httemplate/misc/process/change-password.html

   1 <%init>
   2 my $curuser = $FS::CurrentUser::CurrentUser;
   3
   4 $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum" if $cgi->param('svcnum');
   5 my $svcnum = $1;
   6
   7 $cgi->param('contactnum') =~ /^(\d+)$/ or die "illegal contactnum" if $cgi->param('contactnum');
   8 my $contactnum = $1;
   9
  10 my $newpass = $cgi->param('password');
  11
  12 my $error;
  13
  14 if ($svcnum) {
  15         my $svc_acct = FS::svc_acct->by_key($svcnum)
  16           or die "svc_acct $svcnum not found";
  17         my $part_svc = $svc_acct->part_svc;
  18         die "access denied" unless (
  19           $curuser->access_right('Provision customer service') or
  20           ( $curuser->access_right('Edit password') and
  21             ! $part_svc->restrict_edit_password )
  22           );
  23
  24         my $error = $svc_acct->is_password_allowed($newpass)
  25                 ||  $svc_acct->set_password($newpass)
  26                 ||  $svc_acct->replace;
  27
  28         # annoyingly specific to view/svc_acct.cgi, for now...
  29         $cgi->delete('password');
  30 }
  31 elsif ($contactnum) {
  32         my $contact = qsearchs('contact', { 'contactnum' => $contactnum } )
  33       or return { 'error' => "Contact not found" . $contactnum };
  34
  35         my $error = $contact->is_password_allowed($newpass)
  36                 ||  $contact->change_password($newpass);
  37
  38         # annoyingly specific to view/svc_acct.cgi, for now...
  39         #$cgi->delete('password');
  40 }
  41
  42 </%init>
  43 % if ( $error ) {
  44 %       if ($svcnum) {
  45 %               $cgi->param('svcnum', $svcnum);
  46 %               $cgi->param("changepw${svcnum}_error", $error);
  47 %       }
  48 %       elsif ($contactnum) {
  49 %               $cgi->param('contactnum', $contactnum);
  50 %               $cgi->param("changepw${contactnum}_error", $error);
  51 %       }
  52 % } else {
  53 %       if ($svcnum) { $cgi->query_string($svcnum); }
  54 %       elsif ($contactnum) { $cgi->query_string($contactnum); }
  55 % }
  56 %warn('my pwd error is ' . $error . ' end');
  57 % if ($svcnum) {
  58         <% $cgi->redirect($fsurl.'view/svc_acct.cgi?'.$cgi->query_string) %>
  59 % }
  60 % elsif ($contactnum) {
  61         <% $cgi->redirect($fsurl.'edit/cust_main-contacts.html?'.$cgi->param('custnum')) %>
  62 % }
  63