<?php define('BANK_APP', TRUE); if ($_SERVER["HTTPS"] != "on") { header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit; } require_once "../app/user.php"; startSession(true); //CSRF if (!isset($_POST['approve']) && !isset($_POST['reject'])) { clearCSRFToken(); createCSRFToken('user'); } // process form if ((isset($_POST['approve']) || isset($_POST['reject'])) && isset($_SESSION['usertoken']) && $_POST['usertoken'] == $_SESSION['usertoken']) { $id = $_POST['userid']; $decision = isset($_POST['approve']) ? true : false; $approver = getAuthUser()->userid; $balance = $_POST['balance']; unset($_SESSION['usertoken']); $approval = approveRegistration($id, $approver, $decision, $balance); if (!empty($approval->msg)) { $showMsg = $approval->msg; } } // get single user - Sanitize input 4.8.1 $id = isset($_GET['id']) && getAuthUser()->usertype === 'E' ? (int) $_GET['id'] : getAuthUser()->userid; //4.8.1 if (is_numeric($id)) { $user = getSingleUser($id);
<?php define('BANK_APP', TRUE); if ($_SERVER["HTTPS"] != "on") { header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); exit; } require_once "../app/user.php"; require_once "../app/transaction.php"; startSession(true); //CSRF if (!isset($_POST['submit']) && !isset($_POST['upload'])) { clearCSRFToken(); createCSRFToken('newtransaction'); } // process form if (isset($_POST['submit']) && isset($_SESSION['newtransactiontoken']) && $_POST['newtransactiontoken'] == $_SESSION['newtransactiontoken']) { $recipient = $_POST['recipient']; $amount = $_POST['amount']; $description = $_POST['description']; $tan = $_POST['tan']; getDBCredentials(getAuthUser()->usertype); $sender = selectAccountByUserId(getAuthUser()->userid)->ACCOUNT_NUMBER; $transaction = createTransaction($sender, $recipient, $amount, $description, $tan); if ($transaction->value) { unset($_SESSION['newtransactiontoken']); header("Location: " . "view_transactions.php"); } if (!empty($transaction->msg)) { $showMsg = $transaction->msg; }
startSession(true); //SQL: Get credentials for user group getDBCredentials(getAuthUser()->usertype); // process form if (isset($_POST['approve']) || isset($_POST['deny']) && isset($_SESSION['transactiontoken']) && $_POST['transactiontoken'] == $_SESSION['transactiontoken']) { $id = $_POST['transactionid']; $decision = isset($_POST['approve']) ? "A" : "D"; $approver = getAuthUser()->userid; unset($_SESSION['transactiontoken']); $approval = approveTransaction($id, $approver, $decision); if (!empty($approval->msg)) { $showMsg = $approval->msg; } } clearCSRFToken(); createCSRFToken('transaction'); // get single transaction if (isset($_GET['id'])) { $id = (int) $_GET['id']; //4.8.1 if (is_numeric($id)) { $transaction = getSingleTransaction($id); } } // include header $pageTitle = "View Transaction"; include "header.php"; ?> <?php if (isset($transaction) && $transaction) {