Create an insecure bank application
This commit is contained in:
89
webroot/lib/View/TransferPage.php
Normal file
89
webroot/lib/View/TransferPage.php
Normal file
@ -0,0 +1,89 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace View;
|
||||
|
||||
use Model\Context;
|
||||
|
||||
class TransferPage extends BankingPage
|
||||
{
|
||||
public string $fieldTarget = '';
|
||||
public string $fieldAmount = '';
|
||||
public string $fieldText = '';
|
||||
public bool $formWasSent = false;
|
||||
|
||||
public bool $errorTargetNotFound = false;
|
||||
public bool $errorAmountInvalid = false;
|
||||
public bool $errorAmountZero = false;
|
||||
public bool $errorInsufficientFunds = false;
|
||||
public bool $errorTextTooLong = false;
|
||||
|
||||
public bool $success = false;
|
||||
public ?string $successTarget = null;
|
||||
public ?int $successAmount = null;
|
||||
|
||||
public function __construct(protected Context $context)
|
||||
{
|
||||
parent::__construct($context);
|
||||
|
||||
if (isset($_POST['target'], $_POST['amount'], $_POST['text'])) {
|
||||
$this->formWasSent = true;
|
||||
$this->fieldTarget = (string) $_POST['target'];
|
||||
$this->fieldAmount = (string) $_POST['amount'];
|
||||
$this->fieldText = (string) $_POST['text'];
|
||||
}
|
||||
}
|
||||
|
||||
public function renderErrors(): string
|
||||
{
|
||||
$errors = [];
|
||||
if ($this->errorTargetNotFound) {
|
||||
$errors[] = '[!] Der angegebene Nutzername (Zielkonto) konnte nicht gefunden werden.';
|
||||
}
|
||||
if ($this->errorAmountInvalid) {
|
||||
$errors[] = '[!] Der eingegebene Betrag entspricht nicht dem vorgesehenen Format.';
|
||||
}
|
||||
if ($this->errorAmountZero) {
|
||||
$errors[] = '[!] Der Betrag muss größer als 0,00 € sein.';
|
||||
}
|
||||
if ($this->errorInsufficientFunds) {
|
||||
$errors[] = '[!] Dein Konto ist nicht ausreichend gedeckt.';
|
||||
}
|
||||
if ($this->errorTextTooLong) {
|
||||
$errors[] = '[!] Der Buchungstext darf nicht länger als 100 Zeichen sein.';
|
||||
}
|
||||
return implode('<br>', $errors);
|
||||
}
|
||||
|
||||
public function sendTitle(): void
|
||||
{
|
||||
echo 'Überweisen';
|
||||
}
|
||||
|
||||
public function sendMainContent(): void
|
||||
{
|
||||
$target = htmlspecialchars($this->fieldTarget);
|
||||
$amount = htmlspecialchars($this->fieldAmount);
|
||||
$text = htmlspecialchars($this->fieldText);
|
||||
|
||||
echo "<h1>Überweisen</h1>";
|
||||
|
||||
$errors = $this->renderErrors();
|
||||
if (!empty($errors)) {
|
||||
echo "<p class=\"error\">{$errors}</p>";
|
||||
}
|
||||
|
||||
if ($this->success) {
|
||||
$successTarget = htmlspecialchars($this->successTarget);
|
||||
$successAmount = MoneyFormatter::formatAmount($this->successAmount);
|
||||
echo "<p class=\"success\">Es wurden {$successAmount} an {$successTarget} überwiesen.</p>";
|
||||
}
|
||||
|
||||
echo "<form class=\"transfer\" action=\"{$this->context->currentPage}\" method=\"post\">";
|
||||
echo "<label for=\"target\">Zielkonto (Nutzername):</label><input type=\"text\" name=\"target\" id=\"target\" maxlength=\"20\" value=\"{$target}\"><br>";
|
||||
echo "<label for=\"amount\">Betrag:</label><input type=\"text\" name=\"amount\" id=\"amount\" value=\"{$amount}\"><br>";
|
||||
echo "<label for=\"text\">Buchungstext:</label><input type=\"text\" name=\"text\" id=\"text\" value=\"{$text}\"><br>";
|
||||
echo "<input type=\"submit\" value=\"Überweisen\">";
|
||||
echo '</form>';
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user