function approveRegistration($id, $approver, $decision, $balance)
{
privilegedUserAction();
$return = returnValue();
getDBCredentials(getAuthUser()->usertype);
if ($decision && (!is_numeric($balance) || $balance < 1)) {
$return->value = false;
$return->msg = "Balance should be a positive number.";
return $return;
}
//Ensure that users are approved only once 4.6.3
$user = getSingleUser($id);
if ($user->APPROVED_BY != NULL) {
$return->value = false;
$return->msg = "Invalid action";
return $return;
}
$update = updateUserRegistration($id, $approver, $decision);
if (!$update) {
$return->value = false;
$return->msg = "DB update operation failed";
return $return;
}
if (!$decision) {
$return->value = true;
$return->msg = "User registration denied successfully";
return $return;
}
// create user's account number
$accountNumber = generateAccountNumber($id, $balance);
if (!$accountNumber) {
$return->value = false;
$return->msg = "Error updating user account number";
return $return;
}
// send email to user with 100 tans
$tans = createTans($id);
if (!$tans->value) {
$return->value = false;
$return->msg = $tans->msg;
return $return;
}
$return->value = true;
$return->msg = "User approval successful";
return $return;
}
function approveTransaction($id, $approver, $decision)
{
//Provisioning 4.4.3
privilegedUserAction();
$return = returnValue();
$transaction = selectTransaction($id);
if (!$transaction) {
$return->value = false;
$return->msg = "Invalid transaction id";
return $return;
}
//Ensure that only pending transactions are updated 4.6.3
if ($transaction->STATUS != 'P') {
$return->value = false;
$return->msg = "Invalid action";
return $return;
}
$user = selectUser($approver);
if (!$user || $user->USER_TYPE !== "E") {
$return->value = false;
$return->msg = "Invalid approver";
return $return;
}
$senderAccount = selectAccountById($transaction->SENDER_ACCOUNT);
if ($senderAccount->BALANCE < $transaction->AMOUNT) {
$return->value = false;
$return->msg = "Insufficient funds";
return $return;
}
$approve = updateTransactionApproval($id, $approver, $decision);
if (!$approve) {
$return->value = false;
$return->msg = "Transaction update failed";
return $return;
}
if ($decision === 'D') {
$return->value = true;
$return->msg = "Transaction successfully denied";
return $return;
}
$balance = updateBalance($transaction->SENDER_ACCOUNT, $transaction->RECIPIENT_ACCOUNT, $transaction->AMOUNT);
if (!$balance) {
$return->value = false;
$return->msg = "Error updating balance";
return $return;
}
$return->value = true;
$return->msg = "Transaction successfully approved";
return $return;
}
<?php
define('BANK_APP', TRUE);
if ($_SERVER["HTTPS"] != "on") {
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit;
}
require_once "../app/user.php";
startSession(true);
clearCSRFToken();
//Provisioning 4.4.3
privilegedUserAction();
$users = getUsers();
// include header
$pageTitle = "View Users";
include "header.php";
?>
<h3>View Users</h3>
<table class="pure-table pure-table-bordered">
<thead>
<tr>
<th>#</th>
<th>User Name</th>
<th>Email</th>
<th>Type</th>
<th>Account No.</th>
<th>Approved By</th>
<th>Approved On</th>
<th></th>
</tr>