Create an insecure bank application

webroot/lib/Controller/BookingOverviewController.php

@@ -0,0 +1,41 @@
+<?php
+declare(strict_types=1);
+
+namespace Controller;
+
+use Model\Session;
+use View\BookingOverviewPage;
+use View\Sendable;
+
+class BookingOverviewController extends RestrictedPageController
+{
+    public function __construct()
+    {
+        parent::__construct('/bookings.php');
+    }
+
+    protected function runLogic(): Sendable
+    {
+        $userId = $this->context->session->user->id;
+        $page = new BookingOverviewPage($this->context);
+
+        $sql = Sql::connection();
+        $sql->query('START TRANSACTION');
+        $stmt = $sql->prepare(
+            'SELECT time, type, amount, comment, name as relatedName FROM booking
+            LEFT JOIN user ON booking.related = user.id
+            WHERE affected = ?
+            ORDER BY time, booking.id'
+        );
+        $stmt->execute([$userId]);
+        $page->bookings = $stmt->fetchAll(\PDO::FETCH_ASSOC);
+
+        $stmt = $sql->prepare('SELECT balance FROM user WHERE id = ?');
+        $stmt->execute([$userId]);
+        $page->finalBalance = $stmt->fetch(\PDO::FETCH_ASSOC)['balance'];
+
+        $sql->query('COMMIT');
+
+        return $page;
+    }
+}