Create an insecure bank application
This commit is contained in:
41
webroot/lib/Controller/BookingOverviewController.php
Normal file
41
webroot/lib/Controller/BookingOverviewController.php
Normal file
@ -0,0 +1,41 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Controller;
|
||||
|
||||
use Model\Session;
|
||||
use View\BookingOverviewPage;
|
||||
use View\Sendable;
|
||||
|
||||
class BookingOverviewController extends RestrictedPageController
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
parent::__construct('/bookings.php');
|
||||
}
|
||||
|
||||
protected function runLogic(): Sendable
|
||||
{
|
||||
$userId = $this->context->session->user->id;
|
||||
$page = new BookingOverviewPage($this->context);
|
||||
|
||||
$sql = Sql::connection();
|
||||
$sql->query('START TRANSACTION');
|
||||
$stmt = $sql->prepare(
|
||||
'SELECT time, type, amount, comment, name as relatedName FROM booking
|
||||
LEFT JOIN user ON booking.related = user.id
|
||||
WHERE affected = ?
|
||||
ORDER BY time, booking.id'
|
||||
);
|
||||
$stmt->execute([$userId]);
|
||||
$page->bookings = $stmt->fetchAll(\PDO::FETCH_ASSOC);
|
||||
|
||||
$stmt = $sql->prepare('SELECT balance FROM user WHERE id = ?');
|
||||
$stmt->execute([$userId]);
|
||||
$page->finalBalance = $stmt->fetch(\PDO::FETCH_ASSOC)['balance'];
|
||||
|
||||
$sql->query('COMMIT');
|
||||
|
||||
return $page;
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user