} if ($invalidSender) { $error['senderError'][] = 'Invalid Character selected to transfer funds from.'; } if ($senderCharacter->name == $recipient) { $error['recipientError'][] = 'You cannot transfer funds to yourself.'; } $recipientCharacter = Character::where('name', $recipient)->first(); if (!$recipientCharacter) { $error['recipientError'][] = 'Recipient character does not exist.'; } $senderBalance = Balance::where('character_id', $senderCharacter->id)->first(); $recipientBalance = Balance::where('character_id', $recipientCharacter->id)->first(); if (!$senderBalance) { $error['senderError'][] = 'No balance found for sender, ensure one exists.'; } if (!$recipientBalance) { $error['recipientError'][] = 'Recipient does not have a balance, they must have a balance before receiving a transaction.'; } if (!empty($error)) { return $this->view->render($response, 'transaction-create.php', ['senderError' => $error['senderError'], 'recipientError' => $error['recipientError'], 'amountError' => $error['amountError'], 'characters' => $characters]); } $transaction = new Transaction(); $transactionCompleted = $transaction->performTransaction($amount, $senderCharacter->id, $recipientCharacter->id); if ($transactionCompleted) { Transaction::create(['sender_character_id' => $senderCharacter->id, 'recipient_character_id' => $recipientCharacter->id, 'amount' => $amount]); Audit::create(['category' => 'Successful Transaction', 'log_note' => 'Transaction successfully completed for the amount of ' . $amount . ' between ' . $senderCharacter->name . ' and ' . $recipientCharacter->name, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]); } return $this->view->render($response, 'transaction-create.php', ['success' => 'Credits transferred successfully.', 'characters' => $characters]); });
return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Invalid Balance ID, please ensure you have the correct URL.']); } return $this->view->render($response, 'admin-balance-request-review.php', ['balance_request' => $balanceRequest]); })->add(new AuthMiddleware())->add(new AuthAdminMiddleware()); /* * POST Route. */ $app->post('/admin/balance-request/{id}', function ($request, $response, $args) { $token = Token::where('token', $_SESSION['login_token'])->first(); $user = User::where('id', $token->user_id)->first(); $requestID = $args['id']; if (!is_numeric($requestID) || !$requestID > 0) { return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Unknown Request ID, ensure you have the correct URL.']); } $balanceRequest = BalanceRequest::where('BalanceRequest.id', $requestID)->join('Character', 'Character.id', '=', 'BalanceRequest.character_id')->select('BalanceRequest.*', 'Character.name')->first(); if (!$balanceRequest) { return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Invalid Balance ID, please ensure you have the correct URL.']); } $accepted = $_POST['accepted'] == 'accepted' ? 'Accepted' : 'Rejected'; $reasoning = $_POST['decision_reasoning']; if (empty($reasoning)) { return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Reasoning cannot be blank when submitting a review.']); } $character = Character::where('user_id', $balanceRequest->character_id)->first(); $balanceRequest->update(['status' => $accepted, 'decision_reasoning' => $reasoning, 'completed' => 'Yes']); if ($balanceRequest->status === 'Accepted') { $balance = Balance::Create(['amount' => $balanceRequest->amount, 'character_id' => $balanceRequest->character_id]); Audit::Create(['category' => 'Balance Review Accepted', 'user_id' => $user->id, 'log_note' => 'Balance review accepted for character ' . $character->name, 'ip_address' => $_SERVER['REMOTE_ADDR']]); } return $this->view->render($response, 'admin-balance-request-review.php', ['balance_request' => $balanceRequest]); })->add(new AuthMiddleware())->add(new AuthAdminMiddleware());
/* * GET Route */ $app->get('/login', function ($request, $response, $args) { return $this->view->render($response, 'login.php', []); }); /* * POST Route */ $app->post('/login', function ($request, $response, $args) { $username = $_POST['username'] ?: ''; $password = $_POST['password'] ?: ''; $user = User::where('username', $username)->first(); // Ensure the user exists in our records. if (is_null($user)) { return $this->view->render($response, 'login.php', ['error' => 'Invalid Username or password.']); } // Ensure the passwords match to validate the user. if (!password_verify($password, $user->password)) { Audit::create(['category' => 'Failed login attempt', 'log_note' => 'Invalid credentials attempted for account: ' . $username, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]); return $this->view->render($response, 'login.php', ['error' => 'Invalid Username or password.']); } // TODO: Check for any currently active token, de-activate token if exists. // Log the user in. $token = Token::generateToken(); Token::create(['token' => $token, 'type' => 'Login Token', 'active' => 'Yes', 'user_id' => $user->id]); $_SESSION['login_token'] = $token; Audit::create(['category' => 'Successful Login', 'log_note' => 'User successfully logged in for account: ' . $username, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]); header('Location: /'); exit; });