function createTransaction($sender, $recipient, $amount, $description, $tan) { $return = returnValue(); //if (gettype($recipient) != "integer" && gettype($recipient) != "double") { //Whitelisting recipient if (!is_numeric($recipient)) { $return->value = false; $return->msg = "Invalid recipient"; return $return; } if ($recipient == $sender) { $return->value = false; $return->msg = "Recipient account must be different from sender."; return $return; } //Whitelisting amount if (!is_numeric($amount) || $amount < 1 || $amount > PHP_INT_MAX) { $return->value = false; $return->msg = "Amount must be a number greater than zero but less than PHP_INT_MAX"; return $return; } //Whitelisting TAN if (empty($tan) or preg_match('/[^A-Za-z0-9]/', $tan)) { $return->value = false; $return->msg = "Invalid TAN"; return $return; } //Whitelisting Description if (preg_match('/[^A-Za-z0-9\'\\.\\/\\, ]/', $description)) { $return->value = false; $return->msg = 'Description may only contain letters, digits, and the special characters ".", ",", and "/"'; return $return; } $recipientAccount = selectAccountByNumber($recipient); if (!$recipientAccount) { $return->value = false; $return->msg = "Recipient account not found"; return $return; } $senderAccount = selectAccountByNumber($sender); if ($senderAccount->BALANCE < $amount) { $return->value = false; $return->msg = "Insufficient funds"; return $return; } validateSCSTAN($tan); $tanEntry = selectTanByTan($tan); if (!$tanEntry) { $return->value = false; $return->msg = "Invalid TAN"; return $return; } // check if TAN is in db if ($tanEntry->CLIENT_ACCOUNT !== $senderAccount->ID || $tanEntry->STATUS !== "V") { $return->value = false; $return->msg = "TAN Used or not valid"; return $return; } $invalidateTan = updateTanStatus($tanEntry->ID); if (!$invalidateTan) { $return->value = false; $return->msg = "Tan update failed"; return $return; } $insert = insertTransaction($senderAccount->ID, $recipientAccount->ID, $amount, $description, $tanEntry->ID); if (!$insert) { $return->value = false; $return->msg = "Transaction failed"; return $return; } if ($amount <= 10000) { $balance = updateBalance($senderAccount->ID, $recipientAccount->ID, $amount); if (!$balance) { $return->value = false; $return->msg = "Error updating balance"; return $return; } } $return->value = true; $return->msg = "Transaction successful"; return $return; }
function checkTanUniqueness($tan) { return selectTanByTan($tan) === null ? true : false; }