RT# 75817 - Added the ability to set contacts password on the backend

[freeside.git] / httemplate / misc / xmlhttp-validate_password.html

diff --git a/httemplate/misc/xmlhttp-validate_password.html b/httemplate/misc/xmlhttp-validate_password.html
index 28dbf64..b340170 100644 (file)
--- a/httemplate/misc/xmlhttp-validate_password.html
+++ b/httemplate/misc/xmlhttp-validate_password.html
@@ -1,13 +1,14 @@
 <%doc>
-Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is only 
-acceptable value.)  Also accepts 'svcnum' (for svc_acct, will otherwise create an
-empty dummy svc_acct) and 'fieldid' (for html post-processing, passed along in 
-results for convenience.)
-
-Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is valid),
-'error' (error text if password is invalid) or 'syserror' (error text if password
-could not be validated.)  Only one of these keys will be set.  Will also set
-'fieldid' if it was passed.
+Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is
+only acceptable value.)  Also accepts 'svcnum' (for svc_acct, will otherwise
+create an empty dummy svc_acct), 'pkgnum' (for when the svc_acct isn't yet
+inserted), and 'fieldid' (for html post-processing, passed along in results
+for convenience.)
+
+Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is
+valid), 'error' (error text if password is invalid) or 'syserror' (error text
+if password could not be validated.)  Only one of these keys will be set.
+Will also set 'fieldid' if it was passed.
 </%doc>
 
 <% encode_json($result) %>
@@ -28,17 +29,37 @@ my $validate_password = sub {
   $result{'syserror'} = 'Invoked without password' unless $password;
   return \%result if $result{'syserror'};
 
-  my $svcnum = $arg{'svcnum'};
-  $result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/;
-  return \%result if $result{'syserror'};
+  if ($arg{'contactnum'}) {
+    my $contactnum = $arg{'contactnum'};
+    $result{'syserror'} = 'Invalid contactnum' unless $contactnum =~ /^\d*$/;
+    return \%result if $result{'syserror'};
 
-  my $svc_acct = $svcnum 
-    ? qsearchs('svc_acct',{'svcnum' => $svcnum})
-    : (new FS::svc_acct {});
-  $result{'syserror'} = 'Could not find service' unless $svc_acct;
-  return \%result if $result{'syserror'};
+    my $contact = $contactnum 
+      ? qsearchs('contact',{'contactnum' => $contactnum})
+      : '';
+
+    $result{'error'} = $contact->is_password_allowed($password);
+  }
+
+  if ($arg{'svcnum'}) {
+    my $pkgnum = $arg{'pkgnum'};
+    $result{'syserror'} = 'Invalid pkgnum' unless $pkgnum =~ /^\d*$/;
+    return \%result if $result{'syserror'};
+
+    my $svcnum = $arg{'svcnum'};
+    $result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/;
+    return \%result if $result{'syserror'};
+
+    my $svc_acct = $svcnum 
+      ? qsearchs('svc_acct',{'svcnum' => $svcnum})
+      : FS::svc_acct->new({ 'pkgnum' => $pkgnum });
+    $result{'syserror'} = 'Could not find service' unless $svc_acct;
+    return \%result if $result{'syserror'};
+
+    $result{'error'} = $svc_acct->is_password_allowed($password);
+  }
 
-  $result{'error'} = $svc_acct->is_password_allowed($password);
+ # $result{'error'} = $svc_acct->is_password_allowed($password);
   $result{'valid'} = 1 unless $result{'error'};
   return \%result;
 };