X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=fs_selfservice%2FFS-SelfService%2Fcgi%2Fselfservice.cgi;h=d14cd1b61704f2333ccc08fe30164e36e3cc1808;hb=362003556ad0c58f21f82d5529e7bf10049d5688;hp=4199f7005fc745987a5e3d564f0537f6cbcac715;hpb=fe51a669f4f72c3c932a1fec138b60632666f982;p=freeside.git diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index 4199f7005..d14cd1b61 100755 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -23,6 +23,7 @@ use FS::SelfService qw( mason_comp port_graph start_thirdparty finish_thirdparty reset_passwd check_reset_passwd process_reset_passwd + validate_passwd billing_history ); @@ -84,6 +85,7 @@ my @actions = ( qw( customer_suspend_pkg process_suspend_pkg history + validate_password )); my @nologin_actions = (qw( @@ -92,6 +94,7 @@ my @nologin_actions = (qw( process_forgot_password do_process_forgot_password process_forgot_password_session + validate_password_nologin )); push @actions, @nologin_actions; my %nologin_actions = map { $_=>1 } @nologin_actions; @@ -108,7 +111,6 @@ if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) { warn "WARNING: unrecognized action '$1'\n"; } } - unless ( $nologin_actions{$action} ) { my %cookies = CGI::Cookie->fetch; @@ -125,7 +127,7 @@ unless ( $nologin_actions{$action} ) { $cgi->param('password') =~ /^(.{0,$form_max})$/; my $password = $1; - if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) { + if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\+\@]{1,$form_max})\s*$/i ) { my $email = $1; $login_rv = login( @@ -590,32 +592,32 @@ sub make_payment { sub payment_results { - use Business::CreditCard 0.30; + use Business::CreditCard 0.35; #we should only do basic checking here for DoS attacks and things #that couldn't be constructed by the web form... let process_payment() do #the rest, it gives better error messages $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/ - or die "Illegal amount: ". $cgi->param('amount'); #!!! + or return { 'error' => "Illegal amount: ". $cgi->param('amount') }; #!!! my $amount = $1; my $payinfo = $cgi->param('payinfo'); $payinfo =~ s/[^\dx]//g; - $payinfo =~ /^([\dx]{13,16}|[\dx]{8,9})$/ + $payinfo =~ /^([\dx]{13,19}|[\dx]{8,9})$/ #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo; - or die "illegal card"; #!!! + or return { 'error' => "illegal card" }; #!!! $payinfo = $1; unless ( $payinfo =~ /x/ ) { validate($payinfo) #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo; - or die "invalid card"; #!!! + or return { 'error' => "invalid card" }; #!!! } if ( $cgi->param('card_type') ) { cardtype($payinfo) eq $cgi->param('card_type') #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type'); - or die "not a ". $cgi->param('card_type'); + or return { 'error' => "not a ". $cgi->param('card_type') }; } $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2"; @@ -982,7 +984,7 @@ sub delete_svc { sub view_usage { my $res = list_svcs( 'session_id' => $session_id, - 'svcdb' => [ 'svc_acct', 'svc_phone', 'svc_port', 'svc_pbx' ], + 'svcdb' => [ 'svc_acct', 'svc_broadband', 'svc_phone', 'svc_port', 'svc_pbx' ], 'ncancelled' => 1, ); if ($res->{hide_usage}) { @@ -1109,6 +1111,22 @@ sub do_process_forgot_password { ); } +sub validate_password { + validate_passwd( + 'session_id' => $session_id, + map { $_ => scalar($cgi->param($_)) } + qw( fieldid svcnum check_password ) + ) +} + +sub validate_password_nologin { + $action = 'validate_password'; #use same landing page + validate_passwd( + map { $_ => scalar($cgi->param($_)) } + qw( fieldid check_password agentnum ) + ) +} + #-- sub do_template {