allow self-service logins with a + in email address

[freeside.git] / fs_selfservice / FS-SelfService / cgi / selfservice.cgi

diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index eac5a98..d14cd1b 100755 (executable)
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -127,7 +127,7 @@ unless ( $nologin_actions{$action} ) {
       $cgi->param('password') =~ /^(.{0,$form_max})$/;
       my $password = $1;
 
-      if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\@]{1,$form_max})\s*$/i ) {
+      if ( $cgi->param('email') =~ /^\s*([a-z0-9_\-\.\+\@]{1,$form_max})\s*$/i ) {
 
         my $email = $1;
         $login_rv = login(
@@ -592,32 +592,32 @@ sub make_payment {
 
 sub payment_results {
 
-  use Business::CreditCard 0.30;
+  use Business::CreditCard 0.35;
 
   #we should only do basic checking here for DoS attacks and things
   #that couldn't be constructed by the web form...  let process_payment() do
   #the rest, it gives better error messages
 
   $cgi->param('amount') =~ /^\s*(\d+(\.\d{2})?)\s*$/
-    or die "Illegal amount: ". $cgi->param('amount'); #!!!
+    or return { 'error' => "Illegal amount: ". $cgi->param('amount') }; #!!!
   my $amount = $1;
 
   my $payinfo = $cgi->param('payinfo');
   $payinfo =~ s/[^\dx]//g;
-  $payinfo =~ /^([\dx]{13,16}|[\dx]{8,9})$/
+  $payinfo =~ /^([\dx]{13,19}|[\dx]{8,9})$/
     #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
-    or die "illegal card"; #!!!
+    or return { 'error' => "illegal card" }; #!!!
   $payinfo = $1;
   unless ( $payinfo =~ /x/ ) {
     validate($payinfo)
       #or $error ||= $init_data->{msgcat}{invalid_card}; #. $self->payinfo;
-      or die "invalid card"; #!!!
+      or return { 'error' => "invalid card" }; #!!!
   }
 
   if ( $cgi->param('card_type') ) {
     cardtype($payinfo) eq $cgi->param('card_type')
       #or $error ||= $init_data->{msgcat}{not_a}. $cgi->param('CARD_type');
-      or die "not a ". $cgi->param('card_type');
+      or return { 'error' => "not a ". $cgi->param('card_type') };
   }
 
   $cgi->param('paycvv') =~ /^\s*(.{0,4})\s*$/ or die "illegal CVV2";
@@ -984,7 +984,7 @@ sub delete_svc {
 sub view_usage {
   my $res = list_svcs(
     'session_id'  => $session_id,
-    'svcdb'       => [ 'svc_acct', 'svc_phone', 'svc_port', 'svc_pbx' ],
+    'svcdb'       => [ 'svc_acct', 'svc_broadband', 'svc_phone', 'svc_port', 'svc_pbx' ],
     'ncancelled'  => 1,
   );
   if ($res->{hide_usage}) {
@@ -1123,7 +1123,7 @@ sub validate_password_nologin {
   $action = 'validate_password'; #use same landing page
   validate_passwd(
     map { $_ => scalar($cgi->param($_)) }
-      qw( fieldid check_password )
+      qw( fieldid check_password agentnum )
   )
 }