}
if ($invalidSender) {
$error['senderError'][] = 'Invalid Character selected to transfer funds from.';
}
if ($senderCharacter->name == $recipient) {
$error['recipientError'][] = 'You cannot transfer funds to yourself.';
}
$recipientCharacter = Character::where('name', $recipient)->first();
if (!$recipientCharacter) {
$error['recipientError'][] = 'Recipient character does not exist.';
}
$senderBalance = Balance::where('character_id', $senderCharacter->id)->first();
$recipientBalance = Balance::where('character_id', $recipientCharacter->id)->first();
if (!$senderBalance) {
$error['senderError'][] = 'No balance found for sender, ensure one exists.';
}
if (!$recipientBalance) {
$error['recipientError'][] = 'Recipient does not have a balance,
they must have a balance before receiving a transaction.';
}
if (!empty($error)) {
return $this->view->render($response, 'transaction-create.php', ['senderError' => $error['senderError'], 'recipientError' => $error['recipientError'], 'amountError' => $error['amountError'], 'characters' => $characters]);
}
$transaction = new Transaction();
$transactionCompleted = $transaction->performTransaction($amount, $senderCharacter->id, $recipientCharacter->id);
if ($transactionCompleted) {
Transaction::create(['sender_character_id' => $senderCharacter->id, 'recipient_character_id' => $recipientCharacter->id, 'amount' => $amount]);
Audit::create(['category' => 'Successful Transaction', 'log_note' => 'Transaction successfully completed for the amount of ' . $amount . ' between ' . $senderCharacter->name . ' and ' . $recipientCharacter->name, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]);
}
return $this->view->render($response, 'transaction-create.php', ['success' => 'Credits transferred successfully.', 'characters' => $characters]);
});
return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Invalid Balance ID, please ensure you have the correct URL.']);
}
return $this->view->render($response, 'admin-balance-request-review.php', ['balance_request' => $balanceRequest]);
})->add(new AuthMiddleware())->add(new AuthAdminMiddleware());
/*
* POST Route.
*/
$app->post('/admin/balance-request/{id}', function ($request, $response, $args) {
$token = Token::where('token', $_SESSION['login_token'])->first();
$user = User::where('id', $token->user_id)->first();
$requestID = $args['id'];
if (!is_numeric($requestID) || !$requestID > 0) {
return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Unknown Request ID, ensure you have the correct URL.']);
}
$balanceRequest = BalanceRequest::where('BalanceRequest.id', $requestID)->join('Character', 'Character.id', '=', 'BalanceRequest.character_id')->select('BalanceRequest.*', 'Character.name')->first();
if (!$balanceRequest) {
return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Invalid Balance ID, please ensure you have the correct URL.']);
}
$accepted = $_POST['accepted'] == 'accepted' ? 'Accepted' : 'Rejected';
$reasoning = $_POST['decision_reasoning'];
if (empty($reasoning)) {
return $this->view->render($response, 'admin-balance-request-review.php', ['error' => 'Reasoning cannot be blank when submitting a review.']);
}
$character = Character::where('user_id', $balanceRequest->character_id)->first();
$balanceRequest->update(['status' => $accepted, 'decision_reasoning' => $reasoning, 'completed' => 'Yes']);
if ($balanceRequest->status === 'Accepted') {
$balance = Balance::Create(['amount' => $balanceRequest->amount, 'character_id' => $balanceRequest->character_id]);
Audit::Create(['category' => 'Balance Review Accepted', 'user_id' => $user->id, 'log_note' => 'Balance review accepted for character ' . $character->name, 'ip_address' => $_SERVER['REMOTE_ADDR']]);
}
return $this->view->render($response, 'admin-balance-request-review.php', ['balance_request' => $balanceRequest]);
})->add(new AuthMiddleware())->add(new AuthAdminMiddleware());
/*
* GET Route
*/
$app->get('/login', function ($request, $response, $args) {
return $this->view->render($response, 'login.php', []);
});
/*
* POST Route
*/
$app->post('/login', function ($request, $response, $args) {
$username = $_POST['username'] ?: '';
$password = $_POST['password'] ?: '';
$user = User::where('username', $username)->first();
// Ensure the user exists in our records.
if (is_null($user)) {
return $this->view->render($response, 'login.php', ['error' => 'Invalid Username or password.']);
}
// Ensure the passwords match to validate the user.
if (!password_verify($password, $user->password)) {
Audit::create(['category' => 'Failed login attempt', 'log_note' => 'Invalid credentials attempted for account: ' . $username, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]);
return $this->view->render($response, 'login.php', ['error' => 'Invalid Username or password.']);
}
// TODO: Check for any currently active token, de-activate token if exists.
// Log the user in.
$token = Token::generateToken();
Token::create(['token' => $token, 'type' => 'Login Token', 'active' => 'Yes', 'user_id' => $user->id]);
$_SESSION['login_token'] = $token;
Audit::create(['category' => 'Successful Login', 'log_note' => 'User successfully logged in for account: ' . $username, 'user_id' => $user->id, 'ip_address' => $_SERVER['REMOTE_ADDR']]);
header('Location: /');
exit;
});
