Create an insecure bank application

2024-06-01 15:13:50 +02:00
commit 2133574cae
40 changed files with 1370 additions and 0 deletions
--- a/webroot/lib/Controller/CashTransactionController.php
+++ b/webroot/lib/Controller/CashTransactionController.php
@ -0,0 +1,78 @@
+<?php
+declare(strict_types=1);
+
+namespace Controller;
+
+use Model\User;
+use View\CashTransactionPage;
+use View\MoneyFormatter;
+use View\Sendable;
+
+class CashTransactionController extends RestrictedPageController
+{
+    protected function runLogic(): Sendable
+    {
+        $cashTransactionPage = new CashTransactionPage($this->context);
+        if ($cashTransactionPage->formWasSent) {
+            $cashTransactionPage->fieldCustomer = trim($cashTransactionPage->fieldCustomer);
+            $error = false;
+
+            // find customer
+            $user = User::byName($cashTransactionPage->fieldCustomer);
+            if (empty($user)) {
+                $cashTransactionPage->errorCustomerNotFound = true;
+                $error = true;
+            }
+
+            // check amount
+            $amount = MoneyFormatter::parseAmount($cashTransactionPage->fieldAmount);
+            if ($amount === null) {
+                $cashTransactionPage->errorAmountInvalid = true;
+                $error = true;
+            } elseif ($amount === 0) {
+                $cashTransactionPage->errorAmountZero = true;
+                $error = true;
+            }
+
+            // check text
+            $text = $cashTransactionPage->fieldText;
+            if (iconv_strlen($text) > 100) {
+                $cashTransactionPage->errorTextTooLong = true;
+                $error = true;
+            }
+
+            // create the actual booking
+            if (!$error) {
+                switch ($this->context->currentPage) {
+                    case '/deposit.php':
+                        Transaction::run($this->context, function ($transaction) use ($user, $amount, $text) {
+                            $transaction->createBooking($user, 1, $amount, null, $text);
+                        });
+                        break;
+                    case '/withdraw.php':
+                        $success = Transaction::run($this->context, function ($transaction) use ($user, $amount, $text) {
+                            return $transaction->createBooking($user, 2, -$amount, null, $text);
+                        });
+                        if (!$success) {
+                            $cashTransactionPage->errorInsufficientFunds = true;
+                            $error = true;
+                        }
+                        break;
+                    default:
+                        throw new \Exception('unknown page url');
+                }
+            }
+
+            if (!$error) {
+                $cashTransactionPage->fieldCustomer = '';
+                $cashTransactionPage->fieldAmount = '';
+                $cashTransactionPage->fieldText = '';
+
+                $cashTransactionPage->success = true;
+                $cashTransactionPage->successCustomer = $user->name;
+                $cashTransactionPage->successAmount = $amount;
+            }
+        }
+        return $cashTransactionPage;
+    }
+}