insecure-bank/webroot/lib/Controller/CashTransactionController.php

<?php
declare(strict_types=1);

namespace Controller;

use Model\User;
use View\CashTransactionPage;
use View\MoneyFormatter;
use View\Sendable;

class CashTransactionController extends RestrictedPageController
{
    protected function runLogic(): Sendable
    {
        $cashTransactionPage = new CashTransactionPage($this->context);
        if ($cashTransactionPage->formWasSent) {
            $cashTransactionPage->fieldCustomer = trim($cashTransactionPage->fieldCustomer);
            $error = false;

            // find customer
            $user = User::byName($cashTransactionPage->fieldCustomer);
            if (empty($user)) {
                $cashTransactionPage->errorCustomerNotFound = true;
                $error = true;
            }

            // check amount
            $amount = MoneyFormatter::parseAmount($cashTransactionPage->fieldAmount);
            if ($amount === null) {
                $cashTransactionPage->errorAmountInvalid = true;
                $error = true;
            } elseif ($amount === 0) {
                $cashTransactionPage->errorAmountZero = true;
                $error = true;
            }

            // check text
            $text = $cashTransactionPage->fieldText;
            if (iconv_strlen($text) > 100) {
                $cashTransactionPage->errorTextTooLong = true;
                $error = true;
            }

            // create the actual booking
            if (!$error) {
                switch ($this->context->currentPage) {
                    case '/deposit.php':
                        Transaction::run($this->context, function ($transaction) use ($user, $amount, $text) {
                            $transaction->createBooking($user, 1, $amount, null, $text);
                        });
                        break;
                    case '/withdraw.php':
                        $success = Transaction::run($this->context, function ($transaction) use ($user, $amount, $text) {
                            return $transaction->createBooking($user, 2, -$amount, null, $text);
                        });
                        if (!$success) {
                            $cashTransactionPage->errorInsufficientFunds = true;
                            $error = true;
                        }
                        break;
                    default:
                        throw new \Exception('unknown page url');
                }
            }

            if (!$error) {
                $cashTransactionPage->fieldCustomer = '';
                $cashTransactionPage->fieldAmount = '';
                $cashTransactionPage->fieldText = '';

                $cashTransactionPage->success = true;
                $cashTransactionPage->successCustomer = $user->name;
                $cashTransactionPage->successAmount = $amount;
            }
        }
        return $cashTransactionPage;
    }
}