LoanApp.prg

<?php
  /*
   * Script: AppMain
   * Purpose: To be the container script for all the pages.. Gives the commone
   *           layout and calls the appropriate scripts for css layout, which I
   *            am hoping can be possibly branded.. including the menu, logo,
   *            etc.. fingers crossed
   *
   * -- Thinking this may exist in admbin, this directory is common for all
   *    servers..little outside of normal useage

   * Need to define how I setup the permissions to work IF the credit union is offline/
   * There are 3 variables that are set
   * DMSAPP_CULIVE - {true, false} This is the live setting of the credit union / this is
   *                determined by the location of the script running /hculive7 is live, else batch
   *
   * DMSAPP_ONLINE - {1, 0} This is ONLY set for DMSAPP_CULIVE set to true, Batch may NOT be online
   *                This will determine if loans are submitted to their core system.
   *                This value can be overriden using the configuration options for the CU
   *
   * DMSAPP_SUBMITMBR - {1, 0} This is ONLY set if we need to send the member Number to the Core
   *                         Has NO affect if DMSAPP_ONLINE is false
   *                     1 - ie CRUISE - Loans are based on the primary member applying
   *                     0 - ie CU-CENTRIC
   *
   * DMSAPP_LOANFORMAT - {SERIAL, JSON, XML}  This is the type of data that is sent to the core.
   *                      SERIAL - PHP Serialized object is sent to core
   *                      JSON - JSON encoded object is sent to core
   *                      XML - data is encoded with XML tags and sent to core
   *
   * DMSAPP_FETCHMIR - {1, 0} This value is set from the configuration options for the CU, but will
   *                 ALWAYS be 0 for batch and only allowed to be set for live.
   *
   * DMSAPP_SSOONLY - {1, 0 default} This will determine if the stand alone login feature is disabled.
   *                     1 - Standalone Login is disabled, 0 - Standalone login is allowed
   *
   * DMSAPP_DISABLEEMAIL - {1, 0 default} This determines if the loan application system allows login outside of home banking
   *                     1 - Login via email (not linked from home banking) is not allowed, 0 - user may login by email or Home Banking Credentials
   *
   * DMSAPP_MODE_ARY['offline'] - {true, false} This is the value returned from hcu_checkoffline
   *                            True if the script may continue, false if we stop
   * DMSAPP_MODE_ARY['offlineReadonly'] - {true, false} this is True only when the offline status
   *                                    is R, this is needed because some scripts allow readonly status
   *                                    , but I want to limit procedures within those scripts.
   *
   * DMSAPP_LOANDATAONLY  - {1, 0 (default)} Restrict submitting field if it is empty?
   *                        1 - ONLY fields with data will be submitted to the core
   *                        0 - ALL defined fields will be submitted to the core
   *
   * DMSAPP_HOST - The hostname where the loan app is currently running ie wwwX.homecu.net
   *
   *
   * ACTION               DMSAPP_CULIVE DMSAPP_ONLINE MODE['offline'] MODE['offlineReadonly']
   * Log into system
   * FALSE                     false         0             false        {true, false}
   * TRUE                   {true, false}    1          {true, false}   {true, false}
   *
   * Portal screen
   *    - ADD new app / edit current app
   * false                    false          0              true          {true}
   * true                   {true, false}   {0, 1}         {true}         {true, false}
   *
   *    - Inquire Application
   * false                    false          0            {true, false}   {true, false}
   * false                    true           1              false             N/A
   * false                    true           0            {true, false}       N/A
   * true                     true           1              {true}            N/A
   *
   * Entry Screen
   *    - Save app
   * true -- If I can access it, I will allow save, limiting is done in previous step
   *
   *    - Submit Application to core
   * false                 {true, false}    0             {true, false}   {true, false}
   * false                    true          1               false            false
   * true                     true          1               true              N/A
   *
   *
*/

  // ** DEFINE CONSTANTS (but using variable definition style
  $cloudfrontDomainName = 'd1kryjpwpzirc7.cloudfront.net';
  $homecuKendoVersion = 'v2017.3.913';

  $DB_TABLE_PREFIX = "lnapp";
  $DMSAPP_CHALLENGEQUESTIONS_COUNT = 3;
  $DMSAPP_PRODUCTNAME = "Online Loan App";
  $DMSAPP_HOST = $_SERVER['HTTP_HOST'];

  /*
   * * SET DEFAULT VALUES FOR SCRIPT FLAGS
   */
  $serviceMinimal = (!isset($serviceMinimal) ? false : $serviceMinimal);
  $serviceSkipCredentials = (!isset($serviceSkipCredentials) ? false : $serviceSkipCredentials);
  $serviceSkipSecurity = (!isset($serviceSkipSecurity) ? false : $serviceSkipSecurity);
  $serviceAllowReadonly = (!isset($serviceAllowReadonly) ? false : $serviceAllowReadonly);
  $serviceShowInfo = (!isset($serviceShowInfo) ? false : $serviceShowInfo);
  $serviceLoadMenu = (!isset($serviceLoadMenu) ? false : $serviceLoadMenu);
  $serviceShowMenu = (!isset($serviceShowMenu) ? false : $serviceShowMenu);
  // * DO NOT default serviceMenuScript to anything
  $serviceMenuScript = (!isset($serviceMenuScript) ? "" : $serviceMenuScript);
  //$serviceMenuScript = (!isset($serviceMenuScript) ? "hcuAccounts" : $serviceMenuScript);
  $serviceLiveCheck = (!isset($serviceLiveCheck) ? false : $serviceLiveCheck);
  $serviceLoadCuInfo = (!isset($serviceLoadCuInfo) ? true : $serviceLoadCuInfo);
  $serviceSuppressBanner = (!isset($serviceSuppressBanner) ? false : $serviceSuppressBanner);

  $validLanguageCodes = Array("en_US", "es_US", "pl_US");
  $serviceViewFromCuAdmin= false;

  /**
   * DECLARE HB_ENV as an array
   */
  $HB_ENV = Array();

//  $fetcher = "http://192.168.169.11/hculive/hculiveapp.mp";


  $inc_path = dirname(__FILE__) . '/../includes/';
  $lib_path = dirname(__FILE__) . '/../library/';


   // ** Include the Global Script for Error Handling
  require_once(dirname(__FILE__) . '/../../shared/library/hcuLogError.i');
  require_once(dirname(__FILE__) . '/../../shared/library/hcuCommon.i');
  require_once(dirname(__FILE__) . '/../../shared/library/logging.i');
  require_once(dirname(__FILE__) . '/../../shared/library/hcuEnv.i');
  require_once(dirname(__FILE__) . '/../../shared/library/cu_flagconst.i');
  require_once(dirname(__FILE__) . '/../../shared/library/cu_fun.i');
  require_once(dirname(__FILE__) . '/../../shared/library/errormail.i');
  require_once(dirname(__FILE__) . '/../../shared/library/cu_func.i');
  require_once(dirname(__FILE__) . '/../../shared/library/commonJsFunctions.i');
  require_once(dirname(__FILE__) . '/../../shared/library/cu_data.i');
  require_once(dirname(__FILE__) . '/../../banking/library/cu_credentials.i');
  require_once(dirname(__FILE__) . "/../../shared/library/hcuTranslate.i");
  require_once(dirname(__FILE__) . '/../../shared/library/dms_imp_val.i');
  require_once(dirname(__FILE__) . '/../../monitor/library/monitorFunctions.i');
  require_once(dirname(__FILE__) . '/../../shared/library/cuDataModel.i');

  // ** Home Banking Desktop Functions
  require_once(dirname(__FILE__) . '/../../banking/library/hcuDispFunctions.i');
  require_once(dirname(__FILE__) . '/../../shared/library/hcuFunctions.i');

  // ** Feature Gate support
  require_once(dirname(__FILE__) . '/../../shared/library/FeatureGateConfig.i');
  require_once(dirname(__FILE__) . '/../../shared/library/CreditUnionGate.i');

  /* LOAD ENVIRONMENT DATA */
  // set up the environment based on environment variables
  $HB_ENV['SYSENV'] = LoadSystemEnv("eforms");

//    $errHndlr = new CatchErrorHandler(HCU_PRODUCT_BANKING, $HB_ENV['SYSENV']['logger'], $HB_ENV['SYSENV']['devmode']);
//    $excHndlr = new CatchExceptionHandler(HCU_PRODUCT_BANKING, $HB_ENV['SYSENV']['logger'], $HB_ENV['SYSENV']['devmode']);

  // ** SET ENVIRONMENT VARIABLES
  SetEnvStatic( $HB_ENV );

  /**
   *  Setup the error handling class
   *
   */
//    set_error_handler(array($errHndlr, "catchError"));
//    set_exception_handler(array($excHndlr, "catchException"));

  $dbPluginFile = "db." . $HB_ENV['SYSENV']['db']['platform'] . ".i";
  // ** Include the database plugin file.  This file will include the database function declarations
  include (dirname(__FILE__) . '/../../shared/library/' . $dbPluginFile);


  // get and save the DB handle (call after SYSENV is set up)
  $dbh = GetDBH( $HB_ENV['SYSENV']['db'] );
  $HB_ENV["dbh"] = $dbh;

  $HB_ENV['Flang'] = "en_US";
  $MC = new hcu_talk_base($HB_ENV['Flang']);
  $HB_ENV["MC"] = $MC;

  // ** This will be the base path using http reference -- for INCLUDE directories
  $http_script_path = "/eforms/static/";

  // ** self now includes the ? at the end, any reference to self will not need a separator by default
  $self = $_SERVER['PHP_SELF'] . "?";
  $self_container = $_SERVER['SCRIPT_NAME'];

  $self_full_url = $_SERVER['SCRIPT_URI'];

  define("DMSAPP_CONST_HB_LOGIN", "H");
  define("DMSAPP_CONST_MIR_LOGIN", "N");
  define("DMSAPP_CONST_APP_LOGIN", "L");

  // ** DMSAPP_ID_CookieString -- This is an encoded value of the CU Code
    //  -- use decrypt function with the MasterKey to retrieve the CU Code
  $DMSAPP_ID_CookieString = "{$DB_TABLE_PREFIX}id";
  // ** UserID_CookieString -- This cookie will contain the userid of the
    // Current logged in userid..
  $DMSAPP_USERID_CookieString = "{$DB_TABLE_PREFIX}uid";
  // ** DEVICEID_CookieString -- This cookie will contain the
  // * This string is not a constant as it will be created based on the
    // The string sha1{DB_TABLE_PREFIX}{cucode}Tu0geethSaith7ch{email}
    // The value set will be a sha1({ENCRYPTEDPWD}{email}{confword})

  $DMSAPP_CUHOME_PATH = "";     // * THIS will be the path to the CU Directory where disclosure fragments/files will be saved
  $DMSAPP_ALLOW_HB_LOGIN = 1;   // Does the Loan application login allow for the member using their homeCU Credentials

  $DMSAPP_SSOONLY = 0;          // * Default is to allow access from Home Banking Menu and Direct login
  $DMSAPP_DISABLEEMAIL = 0;     // * Default is to allow email login from Direct Login screen
  $DMSAPP_LOANDATAONLY = 0;     // * Default is to submit all defined fields

  // * Product Name
  $DMSAPP_PRODUCTNAME = '';
  // * Credit Union Name
  $DMSAPP_CUNAME = '';

// MWS DEBUG -- Change back to 15
  $DMSAPP_Cookie_ExpireTime = 100;
  $DMSAPP_Cookie_Domain = "localhost:8000";
  $DMSAPP_SECRET_KEY = 'c8Zg6X57yA7R5lv57hHH0oBrn0bZRPEl';

  $DMSAPP_FAILEDLOGINATTEMPTS = 5;        // set the number of failed login attempts the user may have before failing
  // ** Device Cookie is valid for 94 days
  $DMSAPP_Device_Cookie_ExpireTime = 8121600;


  $DMSAPP_CURRENTUSERID = "";
  $DMSAPP_CURRENTEMAIL = "";
  $DMSAPP_CURRENTCUCODE = "";

  /**
   * *
   * LOAD CONFIGURATION
   * *
   *
   */


  $DMSAPP_LOGINTYPE = "";       // ** This value should be either H or L for verified login

  // * SET THE CU TYPE
    // {true - LIVE / false - BATCH }
  $DMSAPP_CULIVE = (substr(dirname($_SERVER['PHP_SELF']), 0, strlen('/hculive7')) == '/hculive7');

  $DMSAPP_ONLINE = ($DMSAPP_CULIVE ? "1" : "0");           // ** This will determine if the throtlpkt is loaded and whether loans are even sent to the core
                                  // ** NOTE:: we should allow a "live" CU to have this loan app, but not be posting to the core.
                                  // ** prevent batch credit unions from having the online status set -- eventually this is where the setting will be for live cu's that do
                                  // * do NOT post this app to core
  $DMSAPP_FORMAT = "SERIAL";      // ** DEFAULT FORMAT TYPE -- MATCHES CU-CENTRIC
  $DMSAPP_FETCHMIR = 0;
    // ** offline Readonly is to help me to identify if the credit union is offline for readonly mode
    // ** some scripts I will have different permissions.  I will allow the script as a whole to be executed
    // ** however, I will NOT let them do certain features for READONLY
  $DMSAPP_MODE_ARY = Array("offline" => "", "offlineReadonly" => false, "offlineDesc" => "");       // ** Combined with DMSAPP_ONLINE will allow the loan system
              // * to either shut off completely or to still allow some submissions.


  $DMSAPP_CSS = "/eforms/static/css/style.css";
  // ** set the default login messages for member / non members.
    // ** these are used in lnappintro to display on the intro screen
  $DMSAPP_MBRMSG = "";
  $DMSAPP_NONMBRMSG = "";

  // ** SET VALUE EMPTY SO IT MAY NOT BE hacked
  $Admin_View_App = 0;

  $serviceShowInfo = false;

  // ** Default Values Defined
  // form2load - this is the name of the script that I will be loading.
  $form2load = "";
  // ** By default we ALWAYS load the template screen -- BUT for other purposes
    // * This may skipped -- Setting this to true will ONLY load script and skip
    // * the template container
  $load_scriptonly = false;
  // error_loadform -- This is a variable to handle erros
  /*
   * Possible values  {0} - NO ERROR
   *                  {1} - ERROR -- FORM NOT FOUND
   *                  {2} - ERROR -- FORM FOUND -- BUT UNEXPECTED ERROR (ie database lost connection)
   */
  $error_loadform = 0;

  // ** INCLUDE LOAN APP FUNCTIONS
  include_once($lib_path . "lnappfunctions.i");

  /**
   * GET POSSIBLE VALUES FROM THE URL
   *   id - This is a encrypted value of the CU Code
   *   f - this helps determine where the information is coming from
   *       hbssouser - This will load the online banking user with a sort of SSO Verification
   */
  $loadedValues = array();
  HCU_ImportVars($loadedValues, "url", array("id" => HCUFILTER_INPUT_STRING, "f" => HCUFILTER_INPUT_STRING, "appinit" => HCUFILTER_INPUT_STRING, "review" => HCUFILTER_INPUT_DIGITS));


  // GET the current ID -- there are these possiblities
  /* Cookie['dmsappid'] --- Get['id']
   * cookie['dmsappid'] is set and Get['id'] is NOT set -- then use the cookie id
   * cookie['dmsappid'] is NOT set and get['id'] is set -- use the get id AND set the cookie
   * cookie['dmsappid'] is set and get['id'] is set --
        *  If they are equal use the cookie['dmsappid']
        *  If they are NOT equal, then there is a problem
   * The cookie should clear with the browser
   */

  /*
   * id_status possible values
   *  -1 - Error occurred - This is a generic error
   *  -2 - Error occurred - The browser needs to be closed -- ids do not match
   *   0 - No Error - use Cookie id value
   *   1 - No Error - use url id value / SET the cookie value
   */
  $id_status = "";
  // if appinit is set to 1, then USE THE id value, not the cookie

  // if (!isset($_COOKIE[$DMSAPP_ID_CookieString]) && !isset($_GET['id'])) {
  if (!isset($_COOKIE[$DMSAPP_ID_CookieString]) && !hcu_array_key_exists('id', $loadedValues['url'])){
    // ** PROBLEM -- NO ID is set
    $id_status = -1;
  //} elseif (isset($_GET['appinit']) && isset($_GET['id'])) {
  } elseif (hcu_array_key_exists('appinit', $loadedValues['url']) && hcu_array_key_exists('id', $loadedValues['url'])) {
    // * if appinit IS set and so is the ID, then LOAD THE id from URL, NOT COOKIE
    $id_status = 1;
  //} elseif (!isset($_COOKIE[$DMSAPP_ID_CookieString]) && isset($_GET['id'])) {
  } elseif (!isset($_COOKIE[$DMSAPP_ID_CookieString]) && hcu_array_key_exists('id', $loadedValues['url'])) {
    // ** Use ID from the URL /set cookie
    $id_status = 1;
  //} elseif (isset($_COOKIE[$DMSAPP_ID_CookieString]) && !isset($_GET['id'])) {
  } elseif (isset($_COOKIE[$DMSAPP_ID_CookieString]) && !hcu_array_key_exists('id', $loadedValues['url'])) {
    // **Use the Cookie ID
    $id_status = 0;
  //} elseif (isset($_COOKIE[$DMSAPP_ID_CookieString]) && isset($_GET['id'])) {
  } elseif (isset($_COOKIE[$DMSAPP_ID_CookieString]) && hcu_array_key_exists('id', $loadedValues['url'])) {
    //if ($_COOKIE[$DMSAPP_ID_CookieString] == $_GET['id']) {
    if ($_COOKIE[$DMSAPP_ID_CookieString] == $loadedValues['url']['id']) {
      // ** Use the Cookie ID
      $id_status = 0;
    } else {
      // ** They do NOT equal -- they are already using the application for
      // * They will need to start over by closing browsers
      $id_status = -2;
    }
   } else {
     // ** SHOULD NOT GET HERE -- GENERAL ERROR
     $id_status = -1;
   }

   switch ($id_status) {
    case -1:
      // ** Is cookie support enabled??
    case -2:
      // ** ERROR OUT
      break;
    case 1:

      // ** Retrieve the id // SEt the cookie
      $l_cucode_hash = hcu_array_key_value('id', $loadedValues['url']);
      HCU_setcookie_env($HB_ENV['SYSENV'], $DMSAPP_ID_CookieString, $l_cucode_hash);
      break;
    case 0:
      $l_cucode_hash = $_COOKIE[$DMSAPP_ID_CookieString];
      break;
  }

  // ** Now decrypt the code and retrieve the cucode
  if ($id_status == 0 || $id_status == 1 && $l_cucode_hash != '') {
    $self .= "id=" . urlencode($l_cucode_hash) . "&";
    // * Check here for the form to load
    $form_code = strtolower(hcu_array_key_value('f', $loadedValues['url']));
    $check_credentials = True;      // ** Assume we check, unless set otherwise
    $hbuser_cookie_user = False;    // ** Use the user_id from teh cookie to lookup the current user,

    // ** DECODE TEHE VALUE I HAVE
    $DMSAPP_CURRENTCUCODE = trim(decrypt($l_cucode_hash, $MasterKey));

    // ** Verify the CU Code looks correct.  An invalid hash will come back with bad results
    if (preg_match('/^[\w\W\d]{2,10}$/', $DMSAPP_CURRENTCUCODE)) {

      // ** IF I have all I need, Load the REQUIRED FILES
      // ** REQUIRE FILES
      $cu = $DMSAPP_CURRENTCUCODE;

      /*
       * Setup all needed information in HB_ENV
       */
      $HB_ENV['cu'] = $DMSAPP_CURRENTCUCODE;
      $HB_ENV['Cu'] = $DMSAPP_CURRENTCUCODE;
      $HB_ENV['chome'] = strtolower($DMSAPP_CURRENTCUCODE);
      $HB_ENV['live'] = $DMSAPP_CULIVE;
      $HB_ENV['testmenu'] = 0;
      $HB_ENV['DB_TABLE_PREFIX'] = $DB_TABLE_PREFIX;
      $HB_ENV['DMSAPP_ONLINE'] = $DMSAPP_ONLINE;
      $HB_ENV['DMSAPP_MODE_ARY'] = $DMSAPP_MODE_ARY;

      // ** Determine platform -- For now this is hardcoded to DESKTOP
      $HB_ENV['platform'] = 'DSK';


      LoadCUAdmin( $dbh, $HB_ENV['cu'], $HB_ENV );

  /* Deprecated libraries
    require_once(dirname(__FILE__) . '/../../../shared/library/''/home/httpd/hcuinc/dbfunc.i');
    require_once(dirname(__FILE__) . '/../../../shared/library/''/home/httpd/hcuinc/dbenv.i');
    require_once(dirname(__FILE__) . '/../../../shared/library/''/home/httpd/hcuinc/cu_common_intl.i');
    require_once(dirname(__FILE__) . '/../../../shared/library/''/home/httpd/hcuinc/setLang.i');
    require_once(dirname(__FILE__) . '/../../../shared/library/''/home/httpd/hcuinc/hcutalk.i');



    //** OPEN DB Connection
    $dbh = db_pconnect();
  */


    // ** We now know the credit union. --
    // ** determine the offline stat


    /*
     // * Retrieve the cookie for user ID
     if (isset($_COOKIE[$DMSAPP_USERID_CookieString])) {

       $l_check_userid = trim(decrypt($_COOKIE[$DMSAPP_USERID_CookieString], $MasterKey));
       if (intval($l_check_userid) == $l_check_userid) {

         // * Get the current user
         $DMSAPP_CURRENTUSERID = $l_check_userid;
         // ** I know it is extra, but RIGHT here I am going to check to authenticate
         // *   this userid is setup for the $DMSAPP_CURRENTCUCODE (cu).. Otherwise I will fall out. gracefully??
         $sql = "SELECT *
                  FROM {$DB_TABLE_PREFIX}user
                  WHERE userid = '" . intval($DMSAPP_CURRENTUSERID) . "' ";
       } else {
         // SOMETHING is wrong with the cookie value -- do NOT set the current userid..

       }
     }
*/

      // ** LOAD INFORMATION FROM cuadmin
      $sql = "SELECT pname, min_chlng_qst, retrylimit, orgname, flagset2, livebatch
              FROM cuadmin
              WHERE cu = '" . prep_save($cu, 12) . "'; ";
      $cu_rs = db_query($sql, $dbh);

      if (db_num_rows($cu_rs) > 0) {


        // ** Load other fields from database
        $cu_row = db_fetch_assoc($cu_rs);
        // ** OVERRIDE DEFAULT VALUES

        // * SET THE CU TYPE
          // {true - LIVE / false - BATCH }
        $DMSAPP_CULIVE = (trim($cu_row['livebatch']) == 'L' ? true : false);

        $DMSAPP_ONLINE = ($DMSAPP_CULIVE ? "1" : "0");           // ** This will determine if the throtlpkt is loaded and whether loans are even sent to the core
                                        // ** NOTE:: we should allow a "live" CU to have this loan app, but not be posting to the core.
                                        // ** prevent batch credit unions from having the online status set -- eventually this is where the setting will be for live cu's that do
                                        // * do NOT post this app to core


        // ** Min Challenge Questions
        $DMSAPP_CHALLENGEQUESTIONS_COUNT = intval($cu_row['min_chlng_qst']);
        // * Product Name
        $DMSAPP_PRODUCTNAME = trim($cu_row['pname']);
        // * Credit Union Name
        $DMSAPP_CUNAME = trim($cu_row['orgname']);
        // ** Allowed Number of Failed Logins
        $DMSAPP_FAILEDLOGINATTEMPTS = intval($cu_row['retrylimit']);
        // capture the flag set for later evaluation
        $DMSAPP_CUFLAGSET2 = $cu_row['flagset2'];



        // ** LOAD CONFIG OPTIONS IF ANY FROM THE lnappconfig table
        $sql = "SELECT cu, appconfig
                FROM lnappconfig
                WHERE cu = '" . prep_save($cu, 12) . "';";
        $config_rs = db_query($sql, $dbh);
        if ($config_row = db_fetch_assoc($config_rs)) {
          // * Load Values from the configuration
    //      $DMSAPP_ONLINE = "1";           // ** This will determine if the throtlpkt is loaded and whether loans are even sent to the core
    //      $DMSAPP_CSS = "";           // ** this is the URL of the Styles used by this credit union for the online loans
          $configOptions = json_decode($config_row['appconfig'], true);
          if (json_last_error() == JSON_ERROR_NONE) {
            // ** Use the options for the loan app
            if (key_exists("configLoanSubmit", $configOptions)) {
              $DMSAPP_ONLINE = (intval($configOptions['configLoanSubmit']) == 1 ? 1 : 0);
            }
            if (key_exists("configLoanSubmitMember", $configOptions)) {
              $DMSAPP_SUBMITMBR = (intval($configOptions['configLoanSubmitMember']) == 1 ? 1 : 0);
            }
            if (key_exists("configLoanFormat", $configOptions)) {
              $DMSAPP_LOANFORMAT = ($configOptions['configLoanFormat'] != '' ? $configOptions['configLoanFormat'] : $DMSAPP_LOANFORMAT);
            }
            if (key_exists("configSSOOnly", $configOptions)) {
              $DMSAPP_SSOONLY = $configOptions['configSSOOnly'];
            }
            if (key_exists("configDisableEmail", $configOptions)) {
              $DMSAPP_DISABLEEMAIL = $configOptions['configDisableEmail'];
            }
            if (key_exists("configHomeLogin", $configOptions)) {
              $DMSAPP_ALLOW_HB_LOGIN = (intval($configOptions['configHomeLogin']) == 1 ? 1 : 0);
            }
            if (key_exists("configLoanCSS", $configOptions)) {
              $DMSAPP_CSS = $configOptions['configLoanCSS'];
            }
            if (key_exists("configLoanIntroMbr", $configOptions)) {
              $DMSAPP_MBRMSG = $configOptions['configLoanIntroMbr'];
            }
            if (key_exists("configLoanIntroNonHBMbr", $configOptions)) {
              $DMSAPP_NON_HB_MBR_MSG = $configOptions['configLoanIntroNonHBMbr'];
            }
            if (key_exists("configLoanIntroNon", $configOptions)) {
              $DMSAPP_NONMBRMSG = $configOptions['configLoanIntroNon'];
            }
            if (key_exists("configLoanMIR", $configOptions) && $DMSAPP_CULIVE) {
              $DMSAPP_FETCHMIR = (intval($configOptions['configLoanMIR']) == 1 ? 1 : 0);
            }
            if (key_exists("configLoanDataOnly", $configOptions)) {
              $DMSAPP_LOANDATAONLY = (intval($configOptions['configLoanDataOnly']) == 1 ? 1 : 0);
            }
          }
        }
      } else {
        // ** We have an error ---
        // Force them back thru Loan App Error
        $form_code = "ERROR";
      }
    } else {
      // * INVALID CU CODE -- PAGE ERROR
      $form_code = "ERROR";
      $serviceErrorCode = '999';
      require_once(dirname(__FILE__) . '/../../banking/includes/hcuErrorPage.i');
      exit;
    }
    // ** NOW DETERMINE IF WE LOAD THE Throttle Packet Script
    if ($DMSAPP_ONLINE && $DMSAPP_CULIVE) {
      // ** Appliance API Script
      require_once(dirname(__FILE__) . '/../../shared/library/sAPIAppl.i');

      // ** Load the specific plugin for this appliance configuration
      IncludeApplPlugin($HB_ENV);

    }

   // ** Depending on the form to load
    // ** used when a cookie times out and they used hbuser to login
    $formAllowReadonly = false;
    switch ($form_code) {
      case "refresh":
        $form2load = "lnapprefresh.i";
        $load_scriptonly = true;
        $check_credentials = false;   // * This form will have CREDENTIAL CHECKS WITHIN IT..
        $formAllowReadonly = true;
        break;
      case "modifyuser":
        $serviceShowInfo = true;
      case "newuser":
      case "confirmuser":
        if ($DMSAPP_DISABLEEMAIL != 1) {
          if ($form_code != "modifyuser") {
            $check_credentials = false;
          }
          if ($form_code == "confirmuser") {
            $formAllowReadonly = true;
          }
          $form2load = "lnappusermaint.i";
        } else {
          // They may not login using email -- ALWAYS GO BACK TO THIS SCREEN?
          $form2load = "lnappintro.i";
        }
        break;
      case "hbuser":
      case "hbssouser":
        // ** For Home banking users I will be using a different process.
        $check_credentials = false;
        $form2load = "lnapphbuser.i";
        $formAllowReadonly = true;
        break;
      case "miruser":
        // ** For members that aren't homebanking users but are cu members
        $check_credentials = false;   // important cookie likely not set up yet.
        $miruser_cookie_user = false;
        $form2load = "lnappmiruser.i";
        $formAllowReadonly = true;
        break;
      case "newmiruser":
        $check_credentials = false;   // important cookie likely not set up yet.
        $form2load = "lnappusermaint.i";
        $formAllowReadonly = true;
        break;
      case "cuuser":
        // ** We don't know if HB user or MIR/CU user
        $check_credentials = false;
        $form2load = "lnappuserchooser.i";
        $formAllowReadonly = true;
        break;
      case "portal":

        // * this is the main menu / portal for the loans, it will be where
        // * member decides which loans to start or status/...
        // This will have to ensure credentials are correct
        $form2load = "lnappportal.i";
        $serviceShowInfo = true;
        $formAllowReadonly = true;
        break;
      case "entry":
        $form2load = "lnappentry.i";
        $serviceShowInfo = true;
        $serviceShowMenu = true;
        $serviceLoadMenu = true;
        $random = rand(1, 999999);

        // setcookie("ENTRYCOOKIE", $random,0, "/", $DMSAPP_Cookie_Domain, 1);
        HCU_setcookie_env($HB_ENV['SYSENV'], "ENTRYCOOKIE", $random, 0);



        /**
        *
        *  Added to try and prevent the user from using the back button on the browser
        *    The user would post the form and then use the back button and they would
        *    be able to repost the data.
        *
        *    I noticed when using the back button the form does NOT get a HTTP_REFERER
        *    so if I am loading a form and there is no referer I will simply redirect them
        *    to the main portal page
        */
/*
        if ($_SERVER['HTTP_REFERER'] == '') {
          header("Location: {$self}f=portal");
        }
*/

        break;
      case "signout":
        $form2load = "lnappsignout.i";

        $check_credentials = false;
        $formAllowReadonly = true;
        break;
      case "calculators":
        $form2load = "lnappcalc.i";
        $serviceShowInfo = true;
        $formAllowReadonly = true;
        break;
      case "loandelete":
        $form2load = "lnappedit.i";
        $serviceShowInfo = true;
        break;
      case "viewapplication":
        $form2load = "lnappview.i";
        $formAllowReadonly = true;
        break;
      case "checksecurity":
        $form2load = "lnappsecurity.i";
        $serviceShowInfo = true;
        $formAllowReadonly = true;
        break;
      case "viewdisclosure":
        $form2load = "lnappdisclosure.i";
        $lnapp_disclosure_standalone = true;
        $lnapp_disclosure_loanid = intval(hcu_array_key_value('review', $loadedValues['url']));
        $formAllowReadonly = true;

        break;
      case "ERROR":
        $id_status = -1;
        $check_credentials = false;
        $form2load = "lnapperror.i";
        $formAllowReadonly = true;
        break;
      default:
        $form2load = "lnappintro.i";
        $check_credentials = False;
        $formAllowReadonly = true;


    }

    // if we are being asked to keep the timeout timer going, do it now
    if ( $form_code == "keepalive" ) {
      $refreshStatus = RefreshCookie($HB_ENV);

      if ( $refreshStatus == "True" ) {
        // the caller is expecting this message back
        print "OK";
      }

      // * exit - no reason to go further
      exit;
    }

    // ** DO NOT ALLOW ANY allowReadOnly if we are ONLINE
    $formAllowReadonly = ($DMSAPP_ONLINE == "1" ? false : $formAllowReadonly);
    // ** CHECK for offline status here
    // * SET OFFLINE
    $DMSAPP_MODE_ARY = SetAppMode($dbh, $DMSAPP_CURRENTCUCODE, $DMSAPP_ONLINE, $formAllowReadonly);
    if ($check_credentials) {
      list($check_status, $check_user, $check_email, $check_logintype) = Check_Credentials();

      if (intval($check_user) == $check_user) {
        $DMSAPP_CURRENTUSERID = $check_user;
        $DMSAPP_CURRENTEMAIL = strtolower($check_email);
        $DMSAPP_LOGINTYPE = $check_logintype;

        if ($check_status == 0) {
          // ** REDIRECT TO LOGIN SCREEN IF CREDENTIALS FAIL
          if ($check_logintype == DMSAPP_CONST_APP_LOGIN) {
            $form_code = "confirmuser";
            $form2load = "lnappusermaint.i";
          } elseif ($check_logintype == DMSAPP_CONST_HB_LOGIN ) {
            $hbuser_cookie_user = True;
            $form2load = "lnapphbuser.i";
          } elseif ($check_logintype == DMSAPP_CONST_MIR_LOGIN) {
            $miruser_cookie_user = True;
            // not loading lnappmiruser.i, need to stay with loading the lnappportal.i
          } else {
            // ** UNKNOWN ERROR
            header("Location: {$self}status=999");
            exit;
          }
        }
        $DMSAPP_CUHOME_PATH = '/home/' . strtolower($DMSAPP_CURRENTCUCODE) . '/public_html/';
      } else {
        // The check_user returned was not an integer
        header("Location: {$self}status=999");
        exit;
      }
    }

    if (!$DMSAPP_MODE_ARY['offline']) {
      $id_status = -3;
      $form2load = "lnapperror.i";
      $load_scriptonly = false; // Always force into the main screen
    }
    if ($load_scriptonly) {
      // ** ONLY INCLUDE THE SCRIPT -- DO NOT LOAD THE CONTAINER
      if (isset($form2load) && strlen($form2load) > 0 && file_exists($inc_path . $form2load)) {
        include_once($inc_path . $form2load);
      }
      // ** DO NOTHING IF NOT FOUND
      exit;
    }

  } else {
    // ** INITIALIZE INFO ERROR -- We are reporting an error
    // The form apperror needs to be setup for possible errors, I would like to make it for all errors
    $serviceShowInfo = false;
    $form2load = "lnapperror.i";
  }

  /**
   * LOAD THE FIRST PART OF THE PAGE
   */
  include_once("../includes/lnappPreContent.i");


  /**
   * LOAD THE CONTENT OF THE PAGE
   */
  // ** INCLUDE THE SCRIPT HERE
  if ($form2load == 'lnappintro.i' && $DMSAPP_SSOONLY == 1) {
    include_once($inc_path . "lnapperror.i");
  } else {
    if (isset($form2load) && strlen($form2load) > 0 && file_exists($inc_path . $form2load)) {
      include_once($inc_path . $form2load);
    } else {
      // ** SET ERROR CATCHING
      $error_loadform = 1;
    }
    if ($error_loadform > 0) {
      // include this form when the one we are looking for is NOT found
      include_once($inc_path . "lnappnotfound.i");
    }
  }
  // ** Allow ONE redirect for the current FORM?!?



  /**
   * LOAD THE FOOTER OF THE PAGE
   */
  include_once("../includes/lnappPostContent.i");

exit;