Create an insecure bank application
This commit is contained in:
78
webroot/lib/Controller/CashTransactionController.php
Normal file
78
webroot/lib/Controller/CashTransactionController.php
Normal file
@ -0,0 +1,78 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Controller;
|
||||
|
||||
use Model\User;
|
||||
use View\CashTransactionPage;
|
||||
use View\MoneyFormatter;
|
||||
use View\Sendable;
|
||||
|
||||
class CashTransactionController extends RestrictedPageController
|
||||
{
|
||||
protected function runLogic(): Sendable
|
||||
{
|
||||
$cashTransactionPage = new CashTransactionPage($this->context);
|
||||
if ($cashTransactionPage->formWasSent) {
|
||||
$cashTransactionPage->fieldCustomer = trim($cashTransactionPage->fieldCustomer);
|
||||
$error = false;
|
||||
|
||||
// find customer
|
||||
$user = User::byName($cashTransactionPage->fieldCustomer);
|
||||
if (empty($user)) {
|
||||
$cashTransactionPage->errorCustomerNotFound = true;
|
||||
$error = true;
|
||||
}
|
||||
|
||||
// check amount
|
||||
$amount = MoneyFormatter::parseAmount($cashTransactionPage->fieldAmount);
|
||||
if ($amount === null) {
|
||||
$cashTransactionPage->errorAmountInvalid = true;
|
||||
$error = true;
|
||||
} elseif ($amount === 0) {
|
||||
$cashTransactionPage->errorAmountZero = true;
|
||||
$error = true;
|
||||
}
|
||||
|
||||
// check text
|
||||
$text = $cashTransactionPage->fieldText;
|
||||
if (iconv_strlen($text) > 100) {
|
||||
$cashTransactionPage->errorTextTooLong = true;
|
||||
$error = true;
|
||||
}
|
||||
|
||||
// create the actual booking
|
||||
if (!$error) {
|
||||
switch ($this->context->currentPage) {
|
||||
case '/deposit.php':
|
||||
Transaction::run($this->context, function ($transaction) use ($user, $amount, $text) {
|
||||
$transaction->createBooking($user, 1, $amount, null, $text);
|
||||
});
|
||||
break;
|
||||
case '/withdraw.php':
|
||||
$success = Transaction::run($this->context, function ($transaction) use ($user, $amount, $text) {
|
||||
return $transaction->createBooking($user, 2, -$amount, null, $text);
|
||||
});
|
||||
if (!$success) {
|
||||
$cashTransactionPage->errorInsufficientFunds = true;
|
||||
$error = true;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
throw new \Exception('unknown page url');
|
||||
}
|
||||
}
|
||||
|
||||
if (!$error) {
|
||||
$cashTransactionPage->fieldCustomer = '';
|
||||
$cashTransactionPage->fieldAmount = '';
|
||||
$cashTransactionPage->fieldText = '';
|
||||
|
||||
$cashTransactionPage->success = true;
|
||||
$cashTransactionPage->successCustomer = $user->name;
|
||||
$cashTransactionPage->successAmount = $amount;
|
||||
}
|
||||
}
|
||||
return $cashTransactionPage;
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user