/change-password.html">
+    <INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svc_acct->svcnum |h%>">
+    <INPUT TYPE="text" ID="<%$pre%>password" NAME="password" VALUE="<% $curr_value |h%>">
+    <& /elements/random_pass.html, $pre.'password', 'randomize' &>
+    <INPUT TYPE="submit" VALUE="change">
+    <INPUT TYPE="button" VALUE="cancel" onclick="<%$pre%>toggle(false)">
+% if ( $error ) {
+    <BR><SPAN STYLE="color: #ff0000"><% $error |h %></SPAN>
+% }
+  </FORM>
+</DIV>
+<SCRIPT TYPE="text/javascript">
+function <%$pre%>toggle(val) {
+  document.getElementById('<%$pre%>form').style.display =
+    val ? 'inline-block' : 'none';
+  document.getElementById('<%$pre%>link').style.display =
+    val ? 'none' : 'inline';
+}
+% if ( $error ) {
+<%$pre%>toggle(true);
+% }
+</SCRIPT>
+<%init>
+my %opt = @_;
+my $svc_acct = $opt{'svc_acct'};
+my $curr_value = $opt{'curr_value'} || '';
+my $pre = 'changepw'.$svc_acct->svcnum.'_';
+my $error = $cgi->param($pre.'error');
+</%init>
diff --git a/httemplate/elements/random_pass.html b/httemplate/elements/random_pass.html
new file mode 100644
index 000000000..b215b77d9
--- /dev/null
+++ b/httemplate/elements/random_pass.html
@@ -0,0 +1,17 @@
+<INPUT TYPE="button" VALUE="<% emt($label) %>" onclick="randomPass()">
+<SCRIPT TYPE="text/javascript">
+function randomPass() {
+  var i=0;
+  var pw_set='<% join('', 'a'..'z', 'A'..'Z', '0'..'9' ) %>';
+  var pass='';
+  while(i < 8) {
+    i++;
+    pass += pw_set.charAt(Math.floor(Math.random() * pw_set.length));
+  }
+  document.getElementById('<% $id %>').value = pass;
+}
+</SCRIPT>
+<%init>
+my $id = shift;
+my $label = shift || 'Generate';
+</%init>
diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html
new file mode 100644
index 000000000..7005439cc
--- /dev/null
+++ b/httemplate/misc/process/change-password.html
@@ -0,0 +1,21 @@
+<%init>
+my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" unless $curuser->access_right('Edit password');
+
+$cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum";
+my $svcnum = $1;
+my $svc_acct = FS::svc_acct->by_key($svcnum)
+  or die "svc_acct $svcnum not found";
+my $error = $svc_acct->set_password($cgi->param('password'))
+        ||  $svc_acct->replace;
+
+# annoyingly specific to view/svc_acct.cgi, for now...
+$cgi->delete('password');
+</%init>
+% if ( $error ) {
+%   $cgi->param('svcnum', $svcnum);
+%   $cgi->param("changepw${svcnum}_error", $error);
+% } else {
+%   $cgi->query_string($svcnum);
+% }
+<% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>