cu_data.i

<?php

/**
 * Gather the lise of accounts the User is allowed to either transfer into or out of
 *
 * @param integer  $dbh             - Current database handle
 * @param array    $HB_ENV          - Current Environment Array
 * @param string   $Acctid          - Specify an acctid to return -- this will return only the matching AcctId
 * @param boolean  $showZeroBalance - Include Zero Balance in the list
 * @param integer  $pUserIdOverride - When set this will get load the specified User ID instead of the Uid in HB_ENV
 *
 * @return array
 *                 [acctlist]       Array of available accounts with the AcctId as the key
 */
function TX_list($dbh, &$HB_ENV, $Acctid="", $showZeroBalance = false, $pUserIdOverride=0) {

  // returns array of transfer accounts

  /** LOAD CU SETTINGS FROM HB_ENV ** */
  $Cu    = $HB_ENV['Cu'];

  $live  = $HB_ENV['live'];
  $Fmsg_tx = $HB_ENV['Fmsg_tx'];

  $Fset  = $HB_ENV['Fset'];
  $Fset2 = $HB_ENV['Fset2'];
  $Fset3 = $HB_ENV["Fset3"];
  $MC= HCU_array_key_value('MC', $HB_ENV) ? $HB_ENV["MC"] : new hcu_talk_base( "en_US" );

  $txlist = array();
  $xalist = array();
  $errors = array();


  if ($pUserIdOverride == 0) {
    /* NORMAL METHOD -- LOAD Uid FROM HB_ENV */
    $Uid   = intval($HB_ENV["Uid"]);

    $userEmail = $HB_ENV['Ml'];
    $userFplog = $HB_ENV['Fplog'];
  } else {
    /* OVERRIDE USER ID */
    $Uid   = intval($pUserIdOverride);
    /** Get the Email, Last Login for the override user **/


    $userInfo = GetUserInfo($dbh, $HB_ENV, $MC, Array("user_id" => $Uid, "cu" => $Cu));
    if ($userInfo['status']['code'] === '000') {
      $userEmail = HCU_array_key_value('cuusers_email', $userInfo['data']);
      $userFplog = HCU_array_key_value('cuusers_lastlogin', $userInfo['data']);   // ** using the lastlogin because this is NOT for the current user session.


    } else {
      $errors[] = "User Not Found";
    }


  }



  $cuTz = GetCreditUnionTimezone($dbh, $Cu);

  // This is to help make a unique key per account the user could have in their from/to lists.
  $validationKey = GetValidationKey();

  // no account identifier - retrieve the whole list

  // fetch the list of allowable transactions
  $txncodes = Get_HaveTrans($dbh,$HB_ENV);

  /**
   * **
   * ** Fetch deposit accounts
   * **
   */

  if (!$live) {
    $pending = Get_ReqTotals($dbh,$HB_ENV);
  } else {
    $pending = Array();

    $userData = Array (
        'email'     => $userEmail,
        'lastlogin' => $userFplog
    );

    /*
     * FOR Live CU Load all the member account related to the current user
     */
    $dataResp = LoadUserData($HB_ENV, $Uid, $userData);
    $requestDate = HCU_array_key_value("requestDate", $dataResp['data']);
    $requestDesc = HCU_array_key_value("requestDesc", $dataResp['data']);
    if ($dataResp['code'] == '999') {
      // ** Error -
      $balances['status']['code']     = '999';
      $balances['status']['severity'] = 'ERROR';
      $balances['status']['errors'][] = 'System Unavailable';
      $HB_ENV['stale'] = 1;
    } else {
      // ** Success
      $HB_ENV['lastupdate'] = $requestDate;
    }

    if ($dataResp['code'] != '900') {  // * Don't update packetStatus for 'too soon'

      $HB_ENV['packetStatus'] = Array(
                            'status' => $dataResp['code'],
                            'asofdate' => $requestDate,
                            'reason' => $requestDesc
                          );
    }
    /* Finished loading Account/Loan data */

    /* Load Cross Account Authority Packet */
    /*
     * Check if the CU3_API_XAC flag (Request XAC Packet) is set
     * AND the Fmsg_tx does not contain the value for Successful XAC Load bit
     */

    if ((($HB_ENV['Fset3'] & GetFlagsetValue('CU3_API_XAC')) && ($HB_ENV['Fmsg_tx'] & GetMsgTxValue('MSGTX_TMP_XAX_LD')) == 0)) {
      /*
       * mws 1/6/16
       *
       * Changing functionality from classic
       * Classic - Once a cross account check fails, we quit trying to update cross accounts
       * New Functionality - We retry getting the cross account. -- And show the message as returned, but do NOT
       *                     change the livepacketstatus cookie.
       *                     This will allow any connectivity problems to correct themselves if they are small
       *
       *
       *  Fetch a packet if we have NOT gotten a success packet - signified by the value 32 in msg_tx
       *
       */
      if (($Fmsg_tx & GetMsgTxValue('MSGTX_TMP_XAX_LD')) == 0) {

        // ** need e-mail passed to function
        $userData = Array("email" => $HB_ENV['Ml']);
        // ** REMOVE list($xstat, $xdata, $xreason) = LoadCrossAcctData($HB_ENV, $Uid, $userData);
        $xaResp = LoadCrossAcctData($HB_ENV, $Uid, $userData);

        if ($xaResp['code'] == '000') {
          /* * SUCCESS * */
          $nflag = $Fmsg_tx | GetMsgTxValue('MSGTX_TMP_XAC_RQ') + GetMsgTxValue('MSGTX_TMP_XAX_LD');
        } else {
          /* * FAILURE * */
          $nflag = $Fmsg_tx | GetMsgTxValue('MSGTX_TMP_XAC_RQ');
        }

         // ** New value to return to caller
         $Fmsg_tx = $nflag;
      }

      // ** Evaluate msg_tx after XA Request -- If 32 is not set then we know it was not received correctly
      //   ** Report the error to the screen
      if (($Fmsg_tx & GetMsgTxValue('MSGTX_TMP_XAX_LD')) == 0) {
          # Didn't get a packet -- set an error
          $errors[]="System Unavailable";
          if ($xreason != '') {
            $HB_ENV['packetStatus']['reason'] = $xreason;
          } else {
            $HB_ENV['packetStatus']['reason'] = 'System Temporarily Down - Unable to contact core system.';
          }
      }
      $txreturn['status']['Fmsg_tx']=$Fmsg_tx;
    }
  }

  if (count($errors) > 0) {
    // ** ERRORS FOUND -- SET Return array and EXIT
    $txreturn['status']['code']='999';
    $txreturn['status']['severity']='ERROR';
    $txreturn['status']['errors']=$errors;
  } else {

    /*
     * For oid ordering I need to add the tables OID to the respective tables so I can
     * sort off them.
     */
    $bal_oid_select = "";
    $xa_oid_select = "";
    if (($Fset2 & GetFlagsetValue("CU2_SORTORDER6")) == GetFlagsetValue("CU2_SORTORDER6")) {
      $bal_oid_select = ", ab.oid ";
      $xa_oid_select = ", ca.oid ";
    }
    // get deposit balance accounts that the user can work with
    // adding in micraccount for Bill Pay - ENR
    $sqltx = "SELECT trim(ua.display_name) as display_name, trim(ab.description) as description,
                trim(ab.micraccount),
                trim(ab.accounttype) as accounttype, ua.certnumber, ab.deposittype, ab.amount,
                ab.available, trim(ua.accountnumber) as accountnumber, ua.view_balances,
                ua.int_deposit, ua.int_withdraw, ua.ext_deposit, ua.ext_withdraw, may_deposit, may_withdraw,
                coalesce(ab.balance_stamp, ma.balance_stamp) as balance_stamp, ma.balance_attempt,
                ma.restrictions, ua.display_order, btrim(ab.accounttype, 'DIS'), 'balance' as tablesrc, null as permaccount {$bal_oid_select}
              FROM {$Cu}useraccounts ua

              INNER JOIN {$Cu}accountbalance ab ON ab.accountnumber = ua.accountnumber
               AND ab.accounttype = ua.accounttype
               AND ab.certnumber = ua.certnumber
               AND ab.deposittype IN ('Y','S','N')

             INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber
             WHERE ua.user_id = {$Uid}
               AND ua.recordtype = 'D'
               AND (ua.int_deposit = 't' OR ua.int_withdraw = 't')";

    /*
     * Add query for Cross Accounts if enabled.
     * Enabled by Allowing XA type transfers
     * AND loading data from XAC Packet
     *
     * Add 'null' for micraccount to balance UNION
     */
    // Cross accounts does not use micraccounts but null is needed to have the same number of columns.
    if (HCU_array_key_value("XA", $txncodes) && ($Fset3 & GetFlagsetValue("CU3_API_XAC"))) {
      $sqltx .= "
              UNION ALL

              SELECT trim(ua.display_name) as display_name, trim(ca.description) as description,
                null, trim(ca.accounttype) as accounttype, ua.certnumber, ca.deposittype, 0 as amount,
                0 as available, trim(ca.tomember) as accountnumber, ua.view_balances,
                ua.int_deposit, ua.int_withdraw, ua.ext_deposit, ua.ext_withdraw, true as may_deposit, false as may_withdraw,
                NULL as balance_stamp, NULL as balance_attempt,
                ma.restrictions as restrictions, ua.display_order, btrim(ca.accounttype, 'DIS'), 'cross' as tablesrc, ca.accountnumber as permaccount {$xa_oid_select}
              FROM {$Cu}useraccounts ua

              INNER JOIN {$Cu}crossaccounts as ca ON ua.accountnumber = ca.accountnumber
               AND trim(ca.accounttype) || '#' || trim(ca.tomember) = ua.accounttype
               AND ca.deposittype IN ('Y','S','N')
              INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber

             WHERE ua.user_id = {$Uid}
               AND ua.recordtype = 'T'
               AND ua.int_deposit = 't'";
    }

    // ** Determine Ordering
    if (($Fset & GetFlagsetValue("CU_SORTORDER4")) == GetFlagsetValue("CU_SORTORDER4")) {
        // $sqltx .= " order by ua.display_order, btrim(ab.accounttype,'DIS'),ua.accountnumber, ab.certnumber";
        // 20, 21, 4
        $sqltx .= " ORDER BY 20, 21, 9, 4;";
    } elseif (($Fset2 & GetFlagsetValue("CU2_SORTORDER6")) == GetFlagsetValue("CU2_SORTORDER6")) {
        $sqltx .= " order by 20, 22, 24";
    } else {
        // $sqltx .= " order by ua.display_order, btrim(ab.accounttype, 'DIS'), ua.accountnumber, ab.certnumber";
        // 20, 4, 5
        $sqltx .= " ORDER BY 20, 4, 5, 9";
    }

    $sthtx = db_query($sqltx,$dbh);
    /**
     *  Return a line for each account.
     */
    for ($trow=0; list($display,$desc,$micra,$type,$certnumber,$deposittype, $balance,$available, $acct,$view_b,$int_d,$int_w, $ext_d, $ext_w, $may_d, $may_w, $acct_balance_stamp,
        $acct_balance_attempt, $restrictions, $dispOrder, $acctDIS, $tableSrc, $permAccount) = db_fetch_array($sthtx,$trow); $trow++) {
      // make sure internal transfers are allowed, even if cross account
      if ( !($txncodes["AT"] || $txncodes["XA"]) ) continue;

      // locked or readonly accounts cannot be in this list
      if ( $restrictions == "L" || $restrictions == "R" ) continue;

      $acctGroup = $MC->msg("Deposit Accounts", HCU_DISPLAY_AS_RAW);

      // For the most part we want to add to the txlist, except for when there are both XA and regular records for the same key.
      // Replace the "continue" which skips the record and goes to the next in the record set with the boolean and then check boolean when adding it.
      $addToTxList = true;
      $addToXAList = false;

      if ($tableSrc == 'cross') {

        $addToXAList = true;
        $trust = "transfer";
        // ** The query has set the accountnumber to the proper destination -- Use the value coming from the query.
        $jacct = $acct;
        $jtype = $type;
        $permAccount = trim($permAccount);

        /*
         * ** PREVENT CROSS ACCOUNT OVERWRITING PERMISSIONS **
         * The tx_list does not have a key that is unique enough to identify the difference between
         *   an account that has a cross account transfer to a different account and an additional
         *   account setup in Access Control.
         * In this scenario the Cross Account permissions will trump the other permissions (however,
         *   the overwrite is most likely determiend by the ordered list).  What we want to prevent is
         *   the Cross Account overriding permissions already set.  If a full account permission override
         *   a Cross Account, then that is probably okay.
         * Search for the index key here.
         *   D|AcctNumber|SubAcct|0
         * IF FOUND
         *   then <continue> (skip)
         * IF NOT FOUND
         *    then add
         */
        $listAryKey = "D|$jacct|$jtype|$certnumber";
        if (HCU_array_key_exists($listAryKey, $txlist)) {
          $addToTxList = false;
        }

      } else {
        if (strpos($type,"@")) {
          list($jtype,$jacct) = explode("@",$type);
          $trust = 'joint';
        } else {
          $jtype = $type;
          $jacct = $acct;         // ** ALWAYS USE THE ACCOUNT NUMBER COMING BACK FROM DATABASE
          $trust = 'primary';
        }
        $permAccount = $acct;
      }
      $tokn = sha1("{$jacct}{$jtype}D{$Cu}{$validationKey}");

      // Does this have a pending value
      $pend = sprintf("%.2f", HCU_array_key_value("D|$jacct|$jtype|$certnumber", $pending));

      $available = sprintf("%.2f", ($available + $pend));

      $balanceAmt = sprintf("%.2f", $balance);
      $toFlag = ($int_d == "t" || $ext_d == "t") && $may_d == "t" ? "Y" : "N";
      $fromFlag = ($int_w == "t" || $ext_w == "t") && $may_w == "t" ? ($available > 0 || $showZeroBalance ? "Y" : "N") : "N";

      $txlistRecord = array();

      $txlistRecord['suffix']      = $type;
      //micraccount - ENR
      $txlistRecord['micraccount']  = $micra;
      // ENR
      $txlistRecord['acctclass']   = "D";
      $txlistRecord['description'] = getAccountDescription($dbh, $HB_ENV["Cu"], $acct, $desc, $type, $display, $Fset3);
      $txlistRecord['unitokn']     = $tokn;
      $txlistRecord['deposittype'] = $deposittype;
      if ($view_b == "t") {
        $txlistRecord['available']   = $available;
        $txlistRecord['balance']     = $balanceAmt;
        $txlistRecord['pending']     = $pend;
      } else {
        $txlistRecord['available']   = 0;
        $txlistRecord['balance']     = 0;
        $txlistRecord['pending']     = 0;
      }
      $txlistRecord['from']        = $fromFlag;
      $txlistRecord['from_int']    = ($int_w == "t" ? "Y" : "N");
      $txlistRecord['from_ext']    = ($ext_w == "t" ? "Y" : "N");
      $txlistRecord['to']          = $toFlag;
      $txlistRecord['to_int']      = ($int_d == "t" ? "Y" : "N");
      $txlistRecord['to_ext']      = ($ext_d == "t" ? "Y" : "N");
      $txlistRecord['trust']       = $trust;
      $txlistRecord['view_balances'] = ($view_b == "t" ? "Y" : "N");


      $txlistRecord['member']      = $permAccount;
      // ** Mws 7/2017 -- set tomember to -1 to see if it causes failure
        // -- eventually this column can be removed
      $txlistRecord['tomember']    = '-1';

      /* Build Account Group */
      $txlistRecord['item-group']  = "1 - $acctGroup";

      if ($live) {
        $txlistRecord['as_of_date'] = GetDateFormatTimezone($acct_balance_stamp, 'm/d/Y h:i A', $cuTz);
        $txlistRecord['out_of_sync'] = ($acct_balance_stamp < $acct_balance_attempt);

      } else {
        $txlistRecord['as_of_date'] = "";
        $txlistRecord['out_of_sync'] = false;
      }

      // Cross accounts are always in the $xalist but only in the txlist if there is no regular record with the key.
      if ($addToTxList) {
        $txlist["D|$jacct|$jtype|$certnumber"] = $txlistRecord;
      }
      if ($addToXAList) {
        // This is needed in the case of a circular reference.  The regular key is not unique enough.
        if (!HCU_array_key_exists($permAccount, $xalist)) {
          $xalist[$permAccount] = array();
        }
        $xalist[$permAccount]["D|$jacct|$jtype|$certnumber"] = $txlistRecord;
      }


    }

    /**
     * **
     * ** Loan balance accounts
     * **
     */
    $customWhere = '';
    /**
     * TEMPORARY
     * FISRTAM needs to NOT be able to make payments to their CRCD sub accounts
     * The proper payment method is to use the "Sweep Accounts".
     * This is a work-around until we can get a middle-ware to online solution.
     * 12/14/17
     */
    if ($Cu == 'FIRSTAM') {
      $customWhere = " AND substring(lb.loannumber, 1, 5) <> 'CRCD:' ";
    }
    $sqltx = "SELECT trim(description) as description, trim(ua.display_name) as display_name,
                trim(loannumber) as loannumber, trim(ua.accountnumber) as accountnumber,
                int_deposit, int_withdraw, ext_deposit, ext_withdraw, view_balances,
                currentbalance, paymentamount, creditlimit,
                cbtype, misc1, payoff, may_addon, may_payment,
                interestrate, unpaidinterest,
                date_part('day',(now()-lastpaymentdate)) as unpaiddays,
                coalesce(lb.balance_stamp, ma.balance_stamp) as balance_stamp, ma.balance_attempt,
                ma.restrictions, ua.display_order, btrim(loannumber,'LC'),
                'balance' as tablesrc, null as permaccount
              FROM {$Cu}useraccounts ua
              INNER JOIN {$Cu}loanbalance lb on lb.accountnumber = ua.accountnumber
                and lb.loannumber = ua.accounttype
                and (cbtype is null or cbtype <> 'X')
              INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber

              WHERE ua.user_id = {$Uid}
                AND ua.recordtype = 'L'
                ${customWhere}
                AND (ua.int_deposit = 't' OR ua.int_withdraw = 't')
                ";

    /*
     * Add query for Cross Accounts if enabled.
     * Enabled by Allowing XA type transfers
     * AND loading data from XAC Packet
     */
    if (HCU_array_key_value("XP", $txncodes) && ($Fset3 & GetFlagsetValue("CU3_API_XAC"))) {
      $sqltx .= "
              UNION ALL

              SELECT trim(ca.description) as description, trim(ua.display_name) as display_name,
                trim(ca.accounttype) as loannumber, trim(ca.tomember) as accountnumber,
                ua.int_deposit, ua.int_withdraw, ua.ext_deposit, ua.ext_withdraw, ua.view_balances,
                0 as currentbalance, 0 as paymentamount, 0 as creditlimit,
                '' as cbtype, ca.misc1 as misc1, 0 as payoff, false as may_addon, true as may_payment,
                0 as interestrate, 0 as unpaidinterest,
                0 as unpaiddays,
                0 as balance_stamp, 0 as balance_attempt,
                ma.restrictions as restrictions, ua.display_order, btrim(ca.accounttype,'LC'),
                'cross' as tablesrc, ca.accountnumber as permaccount
              FROM {$Cu}useraccounts ua

              INNER JOIN {$Cu}crossaccounts as ca ON ua.accountnumber = ca.accountnumber
               AND trim(ca.accounttype) || '#' || trim(ca.tomember) = ua.accounttype
               AND ca.deposittype IN ('L')
              INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber


             WHERE ua.user_id = {$Uid}
               AND ua.recordtype = 'P'
               AND ua.int_deposit = 't'
               ";
    }

    if ($Fset & GetFlagsetValue('CU_LNSORT2')) {
      // $loanOrderBy = " ORDER BY ua.display_order, btrim(loannumber,'LC'), ua.accountnumber";
      $loanOrderBy = " ORDER BY 24, 25, 4";
    } else {
      // $loanOrderBy = " ORDER BY ua.display_order, loannumber, ua.accountnumber";
      $loanOrderBy = " ORDER BY 24, 3, 4";
    }

    $sqltx .= $loanOrderBy;

    $sthtx = db_query($sqltx,$dbh);
    /*
     *  Return a line for each account.
     */
    // save any credit cards to add after the loans
    $ccList = array();
    $loanList = array();
    $xaList = array();
    for ($row=0; $lnrow=db_fetch_array($sthtx,$row); $row++) {
      // locked or readonly accounts cannot be in this list
      if ( $lnrow["restrictions"] == "L" || $lnrow["restrictions"] == "R" ) continue;

      // ** Key account number for this LOAN record
      $loanAcctNbr = trim($lnrow['accountnumber']);
      $permacct = $loanAcctNbr;

      if ( $lnrow["cbtype"] == "18" && ($Fset2 & GetFlagsetValue("CU2_SPEC18")) == GetFlagsetValue("CU2_SPEC18") ) {
        $cctype = "C";
        $acctGroup = "3 - " . $MC->msg("Credit Card Accounts", HCU_DISPLAY_AS_RAW);
      } else {
        $cctype = "L";
        $acctGroup = "2 - " . $MC->msg("Loan Accounts", HCU_DISPLAY_AS_RAW);
      }

      // handle this - type 18 and neither set then skip this entry (original logic only got these entries if the flag checks passed)
      if ( $cctype == "C"  && !isset($txncodes["CC"]) && !isset($txncodes["CE"]) ) {
        continue;
      }

      // For the most part we want to add to the txlist, except for when there are both XA and regular records for the same key.
      // Replace the "continue" which skips the record and goes to the next in the record set with the boolean and then check boolean when adding it.
      $addToTxList = true;
      $addToXAList = false;

      $type = $lnrow['loannumber'];

      $balance     = $lnrow["view_balances"] == 't' ? $lnrow['currentbalance'] : 0.00;
      $payment     = $lnrow['paymentamount'];
      $creditlimit = sprintf("%.2f", $lnrow['creditlimit']);
      $available   = $lnrow["view_balances"] == 't' ? ($creditlimit - $balance) : 0.00;
      $available   = sprintf("%.2f", ($available < 0 ? 0 : $available));


      $cbtype = $lnrow['cbtype'];
      if ($live) {
        $misc1  = $lnrow['misc1'];
        $payoff = $lnrow['payoff'];
      } else {
        $rate   = $lnrow['interestrate'];
        $rate   = (empty($rate) ? 0 : $rate);
        $unpaid = $lnrow['unpaidinterest'];
        $unpaid = (empty($unpaid) ? 0 : $unpaid);
        $days   = intval($lnrow['unpaiddays']);
        $days   = ($days < 0 ? 0 : $days);
        $misc1  = '';                       // Default Value for misc1 (batch not used)

        $payoff = (((($rate / 100) * $balance) / 365) * $days) + $unpaid + $balance;
      }
      // ** Format Payoff
      if(empty($payoff) || $payoff == 0) {
        $payoff = 'N/A';
      } else {
        $payoff = sprintf("%.2f", $payoff);
      }

      $misc1 = ("$misc1" == '' ? '-' : $misc1);
      if ($lnrow['tablesrc'] == 'cross') {

        $addToXAList = true;
        $trust = 'transfer';
        $jtype = $type;
        // ** Use the Account Number from the record
        $jacct = $loanAcctNbr;
        $permacct = $lnrow["permaccount"];


        /*
         * ** PREVENT CROSS ACCOUNT OVERWRITING PERMISSIONS **
         * The tx_list does not have a key that is unique enough to identify the difference between
         *   an account that has a cross account transfer to a different account and an additional
         *   account setup in Access Control.
         * In this scenario the Cross Account permissions will trump the other permissions (however,
         *   the overwrite is most likely determiend by the ordered list).  What we want to prevent is
         *   the Cross Account overriding permissions already set.  If a full account permission override
         *   a Cross Account, then that is probably okay.
         * Search for the index key here.
         *   D|AcctNumber|SubAcct|0
         * IF FOUND
         *   then <continue> (skip)
         * IF NOT FOUND
         *    then add
         */
        $listAryKey = "$cctype|$jacct|$jtype";

        if ( $cctype === "C" ) {
          if (HCU_array_key_exists($listAryKey, $ccList)) {
            $addToTxList = false;
          }

        } else {
          if (HCU_array_key_exists($listAryKey, $loanList)) {
            $addToTxList = false;
          }
        }

      } else {
        if (strpos($type,"@")) {
          list($jtype,$jacct) = explode("@",$type);
          $trust='joint';
        } else {
          $jtype = $type;
          // ** Use the Account Number from the record
          $jacct = $loanAcctNbr;
          $jacct = $lnrow['accountnumber'];     // Always use accountnumber from database
          $trust='primary';
        }
      }
      $pend = sprintf("%.2f", HCU_array_key_value("L|$jacct|$jtype", $pending));

      // figure out the From and To logic
      $from = "N";
      if ( ($lnrow["int_withdraw"] == 't' || $lnrow["ext_withdraw"] == 't') &&
           $lnrow["may_addon"] == 't' &&
           ((HCU_array_key_value('LA', $txncodes) && $cctype == "L") || (HCU_array_key_value('CA', $txncodes) && $cctype == "C")) ) {
        // only show if has an available balance or showing zero balances
        $from =  ($available > 0 || $showZeroBalance ? "Y" : "N");
      }
      $to = "N";
      if ( ($lnrow["int_deposit"] == 't' || $lnrow["ext_deposit"] == 't') &&
           ($lnrow["may_payment"] == 't' && HCU_array_key_value('LP', $txncodes)) ) {
        if ( ($cctype == "C"  &&
             ($Fset2 & GetFlagsetValue("CU2_CC18SHOWZERO")) != GetFlagsetValue("CU2_CC18SHOWZERO")  &&
            // adding a check for balance == 0
             $balance == 0)
             // Or a non-cross account loan with a zero balance.  For cross accounts, the balance is not known so it's zero.
             || ($cctype == "L" && $balance == 0 && $lnrow["tablesrc"] !== "cross")) {
          // if not set, don't show zero balance credit card accounts
          $to = "N";
        } else {
          $to = "Y";
        }
      }

      $indexString = "$cctype|$jacct|$jtype";

      $tokn=sha1("{$jacct}{$jtype}L{$Cu}{$validationKey}");
      $dataHolder = array();

      $dataHolder['suffix']      = $type;
      $dataHolder['micra']       = $micra;
      $dataHolder['acctclass']   = $cctype;
      $dataHolder['description'] = getAccountDescription($dbh, $HB_ENV["Cu"], $loanAcctNbr, $lnrow['description'], $type, $lnrow['display_name'], $Fset3);
      $dataHolder['unitokn']     = $tokn;
      $dataHolder['available']   = $available;
      $dataHolder['pending']     = $pend;
      $dataHolder['from']        = $from;
      $dataHolder['from_int']    = ($lnrow["int_withdraw"] == "t" ? "Y" : "N");
      $dataHolder['from_ext']    = ($lnrow["ext_withdraw"] == "t" ? "Y" : "N");

      $dataHolder['to']          = $to;

      // only check db setting if $to is Y, otherwise default to N
      $dataHolder['to_int']      = ($to == "Y" ? ($lnrow["int_deposit"] == "t" ? "Y" : "N") : "N");
      $dataHolder['to_ext']      = ($to == "Y" ? ($lnrow["ext_deposit"] == "t" ? "Y" : "N") : "N");

      $dataHolder['misc1']       = $misc1;
      $dataHolder['trust']       = $trust;
      $dataHolder['view_balances'] = ($lnrow["view_balances"] == "t" ? "Y" : "N");
      $permacct = trim($permacct);
      $dataHolder['member']      = $permacct;
      // ** Mws 7/2017 -- set tomember to -1 to see if it causes failure
        // -- eventually this column can be removed
      $dataHolder['tomember']    = '-1';

      /* Build Account Group */
      $dataHolder['item-group']  = $acctGroup;

      if ($live) {
        $dataHolder['as_of_date'] = GetDateFormatTimezone($lnrow['balance_stamp'], 'm/d/Y h:i A', $cuTz);
        $dataHolder['out_of_sync'] = ($lnrow['balance_stamp'] < $lnrow['balance_attempt']);
      } else {
        $dataHolder['as_of_date'] = "";
        $dataHolder['out_of_sync'] = false;
      }


      // only show some things depending on what can be done
      if ( $cctype == "L" || ($cctype == "C" && ( $txncodes["CC"] || $txncodes["CE"] ) ) ) {
        $dataHolder['payoff']     = $payoff;
        $dataHolder['paymentdue'] = $payment;
        $dataHolder['balance']    = sprintf("%.2f", $balance);
      }

      if ($addToTxList) {
        if ( $cctype === "C" ) {
          $ccList[$indexString] = $dataHolder;
        } else {
          $loanList[$indexString] = $dataHolder;
        }
      }

      if ($addToXAList) {
        // This is needed in the case of a circular reference.  The regular key is not unique enough.
        if (!HCU_array_key_exists($permacct, $xalist)) {
          $xalist[$permacct] = array();
        }
        $xalist[$permacct][$indexString] = $dataHolder;
      }

   }

    // add the loan items and then the cc items
   $txlist = array_merge( $txlist, $loanList, $ccList );

    /**
     * **
     * ** Other Accounts
     * **
     */
    $othList  = array();
    foreach ($txncodes as $tcode => $value) {

      $dataHolder  = array();
      $indexString = "O|$Uid|$tcode";
      $acctGroup   = $MC->msg("Misc. Transfers", HCU_DISPLAY_AS_RAW);
      $othIdKey    = $Uid;

      // check for special handling
       // - Values 1 and 2
      if (in_array($value[1], Array(1, 2))) {

        /**
         * **
         * ** OTHER TRANSACTION TYPE DESCRIPTION
         * **
         */
        $desc = ($value[2] > '' ? $value[2] : $value[0] );
        $desc = htmlspecialchars($desc, ENT_QUOTES);

        $tokn = sha1("{$Uid}{$tcode}O{$Cu}{$validationKey}");


        $dataHolder['suffix']      = "$tcode";
        $dataHolder['micra']       = "$micra";
        $dataHolder['acctclass']   = "O";
        $dataHolder['description'] = "$desc";
        $dataHolder['unitokn']     = "$tokn";

        /* OTHER ACCOUNTS MAY ONLY BE TRANSFERRED INTO FOR INTERNAL PURPOSES */
        $dataHolder['to']          = "Y";
        $dataHolder['to_int']      = "Y";
        $dataHolder['to_ext']      = "N";
        $dataHolder['from']        = "N";
        $dataHolder['from_int']    = "N";
        $dataHolder['from_ext']    = "N";
        $dataHolder['view_balances'] = "N";


        $dataHolder['trust']       = "primary";
        $dataHolder['member']      = $othIdKey;
        // ** Mws 7/2017 -- set tomember to -1 to see if it causes failure
          // -- eventually this column can be removed
        $dataHolder['tomember']    = '-1';
        $dataHolder['as_of_date'] = "";
        $dataHolder['out_of_sync'] = false;

        $dataHolder['item-group'] = "4 - $acctGroup";


        $othList[$indexString] = $dataHolder;
      }
    }

    $txlist = array_merge($txlist, $othList);

    /**
     * **
     * ** External Accounts
     * **
     */
    // get any external accounts to add
    $extAcctList = Get_ExternalAccounts( $dbh, $HB_ENV );
    $extList = array();
    $acctGroup = $MC->msg("EXT External Accounts", HCU_DISPLAY_AS_RAW);

    $extIdKey = $Uid;
    for ( $i = 0; $i < count( $extAcctList ); $i++ ) {

      $dataHolder = Array();

      $tokn = sha1("{$Uid}{$extAcctList[$i]["id"]}X{$Cu}{$validationKey}");
      $desc = $extAcctList[$i]["display_name"];
      $desc = htmlspecialchars( $desc,ENT_QUOTES );

      // use the maximum amount for the available amount
      $available = $extAcctList[$i]["max_amount"];

      $indexString = "X|{$Uid}|{$extAcctList[$i]["id"]}";

      $dataHolder['acctclass']   = "X";
      $dataHolder['suffix']      = "";
      $dataHolder['micra']       = $micra;
      $dataHolder['description'] = $desc;
      $dataHolder['unitokn']     = $tokn;
      $dataHolder['available']   = $available;
      /* EXTERNAL ACCOUNTS HAVE NO INTERNAL TRANSFER ABILITY */

      $dataHolder['to']          = "Y";
      $dataHolder['to_int']      = "N";
      $dataHolder['to_ext']      = "Y";
      $dataHolder['from']        = "Y";
      $dataHolder['from_int']    = "N";
      $dataHolder['from_ext']    = "Y";
      $dataHolder['trust']       = "transfer";
      $dataHolder['view_balances'] = "N";
      $dataHolder['member']      = $extIdKey;
      $dataHolder['as_of_date'] = "";
      $dataHolder['out_of_sync'] = false;

      $dataHolder['item-group']  = "5 - $acctGroup";

      $extList[$indexString] = $dataHolder;
    }

    $txlist = array_merge( $txlist, $extList );

    /**
     * **
     * ** Member 2 Member Accounts
     * **
     */
    // get any M2M accounts to add
    // ** Should we check the feature is enabled
    $acctList = Get_M2MAccounts( $dbh, $HB_ENV );
    $m2mList = array();
    $acctGroup = $MC->msg("Other Member Accounts", HCU_DISPLAY_AS_RAW);

    $extIdKey = $Uid;
    for ( $i = 0; $i < count( $acctList ); $i++ ) {
      $dataHolder = Array();

      $tokn = sha1("{$Uid}{$acctList[$i]["id"]}X{$Cu}{$validationKey}");

      $desc = $acctList[$i]["display_name"];
      $desc = htmlspecialchars( $desc,ENT_QUOTES );

      // use the maximum amount for the available amount
      $available = sprintf("%.2f", $acctList[$i]["max_amount"]);

      $indexString = "M|{$Uid}|{$acctList[$i]["id"]}";

      $dataHolder['acctclass']   = "M";
      $dataHolder['suffix']      = "";
      $dataHolder['micra']       = $micra;
      $dataHolder['description'] = $desc;
      $dataHolder['unitokn']     = $tokn;
      $dataHolder['available']   = $available;
      $dataHolder['to']          = "Y";
      $dataHolder['to_int']      = "Y";             // M2M is internal to the CU
      $dataHolder['to_ext']      = "N";

      $dataHolder['from']        = "N";              // never from
      $dataHolder['from_int']    = "N";
      $dataHolder['from_ext']    = "N";
      $dataHolder['trust']       = "transfer";
      $dataHolder['view_balances'] = "N";

      $dataHolder['member']      = $extIdKey;
      $dataHolder['as_of_date'] = "";
      $dataHolder['out_of_sync'] = false;

      $dataHolder['item-group']  = "6 - $acctGroup";

      $m2mList[$indexString] = $dataHolder;
    }

    $txlist = array_merge( $txlist, $m2mList );

    if (!empty($Acctid)) {
    # got an account identifier - return one only

      $txreturn['acctlist'] = $txlist[$Acctid];
    } else {
      $txreturn['acctlist'] = $txlist;
    }

    // If XA and XP are not valid for the credit union, this will be an empty array.
    $txreturn["xacctlist"] = $xalist;

    $txreturn['status']['code']='0';
    $txreturn['status']['severity']='INFO';
  }

  return ($txreturn);
}

function Get_HaveTrans($dbh,$HB_ENV) {
# returns list of transaction types the cu supports
$Cu=$HB_ENV['Cu'];
  # fetch transactions types

       $sqltx= "select ht.trancode as txncode,
              trim(t.trandesc) as txndesc,
              t.specialproc as txnspec,
              trim(ht.cudesc) as txncudesc
                 from cutrans t, cuhavetrans ht
                where ht.cu='$Cu'
                and ht.trancode = t.trancode";

    $txsth = db_query($sqltx,$dbh);
    $txncodes = array();
    for ($trow=0;
          list($code, $desc, $spec, $cudesc) = db_fetch_array($txsth,$trow);
        $trow++) {
      $txncodes[$code] =array($desc,$spec,$cudesc);
    }
    db_free_result($txsth);

  # if type 18 loans are to be passed as CP transaction, make sure we have a
  # description for that transaction code.

    if ( HCU_array_key_exists( "CC" , $txncodes) && !HCU_array_key_exists( "CP" , $txncodes) ) {
      $txncodes["CP"] =array('Credit Card Payment',0,'');
    }
    return ($txncodes);
}

function Get_ReqTotals($dbh,$HB_ENV) {
# returns array of BATCH pending transaction totals by dp account/loan
$Cu=$HB_ENV['Cu'];
$Cn=$HB_ENV['Cn'];
$Uid=$HB_ENV['Uid'];
$pending=array();
#
# consider any pending txns originated by this member
# or originated from this account by a joint owner.
# Do NOT consider the "to" portion for joint or cross, just the "from"

// users can have access to multiple accounts, we must select transactions
// determined by the accounts this user has in the useraccounts table.

// select all unique accountnumber by user_id
  $sql = "
    SELECT DISTINCT ON (ur.accountnumber) ur.accountnumber
    FROM {$Cu}useraccounts ur
    WHERE ur.user_id=$Uid";
  $sth = db_query($sql, $dbh);

  // because of the LIKE statement below, it is rather difficult
  // to use the IN clause. so we use a loop.
  $sql = "";
  for ($row = 0; list($acct) = db_fetch_array($sth,$row); $row++) {
    $sqlAcct = trim($acct);
    $sql .= "
      SELECT TRIM(tr.accountnumber), TRIM(tr.transactioncode), TRIM(tr.reference1), TRIM(tr.memberto), TRIM(tr.reference2), tr.amount
      FROM {$Cu}transaction tr
      WHERE (tr.accountnumber = '{$sqlAcct}' OR TRIM(tr.reference1) LIKE '%@{$sqlAcct}')
        AND tr.id > ALL (
        SELECT MAX(id)
        FROM {$Cu}transaction
        WHERE accountnumber='CHECKPOINT'
          AND reference1='PHASE II'
      );";
  }
  $sth = db_query($sql,$dbh);

    for ($row=0; list($memfrom,$tc,$ftype,$memto,$ttype,$amount) = db_fetch_array($sth,$row); $row++) {

    if (strpos($ftype,"@")) {
      list($smplfacct,$smplfmem) = explode("@",$ftype);
      $smplfmem = trim($smplfmem);
    } else {
       $smplfacct = trim($ftype);
      $smplfmem = $memfrom;
    }
    if (strpos($ttype,"@")) {
      list($smpltacct,$smpltmem) = explode("@",$ttype);
      $smpltmem = trim($smpltmem);
    } else {
       $smpltacct = trim($ttype);
      $smpltmem = ("$memto" == "" ? $memfrom : $memto);
    }

    $depositKeyF = "D|$smplfmem|$smplfacct|0";
    $depositKeyT = "D|$smpltmem|$smpltacct|0";
    $loanKeyT = "L|$smpltmem|$smpltacct";
    $loanKeyF = "L|$smplfmem|$smplfacct";

    !HCU_array_key_exists($depositKeyF, $pending) ? $pending[$depositKeyF] = 0 : null; // If the key doesn't exist, create it before usage.
    $pending[$depositKeyF] -= $amount;
      if ($tc == 'AT') {
        !HCU_array_key_exists($depositKeyT, $pending) ? $pending[$depositKeyT] = 0 : null; // If the key doesn't exist, create it before usage.
        $pending[$depositKeyT] += $amount;

      // ** This is for a Loan Add-on -- a decrease to the available total
      } elseif ($tc == 'LA') {
        // ** FROM A LOAN
        !HCU_array_key_exists($loanKeyF, $pending) ? $pending[$loanKeyF] = 0 : null; // If the key doesn't exist, create it before usage.
        $pending[$loanKeyF] -= $amount;
        // ** TO A DEPOSIT
        !HCU_array_key_exists($depositKeyT, $pending) ? $pending[$depositKeyT] = 0 : null; // If the key doesn't exist, create it before usage.
        $pending[$depositKeyT] += $amount;
      } elseif ($tc == 'LP') {
        !HCU_array_key_exists($loanKeyT, $pending) ? $pending[$loanKeyT] = 0 : null; // If the key doesn't exist, create it before usage.
        $pending[$loanKeyT] += $amount;
      }
    }
    return ($pending);
}

// Get the pending requested transaction for batch accounts that are not locked.
function Get_ReqDetails($dbh,$HB_ENV,$Acctid="") {
# returns array of BATCH pending requested transactions by dp account/loan
$Cu=$HB_ENV['Cu'];
$Cn=$HB_ENV['Cn'];
$live=$HB_ENV['live'];
$pending=array();
$txreturn=array();

  if ($live == 1) {
    $txreturn['status']['code']='100';
    $txreturn['status']['severity']='INFO';
    $txreturn['status']['message']='Feature Not Activated';
  } else {

$txncodes=Get_HaveTrans($dbh,$HB_ENV);
#
# override the default descriptions for AT, CW and LC transaction types
#
if ( HCU_array_key_exists( "AT" , $txncodes) ) $txncodes['AT'][0]='Transfer';
if ( HCU_array_key_exists( "CW" , $txncodes) ) $txncodes['CW'][0]='Check Withdrawal';
if ( HCU_array_key_exists( "LC" , $txncodes) ) $txncodes['LC'][0]='Check Withdrawal from Loan Add-on';
#
# ea txncode is an array of desc, spec, cudesc where
# spec is the special processing flag and cudesc is the override description
# check ea entry and override description if special processing is set
#
  foreach ($txncodes as $tcode => $value) {
   if ($value[1] == 1) {
    $desc=($value[2] > '' ? $value[2] : $value[0] );
       $txncodes[$tcode][0]=$desc;
      }
    }

  // get the account information from the passed in id
  $tbl = substr( $Acctid, 0, 1 );
  if ( $tbl == 'D' ) {
    list( $gettbl, $getacct, $gettype, $getcert) = explode( "|", $Acctid );
  } elseif ( $tbl == 'L' || $tbl == 'C' ) {
    list( $gettbl, $getacct, $gettype) = explode( "|",$Acctid );
  } else {
    // this will result in nothing getting returned
    $getacct = "";
  }

#
# consider any pending txns originated by this member
# or originated from this account by a joint owner.
# Do NOT consider the "to" portion for joint or cross, just the "from"

#
    $sql = "select tr.id as id,
            trim(tr.accountnumber) as memfrom,
            trim(tr.reference1) as ftype,
            trim(f.description) as fdesc,
            trim(tr.reference2) as ttype,
            trim(t.description) as tdesc,
            tr.transactioncode as tc,
            tr.amount as amount,
            trim(tr.memberto) as memberto,
            to_char(tr.date,'YYYY-MM-DD') as date
        from {$Cu}transaction tr,
        {$Cu}accountbalance f,
        {$Cu}accountbalance t,
        {$Cu}memberacct ma
        where id > ALL (select MAX(id)
            from {$Cu}transaction tr2
           where tr2.accountnumber='CHECKPOINT'
           and reference1='PHASE II')
        and tr.accountnumber='$getacct'
        and tr.accountnumber = f.accountnumber
        and tr.reference1=f.accounttype
        and (tr.memberto = t.accountnumber or
             (tr.memberto is null and tr.accountnumber = t.accountnumber))
        and tr.reference2=t.accounttype
        AND ma.accountnumber = tr.accountnumber
        AND coalesce(ma.restrictions, '') != 'L'
        and upper(f.deposittype) in ('Y','N','S')
        and upper(t.deposittype) in ('Y','N','S')
        and tr.transactioncode in ('AT')
    UNION ALL
        select tr.id as id,
            trim(tr.accountnumber) as memfrom,
            trim(tr.reference1) as ftype,
            trim(f.description) as fdesc,
            trim(tr.reference2) as ttype,
            trim(t.description) as tdesc,
            tr.transactioncode as tc,
            tr.amount as amount,
            trim(tr.memberto) as memberto,
            to_char(tr.date,'YYYY-MM-DD') as date
        from {$Cu}transaction tr,
        {$Cu}accountbalance f,
        {$Cu}loanbalance t,
        {$Cu}memberacct ma
        where id > ALL (select MAX(id)
            from {$Cu}transaction tr2
           where tr2.accountnumber='CHECKPOINT'
           and reference1='PHASE II')
        and tr.accountnumber='$getacct'
        and tr.accountnumber = f.accountnumber
        and tr.reference1=f.accounttype
        and (tr.memberto = t.accountnumber or
             (tr.memberto is null and tr.accountnumber = t.accountnumber))
        and tr.reference2=t.loannumber
        AND ma.accountnumber = tr.accountnumber
        AND coalesce(ma.restrictions, '') != 'L'
        and upper(f.deposittype) in ('Y','N','S')
        and tr.transactioncode in ('LP')
      UNION ALL
        select tr.id as id,
            trim(tr.accountnumber) as memfrom,
            trim(tr.reference1) as ftype,
            trim(f.description) as fdesc,
            trim(tr.reference2) as ttype,
            trim(t.description) as tdesc,
            tr.transactioncode as tc,
            tr.amount as amount,
            trim(tr.memberto) as memberto,
            to_char(tr.date,'YYYY-MM-DD') as date
        from {$Cu}transaction tr,
        {$Cu}loanbalance f,
        {$Cu}accountbalance t,
        {$Cu}memberacct ma
        where id > ALL (select MAX(id)
            from {$Cu}transaction tr2
           where tr2.accountnumber='CHECKPOINT'
           and reference1='PHASE II')
        and tr.accountnumber='$getacct'
        and tr.accountnumber=f.accountnumber
        and tr.reference1=f.loannumber
        and (tr.memberto = t.accountnumber or
             (tr.memberto is null and tr.accountnumber = t.accountnumber))
        and tr.reference2=t.accounttype
        AND ma.accountnumber = tr.accountnumber
        AND coalesce(ma.restrictions, '') != 'L'
        and upper(t.deposittype) in ('Y','N','S')
        and tr.transactioncode in ('LA')
    UNION ALL
        select tr.id as id,
            trim(tr.accountnumber) as memfrom,
            trim(tr.reference1) as ftype,
            trim(f.description) as fdesc,
            trim(tr.reference2) as ttype,
            NULL as tdesc,
            tr.transactioncode as tc,
            tr.amount as amount,
            trim(tr.memberto) as memberto,
            to_char(tr.date,'YYYY-MM-DD') as date
        from {$Cu}transaction tr, {$Cu}accountbalance f,
        {$Cu}memberacct ma
        where id > ALL (select MAX(id)
            from {$Cu}transaction tr2
           where tr2.accountnumber='CHECKPOINT'
           and reference1='PHASE II')
        and tr.accountnumber='{$getacct}'
        and tr.accountnumber=f.accountnumber
        and tr.reference1=f.accounttype
        AND ma.accountnumber = tr.accountnumber
        AND coalesce(ma.restrictions, '') != 'L'
        and upper(f.deposittype) in ('Y','N','S')
        and tr.transactioncode in ('CW','CP','VP','VC','VG','MP','GM')
    UNION ALL
        select tr.id as id,
            trim(tr.accountnumber) as memfrom,
            trim(tr.reference1) as ftype,
            trim(f.description) as fdesc,
            trim(tr.reference2) as ttype,
            NULL as tdesc,
            tr.transactioncode as tc,
            tr.amount as amount,
            trim(tr.memberto) as memberto,
            to_char(tr.date,'YYYY-MM-DD') as date
        from {$Cu}transaction tr, {$Cu}loanbalance f,
        {$Cu}memberacct ma
        where id > ALL (select MAX(id)
            from {$Cu}transaction tr2
           where tr2.accountnumber='CHECKPOINT'
           and reference1='PHASE II')
        and tr.accountnumber='{$getacct}'
        and tr.accountnumber=f.accountnumber
        and tr.reference1=f.loannumber
        and tr.transactioncode = 'LC'
        AND ma.accountnumber = tr.accountnumber
        AND coalesce(ma.restrictions, '') != 'L'";
#
  $sth = db_query($sql,$dbh);

    for ($row=0; $drow = db_fetch_array($sth,$row); $row++) {
    $id=$drow['id'];
    // ** BEFORE it's used, encode the description with UTF-8 Encoding.
    // * setting it here eliminates the need to set it each time it's called in this loop
    $drow['fdesc'] = utf8_encode($drow['fdesc']);
    $drow['tdesc'] = utf8_encode($drow['tdesc']);

    if (strpos($drow['ftype'],"@")) {
      list($smplfacct,$smplfmem) = explode("@",$drow['ftype']);
      $smplfmem = trim($smplfmem);
    } else {
       $smplfacct = trim($drow['ftype']);
      $smplfmem = $drow['memfrom'];
    }
    if (strpos($drow['ttype'],"@")) {
      list($smpltacct,$smpltmem) = explode("@",$drow['ttype']);
      $smpltmem = trim($smpltmem);
    } else {
       $smpltacct = trim($drow['ttype']);
      $smpltmem = ("${drow['memberto']}" == "" ? $drow['memfrom'] : $drow['memberto']);
    }
      $tc=$drow['tc'];
      switch($tc) {
          case 'AT':
            $fromto="D|D";
          break;
          case 'LP':
            $fromto="D|L";
          break;
          case 'LA':
            $fromto="L|D";
          break;
          case 'LC':
            $fromto="L|O";
          break;
          default: # CW CP VP VC VG MP GM etc.
            $fromto="D|O";
          break;
      }
      $txdesc=$txncodes[$tc][0];
         $ftxdesc = "$txdesc from $smplfacct ${drow['fdesc']}";
         $ttxdesc = "$txdesc to" . ($smpltmem == $smplfmem ? "" : " $smpltmem") . " $smpltacct ${drow['tdesc']}";

      if (substr($fromto,0,1) == 'L') {
        // ** FROM A LOAN
        $pending["L|$smplfmem|$smplfacct"][$id]['id'] = $drow['id'];
        $pending["L|$smplfmem|$smplfacct"][$id]['tc'] = $drow['tc'];
        $pending["L|$smplfmem|$smplfacct"][$id]['memfrom'] = $smplfmem;
        $pending["L|$smplfmem|$smplfacct"][$id]['facct'] = $smplfacct;
        $pending["L|$smplfmem|$smplfacct"][$id]['memberto'] = $smpltmem;
        $pending["L|$smplfmem|$smplfacct"][$id]['tacct'] = $smpltacct;
        $pending["L|$smplfmem|$smplfacct"][$id]['amount'] = sprintf("%.2f",(-1 * $drow['amount']));
        $pending["L|$smplfmem|$smplfacct"][$id]['postdate'] = $drow['date'];
        $pending["L|$smplfmem|$smplfacct"][$id]['txdesc'] = $ttxdesc;
      } else {
        // ** FROM A DEPOSIT
        $pending["D|$smplfmem|$smplfacct|0"][$id]['id'] = $drow['id'];
        $pending["D|$smplfmem|$smplfacct|0"][$id]['tc'] = $drow['tc'];
        $pending["D|$smplfmem|$smplfacct|0"][$id]['memfrom'] = $smplfmem;
        $pending["D|$smplfmem|$smplfacct|0"][$id]['facct'] = $smplfacct;
        $pending["D|$smplfmem|$smplfacct|0"][$id]['memberto'] = $smpltmem;
        $pending["D|$smplfmem|$smplfacct|0"][$id]['tacct'] = $smpltacct;
        $pending["D|$smplfmem|$smplfacct|0"][$id]['amount'] = sprintf("%.2f",(-1 * $drow['amount']));
        $pending["D|$smplfmem|$smplfacct|0"][$id]['postdate'] = $drow['date'];
        $pending["D|$smplfmem|$smplfacct|0"][$id]['txdesc'] = $ttxdesc;
      }
      if (substr($fromto,2,1) == 'L') {
        // ** TO A LOAN
        $pending["L|$smpltmem|$smpltacct"][$id]['id'] = $drow['id'];
        $pending["L|$smpltmem|$smpltacct"][$id]['tc'] = $drow['tc'];
        $pending["L|$smpltmem|$smpltacct"][$id]['memfrom'] = $smplfmem;
        $pending["L|$smpltmem|$smpltacct"][$id]['facct'] = $smplfacct;
        $pending["L|$smpltmem|$smpltacct"][$id]['memberto'] = $smpltmem;
        $pending["L|$smpltmem|$smpltacct"][$id]['tacct'] = $smpltacct;
        $pending["L|$smpltmem|$smpltacct"][$id]['amount'] = $drow['amount'];
        $pending["L|$smpltmem|$smpltacct"][$id]['amount'] = sprintf("%.2f",$drow['amount']);
        $pending["L|$smpltmem|$smpltacct"][$id]['postdate'] = $drow['date'];
        $pending["L|$smpltmem|$smpltacct"][$id]['txdesc'] = $ftxdesc;

      } elseif (substr($fromto,2,1) == 'D') {

        // ** TO A DEPOSIT
        $pending["D|$smpltmem|$smpltacct|0"][$id]['id'] = $drow['id'];
        $pending["D|$smpltmem|$smpltacct|0"][$id]['tc'] = $drow['tc'];
        $pending["D|$smpltmem|$smpltacct|0"][$id]['memfrom'] = $smplfmem;
        $pending["D|$smpltmem|$smpltacct|0"][$id]['facct'] = $smplfacct;
        $pending["D|$smpltmem|$smpltacct|0"][$id]['memberto'] = $smpltmem;
        $pending["D|$smpltmem|$smpltacct|0"][$id]['tacct'] = $smpltacct;
        $pending["D|$smpltmem|$smpltacct|0"][$id]['amount'] = sprintf("%.2f",$drow['amount']);
        $pending["D|$smpltmem|$smpltacct|0"][$id]['postdate'] = $drow['date'];
        $pending["D|$smpltmem|$smpltacct|0"][$id]['txdesc'] = $ftxdesc;

      }
    }
    if (!empty($Acctid)) {
    # got an account identifier - return one only
      if (HCU_array_key_value( $Acctid , $pending ) > 0) {
        $txreturn['acctlist'][$Acctid] = HCU_array_key_value( $Acctid , $pending );
      }
    } else {
      $txreturn['acctlist']=$pending;
    }

    $txreturn['status']['code']='0';
    $txreturn['status']['severity']='INFO';
}
    return ($txreturn);
}

/* Get the externals accounts set up for this user. Make sure they have rights to the feature.
 *
 * Returns: List of external accounts. Empty array if no list or accounts.
 */
function Get_ExternalAccounts( $pDbh, $pHBEnv ) {
  $retList = array();

  try {
    // Verify the user can access this feature.
    $permissionInputs = array( "feature" => FEATURE_EXTERNAL_TRANSFERS );
    $accessRights = Perm_AccessRights( $pDbh, $pHBEnv, $permissionInputs );

    if ( !$accessRights["create"] ) {
      // * Rights NOT set
      throw new Exception( json_encode( $pHBEnv["MC"]->msg('Rights not set', HCU_DISPLAY_AS_HTML) ), 915 );
    }

    // get the limits to know the max amount
    // unresolved - return an error or bit limit or 0?
    $limits = Perm_GetValidationLimits( $pDbh, $pHBEnv, $permissionInputs );
    $maxLimit = ( $limits !== false ? $limits["amount_per_transaction"] : 0 );

    // get the list of active accounts for the user
    $SQL = "SELECT id, display_name
            FROM {$pHBEnv["Cu"]}extaccount ea
            WHERE ea.user_id = {$pHBEnv["Uid"]}
              AND status = 'a'
              AND type = 'EXT'
            ORDER BY display_name, id
            ";
    $rs = db_query( $SQL, $pDbh );

    // cycle through the rows
    $row = 0;
    $return = array();
    while ( $extRow = db_fetch_array( $rs, $row++ ) ) {
      $displayName = trim( $extRow["display_name"] );

      $retList[] = array( "id" => $extRow["id"],
                                   "display_name" => $displayName,
                                   "max_amount" => $maxLimit );
    }

  } catch (Exception $ex) {
    // any error just returns empty list
    $retList = array();
  }

  return $retList;
} // end Get_ExternalAccounts

/* Get the M2M accounts set up for this user. Make sure they have rights to the feature.
 *
 * Returns: List of M2M accounts. Empty array if no list or accounts.
 */
function Get_M2MAccounts( $pDbh, $pHBEnv ) {
  $retList = array();

  try {
    // Verify the user can access this feature.
    $permissionInputs = array( "feature" => FEATURE_M2M_TRANSFERS );
    $accessRights = Perm_AccessRights( $pDbh, $pHBEnv, $permissionInputs );

    if ( !$accessRights["create"] ) {
      // * Rights NOT set
      throw new Exception( json_encode( $pHBEnv["MC"]->msg('Rights not set', HCU_DISPLAY_AS_HTML) ), 915 );
    }

    // get the limits to know the max amount
    // unresolved - return an error or bit limit or 0?
    $limits = Perm_GetValidationLimits( $pDbh, $pHBEnv, $permissionInputs );
    $maxLimit = ( $limits !== false ? $limits["amount_per_transaction"] : 0 );

    // get the list of active accounts for the user
    $SQL = "SELECT id, display_name
            FROM {$pHBEnv["Cu"]}extaccount ea
            WHERE ea.user_id = {$pHBEnv["Uid"]}
              AND status = 'a'
              AND type = 'M2M'
            ORDER BY display_name, id
            ";
    $rs = db_query( $SQL, $pDbh );

    // cycle through the rows
    $row = 0;
    $return = array();
    while ( $extRow = db_fetch_array( $rs, $row++ ) ) {
      $displayName = trim( $extRow["display_name"] );

      $retList[] = array( "id" => $extRow["id"],
                                   "display_name" => $displayName,
                                   "max_amount" => $maxLimit );
    }

  } catch (Exception $ex) {
    // any error just returns empty list
    $retList = array();
  }

  return $retList;
} // end Get_M2MAccounts


/**
 *  This will return all accounts for this user.
 *
 *  @param integer $dbh  -- Current database handle
 *  @param array   $HB_ENV -- (by reference) - Home Banking Environment array
 *  @param string  $callerContext -- caller context: 20191202 -
 *  CU3_EXCLUDE_XAC_FROM_PROFILE_DESCRIPTIONS flag allows to
 *  include/exclude cross accounts from being listed in the profile
 *  descritpion screen. (a) Default: ""; (b) 'acct_desc_read' for profile
 *  description.
 *
 *  @return array
 *      returns array of account / loan balances
 *
 */
function Get_Balances($dbh,&$HB_ENV, $callerContext="") {

  $Cu = HCU_array_key_exists("Cu", $HB_ENV) ? trim($HB_ENV["Cu"]) : "";
  $Cn = HCU_array_key_exists("Cn", $HB_ENV) ? trim($HB_ENV["Cn"]) : "";

  $Uid = HCU_array_key_exists("Uid", $HB_ENV) ? trim($HB_ENV["Uid"]) : "";
  $live = HCU_array_key_exists("live", $HB_ENV) ? trim($HB_ENV["live"]) : "";
  $Fset = HCU_array_key_exists("Fset", $HB_ENV) ? intval($HB_ENV["Fset"]) : 0;
  $Fset2 = HCU_array_key_exists("Fset2", $HB_ENV) ? intval($HB_ENV["Fset2"]) : 0;
  $Fset3 = HCU_array_key_exists("Fset3", $HB_ENV) ? intval($HB_ENV["Fset3"]) : 0;

  $Clw = HCU_array_key_exists("Clw", $HB_ENV) ? intval($HB_ENV["Clw"]) : 300;

  $balances = array('status' => Array('code' => '000', 'severity' => '', 'errors' => Array()));
  $pending = array();
  $doEncrypt = HCU_array_key_exists("doEncrypt", $HB_ENV) ? $HB_ENV["doEncrypt"] : false;

  $cuTz = GetCreditUnionTimezone($dbh, $Cu);

  /* GET LIST OF ALLOWED TRANSACTION CODES */
  $txncodes = Get_HaveTrans($dbh, $HB_ENV);

  if ($live) {

      $userData = Array (
          'email'     => $HB_ENV['Ml'],
          'lastlogin' => $HB_ENV['Fplog']
      );

      $dataResp = LoadUserData($HB_ENV, $Uid, $userData);

      $requestDate = HCU_array_key_value("requestDate", $dataResp['data']);
      $requestDesc = HCU_array_key_value("requestDesc", $dataResp['data']);
      if ($dataResp['code'] == '999') {
          // ** Error -
          $balances['status']['code']     = '999';
          $balances['status']['severity'] = 'ERROR';
          $balances['status']['errors'][] = 'System Unavailable';
          $HB_ENV['stale'] = 1;
      } else {
          // ** Success

          $HB_ENV['lastupdate'] = $requestDate;
      }
      if ($dataResp['code'] != '900') {  // * Don't update packetStatus for 'too soon'

          $HB_ENV['packetStatus'] = Array(
              'status' => $dataResp['code'],
              'asofdate' => $requestDate,
              'reason' => $requestDesc
          );
      }

  }

  /*
   * Get alternate history URL 8/7/13 used for credit cards, may be used for
   * mortgage accounts, can't imagine any dp acct usage so only pass hisinfo
   * for loan accounts.  Process as json array if possible, tolerate old-style
   * entries HOMECU or plain URL for legacy ccinfourl usage
   *
   */
  $hissql= "select ccinfourl from cuadmin
            where cu='$Cu'";

  $sth = db_query($hissql,$dbh);

  if ($sth) {
    list($hisinfo) = db_fetch_array($sth,0);
  }
  $hinfo = array(); // set default
  db_free_result($sth);
  if (!empty($hisinfo)) {
    // legacy usage preserved
    if (strtolower($hisinfo) === 'homecu' || substr(strtolower($hisinfo), 0, 4) === 'http') {
      $hinfo = array('18' => $hisinfo);
    } else {
      // try json
      $hinfo = HCU_JsonDecode($hisinfo);
    }
  }

  // set the default dp sort order
  // $orderby = "order by ua.display_order, ua.accounttype, ua.accountnumber, ua.certnumber";
  $orderby = "ORDER BY 11, 2, 1, 3";

  // then override it if a flag is set
  // only SORTORDER4 and SORTORDER 6 change the dp balances sort order
  if ($Fset & GetFlagsetValue('CU_SORTORDER4') ) {
    //$orderby = "order by ua.display_order, btrim(ua.accounttype,'DIS'),ua.accountnumber, ua.certnumber";
    $orderby = "ORDER BY 11, 23, 1, 3 ";
  }

  $bal_oid_select = "";
  $xa_oid_select = "";
  if ($Fset2 & GetFlagsetValue('CU2_SORTORDER6')) {
    $orderby = "order by 11, 24, 25 ";
    $bal_oid_select = ", ab.oid ";
    $xa_oid_select = ", ca.oid ";
  }

  $appendCrossAccounts = false;
  // Add query for Cross Accounts if enabled.  Enabled by Allowing XA
  // type transfers AND loading data from XAC Packet
  if (HCU_array_key_value("XA", $txncodes) && ($Fset3 & GetFlagsetValue("CU3_API_XAC"))) {
      if ($callerContext == "acct_desc_read") {
          // For profile description screen; include XACs only if
          // CU3_EXCLUDE_XAC_FROM_PROFILE_DESCRIPTIONS is NOT set
          if (!($Fset3 & GetFlagsetValue("CU3_EXCLUDE_XAC_FROM_PROFILE_DESCRIPTIONS"))) {
              $appendCrossAccounts = true;
          }
      }
      // $callerContext = "" (default)
      else {
          $appendCrossAccounts = true;
      }
  }

  $sql =  "select trim(ua.accountnumber) as accountnumber,
                  trim(ua.accounttype) as accounttype,
                  ua.certnumber,
                  upper(deposittype) as deposittype,
                  trim(description) as description,
                  amount,
                  ytdinterest,
                  lastyrinterest,
                  available,
                  trim(micraccount) as micraccount,
                  display_order as displayorder,
                  display_name as displayname,
                  recordtype,
                  view_balances,
                  view_transactions,
                  int_deposit,
                  int_withdraw,
                  ext_deposit,
                  ext_withdraw,
                  coalesce(ab.balance_stamp, ma.balance_stamp) as balance_stamp,
                  ma.balance_attempt,
                  ma.restrictions,
                  btrim(ab.accounttype, 'DIS'),
                  'balance' as tablesrc {$bal_oid_select}

                  FROM {$Cu}useraccounts ua
                  INNER JOIN {$Cu}accountbalance as ab ON ab.accountnumber = ua.accountnumber
                    AND ab.accounttype = ua.accounttype
                    AND ab.certnumber = ua.certnumber
                  INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber
                  WHERE ua.user_id = $Uid
                    AND ua.recordtype = 'D'
                  ";

  if($appendCrossAccounts) {
      $sql .= "
            UNION ALL

            SELECT
              trim(ua.accountnumber) as accountnumber,
              trim(ua.accounttype) as accounttype,
              ua.certnumber,
              upper(ca.deposittype) as deposittype,
              trim(ca.description) as description,
              0 as amount,
              0 as ytdinterest,
              0 as lastyrinterest,
              0 as available,
              '' as micraccount,
              ua.display_order as displayorder,
              ua.display_name as displayname,
              ua.recordtype,
              ua.view_balances,
              ua.view_transactions,
              ua.int_deposit,
              ua.int_withdraw,
              ua.ext_deposit,
              ua.ext_withdraw,
              0 as balance_stamp,
              ma.balance_attempt,
              ma.restrictions,
              btrim(ca.accounttype, 'DIS'),
              'cross' as tablesrc {$xa_oid_select}
            FROM {$Cu}useraccounts ua

            INNER JOIN {$Cu}crossaccounts as ca ON ca.accountnumber = ca.accountnumber
             AND trim(ca.accounttype) || '#' || trim(ca.tomember) = ua.accounttype
             AND ca.deposittype IN ('Y','S','N')
            INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber

            WHERE ua.user_id = {$Uid}
              AND ua.recordtype = 'T'
              AND ua.int_deposit = 't'
            ";
  }
  // ** Append the ORDER BY statement
  $sql .= $orderby;

  // where clause when credit cards are loans
  $whcc = ($Fset2 & GetFlagsetValue('CU2_SPEC18') ? " and (cbtype <> '18' or cbtype is null) " : "");

  // set the default loan sort order
  // $lorderby = " order by ua.display_order, loannumber, ua.accountnumber";
  $lorderby = " ORDER BY 15, 2, 1";

  // then override it if a flag is set
  // only LNSORT2 changes the ln balances sort order
  if ($Fset & GetFlagsetValue('CU_LNSORT2')) {
    // $lorderby = " order by ua.display_order, btrim(loannumber,'LC'), ua.accountnumber";
    $lorderby = " ORDER BY 11, 29, 1 ";
  }

  // sql to fetch loans
  $loan_sql = "SELECT
                trim(ua.accountnumber) as accountnumber,
                trim(loannumber) as loannumber,
                coalesce(currentbalance,0) as currentbalance,
                coalesce(payoff,0) as payoff,
                coalesce(unpaidinterest,0) as unpaidinterest,
                date_part('day',(now()-lastpaymentdate)) as unpaiddays,
                paymentamount,
                to_char(nextduedate,'YYYY-MM-DD') as nextduedate,
                trim(description) as description,
                coalesce(interestrate,0) as interestrate,
                creditlimit,
                ytdinterest,
                lastyrinterest,
                cbtype,
                display_order as displayorder,
                display_name as displayname,
                recordtype,
                case when nextduedate < CURRENT_DATE
                          and currentbalance > 0
                          and paymentamount > 0
                        then 1 else 0 end as pastdue,
                to_char(lastpaymentdate,'YYYY-MM-DD') as lastpaymentdate,
                view_balances,
                view_transactions,
                int_deposit,
                int_withdraw,
                ext_deposit,
                ext_withdraw,
                coalesce(lb.balance_stamp, ma.balance_stamp) as balance_stamp,
                ma.balance_attempt,
                ma.restrictions,
                btrim(loannumber,'LC'),
                'balance' as tablesrc
              FROM {$Cu}useraccounts ua
              INNER JOIN {$Cu}loanbalance lb ON lb.accountnumber = ua.accountnumber
                  AND lb.loannumber = ua.accounttype
              INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber

              WHERE ua.user_id = $Uid
                  AND ua.recordtype = 'L'
                $whcc
              ";

  // Add query for Cross Accounts if enabled.  Enabled by Allowing XA
  // type transfers AND loading data from XAC Packet
  if($appendCrossAccounts) {
      $loan_sql .= "
            UNION ALL

            SELECT
              trim(ua.accountnumber) as accountnumber,
              trim(ua.accounttype) as loannumber,
              0 as currentbalance,
              0 as payoff,
              0 as unpaidinterest,
              0 as unpaiddays,
              0 as paymentamount,
              '' as nextduedate,
              trim(ca.description) as description,
              0 as interestrate,
              0 as creditlimit,
              0 as ytdinterest,
              0 as lastyrinterest,
              '' as cbtype,
              ua.display_order as displayorder,
              ua.display_name as displayname,
              ua.recordtype,
              0 as pastdue,
              '' as lastpaymentdate,
              ua.view_balances,
              ua.view_transactions,
              ua.int_deposit,
              ua.int_withdraw,
              ua.ext_deposit,
              ua.ext_withdraw,
              0 as balance_stamp,
              ma.balance_attempt,
              ma.restrictions,
              btrim(ca.accounttype,'LC'),
              'cross' as tablesrc
            FROM {$Cu}useraccounts ua

            INNER JOIN {$Cu}crossaccounts as ca ON ca.accountnumber = ca.accountnumber
             AND trim(ca.accounttype) || '#' || trim(ca.tomember) = ua.accounttype
             AND ca.deposittype IN ('L')
            INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber

            WHERE ua.user_id = {$Uid}
              AND ua.recordtype = 'P'
              AND ua.int_deposit = 't'
            ";
  }

  $loan_sql .= $lorderby;
  // sql to fetch creditcards (they are in the loan table)

  $cc_sql = "SELECT
              ua.accountnumber,
              trim(loannumber) as loannumber,
              currentbalance,
              payoff,
              paymentamount,
              to_char(nextduedate,'YYYY-MM-DD') as nextduedate,
              description,
              interestrate,
              creditlimit,
              ytdinterest,
              lastyrinterest,
              cbtype,
              display_order as displayorder,
              display_name as displayname,
              recordtype,
              case when nextduedate < CURRENT_DATE
                        and currentbalance > 0
                        and paymentamount > 0
                      then 1 else 0 end as pastdue,
              to_char(lastpaymentdate,'YYYY-MM-DD') as lastpaymentdate,
              view_balances,
              view_transactions,
              int_deposit,
              int_withdraw,
              ext_deposit,
              ext_withdraw,
              coalesce(lb.balance_stamp, ma.balance_stamp) as balance_stamp,
              ma.balance_attempt,
              ma.restrictions,
              btrim(loannumber,'LC'),
              'balance' as tablesrc
            FROM {$Cu}useraccounts ua
            INNER JOIN {$Cu}loanbalance lb ON lb.accountnumber = ua.accountnumber
                AND lb.loannumber = ua.accounttype
            INNER JOIN {$Cu}memberacct as ma ON ma.accountnumber = ua.accountnumber
            WHERE user_id = $Uid
                AND cbtype = '18'
              $lorderby ";


  // Run all the sql and see if we got anything

  $sthdp = db_query($sql,$dbh);
  $sthln = db_query($loan_sql,$dbh);
  $sthcc = db_query($cc_sql,$dbh);

  if (!(db_num_rows($sthdp)) && !(db_num_rows($sthcc)) && !(db_num_rows($sthln))) {
    // error, no rows
    $balances['status']['code']='999';
    $balances['status']['severity']='ERROR';
    $balances['status']['errors'][]='No Accounts Available';
  } else {
    $balances['status']['code']='000';
    $balances['status']['severity']='SUCCESS';
    for ($row=0;$drow=db_fetch_array($sthdp,$row);$row++) {
      $accounttype=$drow['accounttype'];

      $cert=$drow['certnumber'];

      if ($drow['tablesrc'] == 'cross') {
        $trust = "transfer";
      } else {
        if (strpos($accounttype,"@")) {
          $trust = 'joint';
        } else {
          $trust = 'primary';
        }
      }

      $key= "D|" . trim($drow["accountnumber"]) . "|$accounttype|$cert";

      // show some basic account info regardless if locked
      $displayname= trim($drow['displayname']);
      $description= trim($drow["description"]);
      $accountnumber= trim($drow['accountnumber']);

      $balances['dp'][$key]['displayname']       = $displayname;
      // * Cross Accounts will not show the '#' overloaded value when on the displayed value
      $displayAcctNbr = '';
      $displayAcctType = '';
      if (strpos($accounttype,"#")) {
        list($displayAcctType, $displayAcctNbr) = explode("#",$accounttype);
      } else {
        $displayAcctNbr = $accountnumber;
        $displayAcctType = $accounttype;
      }
      $balances['dp'][$key]['description']       = getAccountDescription($dbh, $HB_ENV["Cu"], $displayAcctNbr, $description, $displayAcctType, "", $Fset3, $cert);
      $balances['dp'][$key]['displaydesc']       = getAccountDescription($dbh, $HB_ENV["Cu"], $displayAcctNbr, $description, $displayAcctType, $displayname, $Fset3, $cert);

      $balances['dp'][$key]['displayorder']      = $drow['displayorder'];
      $balances['dp'][$key]['recordtype']        = $drow['recordtype'];
      $balances['dp'][$key]['accountnumber']     = $accountnumber;

      $balances['dp'][$key]['view_balances']     = ($drow['view_balances'] == 't');
      $balances['dp'][$key]['view_transactions'] = $drow['restrictions'] == "L" ? false : ($drow['view_transactions'] == 't');
      $balances['dp'][$key]['int_deposit']       = $drow['restrictions'] == "L" ? false : ($drow['int_deposit'] == 't');
      $balances['dp'][$key]['int_withdraw']      = $drow['restrictions'] == "L" ? false : ($drow['int_withdraw'] == 't');
      $balances['dp'][$key]['ext_deposit']       = $drow['restrictions'] == "L" ? false : ($drow['ext_deposit'] == 't');
      $balances['dp'][$key]['ext_withdraw']      = $drow['restrictions'] == "L" ? false : ($drow['ext_withdraw'] == 't');

      // -- moved encryption value here as it is needed by the Profile Description screen for referencing the accounts
      $balances['dp'][$key]['encryption']= $doEncrypt ? HCU_PayloadEncode($Cu, explode("|", $key)) : null;

      // if account is locked then only show that it is locked
        // ** Also, SKIP if the sub-account does NOT have view_balances enabled
      $balances['dp'][$key]['restrictions'] = $drow['restrictions'];
      $balances['dp'][$key]['trust'] = "$trust";
      if ( $drow['restrictions'] == "L" || $drow['view_balances'] != 't') {
        // set these to get the header to show correctly
        $balances['dp'][$key]['currentbal'] = 0;
        if ($Fset & GetFlagsetValue('CU_SHOWAVAILABLE'))
          $balances['dp'][$key]['availablebal'] = 0;

        continue;
      }


      $balances['dp'][$key]['accounttype']=$drow['accounttype'];
      $balances['dp'][$key]['certnumber']=$drow['certnumber'];
      $balances['dp'][$key]['deposittype']=$drow['deposittype'];
      $balances['dp'][$key]['currentbal']=$drow['amount'];
      if ($Fset & GetFlagsetValue('CU_SHOWAVAILABLE'))
        $balances['dp'][$key]['availablebal']=$drow['available'];
      if ($Fset & GetFlagsetValue('CU_SHOWDEPDIVIDEND')) {
        $balances['dp'][$key]['ytdinterest']=$drow['ytdinterest'];
        if (!($Fset & GetFlagsetValue('CU_HIDE_PYR')))
          $balances['dp'][$key]['lastyrinterest']=$drow['lastyrinterest'];
      }
      $balances['dp'][$key]['micraccount']=$drow['micraccount'];
      // need code to get holdtotal / pendtotal
      if ($Fset2 & GetFlagsetValue('CU2_SHOWHOLD')) {
        $pending=Get_HoldTotal($dbh,$HB_ENV,$key);
        if (empty($pending[$key])) {
          $holdtotal = '0.00';
        } else {
          $holdtotal=sprintf("%.2f",$pending[$key]['total']);
        }
        $balances['dp'][$key]['holdtotal']="$holdtotal";
      }
      if ($Fset2 & GetFlagsetValue('CU2_SHOWPEND')) {
        $pending=Get_PendTotal($dbh,$HB_ENV,$key);
        if (empty($pending[$key])) {
          $pendtotal = '0.00';
        } else {
          $pendtotal=sprintf("%.2f",$pending[$key]['total']);
        }
        $balances['dp'][$key]['pendtotal']="$pendtotal";
      }

      if ($live) {
        $balances['dp'][$key]['as_of_date'] = GetDateFormatTimezone($drow['balance_stamp'], 'm/d/Y h:i A', $cuTz);

        $balances['dp'][$key]['out_of_sync'] = ($drow['balance_stamp'] < $drow['balance_attempt']);

      } else {
        $balances['dp'][$key]['as_of_date'] = "";
        $balances['dp'][$key]['out_of_sync'] = false;
      }
    }

    for ($row=0;$drow=db_fetch_array($sthln,$row);$row++) {
      $loan=$drow['loannumber'];

      if ($drow['tablesrc'] == 'cross') {
        $trust = "transfer";
      } else {
        if (strpos($loan,"@")) {
          $trust = 'joint';
        } else {
          $trust = 'primary';
        }
      }


      $rate = 0;
      if ($live) {
        $payoff=$drow['payoff'];
      } else {
        $rate = $drow['interestrate'];
        $rate = (empty($rate) ? 0 : $rate);
        $unpaid = $drow['unpaidinterest'];
        $unpaid = (empty($unpaid) ? 0 : $unpaid);
        $days = $drow['unpaiddays'];
        $days = (empty($days) ? 0 : $days);
        if($days < 0) {
          $days = 0;
        }
        $payoff = (((($rate/100)*$drow['currentbalance'])/365)*$days)+$unpaid+$drow['currentbalance'];
      }
      $tenday = (((($drow['interestrate']/100)*$drow['currentbalance'])/365)*10) + (empty($payoff) ? 0 : $payoff );

      if (empty($payoff) || $payoff == 0) {
        $payoff = 'N/A';
      } else {
        $payoff=sprintf("%.2f",$payoff);
      }
      if ($drow['currentbalance'] <= 0 ) {
        $tenday = "N/A";
      } else {
        $tenday = ((empty($tenday) || $tenday==0 || $drow['cbtype']=='18') ? '#Call Us#' : sprintf("%.2f",$tenday));
      }

      if ($Fset2 & GetFlagsetValue('CU2_CALL_PAYOFF')) {
        $payoff='#Call Us#';
        // let tenday run independent of payoff flag
      }
      $limit = $drow['creditlimit'];
      $balance = $drow['currentbalance'];
      $available = ($limit - $balance < 0 ? 0 : $limit - $balance);

      $key= "L|" . trim($drow["accountnumber"]) . "|$loan";
      $keyEncrypt = HCU_PayloadEncode($Cu, explode("|",$key));




      // show some basic account info regardless if locked
      $displayname = trim($drow['displayname']);
      $description = trim($drow["description"]);
      $accountnumber = trim($drow['accountnumber']);

      $balances['ln'][$key]['displayname'] = $displayname;
      // * Cross Accounts will not show the '#' overloaded value when on the displayed value
      $displayAcctNbr = '';
      $displayAcctType = '';
      if (strpos($loan,"#")) {
        list($displayAcctType, $displayAcctNbr) = explode("#",$loan);
      } else {
        $displayAcctNbr = $accountnumber;
        $displayAcctType = $loan;
      }
      $balances['ln'][$key]['description'] = getAccountDescription($dbh, $HB_ENV["Cu"], $displayAcctNbr, $description, $displayAcctType, "", $Fset3);
      $balances['ln'][$key]['displaydesc'] = getAccountDescription($dbh, $HB_ENV["Cu"], $displayAcctNbr, $description, $displayAcctType, $displayname, $Fset3);







/*
      // show some basic account info regardless if locked
      $displayname= trim($drow['displayname']);
      $description= trim($drow['description']);
      $accountnumber= trim($drow['accountnumber']);

      $balances['ln'][$key]['displayname']   = $displayname;
      $balances['ln'][$key]['description']   = getAccountDescription($dbh, $HB_ENV["Cu"], $accountnumber, $description, $loan, "", $Fset3);
      $balances['ln'][$key]['displaydesc']   = getAccountDescription($dbh, $HB_ENV["Cu"], $accountnumber, $description, $loan, $displayname, $Fset3);
*/

      $balances['ln'][$key]['displayorder']  = $drow['displayorder'];
      $balances['ln'][$key]['recordtype']    = $drow['recordtype'];
      $balances['ln'][$key]['accountnumber'] = trim($drow['accountnumber']);

      $balances['ln'][$key]['view_balances'] = ($drow['view_balances'] == 't');
      $balances['ln'][$key]['view_transactions'] = $drow['restrictions'] == "L" ? false : ($drow['view_transactions'] == 't');
      $balances['ln'][$key]['int_deposit'] = $drow['restrictions'] == "L" ? false : ($drow['int_deposit'] == 't');
      $balances['ln'][$key]['int_withdraw'] = $drow['restrictions'] == "L" ? false : ($drow['int_withdraw'] == 't');
      $balances['ln'][$key]['ext_deposit'] = $drow['restrictions'] == "L" ? false : ($drow['ext_deposit'] == 't');
      $balances['ln'][$key]['ext_withdraw'] = $drow['restrictions'] == "L" ? false : ($drow['ext_withdraw'] == 't');

      // if account is locked then only show that it is locked
      $balances['ln'][$key]['restrictions'] = $drow['restrictions'];
      if ( $drow['restrictions'] == "L" ) {
        // these are to get the client column headers to display
        $balances['ln'][$key]['currentbal'] = 0;

        $balances['ln'][$key]['paymentamount'] = 0;

        continue;
      }

      $balances['ln'][$key]['encryption']= $doEncrypt ? $keyEncrypt : null;

      $balances['ln'][$key]['loan']=$drow['loannumber'];
      $balances['ln'][$key]['currentbal']=$drow['currentbalance'];
      if (!($Fset2 & GetFlagsetValue('CU2_HIDE_PAYOFF')))
        $balances['ln'][$key]['payoff']=$payoff;

      if ($Fset2 & GetFlagsetValue('CU2_10DAYPAY'))
        $balances['ln'][$key]['tenday'] = $tenday;

      $balances['ln'][$key]['paymentamount'] = $drow['paymentamount'];

      if (!($Fset & GetFlagsetValue('CU_HIDELOANDATE'))) {
        if (trim($drow['nextduedate']) == '' || $payoff == 'N/A') {
          $drow['nextduedate'] = 'N/A';
        }
        $balances['ln'][$key]['nextduedate'] = $drow['nextduedate'];
        if (($drow['pastdue']) && !($Fset2 & GetFlagsetValue('CU2_HIDE_PASTDUE'))) {
          $balances['ln'][$key]['pastdue'] = $drow['pastdue'];
        }
      }

      $balances['ln'][$key]['trust']="$trust";
      if ($Fset & GetFlagsetValue('CU_SHOWLNRATE'))
        $balances['ln'][$key]['interestrate']=$drow['interestrate'];

      $balances['ln'][$key]['creditlimit']=$drow['creditlimit'];
      // ** Only pass available bal IF credit limit is set for Loans.  This should help prevent
        // * loans such as car loans from showing an avaiable as usually they have a credit limit of 0
      if ($Fset & GetFlagsetValue('CU_SHOWAVAILABLE') && floatval($drow['creditlimit']) > 0)
        $balances['ln'][$key]['availablebal']=$available;

      if ($Fset & GetFlagsetValue('CU_SHOWLNINTEREST')) {
        $balances['ln'][$key]['ytdinterest']=$drow['ytdinterest'];

        if (!($Fset & GetFlagsetValue('CU_HIDE_PYR')))
          $balances['ln'][$key]['lastyrinterest']=$drow['lastyrinterest'];
      }
      $balances['ln'][$key]['type']=$drow['cbtype'];
      $balances['ln'][$key]['cbtype']=$drow['cbtype'];

      if (HCU_array_key_exists('cbtype', $drow) && HCU_array_key_exists($drow['cbtype'], $hinfo)) {
        // if the url has the #acctid# placeholder, replace it with the ecrypted account id.
        $hisLink = str_replace("#acctid#", urlencode($keyEncrypt), $hinfo[$drow['cbtype']]);
        $balances['ln'][$key]['hisinfo'] = $hisLink;
      } else {
        $balances['ln'][$key]['hisinfo']="";
      }
      $balances['ln'][$key]['lastpaymentdate']=$drow['lastpaymentdate'];
      // need code to get holdtotal / pendtotal
      //  get holds only -- no ACH pending for loans

      if ($Fset2 & GetFlagsetValue('CU2_SHOWHOLD')) {
        $pending=Get_HoldTotal($dbh,$HB_ENV,$key);
        if (empty($pending[$key])) {
          $holdtotal = '0.00';
        } else {
          $holdtotal=sprintf("%.2f",$pending[$key]['total']);
        }
        $balances['ln'][$key]['holdtotal']="$holdtotal";
      }
      $balances['ln'][$key]['restrictions'] = $drow['restrictions'];

      if ($live) {
        $balances['ln'][$key]['as_of_date'] = GetDateFormatTimezone($drow['balance_stamp'], 'm/d/Y h:i A', $cuTz);
        $balances['ln'][$key]['out_of_sync'] = ($drow['balance_stamp'] < $drow['balance_attempt']);

      } else {
        $balances['ln'][$key]['as_of_date'] = "";
        $balances['ln'][$key]['out_of_sync'] = false;
      }
    }
    if ($Fset2 & GetFlagsetValue('CU2_SPEC18')) {
      for ($row = 0; $drow = db_fetch_array($sthcc, $row); $row++) {
        $loan = $drow['loannumber'];

        if (strpos($loan, "@")) {
            $trust = 'joint';
        } else {
            $trust = 'primary';
        }
        $limit = $drow['creditlimit'];
        $balance = $drow['currentbalance'];
        $available = ($limit - $balance < 0 ? 0 : $limit - $balance);
        $available = (($Fset2 & GetFlagsetValue('CU2_CALL_CCAVAIL')) ? "#Call Us#" : sprintf("%.2f", $available));

        $key = "C|" . trim($drow["accountnumber"]) . "|$loan";
        $keyEncrypt = HCU_PayloadEncode($Cu, explode("|",$key));

        // show some basic account info regardless if locked
        $displayname= trim($drow['displayname']);
        $description= trim($drow['description']);
        $accountnumber= trim($drow['accountnumber']);

        $balances['cc'][$key]['displayname'] = $displayname;
        $balances['cc'][$key]['description'] = getAccountDescription($dbh, $HB_ENV["Cu"], $accountnumber, $description, $loan, "", $Fset3);
        $balances['cc'][$key]['displaydesc'] = getAccountDescription($dbh, $HB_ENV["Cu"], $accountnumber, $description, $loan, $displayname, $Fset3);

        $balances['cc'][$key]['displayorder'] = $drow['displayorder'];
        $balances['cc'][$key]['recordtype'] = $drow['recordtype'];
        $balances['cc'][$key]['accountnumber'] = trim($drow['accountnumber']);

        $balances['cc'][$key]['view_balances'] = ($drow['view_balances'] == 't');
        $balances['cc'][$key]['view_transactions'] = $drow['restrictions'] == "L" ? false : ($drow['view_transactions'] == 't');
        $balances['cc'][$key]['int_deposit'] = $drow['restrictions'] == "L" ? false : ($drow['int_deposit'] == 't');
        $balances['cc'][$key]['int_withdraw'] = $drow['restrictions'] == "L" ? false : ($drow['int_withdraw'] == 't');
        $balances['cc'][$key]['ext_deposit'] = $drow['restrictions'] == "L" ? false : ($drow['ext_deposit'] == 't');
        $balances['cc'][$key]['ext_withdraw'] = $drow['restrictions'] == "L" ? false : ($drow['ext_withdraw'] == 't');

        // if account is locked then only show that it is locked
        $balances['cc'][$key]['restrictions'] = $drow['restrictions'];
        if ( $drow['restrictions'] == "L" ) {
          // these are so the correct column headers show up
          $balances['cc'][$key]['currentbal'] = 0;
          $balances['cc'][$key]['paymentamount'] = 0;

          continue;
        }

        $balances['cc'][$key]['encryption'] = $doEncrypt ? $keyEncrypt : null;

        $balances['cc'][$key]['loan'] = $drow['loannumber'];

        $balances['cc'][$key]['trust'] = "$trust";
        $balances['cc'][$key]['type'] = $drow['cbtype'];
        $balances['cc'][$key]['cbtype']=$drow['cbtype'];

        if (HCU_array_key_exists('cbtype', $drow) && HCU_array_key_exists($drow['cbtype'], $hinfo)) {
          // if the url has the #acctid# placeholder, replace it with the ecrypted account id.
          $hisLink = str_replace("#acctid#", urlencode($keyEncrypt), $hinfo[$drow['cbtype']]);
          $balances['cc'][$key]['hisinfo'] = $hisLink;
        } else {
          $balances['cc'][$key]['hisinfo']="";
        }
        if (($Fset2 & GetFlagsetValue('CU2_CC18NOINFO')) != GetFlagsetValue('CU2_CC18NOINFO')) {
          $balances['cc'][$key]['currentbal'] = $drow['currentbalance'];
          if ($live && ($Fset2 & $GLOBALS['CU2_SHOWCCSB']) == $GLOBALS['CU2_SHOWCCSB']) {
            $balances['cc'][$key]['stmntbal'] = $drow['payoff'];
          }
          if (($Fset2 & $GLOBALS['CU2_HIDE_CCAVAIL']) != $GLOBALS['CU2_HIDE_CCAVAIL']) {
            $balances['cc'][$key]['available'] = $available;      // ** Deprecated -- do not use
            // ** ADD availablebal so it's the same as the other types.
            $balances['cc'][$key]['availablebal'] = $available;
          }

          $balances['cc'][$key]['paymentamount'] = $drow['paymentamount'];
          if (!($Fset & GetFlagsetValue('CU_HIDELOANDATE'))) {
            /** MWS 1/30/14 - The following condition was checking to see if 'payoff' was zero
             *  And if it was then it was setting value to N/A
             *  Looking at the current script Balances, it does a comparison to the balance
             *    field.  Part of the problem, is that payoff will ALWAYS be zero for batch as
             *    it is a live field.
             */
            if (trim($drow['nextduedate']) == '' || $drow['currentbalance'] == 0) {
                $drow['nextduedate'] = 'N/A';
            }
            $balances['cc'][$key]['nextduedate'] = $drow['nextduedate'];
            if (($drow['pastdue']) && !($Fset2 & GetFlagsetValue('CU2_HIDE_PASTDUE'))) {
                $balances['cc'][$key]['pastdue'] = $drow['pastdue'];
            }
          }
          if ($Fset2 & GetFlagsetValue('CU2_SHOWCCRATE')) {
            $balances['cc'][$key]['interestrate'] = $drow['interestrate'];
          }
          $balances['cc'][$key]['creditlimit'] = $drow['creditlimit'];
          if ($Fset & GetFlagsetValue('CU_SHOWLNINTEREST')) {
            $balances['cc'][$key]['ytdinterest'] = $drow['ytdinterest'];
            if (!($Fset & GetFlagsetValue('CU_HIDE_PYR')))
              $balances['cc'][$key]['lastyrinterest'] = $drow['lastyrinterest'];
          }
          if ($Fset2 & GetFlagsetValue('CU2_SHOWCCLPAY')) {
            $balances['cc'][$key]['lastpaymentdate'] = $drow['lastpaymentdate'];
          }
          // need code to get holdtotal / pendtotal
          // get holds only -- no ACH pending for loans

          if ($Fset2 & GetFlagsetValue('CU2_SHOWHOLD')) {
            $pending = Get_HoldTotal($dbh, $HB_ENV, $key);
            if (empty($pending[$key])) {
              $holdtotal = '0.00';
            } else {
              $holdtotal = sprintf("%.2f", $pending[$key]['total']);
            }
            $balances['cc'][$key]['holdtotal'] = "$holdtotal";
          }
          if ($live) {
            $balances['cc'][$key]['as_of_date'] = GetDateFormatTimezone($drow['balance_stamp'], 'm/d/Y h:i A', $cuTz);
            $balances['cc'][$key]['out_of_sync'] = ($drow['balance_stamp'] < $drow['balance_attempt']);

          } else {
            $balances['cc'][$key]['as_of_date'] = "";
            $balances['cc'][$key]['out_of_sync'] = false;
          }
        }
      }
    }
  }
  return ($balances);
}

/**
 * returns array of account / loan transactions for specified Acctid
 * @param object $dbh
 * @param array $HB_ENV
 * @param string $Acctid
 * @param string $DTSTART
 * @param string $DTEND
 * @param array $pAdvSearch
 * @return array
 * @throws Exception
 */
function Get_History($dbh,&$HB_ENV,$Acctid,$DTSTART="",$DTEND="",$pAdvSearch=[]) {

  $Cu       = $HB_ENV['Cu'];
  $Uid      = $HB_ENV["Uid"];
  $live     = $HB_ENV['live'];
  $Fset     = $HB_ENV['Fset'];
  $Fset2    = $HB_ENV['Fset2'];
  $history  = [];
  $errors   = [];
  global $chk_key;

  if ($live) {

    $userData = [
      'email'     => $HB_ENV['Ml'],
      'lastlogin' => $HB_ENV['Fplog']
    ];

    $dataResp = LoadUserData($HB_ENV, $Uid, $userData);
    $requestDate = HCU_array_key_value("requestDate", $dataResp['data']);
    $requestDesc = HCU_array_key_value("requestDesc", $dataResp['data']);

    if ($dataResp['code'] == '999') {
      // ** Error -
      $balances['status']['code']     = '999';
      $balances['status']['severity'] = 'ERROR';
      $balances['status']['errors'][] = 'System Unavailable';
      $HB_ENV['stale'] = 1;

    } else {
      // ** Success
      $HB_ENV['lastupdate'] = $requestDate;
    }

    if ($dataResp['code'] != '900') {  // * Don't update packetStatus for 'too soon'

      $HB_ENV['packetStatus'] = [
        'status'    => $dataResp['code'],
        'asofdate'  => $requestDate,
        'reason'    => $requestDesc
      ];
    }
  }

  date_default_timezone_set('UTC');
  if (empty($DTSTART) || !strtotime($DTSTART)) {
    $errors[]="Invalid Start Date";
  }
  if (empty($DTEND) || !strtotime($DTEND)) {
    $errors[]="Invalid End Date";
  }
  if ( strtotime($DTSTART) > strtotime($DTEND)) {
    $errors[]="Invalid Date Range";
  }
  if (count($errors) > 0) {
    $history['status']['code']      = '999';
    $history['status']['severity']  ='ERROR';
    $history['status']['errors']    = $errors;

  } else {
    $sqlstart     = (date('Y-m-d',strtotime($DTSTART)));
    $sqlend       = (date('Y-m-d',strtotime($DTEND)));
    $currentdate  = date('Y-m-d');

    $date_clause=" and date >= '$sqlstart 00:00:00' ";
    if ($sqlend < $currentdate) {
      $date_clause .= "and date <= '$sqlend 23:59:59' ";
    }

    $tbl=substr($Acctid,0,1);

    switch ($tbl) {

      case 'D':
       list($gettbl,$getacct,$gettype,$getcert) = explode("|",$Acctid);

        # deposit accounts
        # set the default dp sort order
        $orderby = "order by date desc, tracenumber desc";

        # then override it if a flag is set
        if (($Fset & $GLOBALS['CU_SORTORDER1']) == $GLOBALS['CU_SORTORDER1']) {
          $orderby = "order by tracenumber desc";
        }

        # only SORTORDER2 and SORTORDER5 change the dp history sort order
        if (($Fset & $GLOBALS['CU_SORTORDER2']) == $GLOBALS['CU_SORTORDER2']) {
          $orderby = "order by date desc, sortkey desc";
        }

        if (($Fset & $GLOBALS['CU_SORTORDER5']) == $GLOBALS['CU_SORTORDER5']) {
          $orderby = "order by date desc, oid desc";
        }

        # running balance calc if $CU_CALCRUNBAL
        # need deposittype from accountbalance table to determine checking?
        # micr overrides? alternate rt will be handled in ImageSRC

        $dp_bal = "select deposittype,amount,
          (select sum(amount) from {$Cu}accounthistory
            where accountnumber='" . prep_save($getacct) . "' and accounttype='" . prep_save($gettype) . "'
            and date >'" . prep_save($sqlend) . " 23:59:59' and certnumber=" . prep_save(intval($getcert)) . "
          ) as txnsum
          from {$Cu}accountbalance
          where accountnumber='" . prep_save($getacct) . "'
            and accounttype='" . prep_save($gettype) . "'
            and certnumber=" . prep_save(intval($getcert)) . " ";

        $sthbal = db_query($dp_bal,$dbh);

        if (!($sthbal)) {
          # error, query failed
          $history['status']['code']      = '999';
          $history['status']['severity']  = 'ERROR';
          $history['status']['errors'][]  = db_last_error();
          $history['status']['errors'][]  = "$dp_bal";

        } else {
          $drow     = db_fetch_array($sthbal,0);
          $deptype  = $drow['deposittype'];
          $seedbal  = ($currentdate == $sqlend ? $drow['amount'] : $drow['amount'] - $drow['txnsum']);

          $advSql = "";
          // see if doing an advanced search
          if ( count( $pAdvSearch ) > 0 ) {
            // blank out the balance info
            $seedbal = 0;

            if ( HCU_array_key_exists("fdesc", $pAdvSearch) && strlen( $pAdvSearch["fdesc"] ) > 0 ) {
              $advSql .= " and description ~* '{$pAdvSearch["fdesc"]}'";
            }
            if ( HCU_array_key_exists("findamt", $pAdvSearch) && strlen( $pAdvSearch["findamt"] ) > 0 ) {
              $advSql .= " and abs(amount)=cast('{$pAdvSearch["findamt"]}' as numeric)";
            }
            if ( HCU_array_key_exists("check", $pAdvSearch) && strlen( $pAdvSearch["check"] ) > 0 && $deptype == "Y" ) {
              $advSql .= " and trim(checknumber)='{$pAdvSearch["check"]}'";
            }
          }

          // ** 12/16/2014 mws changing the column label 'date' to 'mdydate', this is causing an
          // ** error in the order by as it uses the formatted value rather than the
          // ** table value as desired
          $dp_sql = "select trim(accounttype) as accounttype,
            certnumber,
            trim(checknumber) as checknumber,
            to_char(date,'YYYY-MM-DD') as ymddate,
            amount,
            trim(description) as description,
            trim(sortkey) as sortkey,
            balance,
            trim(tracenumber) as tracenumber
            from {$Cu}accounthistory
            where accountnumber='" . prep_save($getacct) . "'
            and certnumber=" . prep_save(intval($getcert)) . "
            and accounttype='" . prep_save($gettype) . "'
            $date_clause
            $advSql ";

          $dp_sql .= $orderby;
          $sthdp = db_query($dp_sql,$dbh);

          if (!($sthdp)) {
            # error, query failed
            $history['status']['code']      = '999';
            $history['status']['severity']  = 'ERROR';
            $history['status']['errors'][]  = db_last_error();
            $history['status']['errors'][]  = "$dp_sql";

          } else {
            $history['status']['code']      = '000';
            $history['status']['severity']  = 'SUCCESS';
            $history['status']['startdate'] = $sqlstart;
            $history['status']['stopdate']  = $sqlend;
            $history['status']['txnsum']    = $drow['txnsum'];
            $history['status']['startbal']  = $drow['amount'];
            $history['status']['seedbal']   = $seedbal;


            if (($Fset & $GLOBALS['CU_CALCRUNBAL']) == $GLOBALS['CU_CALCRUNBAL'] )
              $runbal = $seedbal;

            for ($row=0;$drow = db_fetch_array($sthdp,$row);$row++) {
              // ** BEFORE it's used, encode the description with UTF-8 Encoding.
              // * setting it here eliminates the need to set it each time it's called in this loop
              $drow['description']  = utf8_encode($drow['description']);
              $accounttype          = $drow['accounttype'];
              $cert                 = $drow['certnumber'];

              if (strpos($accounttype,"@")) {
                $trust = 'joint';
              } else {
                $trust = 'primary';
              }

              $trace  = "T" . $drow['tracenumber'];
              $amount = $drow['amount'];
              $amount = str_replace(",","",str_replace("$","",$amount));
              $amount = sprintf("%.2f",$amount);

              if (($Fset & $GLOBALS['CU_CALCRUNBAL']) == $GLOBALS['CU_CALCRUNBAL'] ) {
                $balance = $runbal;
                $runbal -= $drow['amount'];
              } else {
                $balance = $drow['balance'];
              }

              $history[$Acctid][$trace]['accounttype']  = $drow['accounttype'];
              $history[$Acctid][$trace]['certnumber']   = $drow['certnumber'];
              $history[$Acctid][$trace]['amount']       = $amount;
              $history[$Acctid][$trace]['balance']      = sprintf("%.2f",$balance);
              // * 12/16/2014 - Reference the new ymddate label
              $history[$Acctid][$trace]['date']         = $drow['ymddate'];

              if ($deptype == "Y") {

                $history[$Acctid][$trace]['checkno']=$drow['checknumber'];

                if (((($Fset & $GLOBALS['CU_SHOWIMAGES']) == $GLOBALS['CU_SHOWIMAGES'])) &&
                  $drow['checknumber'] > 0) {
                  $history[$Acctid][$trace]['ckitem'] =
                            hcu_encrypturl("{$Cu}|{$getacct}|${accounttype}|${cert}|${drow['tracenumber']}",$chk_key);
                  $history[$Acctid][$trace]['ckhash'] =
                    sha1("{$Cu}{$getacct}{$accounttype}{$cert}{$drow['tracenumber']}cierto");
                }
              }

              $history[$Acctid][$trace]['description']  = $drow['description'];
              $history[$Acctid][$trace]['traceno']      = $drow['tracenumber'];
            }
          }
        }

        break;

      case 'L':
        # loans
        list($gettbl,$getacct,$getloan) = explode("|",$Acctid);

        # set the default loan sort order
        $lorderby = " order by date desc, tracenumber desc";

        # none of the loan sort order flags change the ln history sort
        $ln_bal = "select currentbalance,
          (select sum(principleamount) from {$Cu}loanhistory
            where accountnumber='" . prep_save($getacct) . "' and loannumber='" . prep_save($getloan) . "'
            and date >'" . prep_save($sqlend) . " 23:59:59'
          ) as txnsum
          from {$Cu}loanbalance
            where accountnumber='" . prep_save($getacct) . "'
            and loannumber='" . prep_save($getloan) . "' ";

        $sthbal = db_query($ln_bal,$dbh);

        if (!($sthbal)) {
          # error, query failed
          $history['status']['code']      = '999';
          $history['status']['severity']  = 'ERROR';
          $history['status']['errors'][]  = db_last_error();
          $history['status']['errors'][]  = "$ln_bal";

        } else {
          $drow = db_fetch_array($sthbal,0);
          $seedbal = ($currentdate == $sqlend ? $drow['currentbalance'] : $drow['currentbalance'] - $drow['txnsum']);

          // ** 12/16/2014 mws changing the column label 'date' to 'mdydate', this is causing an
          // ** error in the order by as it uses the formatted value rather than the
          // ** table value as desired
          $ln_sql = "select trim(loannumber) as loannumber,
            to_char(date,'YYYY-MM-DD') as ymddate,
            principleamount as principle,
            interestamount as interest,
            balance as balance,
            trim(description) as description,
            trim(tracenumber) as tracenumber ";

          if (($Fset2 & $GLOBALS['CU2_ESCHEMA']) == $GLOBALS['CU2_ESCHEMA'] )
            $ln_sql .= ",fee as fee, escrow as escrow";

          $ln_sql .= " from {$Cu}loanhistory
            where accountnumber='" . prep_save($getacct) . "'
            and loannumber='" . prep_save($getloan) . "'";

          $ln_sql .= $date_clause;
          $ln_sql .= $lorderby;

          $sthln = db_query($ln_sql,$dbh);

          if (!($sthln)) {
            # error, query failed
            $history['status']['code']      = '999';
            $history['status']['severity']  = 'ERROR';
            $history['status']['errors'][]  = db_last_error();
            $history['status']['errors'][]  = $ln_sql;

          } else {
            $history['status']['code']      = '000';
            $history['status']['severity']  = 'SUCCESS';
            $history['status']['startdate'] = $sqlstart;
            $history['status']['stopdate']  = $sqlend;
            $history['status']['txnsum']    = $drow['txnsum'];
            $history['status']['startbal']  = $drow['currentbalance'];
            $history['status']['seedbal']   = $seedbal;

            if (($Fset & $GLOBALS['CU_CALCRUNBAL']) == $GLOBALS['CU_CALCRUNBAL'] )
              $runbal = $seedbal;

            for ($row=0;$drow = db_fetch_array($sthln,$row);$row++) {

              // ** BEFORE it's used, encode the description with UTF-8 Encoding.
              // * setting it here eliminates the need to set it each time it's called in this loop
              $drow['description']  = utf8_encode($drow['description']);
              $loan                 = $drow['loannumber'];
              $trace                = "T" . $drow['tracenumber'];

              if (strpos($loan,"@")) {
                $trust = 'joint';
              } else {
                $trust = 'primary';
              }

              $escrow = 0;
              $fee = 0;

              if (($Fset2 & $GLOBALS['CU2_ESCHEMA']) == $GLOBALS['CU2_ESCHEMA'] ) {
                if (($Fset2 & $GLOBALS['CU2_SHOW_LN_ESCROW']) == $GLOBALS['CU2_SHOW_LN_ESCROW'])
                    $escrow=$drow['escrow'];

                if (($Fset2 & $GLOBALS['CU2_SHOW_LN_FEE']) == $GLOBALS['CU2_SHOW_LN_FEE'])
                    $fee=$drow['fee'];
              }

              $principle  = $drow['principle'];
              $principle  = str_replace(",","",str_replace("$","",$principle));
              $interest   = $drow['interest'];
              $interest   = str_replace(",","",str_replace("$","",$interest));
              $escrow     = str_replace(",","",str_replace("$","",$escrow));
              $fee        = str_replace(",","",str_replace("$","",$fee));

              if (($Fset & $GLOBALS['CU_CALCRUNBAL']) == $GLOBALS['CU_CALCRUNBAL'] ) {
                $balance = $runbal;
                $runbal -= $drow['principle'];
              } else {
                $balance = $drow['balance'];
              }

              $balance    = str_replace(",","",str_replace("$","",$balance));
              $totalpay   = sprintf("%.2f",(abs($principle) + abs($interest) + abs($escrow) + abs($fee)));
              $principle  = sprintf("%.2f",$principle);
              $interest   = sprintf("%.2f",$interest);
              $escrow     = sprintf("%.2f",$escrow);
              $fee        = sprintf("%.2f",$fee);

              $history[$Acctid][$trace]['loan'] = $drow['loannumber'];
              $history[$Acctid][$trace]['traceno'] = $drow['tracenumber'];

              if (($Fset & $GLOBALS['CU_SHOWLNTXNDESC']) == $GLOBALS['CU_SHOWLNTXNDESC'])
                $history[$Acctid][$trace]['description'] = $drow['description'];

              // ** 12/16/2014 mws - reference the new ymddate field returned in query
              $history[$Acctid][$trace]['date'] = $drow['ymddate'];

              if (($Fset2 & $GLOBALS['CU2_ESCHEMA']) == $GLOBALS['CU2_ESCHEMA']
                && ($Fset2 & $GLOBALS['CU2_SHOW_LN_ESCROW']) == $GLOBALS['CU2_SHOW_LN_ESCROW'])
                $history[$Acctid][$trace]['escrow'] = $escrow;

              if (($Fset2 & $GLOBALS['CU2_ESCHEMA']) == $GLOBALS['CU2_ESCHEMA']
                && ($Fset2 & $GLOBALS['CU2_SHOW_LN_FEE']) == $GLOBALS['CU2_SHOW_LN_FEE'])
                $history[$Acctid][$trace]['fee'] = $fee;

              if (($Fset & $GLOBALS['CU_SHOWLNTXNSPLIT'])==$GLOBALS['CU_SHOWLNTXNSPLIT']) {
                $history[$Acctid][$trace]['principal'] = $principle;
                $history[$Acctid][$trace]['interest'] = $interest;
              }

              $history[$Acctid][$trace]['totalpay'] = $totalpay;

              if (($Fset & $GLOBALS['CU_LNBALUNUSABLE'])!=$GLOBALS['CU_LNBALUNUSABLE']) {
                $history[$Acctid][$trace]['balance'] = $balance;
              }
            }
          }
        }
        break;

      case 'C':
        # loans shown as credit cards
        list($gettbl,$getacct,$getloan) = explode("|",$Acctid);

        # set the default loan sort order
        $lorderby = " order by date desc, tracenumber desc";

        # none of the loan sort order flags change the ln history sort
        $cc_bal="select currentbalance,
          (select sum(principleamount) from {$Cu}loanhistory
            where accountnumber='" . prep_save($getacct) . "' and loannumber='" . prep_save($getloan) . "'
              and date >'" . prep_save($sqlend) . " 23:59:59'
          ) as txnsum
          from {$Cu}loanbalance
            where accountnumber='" . prep_save($getacct) . "'
            and loannumber='" . prep_save($getloan) . "' ";

        $sthbal = db_query($cc_bal,$dbh);

        if (!($sthbal)) {
          # error, query failed
          $history['status']['code']      = '999';
          $history['status']['severity']  = 'ERROR';
          $history['status']['errors'][]  = db_last_error();
          $history['status']['errors'][]  = "$cc_bal";

        } else {
          $drow = db_fetch_array($sthbal,0);
          $seedbal = ($currentdate == $sqlend ? $drow['currentbalance'] : $drow['currentbalance'] - $drow['txnsum']);

          // ** 12/16/2014 mws changing the column label 'date' to 'mdydate', this is causing an
          // ** error in the order by as it uses the formatted value rather than the
          // ** table value as desired
          $cc_sql="select trim(loannumber) as loannumber,
            to_char(date,'YYYY-MM-DD') as ymddate,
            principleamount as principle,
            interestamount as interest,
            trim(tracenumber) as tracenumber,
            balance,
            trim(description) as description ";

          if (($Fset2 & $GLOBALS['CU2_ESCHEMA']) == $GLOBALS['CU2_ESCHEMA'])
              $cc_sql .= ",fee as fee";

          $cc_sql .= " from {$Cu}loanhistory
          where  accountnumber='" . prep_save($getacct) . "' and loannumber = '" . prep_save($getloan) . "' ";
          $cc_sql .= $date_clause;
          $cc_sql .= $lorderby;

          $sthcc = db_query($cc_sql,$dbh);

          if (!($sthcc)) {
            # error, query failed
            $history['status']['code']      = '999';
            $history['status']['severity']  = 'ERROR';
            $history['status']['errors'][]  = db_last_error();
            $history['status']['errors'][]  = $cc_sql;

          } else {
            $history['status']['code']      = '000';
            $history['status']['severity']  = 'SUCCESS';
            $history['status']['startdate'] = $sqlstart;
            $history['status']['stopdate']  = $sqlend;
            $history['status']['txnsum']    = $drow['txnsum'];
            $history['status']['startbal']  = $drow['currentbalance'];
            $history['status']['seedbal']   = $seedbal;

            if (($Fset & $GLOBALS['CU_CALCRUNBAL']) == $GLOBALS['CU_CALCRUNBAL'] )
              $runbal = $seedbal;

            for ($row=0;$drow = db_fetch_array($sthcc,$row);$row++) {

              // ** BEFORE it's used, encode the description with UTF-8 Encoding.
              // * setting it here eliminates the need to set it each time it's called in this loop
              $drow['description']  = utf8_encode($drow['description']);
              $loan                 = $drow['loannumber'];
              $trace                = "T" . $drow['tracenumber'];

              $history[$Acctid][$trace]['loan'] = $drow['loannumber'];
              $history[$Acctid][$trace]['traceno'] = $drow['tracenumber'];

              if (($Fset & $GLOBALS['CU_SHOWLNTXNDESC'])==$GLOBALS['CU_SHOWLNTXNDESC'])
                $history[$Acctid][$trace]['description']=$drow['description'];

                // * 12/16/2014 - mws - reference the new ymddate in the query
              $history[$Acctid][$trace]['date']=$drow['ymddate'];

              if (($Fset & $GLOBALS['CU_CALCRUNBAL']) == $GLOBALS['CU_CALCRUNBAL'] ) {
                $balance = $runbal;
                $runbal -= $drow['principle'];

              } else {
                $balance = $drow['balance'];
              }

              $principle    = $drow['principle'];
              $interest     = $drow['interest'];
              $description  = $drow['description'];
              $fee          = 0;

              if (($Fset2 & $GLOBALS['CU2_ESCHEMA']) == $GLOBALS['CU2_ESCHEMA']) {
                if (($Fset2 & $GLOBALS['CU2_SHOW_LN_FEE']) == $GLOBALS['CU2_SHOW_LN_FEE'])
                  $fee=$drow['fee'];
              }

              $principle  = str_replace(",","",str_replace("$","",$principle));
              $interest   = str_replace(",","",str_replace("$","",$interest));
              $fee        = str_replace(",","",str_replace("$","",$fee));
              $totalpay   = sprintf("%.2f",(abs($principle) + abs($interest) + abs($fee)));
              $principle  = sprintf("%.2f",$principle);
              $interest   = sprintf("%.2f",$interest);
              $fee        = sprintf("%.2f",$fee);

              if (($Fset2 & $GLOBALS['CU2_ESCHEMA']) == $GLOBALS['CU2_ESCHEMA'] && ($Fset2 & $GLOBALS['CU2_SHOW_LN_FEE']) == $GLOBALS['CU2_SHOW_LN_FEE'])
                $history[$Acctid][$trace]['fee'] = $fee;

              if (($Fset & $GLOBALS['CU_SHOWLNTXNSPLIT'])==$GLOBALS['CU_SHOWLNTXNSPLIT']) {
                $history[$Acctid][$trace]['principal'] = $principle;
                $history[$Acctid][$trace]['interest'] = $interest;
              }

              $history[$Acctid][$trace]['totalpay'] = $totalpay;
              if (($Fset & $GLOBALS['CU_LNBALUNUSABLE'])!=$GLOBALS['CU_LNBALUNUSABLE']) {
                $history[$Acctid][$trace]['balance']=$balance;
              }
            }
          }
        }
        break;

        default:
        # unknown account requested, set error
      }
    }

    return ($history);
}

/**
 * returns Pending Total for specified Acctid
 * @param object $dbh
 * @param array $HB_ENV
 * @param string $Acctid
 * @return array
 */
function Get_PendTotal($dbh,$HB_ENV,$Acctid) {

  $Cu       = $HB_ENV['Cu'];
  $Fset2    = $HB_ENV['Fset2'];
  $pending  = [];

  if (($Fset2 & $GLOBALS['CU2_SHOWPEND']) != $GLOBALS['CU2_SHOWPEND']) {
    $pending['status']['code']      = '100';
    $pending['status']['severity']  = 'INFO';
    $pending['status']['message']   = 'Feature Not Activated';

  } else {

    $tbl=substr($Acctid,0,1);

    switch ($tbl) {
      case 'L':
      case 'D':
      case 'C':

        if ($tbl == 'D') {
          list($gettbl,$getacct,$gettype,$getcert) = explode("|",$Acctid);
          $getcert = " and certnumber=" . prep_save(intval($getcert)) . " ";
          $gethold = " and holdtype = 'd' ";

        } elseif ($tbl == 'L' || $tbl == 'C') {
          list($gettbl,$getacct,$gettype) = explode("|",$Acctid);
          $getcert = "";
          $gethold = " and holdtype = 'l' ";
        }

        $dp_sql="select sum(amount) as total
          from {$Cu}holds
            where accountnumber='" . prep_save($getacct) . "'
            and accounttype='" . prep_save($gettype) . "' $gethold $getcert";

        $sthdp = db_query($dp_sql,$dbh);

        if (!($sthdp)) {
          # error, query failed
          $pending['status']['code']      = '999';
          $pending['status']['severity']  = 'ERROR';
          $pending['status']['errors'][]  = db_last_error();

        } else {
          $pending['status']['code']      = '000';
          $pending['status']['severity']  = 'SUCCESS';

          for ($row=0;$drow = db_fetch_array($sthdp,$row);$row++) {
            $total = $drow['total'];
            $total = sprintf("%.2f",$total);
            $pending["$Acctid"]['total'] = $total;
          }
        }
        break;

      default:
      # unknown account requested, set error
      $pending['status']['code']      = '999';
      $pending['status']['severity']  = 'ERROR';
      $pending['status']['errors'][]  = 'Unknown Account Requested';
    }
  }

  return ($pending);
}

/**
 * Get the pending details for accounts that are not locked.
 * returns array of account / loan transactions for specified Acctid
 * @param object $dbh
 * @param array $HB_ENV
 * @param string $Acctid
 * @return array
 */
function Get_PendDetails($dbh,$HB_ENV,$Acctid) {

  $Cu       = $HB_ENV['Cu'];
  $Fset2    = $HB_ENV['Fset2'];
  $history  = [];

  if (($Fset2 & $GLOBALS['CU2_SHOWPEND']) != $GLOBALS['CU2_SHOWPEND']) {
    $history['status']['code']      = '100';
    $history['status']['severity']  = 'INFO';
    $history['status']['message']   = 'Feature Not Activated';
  } else {

    $tbl=substr($Acctid,0,1);

    switch ($tbl) {
      case 'L':
      case 'D':
      case 'C':

        if ($tbl == 'D') {
          list($gettbl,$getacct,$gettype,$getcert) = explode("|",$Acctid);
          $getcert = " and certnumber=" . prep_save(intval($getcert)) . " ";
          $gethold = " and holdtype = 'd' ";

        } elseif ($tbl == 'L' || $tbl == 'C') {
          list($gettbl,$getacct,$gettype) = explode("|",$Acctid);
          $getcert = "";
          $gethold= " and holdtype = 'l' ";
        }

        # accounttype,certnumber,date desc, tracenumber desc
        #$orderby = "order by accounttype, certnumber, date desc, tracenumber desc";

        /*
         * changed 2/12/13 to use expiredate rather than postdate for pending transactions
         * vendors appear to be sending expiredate as the date the txn will post to
         * member account
         *
         * Still sending titled as 'postdate' so mobile / app code doesn't have to
         * change
         */
        $orderby = "order by expiredate desc, tracenumber desc";

        $dp_sql="select trim(h.accounttype) as accounttype,
          h.certnumber, trim(h.accountnumber) as accountnumber,
          to_char(h.expiredate,'YYYY-MM-DD') as expiredate,
          h.amount,
          trim(h.description) as description,
          trim(h.tracenumber) as tracenumber
          from {$Cu}holds h
          INNER JOIN {$Cu}memberacct ma ON ma.accountnumber = h.accountnumber
          AND coalesce(ma.restrictions, '') != 'L'
          where h.accountnumber='" . prep_save($getacct) . "'
            and h.accounttype='" . prep_save($gettype) . "' ";
          $dp_sql .= "$getcert $gethold $orderby";

          $sthdp = db_query($dp_sql,$dbh);

          if (!($sthdp)) {
            # error, query failed
            $history['status']['code']      = '999';
            $history['status']['severity']  = 'ERROR';
            $history['status']['errors'][]  = db_last_error();

        } else {
            $history['status']['code']      = '000';
            $history['status']['severity']  = 'SUCCESS';

          for ($row=0;$drow = db_fetch_array($sthdp,$row);$row++) {

            $accounttype  = $drow['accounttype'];
            $acct         = $drow['accountnumber'];
            $trace        = "T" . $drow['tracenumber'];
            $amount       = $drow['amount'];
            $amount       = sprintf("%.2f",$amount);

            if ($tbl == 'D') {
              $cert = $drow['certnumber'];
              $tblkey = "$tbl|$acct|$accounttype|$cert";
            } else {
              $tblkey = "$tbl|$acct|$accounttype";
            }

            $history["$tblkey"][$trace]['accounttype'] = $drow['accounttype'];

            if ($tbl == "D") {
              $history["$tblkey"][$trace]['certnumber'] = $drow['certnumber'];
            }

            $history["$tblkey"][$trace]['amount'] = $amount;
            /*
             * see notes above.  As of 2/12/13 this is expiredate
             * masquerading as postdate for pending txns only
             */
            $history["$tblkey"][$trace]['postdate']     = $drow['expiredate'];
            $history["$tblkey"][$trace]['description']  = $drow['description'];
            $history["$tblkey"][$trace]['traceno']      = $drow['tracenumber'];

          }
        }
        break;

      default:
        # unknown account requested, set error
        $history['status']['code']      = '999';
        $history['status']['severity']  = 'ERROR';
        $history['status']['errors'][]  = 'Unknown Account Requested';
    }
  }

  return ($history);
}

/**
 * returns ACH Hold Total for specified Acctid
 * @param object $dbh
 * @param array $HB_ENV
 * @param string $Acctid
 * @return array
 */
function Get_HoldTotal($dbh,$HB_ENV,$Acctid) {

  $Cu       = $HB_ENV['Cu'];
  $Fset2    = $HB_ENV['Fset2'];
  $pending  = [];

  if (($Fset2 & $GLOBALS['CU2_SHOWHOLD']) != $GLOBALS['CU2_SHOWHOLD'] ) {
    $pending['status']['code']      = '100';
    $pending['status']['severity']  = 'INFO';
    $pending['status']['message']   = 'Feature Not Activated';

  } else {

    $tbl=substr($Acctid,0,1);

    switch ($tbl) {
      case 'L':
      case 'D':
      case 'C':

        if ($tbl == 'D') {
          list($gettbl,$getacct,$gettype,$getcert) = explode("|",$Acctid);
          $getcert= " and certnumber=" . prep_save(intval($getcert)) . " ";
          $gethold= " and holdtype = 'D' ";

        } elseif ($tbl == 'L' || $tbl == 'C') {
          list($gettbl,$getacct,$gettype) = explode("|",$Acctid);
          $getcert = "";
          $gethold= " and holdtype = 'L' ";
        }

        $dp_sql="select sum(amount) as total
          from {$Cu}holds
          where accountnumber='" . prep_save($getacct) . "'
          and accounttype='" . prep_save($gettype) . "' $gethold $getcert";

        $sthdp = db_query($dp_sql,$dbh);

        if (!($sthdp)) {
          # error, query failed
          $pending['status']['code']      = '999';
          $pending['status']['severity']  = 'ERROR';
          $pending['status']['errors'][]  = db_last_error();

        } else {
          $pending['status']['code']      = '000';
          $pending['status']['severity']  = 'SUCCESS';

          for ($row=0;$drow=db_fetch_array($sthdp,$row);$row++) {

            $total = $drow['total'];
            $total = sprintf("%.2f",$total);
            $pending["$Acctid"]['total'] = $total;
          }
        }
        break;

      default:
        # unknown account requested, set error
        $pending['status']['code']      = '999';
        $pending['status']['severity']  = 'ERROR';
        $pending['status']['errors'][]  = 'Unknown Account Requested';
    }
  }

  return ($pending);
}

/**
 * Get the hold details for accounts that are not locked
 * returns array of account / loan transactions for specified Acctid
 * @param object $dbh
 * @param array $HB_ENV
 * @param string $Acctid
 * @return array
 */
function Get_HoldDetails($dbh,$HB_ENV,$Acctid) {

  $Cu       = $HB_ENV['Cu'];
  $Fset2    = $HB_ENV['Fset2'];
  $history  = [];

  if (($Fset2 & $GLOBALS['CU2_SHOWHOLD']) != $GLOBALS['CU2_SHOWHOLD']) {
    $history['status']['code']      = '100';
    $history['status']['severity']  = 'INFO';
    $history['status']['message']   = 'Feature Not Activated';

  } else {

    $tbl=substr($Acctid,0,1);

    switch ($tbl) {
      case 'L':
      case 'D':
      case 'C':

        if ($tbl == 'D') {
          list($gettbl,$getacct,$gettype,$getcert) = explode("|",$Acctid);
          $getcert= " and certnumber=" . prep_save(intval($getcert)) . " ";
          $gethold= " and holdtype = 'D' ";

        } elseif ($tbl == 'L' || $tbl == 'C') {
          list($gettbl,$getacct,$gettype) = explode("|",$Acctid);
          $getcert = "";
          $gethold= " and holdtype = 'L' ";
        }

        # accounttype,certnumber,date desc, tracenumber desc
        $orderby = "order by postdate desc, tracenumber desc";

        $dp_sql="select trim(h.accounttype) as accounttype,
          h.certnumber,
          to_char(h.postdate,'YYYY-MM-DD') as postdate,
          h.amount,
          trim(h.description) as description,
          trim(h.tracenumber) as tracenumber
          from {$Cu}holds h
          INNER JOIN {$Cu}memberacct ma ON ma.accountnumber = h.accountnumber
            AND coalesce(ma.restrictions, '') != 'L'
          where  h.accountnumber='" . prep_save($getacct) . "'
            and  h.accounttype='" . prep_save($gettype) . "' ";

        $dp_sql .= "$getcert $gethold $orderby";
        $sthdp = db_query($dp_sql,$dbh);

        if (!($sthdp)) {
          # error, query failed
          $history['status']['code']      = '999';
          $history['status']['severity']  = 'ERROR';
          $history['status']['errors'][]  = db_last_error();

        } else {
          $history['status']['code']      = '000';
          $history['status']['severity']  = 'SUCCESS';

          for ($row=0;$drow = db_fetch_array($sthdp,$row);$row++) {

            $accounttype  = $drow['accounttype'];
            $trace        = "T" . $drow['tracenumber'];
            $amount       = $drow['amount'];
            $amount       = sprintf("%.2f",$amount);

            if ($tbl == 'D') {
              $cert = $drow['certnumber'];
              $tblkey = "$tbl|$getacct|$accounttype|$cert";
            } else {
              $tblkey = "$tbl|$getacct|$accounttype";
            }

            $history["$tblkey"][$trace]['accounttype'] = $drow['accounttype'];

            if ($tbl == "D") {
              $history["$tblkey"][$trace]['certnumber']=$drow['certnumber'];
            }

            $history["$tblkey"][$trace]['amount']       = $amount;
            $history["$tblkey"][$trace]['postdate']     = $drow['postdate'];
            $history["$tblkey"][$trace]['description']  = $drow['description'];
            $history["$tblkey"][$trace]['traceno']      = $drow['tracenumber'];

          }
        }
        break;
      default:
        # unknown account requested, set error
        $history['status']['code']      = '999';
        $history['status']['severity']  = 'ERROR';
        $history['status']['errors'][]  = 'Unknown Account Requested';
    }
  }

  return ($history);
}

function Get_OverMicr($dbh,$HB_ENV,$Acctid) {
# returns array of micr settings and overrides for member
$Cu=$HB_ENV['Cu'];
$Cn=$HB_ENV['Cn'];
$Fset=$HB_ENV['Fset'];
$Fset2=$HB_ENV['Fset2'];
$micrs=array();

list($gettbl,$getacct,$gettype,$getcert) = explode("|",$Acctid);

// reconsider this test....
// might need override micrs for bill pay, shouldn't matter if check images are
// on or not
//
    if (($Fset & $GLOBALS['CU_SHOWIMAGES']) != $GLOBALS['CU_SHOWIMAGES']) {
      # return error -- cu not set for images
      $micrs['status']['code']='999';
      $micrs['status']['severity']='ERROR';
      $micrs['status']['errors'][]="CU not set up for image retrieval";
    } else {
      # adjust this to send back the default settings as well as overrides
       #$sql = "select trim(rt), trim(img) from cuadmin where cu='$Cu'";

       $sql = "select trim(accounttype), trim(rt), trim(micraccount)
            from {$Cu}accountbalance,  cuadmin
            where cu='$Cu' and deposittype='Y' and accountnumber='$getacct'
            and accounttype='$gettype' and certnumber=$getcert";

       $sth = db_query($sql,$dbh);
        if (db_num_rows($sth) == 0 ) {
          # return error -- account not found
          $micrs['status']['code']='999';
          $micrs['status']['severity']='ERROR';
          $micrs['status']['errors'][]="Account not found";
        } else {
           list($osfx, $ort, $omicr) = db_fetch_array($sth,0);

          $micrs['prime']['accounttype'] = "$osfx";
          $micrs['prime']['rt'] = "$ort";
          $micrs['prime']['micr'] = "$omicr";

       $sql = "select trim(accounttype), trim(rt),
               trim(micraccount), startcheck
               from cuovermicr where cu='$Cu' and accountnumber='$getacct'
            and accounttype='$gettype'
               order by startcheck desc";
       $sth = db_query($sql,$dbh);

       for ($row=0;list($osfx, $ort, $omicr, $ostart) =
            db_fetch_array($sth,$row); $row++) {
            $micrs['oride'][$row]['accounttype'] = "$osfx";
            $micrs['oride'][$row]['rt'] = "$ort";
            $micrs['oride'][$row]['micr'] = "$omicr";
            $micrs['oride'][$row]['startcheck'] = $ostart;
       }
    }
  }
    return ($micrs);
}

function Get_PrimaryChecking($dbh, $HB_ENV) {
# returns list of checking accounts w/ non-blank micrs
// modified 1/30/15 - return accounts first, then look for override micr
// if micr is blank, but only get override with same rt as primary
#
# includes primary accounts only (accounttype not containing '@')

    $Cu = $HB_ENV['Cu'];
    $Cn = $HB_ENV['Cn'];
    $accts = array();
#
    $sql = "select trim(accountnumber) as accountnumber,
                   trim(accounttype) as accounttype,
                   certnumber,
                   trim(description) as description,
                   trim(micraccount) as micraccount
            from   ${Cu}accountbalance
           where accountnumber='$Cn' and deposittype='Y'
                  and accounttype not like '%@%'
                  $orderby";

# Run the sql and see if we got anything

    $sthdp = db_query($sql, $dbh);

    if (db_num_rows($sthdp)) {
        for ($row = 0; $drow = db_fetch_array($sthdp, $row); $row++) {
          // ** BEFORE it's used, encode the description with UTF-8 Encoding.
          // * setting it here eliminates the need to set it each time it's called in this loop
          $drow['description'] = utf8_encode($drow['description']);

            $accounttype = $drow['accounttype'];
            $cert = $drow['certnumber'];
            $micraccount = $drow['micraccount'];
            if (strpos($accounttype, "@")) {
                $trust = 'joint';
            } else {
                $trust = 'primary';
            }
            if (trim($micraccount) == '') {
                $sqlmicr = "select trim(o.micraccount) as omicr
                    from cuovermicr o join cuadmin a on o.cu = a.cu
                    where o.cu='$Cu' and o.accountnumber='$Cn'
          and o.accounttype='$accounttype' and o.rt=a.rt
                    order by o.startcheck desc limit 1";
                $sthmicr = db_query($sqlmicr, $dbh);
                if (db_num_rows($sthmicr) == 1) {
                    list ($micraccount) = db_fetch_row($sthmicr, 0);
                    $drow['micraccount'] = $micraccount;
                }
            }
            if (trim($micraccount) != '') {
                $accts['dp']["D|$Cn|$accounttype|$cert"]['accounttype'] = $drow['accounttype'];
                $accts['dp']["D|$Cn|$accounttype|$cert"]['certnumber'] = $drow['certnumber'];
                $accts['dp']["D|$Cn|$accounttype|$cert"]['description'] = $drow['description'];
                $accts['dp']["D|$Cn|$accounttype|$cert"]['micraccount'] = $drow['micraccount'];
                $accts['dp']["D|$Cn|$accounttype|$cert"]['trust'] = "$trust";
                $accts['dp']["D|$Cn|$accounttype|$cert"]['displaydesc'] =
                    ($cert == 0 ? "{$drow['description']} - $accounttype" : "{$drow['description']} # $cert - $accounttype");
            }
        }
    }
    if (sizeof($accts['dp'])) {
        $accts['status']['code'] = '000';
        $accts['status']['severity'] = 'SUCCESS';
    } else {
        # error, no rows
        $accts['status']['code'] = '999';
        $accts['status']['severity'] = 'ERROR';
        $accts['status']['errors'][] = 'No Accounts Available';
    }
    return ($accts);
}

/* Test if account is locked or read-only and return the lock level.
 */
function CheckIfAccountLocked( $dbh, $currCU, $accountNumber ) {
  $lockStatus = "L";  // default to locked in case something untoward happens

  // get the restrictions on the account
  $accountSQL = "SELECT restrictions
                  FROM {$currCU}memberacct
                  WHERE accountnumber = '$accountNumber'";

  $rs = db_query( $accountSQL, $dbh );
  if ( !$rs ) {
    dmserror( $DMSMAIL, "WARN", "Unable to read  {$currCU}memberacct for account $accountNumber. \n" . db_last_error() );
  } else {
    $accountRow = db_fetch_assoc( $rs );

    $lockStatus = trim( $accountRow["restrictions"] );
  }

  return $lockStatus;

} // end CheckIfAccountLocked


// Sort the estatements table of contents by period end (descending) and description.
function SortEstmt( $a, $b ) {
  $result = strcmp( $b["PerEnd"], $a["PerEnd"] );
  if ( $result == 0 ) {
    $result = strcmp( $a["PerDesc"], $b["PerDesc"] );
  }

  return $result;
}



/**
 *
 *
 *
 * @param integer $dbh          - Current integer pointer to the database handle
 * @param array $HB_ENV         - Current HB Environment array
 * @param class  $MC            - Current language class
 *                                    Returns:
 *                                      Y - CU has e-statements turned on
 *                                          member has the estmt_flat set to 'Y'
 *                                          there is a statement file for the member
 *                                      N - CU has e-statements turned off OR
 *                                          member has the estmt_flat set to 'N'
 *                                      W - CU has e-statements turned on
 *                                          member has the estmt_flat set to 'Y'
 *                                          there is NO statement file for the member
 *                                  false - All parts of the function will execute
 *
 * @return array
 *          HomeCU [status]
 *                    [code] {000, 999}
 *                    [errors] {array of strings}
 *
 *                    [estmt]        - Current estmt flag for the Current Member
 *                    [enrolled]     - Current estmt flag for the Current Member
 *                    [pdflinks]     - pdf links for the credit union
 *                    [toclinks]     - toc links for current member, if they have estatements to view
 *                    [notifyemail]  - Notify email for the credit union
 *                    [sslformsdir]  - The ssl forms directory, location to save ssl forms
 *
 *                    Data returned is a string value from the core if the
 *                    value was posted.  EMPTY if not posted
 */
function Get_Estmt($dbh, $HB_ENV, $MC, $pAcct) {
    # not finished with this, but moving on...
    # needs to check cuthird for field list override,
    # populate 'Wait' message (estmt_flag=Y but no statement file)
    # use mobile fragments instead of desktop
    $Cu = $HB_ENV['Cu'];
    $Cn = $HB_ENV['Cn'];
    $Flang = $HB_ENV['Flang'];
    $chome = $HB_ENV['chome'];
    $email = $HB_ENV['Ml'];
    $live = $HB_ENV['live'];

    $errors = array();
    $stmt = Get_EstmtEnrollStatus($dbh, $HB_ENV, $MC, $pAcct);
    if ($stmt['status']['code'] === '000') {
        try {

             // add the pdf links and Table of Contents
              $pdffound = 0;
              # populate list of PDF links to be offered
              $pdfnews = "/home/$chome/public_html/pdf/newsletter.pdf";
              $pdfkids = "/home/$chome/public_html/pdf/kidsnews.pdf";
              $pdfprime = "/home/$chome/public_html/pdf/primenews.pdf";
              $pdfsenior = "/home/$chome/public_html/pdf/seniornews.pdf";
              $pdfteen = "/home/$chome/public_html/pdf/teennews.pdf";
              $pdfins = "/home/$chome/public_html/pdf/insert.pdf";
              $pdffee = "/home/$chome/public_html/pdf/fees.pdf";
              $pdfprivacy = "/home/$chome/public_html/pdf/privacy.pdf";
              $pdfpath = $HB_ENV["fi_path"] . "pdf";

              $pdflinks = array();
              if (is_readable("$pdfnews")) {
                  $title = $MC->msg('Newsletter');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/newsletter.pdf");
                  $pdffound++;
              }
              if (is_readable("$pdfkids")) {
                  $title = $MC->msg('Youth Newsletter');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/kidsnews.pdf");
                  $pdffound++;
              }
              if (is_readable("$pdfteen")) {
                  $title = $MC->msg('Teen Newsletter');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/teennews.pdf");
                  $pdffound++;
              }
              if (is_readable("$pdfprime")) {
                  $title = $MC->msg('Prime Newsletter');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/primenews.pdf");
                  $pdffound++;
              }
              if (is_readable("$pdfsenior")) {
                  $title = $MC->msg('Senior Newsletter');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/seniornews.pdf");
                  $pdffound++;
              }

              if (is_readable("$pdfins")) {
                  $title = $MC->msg('Statement Insert');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/insert.pdf");
                  $pdffound++;
              }

              if (is_readable("$pdffee")) {
                  $title = $MC->msg('Fee Schedule');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/fees.pdf");
                  $pdffound++;
              }

              if (is_readable("$pdfprivacy")) {
                  $title = $MC->msg('Privacy Policy');
                  $pdflinks[] = array('pdftitle' => $title, 'pdfpath' => "$pdfpath/privacy.pdf");
                  $pdffound++;
              }

              $estmt = $stmt['status']['estmt'];
              switch ($estmt) {
                  case 'Y':
                      // See if reading statements directly from the core
                      if ( $HB_ENV["Fset3"] & GetFlagsetValue("CU3_ESTMNT_CORE") ) {

                          $mbrData = Array (
                              'member'    => "$pAcct"
                          );
                          // ** Don't Set email at this time
                          $getEsResp = GetMemberES($HB_ENV, $mbrData);

                          if ($getEsResp['code'] != '000') {
                              $reason = $getEsResp['error'];
                              $errorMsg = $MC->msg('Unable retrieve estatement') . " $reason";
                              throw new Exception( $errorMsg );
                          }
                          $TOC = HCU_array_key_value("TOC", $getEsResp["data"]);

                          for ( $i = 0; $i < count( $TOC ); $i++ ) {
                              $PerDesc = $TOC[$i]["Description"];
                              $PerId = $TOC[$i]["ID"];
                              $PerTokn = sha1("{$Cn}{$PerDesc}{$Cu}");
                              $PerEnd = $TOC[$i]["PeriodEnd"];
                              $PerType = $TOC[$i]["Type"];

                              switch ($PerType) {
                                  case "M":
                                  case "CM":
                                      $PeriodType = 'Monthly';
                                      break;
                                  case "Q":
                                  case "CQ":
                                      $PeriodType = 'Quarterly';
                                      break;
                                  case "SA":
                                  case "CA":
                                      $PeriodType = 'Semi-Annual';
                                      break;
                                  case "T":
                                      $PeriodType = 'Tax Form';
                                      break;
                                  default:
                                      $PeriodType = 'Unknown';
                                      break;
                              }

                              // format the period end to be consistent with what the zip file provides: yyyymm
                              $PeriodEnd = str_replace(array('/','-'), '', $PerEnd);
                              $PeriodEnd = substr( $PeriodEnd, 0, 6 );
                              $toclinks[] = array("PerDesc" => "$PerDesc", "PerType" => "$PeriodType", "PerTypeText" => $MC->msg($PeriodType, HCU_DISPLAY_AS_RAW),
                                                "PerEnd" => "$PeriodEnd", "PerKey" => "$PerId", "PerTokn" => $PerTokn);
                          }
                      } else {
                          $stmntdir = "/home/$chome/stmnt/history/";
                          $stmntdir .= substr($pAcct, 0, 1);
                          $stmntfile = "$stmntdir/$pAcct";

                          if (is_readable($stmntfile)) {
                              $toclinks = array();
                              # populate TOC
                              // open file for reading
                              $zp = gzopen($stmntfile, "r");

                              // read the TOC open mark
                              $TOCmark = gzgets($zp, 4096);

                              // output until end of the TOC and close it.
                              while ($buf = gzgets($zp, 4096)) {
                                  $buf = preg_replace("/^> /", "", $buf);
                                  if (trim($buf) == "") { continue; }
                                  if ($buf == $TOCmark) {
                                      break;
                                  }
                                  list($bd, $ldTime, $ldProc, $PerEnd, $PerType, $PerDesc) = explode("\t", $buf);
                                  if ("$ldTime" != "") {
                                      $tokn = sha1("${Cn}${PerDesc}${Cu}");
                                      $perid = urlencode(rtrim($buf));
                                      $pertokn = $tokn;
                                      $perdesc = "$PerDesc";
                                      switch ($PerType) {
                                          case "M":
                                          case "CM":
                                              $pertype = 'Monthly';
                                              break;
                                          case "Q":
                                          case "CQ":
                                              $pertype = 'Quarterly';
                                              break;
                                          case "SA":
                                          case "CA":
                                              $pertype = 'Semi-Annual';
                                              break;
                                          case "T":
                                              $pertype = 'Tax Form';
                                              break;
                                      }
                                      $toclinks[] = array("PerDesc" => "$perdesc", "PerType" => "$pertype", "PerTypeText" => $MC->msg($pertype, HCU_DISPLAY_AS_RAW),
                                                        "PerEnd" => "$PerEnd", "PerKey" => "$perid", "PerTokn" => $pertokn);
                                  }
                              }
                          } else {
                              $estmt = 'W';
                          }
                      }
                      break;
                  case 'N':
                      # populate 'Click Here to enroll' msg noestmntfrag.html
                      break;
            }
            $stmt['status']['code'] = '000';
            $stmt['status']['severity'] = 'INFO';
            $stmt['estmt']['enrolled'] = $estmt;

            // ** set the ['status']['estmt'] as well, it is being used by some scripts,
            // ** So make sure it has the correct setting
            $stmt['status']['estmt'] = $estmt;

            $stmt['estmt']['pdflinks'] = $pdflinks;
            if ($estmt == 'Y') {
                if (is_array($toclinks)) {
                      usort( $toclinks, "SortEstmt" );
                }
                $stmt['estmt']['toclinks'] = $toclinks;
            }
        } catch (Exception $e) {
            $stmt['status']['code'] = '999';
            $stmt['status']['severity'] = 'ERROR';
            $stmt['status']['errors'][] = $e->getMessage();
            $stmt['estmt'] = array();
        }
    }

    return ($stmt);
}

/**
 *
 *
 *
 * @param integer $dbh          - Current integer pointer to the database handle
 * @param array $HB_ENV         - Current HB Environment array
 * @param class  $MC            - Current language class
 *                                    Returns:
 *                                      Y - CU has e-statements turned on
 *                                          member has the estmt_flat set to 'Y'
 *                                          there is a statement file for the member
 *                                      N - CU has e-statements turned off OR
 *                                          member has the estmt_flat set to 'N'
 *                                      W - CU has e-statements turned on
 *                                          member has the estmt_flat set to 'Y'
 *                                          there is NO statement file for the member
 *                                  false - All parts of the function will execute
 *
 * @return array
 *          HomeCU [status]
 *                    [code] {000, 999}
 *                    [errors] {array of strings}
 *
 *                    [estmt]        - Current estmt flag for the Current Member
 *                    [enrolled]     - Current estmt flag for the Current Member
 *                    [pdflinks]     - pdf links for the credit union
 *                    [toclinks]     - toc links for current member, if they have estatements to view
 *                    [notifyemail]  - Notify email for the credit union
 *                    [sslformsdir]  - The ssl forms directory, location to save ssl forms
 *
 *                    Data returned is a string value from the core if the
 *                      value was posted.  EMPTY if not posted
 */
function Get_EstmtEnrollStatus($dbh, $HB_ENV, $MC, $pAcct) {
    # not finished with this, but moving on...
    # needs to check cuthird for field list override,
    # populate 'Wait' message (estmt_flag=Y but no statement file)
    # use mobile fragments instead of desktop
    $Cu = $HB_ENV['Cu'];
    $Cn = $HB_ENV['Cn'];
    $Flang = $HB_ENV['Flang'];
    $chome = $HB_ENV['chome'];
    $email = $HB_ENV['Ml'];
    $live = $HB_ENV['live'];

    $errors = array();
    $stmt = array();
    try {
        $sql = "SELECT email
                FROM cuadmnotify
                WHERE cu = '{$HB_ENV['Cu']}'
                AND role = 'agree'";
        $emRs = db_query($sql, $dbh);
        list($notifyEmail) = db_fetch_array($emRs);
        db_free_result($emRs);
        /*
         * Define the location of the sslforms directory
         */
        $sslFormsDir = "/home/{$HB_ENV['chome']}/sslforms/";

        // ** Check the Email exists and directory has sufficient rights
        if (trim($notifyEmail) == '' || !(is_writable($sslFormsDir))) {
            throw new Exception($MC->msg('Feature Not Set') . '. ' . $MC->msg('Contact CU'), 1);
        }

        if ( ($HB_ENV["Fset3"] & GetFlagsetValue("CU3_ESTMNT_CORE")) == 0 ) {
            /*
             * Define the location of the stmnt directory
             * NOTE: This is a separate check because if direct from core there is no need for this directory
             */
            $sslStmntDir = "/home/{$HB_ENV['chome']}/stmnt/";
            if (!(is_writable($sslStmntDir))) {
                throw new Exception($MC->msg('Feature Not Set') . '. ' . $MC->msg('Contact CU'), 2);
            }
        }

        // ** Set the notifyemail and sslFormsDir
        $stmt['estmt']['notifyemail'] = trim($notifyEmail);
        $stmt['estmt']['sslformsdir'] = $sslFormsDir;

        $sql = "select coalesce(estmnt_flag, 'N')
                from {$HB_ENV["Cu"]}memberacct
                where accountnumber = '$pAcct'";

        $sth = db_query($sql, $dbh);
        if (!$sth) {
            throw new Exception($MC->msg('Unable retrieve estatement') . ': ' . db_last_error(), 3);
        }
        list($estmt) = db_fetch_array($sth, 0);
        $estmt = (strtoupper($estmt) == 'Y' ? 'Y' : 'N');
        $stmt['status']['estmt'] = $estmt;

        if ($estmt == "Y" && !($HB_ENV["Fset3"] & GetFlagsetValue("CU3_ESTMNT_CORE"))) {
            $stmntdir = "/home/$chome/stmnt/history/";
            $stmntdir .= substr($pAcct, 0, 1);
            $stmntfile = "$stmntdir/$pAcct";
            if (!is_readable($stmntfile)) {
                $estmt = 'W';
            }
        }

        $stmt['status']['code'] = '000';
        $stmt['status']['severity'] = 'INFO';
        $stmt['estmt']['enrolled'] = $estmt;

        // ** set the ['status']['estmt'] as well, it is being used by some scripts,
        // ** So make sure it has the correct setting
        $stmt['status']['estmt'] = $estmt;

    } catch (Exception $e) {
        $stmt['status']['code'] = '999';
        $stmt['status']['severity'] = 'ERROR';
        $stmt['status']['errors'][] = $e->getMessage();
        $stmt['estmt'] = array();
    }

    return ($stmt);
}

function Create_PDF_Statement($stId, $pHB_ENV, $pMC, $pAcct) {

    $CHome = $pHB_ENV["chome"];
    $Cu = $pHB_ENV["Cu"];
    $Cn = $pHB_ENV["Cn"];

    $stmt = array();
    $errors = array();

    $txtFBG = false;

    // used to suppress the following WeasyPrint related UserWarning for
    // CORELATION_XML related pdf generation process:
    // UserWarning: There are known rendering problems and missing features
    // with cairo < 1.15.4.
    $pythonUserWarningFlag = false;

    if ($pHB_ENV["Fset3"] & GetFlagsetValue("CU3_ESTMNT_CORE")) {

      $mbrData = Array (
        'member'    => "$pAcct",
        'statement-id' => "$stId"
      );

      $getEsResp = GetMemberES($pHB_ENV, $mbrData);

      if ($getEsResp['code'] == '000') {
        $fileContents = base64_decode(HCU_array_key_value("statement", $getEsResp["data"]));

        if ($fileContents == "") {
          $errors[] = $pMC->msg('Statement Not Found');
        } else {
          header("Content-type: application/pdf"); // add here more headers for diff. extensions
          header("Content-Disposition: inline; filename=\"statement.pdf\""); // use 'attachment' to force a download
          header('Content-Transfer-Encoding: binary');

          print $fileContents;
        }
      } else {
        // need to give "custom" messages depending on the error
        $reason = $getEsResp["error"];
        $errorMsg = $pMC->msg('Unable retrieve estatement') . " $reason";
        $errors[] = $errorMsg;
      }
    } else {
        // decode st_id
        $stIdParts = explode("/", $stId);
        $stId = trim($stIdParts[0]);
        $stId = urldecode($stId);

        // point to correct file parts
        $stmntTmp = "/home/$CHome/tmp";
        $stmntDir = "/home/$CHome/stmnt/history/";
        $stmntBaseDir = "/home/{$CHome}/stmnt/";
        $stmntDir .= substr($pAcct, 0, 1);
        $fileName = "{$stmntDir}/{$pAcct}";
        $pdfDefsFile = "/home/$CHome/bin/pdfdefs";
        $stPerArray = explode("\t", $stId);
        $stPerType = $stPerArray[4];

        if (substr($stPerType, 0, 1) == 'C') {
            # if credit card statement type, use ccdisclaimer
            $disclaimerFile = "/home/$CHome/bin/disclaimerCC";
        } else if (substr($stPerType, 0, 1) == 'T') {
            // no disclaimer for tax files
            $disclaimerFile = "";
        } else {
            $disclaimerFile = "/home/$CHome/bin/disclaimer";
        }

        if ($stId == "") {
            $errors[] = $pMC->msg('Statement Not Found');
            $found = false;
            $stmnterrmsg = "Bad cookie data, empty value for: st_id";
            $stmnterrlog = fopen("$stmntTmp/statement_retrieve_failure.log", "a");
            chmod("$stmntTmp/statement_retrieve_failure.log", 0666);
            $stmnterrtime = time();
            $stmntexternalref = "";
            fwrite($stmnterrlog, implode("\t", array($stmnterrtime, date('Y-m-d_H:i:s', $stmnterrtime), getmypid(), "cu_data.i:Create_PDF_Statement", $CHome, $Cn, $stmntexternalref, $stId, $stmnterrmsg)) . "\n");
            fclose($stmnterrlog);
        } elseif (count(explode("\t", $stId)) < 6) {
            $errors[] = $pMC->msg('Statement Not Found');
            $found = false;
            $stmnterrmsg = "Bad cookie data, missing TAB delimiters in value for: st_id";
            $stmnterrlog = fopen("$stmntTmp/statement_retrieve_failure.log", "a");
            chmod("$stmntTmp/statement_retrieve_failure.log", 0666);
            $stmnterrtime = time();
            $stmntexternalref = "";
            fwrite($stmnterrlog, implode("\t", array($stmnterrtime, date('Y-m-d_H:i:s', $stmnterrtime), getmypid(), "cu_data.i:Create_PDF_Statement", $CHome, $Cn, $stmntexternalref, $stId, $stmnterrmsg)) . "\n");
            fclose($stmnterrlog);
        } elseif (is_readable($fileName)) {
            // open the statement history file
            # find the desired statement info (also checks to see if PDF already generated)
            // open file for reading
            $zp = gzopen($fileName, "rb");

            // read until the $st_id mark
            $found = false;
            while ($buf = gzgets($zp, 4096)) {

                if (trim($buf) == $stId) {
                    $found = true;
                    break;
                }
            }
            if ($found == false) {
                $stmnterrmsg = "Bad cookie data, no matching period found using value for: st_id";
                $stmnterrlog = fopen("$stmntTmp/statement_retrieve_failure.log", "a");
                chmod("$stmntTmp/statement_retrieve_failure.log", 0666);
                $stmnterrtime = time();
                $stmntexternalref = "";
                fwrite($stmnterrlog, implode("\t", array($stmnterrtime, date('Y-m-d_H:i:s', $stmnterrtime), getmypid(), "cu_data.i:Create_PDF_Statement", $CHome, $Cn, $stmntexternalref, $stId, $stmnterrmsg)) . "\n");
                fclose($stmnterrlog);
            }

            $pdfExternal = "";
            $pdfMissing = "";
            $txtExternal = "";
            $txtMissing = "";
            $txtInternal = "";
            if ($found) {
                $myPID = getmypid();
                $fpCommandFile = fopen("$stmntTmp/t$myPID", "wb");

                if ($fpCommandFile) {

                    $statementCore = "";
                    // output until end of the statement and close it.
                    // if determine PDF already created leave early
                    while ($buf = gzgets($zp, 4096)) {
                        if (trim($buf) == $stId) {
                            break;
                        }

                        // see if the pdf has already been generated
                        if (preg_match("/^DMS PDF:/", $buf)) {
                            $pdfExternal = true;
                            $txtInternal = "";
                            break;
                        }

                        // see if the txt has been externally saved
                        if (preg_match("/^DMS TXT:/", $buf)) {
                            $txtExternal = true;
                            $txtInternal = "";
                            break;
                        }
                        // check for Full-body generation using newer PDF::Create util
                        if (preg_match("/^DMS~FBG:/", $buf)) {
                            $txtFBG = true;
                           // get the filename to read in the existing PDF
                            preg_match("/^DMS~FBG:(.+)$/", $buf, $matches);
                            # discard the marker line - the generation scripts trip on it
                            $buf = substr($buf,strlen($matches[0])+1);
                            $fbgPDFScript = trim($matches[1]);
                            # drop the ending backtic
                            $fbgPDFScript = substr($fbgPDFScript,0,strlen($fbgPDFScript)-1);
                            # if script isn't specified, set a default
                            if (empty($fbgPDFScript)) {
                               $fbgPDFScript = "/home/$CHome/bin/pdfFBG.pl";
                            }
                        }

                        if (preg_match("/^DMS~XML:/", $buf)) {
                            $txtFBG = true;
                            $pythonUserWarningFlag = true;
                           // get the filename to read in the existing PDF
                            preg_match("/^DMS~XML:(.+)$/", $buf, $matches);
                            # discard the marker line - the generation scripts trip on it
                            $buf = substr($buf,strlen($matches[0])+1);
                            $fbgPDFScript = trim($matches[1]);
                            # drop the ending backtic
                            $fbgPDFScript = substr($fbgPDFScript,0,strlen($fbgPDFScript)-1);
                            # if script isn't specified, set a default
                            if (empty($fbgPDFScript)) {
                                $fbgPDFScript = "/usr/local/bin/xmlestatement_generate_otf -dl -b /home/" . strtolower($Cu) . " OnTheFly " . strtoupper($Cu) . " pb";
                            }
                        }

                        $statementCore .= $buf;
                        $txtInternal = true;
                    }

                    gzclose($zp);

                    if ($pdfExternal) {

                        // get the filename to read in the existing PDF
                        preg_match("/^DMS PDF:(.+)$/", $buf, $matches);
                        $retrieveFromS3 = false;
                        $s3Presign = false;


                        $externalPDFRef = trim($matches[1]);
                        $externalPDFFileName = $stmntBaseDir . trim($matches[1]);

                        if (is_readable($externalPDFFileName)) {
                            $fileContents = file_get_contents($externalPDFFileName);
                            if ($fileContents == "") {
                                $retrieveFromS3 = true;
                                $fileContents = data_from_EStateGet($externalPDFFileName, $presignurl=$s3Presign);
                            }
                        } else {
                            $retrieveFromS3 = true;
                            $fileContents = data_from_EStateGet($externalPDFFileName, $presignurl=$s3Presign);
                        }
                        if ($fileContents == "") {
                            $errors[] = $pMC->msg('Statement Not Found');
                            $pdfMissing = true;
                            $stmnterrmsg = "Failed reading (local and S3) file: $externalPDFFileName";
                            $stmnterrlog = fopen("$stmntTmp/statement_retrieve_failure.log", "a");
                            chmod("$stmntTmp/statement_retrieve_failure.log", 0666);
                            $stmnterrtime = time();
                            $stmntexternalref = $externalPDFRef;
                            fwrite($stmnterrlog, implode("\t", array($stmnterrtime, date('Y-m-d_H:i:s', $stmnterrtime), getmypid(), "cu_data.i:Create_PDF_Statement", $CHome, $Cn, $stmntexternalref, $stId, $stmnterrmsg)) . "\n");
                            fclose($stmnterrlog);
                        } else {
                            if ($s3Presign && $retrieveFromS3) {
                                header("Location: " . $fileContents);
                            } else {
                                header("Content-type: application/pdf"); // add here more headers for diff. extensions
                                header("Content-Disposition: inline; filename=\"statement.pdf\""); // use 'attachment' to force a download
                                header('Content-Transfer-Encoding: binary');
                                print $fileContents;
                            }
                        }
                    }

                    if ($txtExternal) {

                        // get the filename to read for external TXT data
                        preg_match("/^DMS TXT:(.+)$/", $buf, $matches);

                        $externalTXTRef = trim($matches[1]);
                        $externalTXTFileName = $stmntBaseDir . trim($matches[1]);

                        if (is_readable($externalTXTFileName)) {
                            $statementCore = file_get_contents($externalTXTFileName);
                            if ($statementCore == "") {
                                $statementCore = data_from_EStateGet($externalTXTFileName);
                            }
                        } else {
                            $statementCore = data_from_EStateGet($externalTXTFileName);
                        }
                        if ($statementCore == "") {
                            $errors[] = $pMC->msg('Statement Not Found');
                            $txtMissing = true;
                            $stmnterrmsg = "Failed reading (local and S3) file: $externalTXTFileName";
                            $stmnterrlog = fopen("$stmntTmp/statement_retrieve_failure.log", "a");
                            chmod("$stmntTmp/statement_retrieve_failure.log", 0666);
                            $stmnterrtime = time();
                            $stmntexternalref = $externalTXTRef;
                            fwrite($stmnterrlog, implode("\t", array($stmnterrtime, date('Y-m-d_H:i:s', $stmnterrtime), getmypid(), "cu_data.i:Create_PDF_Statement", $CHome, $Cn, $stmntexternalref, $stId, $stmnterrmsg)) . "\n");
                            fclose($stmnterrlog);
                        }
                    }

                    if ($txtInternal == true || ( $txtExternal == true && $txtMissing != true )) {
                        /*
                         * mws - Moved this code to the else statement.
                         * The pdfdefs file will NOT exist for CUs that have PDFs created already.
                         * So we don't read until we know this is a pdf we build
                         * Adding logic to verify the file can be read to prevent any problems
                         * trying to read a file that does NOT exist
                         */
                        // copy the defs for the CU
                        if (is_readable($pdfDefsFile) && $txtFBG != true) {
                            $defsFile = file_get_contents($pdfDefsFile);
                        } else {
                            $defsFile = false;
                        }
                        if ($defsFile !== false) {
                            fwrite($fpCommandFile, $defsFile);
                        }

                        // create the rest of the PDF build commands
                        fwrite($fpCommandFile, $statementCore);

                        if (strlen($disclaimerFile) > 0 && is_readable($disclaimerFile) && $txtFBG != true) {
                            $disclaimerFileContents = file_get_contents($disclaimerFile);
                        }
                        if ($defsFile !== false)
                            fwrite($fpCommandFile, $disclaimerFileContents);

                        fclose($fpCommandFile);

                        if ($txtFBG == true) {
                            list($Tscript,$Topts) = explode(' ', $fbgPDFScript, 2);
                            if (!is_executable("$Tscript")) {
                                $errors[] = $pMC->msg('Feature Not Set') . ' (missing script)';
                            }
                        }
                        if (count($errors) == 0) {
                            // now, generate the PDF using the PDF writer
                            // NOTE: Since this may have binary data it needs to be output directly to the browser
                            header("Content-type: application/pdf"); // add here more headers for diff. extensions
                            header("Content-Disposition: inline; filename=\"statement.pdf\""); // use 'attachment' to force a download
                            header('Content-Transfer-Encoding: binary');

                            if ($txtFBG == true) {
                                if ($pythonUserWarningFlag) {
                                    passthru("python3 -W ignore::UserWarning $fbgPDFScript $stmntTmp/t$myPID -");
                                } else {
                                    passthru("$fbgPDFScript $stmntTmp/t$myPID");
                                }
                            } else {
                                passthru("/opt/odyssey/tools/bin/pdffile.cgi $stmntTmp/t$myPID -");
                            }
                        }
                    }
                    // remove the temp file
                    unlink("$stmntTmp/t$myPID");
                }
            } else {
                $errors[] = $pMC->msg('Statement Not Found');
            }
        } else {
            // if no statement history flag as an error
            $errors[] = $pMC->msg('Statement Missing');
        }
    }

    if (count($errors)) {
        $stmt["status"]["code"] = '999';
        $stmt["status"]["severity"] = 'Error';
        $stmt["estmt"]["stId"] = "$stId";
        $stmt["errors"] = $errors;
        $stmt["estmt"]["contents"] = "";
    } else {
        $stmt["status"]["code"] = '0';
        $stmt["status"]["severity"] = 'INFO';
    }

    return $stmt;
}

function data_from_EStateGet( $EStateGet_file, $presignurl=false ) {

  $EStateGet_data = "";

  $cmd = "/opt/odyssey/tools/bin/EStateGetFromS3.py -f " . $EStateGet_file;
  if ($presignurl) {
      $cmd .= " " . "-p";
  }

  $EStateGet_fd = popen($cmd, 'r');
  while ($EStateGet_buf = fread($EStateGet_fd,2096)){
    $EStateGet_data .= $EStateGet_buf;
  }
  pclose($EStateGet_fd);
  return $EStateGet_data;
}


/**
 *
 * @param integer $p_dbh    - handle to the current connection of the database
 * @param class $p_hb_env   - Current HB_ENV array, by reference
 * @param class $p_mc       - Current object for MC Language class
 * @param string $p_device  - {M,R,C,D,P}Pass in the device type
 *                            M - Mobile Device
 *                            R - Responsive (Updated Mobile) Device
 *                            C - Classic device
 *                            P - Iphone App Device
 *                            D - Desktop (NEW) Presentation
 * @param string $p_noticefor   - This field will be used when we want to retrieve notices
 *                              - for a script.  BLANK if no notice to be retrieved
 *                            {S, M, B, Disclaimer Name)
 *                            S - To Retrieve ALL Surveys ONLY
 *                            M - To Retrieve ALL Marketing Messages ONLY
 *                            B - To Retrieve ALL Survey/Marketing
 *                            Otherwise, if a value is sent, I will send that to the
 *                              disclaimer notice function
 *
 * @param int    $p_fulldetail - {0,1} - Defaults to FULL DETAIL (1)
 *                            0 - Do not include the notice_text in the returned array (useful for save operations)
 *                            1 - INCLUDE the notice TEXT in notice_text
 * @param int    $p_noticeid- This is if I want a SPECIFIC noticeid loaded (for survey/marketing messages)
 * @return
 *
 * Returns an array
 *
 * HB_ENV options -- There are options that can be set in HB_ENV to suppress certain
 *                    types of messages to retrieve.  By default all messages are retrieved
 *                    To suppress a type of message, set the following value to TRUE to suppress
 *                    the corresponding message
 *                    messageSuppressPromo - Suppreses Promo Message
 *                    messageSuppressSurvey - Suppress Popup Survey Message
 *                    messageSuppressMsg - Suppress Popup ONLY Marketing Message
 *                        (Emebedded will still be retrieved)
 *
 *
 * [popup]
 *        [id]
 *        [type]
 *
 * [notice]
 *        [mode]
 *        [link_target]
 *        [link_text]
 *
 *
 *
 * ALL NOTICE TYPES Return the following array structure
 * [status]
 *          [code]      HB Standard codes 000 success, 999 error
 *          [severity]  {SUCCESS, ERROR}
 *          [errors]    List of errors if any exist
 * [notice]
 *    * This is a numerically indexed array containing the following fields
 *          [notice_type]           {N,S,M,C} - The type of notice
 *                                  N - Screen notice, often a disclosure
 *                                  S - Survey notice
 *                                  M - Marketing Message
 *                                  B - Both (Marketing/Survey)
 *                                  PROMO - Promo Only
 *                                  PRM - Get Promo / Marketing Messages
 *                                  PRS - Get Promo / Surveys
 *                                  ALL - All (Marketing/Survey/Promo)
 *                                  C - CU CMS Fragment
 *
 *          [notice_id]             This is a unique value for the particular notice
 *                                  * For Survey/Marketing messages, this is the surveyid from the cusurvey table
 *                                  * For notices, this is a predetermined constant (NOT the actual filename)
 *          [notice_text]           This is the text of the notice, ONLY returned if p_inctext is set to 1
 *          [notice_linktarget]     This is the link target for the notice, destination for the click
 *          [notice_linkdisplay]    The display value for the link
 *          [notice_posttarget]     This is the expected link to post results to
 *          [notice_intro]          This is the intro message for the notice -- PRIMARILY for survey types (S)
 *          [notice_title]          If a title is being used for displaying the notice, this should be the title being used (optional to show)
 *            ** NOTE, it is up to the presentation whether or not to show a link
 *          [notice_msg_tx]         This is the msg_tx constant associated with this notice
 *          [notice_donotshowtext]  IF set, this is the text to show on the form, whether to set the option for NOT showing again
 *          [notice_msg_tx_show]    {0,1,2} Does the member get the option for the msg_tx (Which controls a sort of don't show me again)
 *                                  0 - THERE IS NO OPTION for msg_tx. NO HIDDEN OR VISIBLE ENTRY
 *                                  1 - the member should see the Don't Show Me Again option (use the notice_donotshowtext for display value)
 *                                  2 - The member should NOT see the don't show me again option, so this would be a hidden value in most html
 *                                  ** FOR both options of notice_msg_tx_show, the returned value should be 1
 *                                  ** THE NAME OF THE FIELD IS {notice_msg_show}
 *          [notice_msg_tx_perm]    {1,0} Does the msg_tx constant affect the Ticket ONLY (0) or does it also affect the cuusers table (1)
 *                                  0 - ONLY the Ticket will be updated for the member, no saving to cuusers table
 *                                  1 - Update the Member Ticket as well as the cuusers table
 *          [notice_popup]          Should the message be automatically popped up?
 *
 *          [notice_answertype]     {O, M}
 *                                  O - The member may select ONLY ONE answer from the provided list
 *                                  M - The member may select ONE OR MORE from the provided list
 *                                      * Using the option "M", we can trick marketing messages into showing a 'Don't Show Me Again Option'
 *          [notice_suppressresponse] {Y, N}
 *                                  Y - This type of notice will have a response when Update_NoticeInfo is called.  A copy of the notice structure
 *                                      will be returned in [response][notice_results]
 *                                  N - This type of notice will have NO response and the platform should just close action
 *          [notice_answervotes_ttl The total number of votes cast for any notice (That has answers) APPLIES to SURVEY TYPES
 *          [notice_answervotes_ttldisplay] The label for the total votes
 *                                  ** For certain notices, the member will have answers they can submit back to the server
 *          [notice_answers][]      Array of the following structure
 *                          [answer_id]   The Answerid from the cusurveydetail (for surveys) .. Marketing messages will use
 *                          [answer_text] The display text for the answer
 *                          [answer_votes] The number of votes cast for an answer
 *                          [answer_pct]   The percentage of votes from the TOTAL cast for this answer
 *      ** NOTE: The name of answers when they are posted back to the server should ALWAYS BE "notice_answer_{answer_id}"
 *
 *
 */
function Get_NoticeInfo($p_dbh, $p_hb_env, $p_mc, $p_device, $p_noticefor, $p_fulldetail = 1, $p_noticeid = -1) {

  $retStatus_ary = Array('status' => Array('code'=>'000', 'severity'=>'SUCCESS', 'errors' => Array()), 'notice' => Array());

  switch ($p_noticefor) {
    case 'ALL':
    case 'PROMO':
      // ** For these two types, ALSO include the PROMO messages
      if (!array_key_exists('messageSuppressPromo', $p_hb_env) || !$p_hb_env['messageSuppressPromo']) {
        $HBPromoMsg_ary = Get_CMSFragFile($p_dbh, $p_hb_env, $p_mc, $p_device, $p_noticefor, $p_fulldetail, $p_noticeid);
        if ($HBPromoMsg_ary['status']['code'] == '000') {
          // NO ERRORS
          if (count($HBPromoMsg_ary['notice']) > 0) {
            // ** Add the notices I found to the array
            $retStatus_ary['notice'] = array_merge($retStatus_ary['notice'], $HBPromoMsg_ary['notice']);
          }
        }
      }
      if ($p_noticefor == 'PROMO') {
        break;
      } else {
        $p_noticefor = 'B';
      }
    case 'M':
    case 'S':
    case 'B':
      // ** LOOKUP ANY SURVEY / MARKETING
      $HBSurveyMsg_ary = Get_HBSurveyMsg($p_dbh, $p_hb_env, $p_mc, $p_device, $p_noticefor, $p_fulldetail, $p_noticeid);
      if ($HBSurveyMsg_ary['status']['code'] == '000') {
        // NO ERRORS
        if (count($HBSurveyMsg_ary['notice']) > 0) {
          // ** Add the notices I found to the array
          $retStatus_ary['notice'] = array_merge($retStatus_ary['notice'], $HBSurveyMsg_ary['notice']);
        }
      }
      break;
    case 'transfer':
    case 'estatement':
      // ** LEGACY fragment version
      // ** LOOKUP ANY NOTICE INFORMAITON
      // ** ONLY Look for file notification IF we did not look for a specific notice
      if ($p_noticefor != '' && $p_noticeid == -1) {
        $NoticeStatus_ary = Get_HBNoticeFile($p_hb_env, $p_mc, $p_device, $p_noticefor, $p_fulldetail);

        if ($NoticeStatus_ary['status']['code'] == '000') {
          // ** We have notices.. Send back information here
          if (count($NoticeStatus_ary['notice']) > 0) {
            // ** return the information -- 1 should all that is returned anyways...
            //$retStatus_ary['notice'][] = $NoticeStatus_ary['notice'];
            $retStatus_ary['notice'] = array_merge($retStatus_ary['notice'], $NoticeStatus_ary['notice']);
          }
        }

      }
      break;
    case 'updatecms':
    case 'viewcms':
    case 'loadcms':
      // * *USED TO LOOKUP A SPECIFIC CMS DOC ID
    default:
      //
      if ($p_noticefor != '') {
        $NoticeStatus_ary = Get_CMSFragFile($p_dbh, $p_hb_env, $p_mc, $p_device, $p_noticefor, $p_fulldetail, $p_noticeid);
        if ($NoticeStatus_ary['status']['code'] == '000') {
          // ** We have notices.. Send back information here
          if (count($NoticeStatus_ary['notice']) > 0) {
            // ** return the information -- 1 should all that is returned anyways...
            $retStatus_ary['notice'] = array_merge($retStatus_ary['notice'], $NoticeStatus_ary['notice']);
          }
        }
      }

  }
  return $retStatus_ary;
}


/**
 *
 * @param integer $p_dbh    - handle to the current connection of the database
 * @param array $p_hb_env     -- Current array for HB_ENV
 *                                REQUIRED
 *                                Cu - Credit Union Code
 *                                Cn - Member Number
 *                                chome - Credit union home directory
 *                                Flang - Current Language setting
 *                                homebankingpath - The path to the hcubin for current cu
 *                                loginpath - directory where current platform login script exists
 * @param class $p_mc         -- This is the current object for MC Language
 * @param string $p_device    -- Pass in the device type, ** NOTE - NOT USED AT THIS TIME
 * @param string $p_noticefor -- This is the "form" I want to lookup if it has a notice
 *                                ALSO - Can be either updatecms or viewcms
 *                                updatecms - This is used to lookup a document
 *                                            for the purpose of updating the cucmsresponse
 *                                            table.  The p_noticeid must be entered with the docsid
 *                                viewcms   - This is used to lookup a document
 *                                            for the purpose of viewing.
 *                                            It will not worry about if the member responded.
 *                                            The p_noticeid must be entered with the docsid
 *                                loadcms   - The purpose of this option (should be last)
 *                                            is to allow the loading of a CMS document by
 *                                            docid, but then load all parameters, not just
 *                                            the notice_text
 * @param integer $p_inctext  -- {0, 1}
 *                               0 - do not return the file contents
 *                               1 - return the file contents in the field notice_text
 * @return array
 *            Structure follows:
 *
 * Returns the following array structure
 * [status]
 *          [code]      HB Standard codes 000 success, 999 error
 *          [severity]  ** DEPRECATED -- NO LONGER USED
 *          [errors]    List of errors if any exist
 * [notice]
 *    ** RETURNS ARRAY AS DEFINED BY Get_NoticeInfo
 *
 * Fragment files are a predetermined script.  If it is NOT found then there is nothing to display
 *
 */
function Get_CMSFragFile($p_dbh, $p_hb_env, $p_mc, $p_device, $p_noticefor, $p_inctext, $p_noticeid = -1) {
  $retStatus_ary = Array('status' => Array('code'=>'000', 'errors' => Array()), 'notice' => Array());

  $tmp_Notices_tmpl = Array(
                        "notice_type"=>"",
                        "notice_subtype" => "",
                        "notice_id" => "",
                        "notice_text" => "",
                        "notice_linktarget" => "",
                        "notice_linkdisplay" => "",
                        "notice_posttarget" => "",
                        "notice_intro" => "",
                        "notice_title" => "",
                        "notice_msg_tx" => "",
                        "notice_donotshowtext" => "",
                        "notice_msg_tx_show" => "",
                        "notice_msg_tx_perm" => "",
                        "notice_popup" => 0,
                        "notice_answertype" => "",
                        "notice_positive_caption" => "",
                        "notice_negative_caption" => "",
                        "notice_answers" => Array()
                      );
  $tmp_Notices = Array();
  $tmp_Answers_tmpl = Array (
                        "answer_id" => "",
                        "answer_text" => ""
                      );

  $tmp_Answer = Array();

  $tmp_ViewNotice = Array(
                              "docsid" => '',
                              "Cu" => '',
                              "chome" => '',
                              "device" => '',
                              "Flang" => ''
                            );


  /* **
   * Setup default values for the string replace for custom content
   * these values  -- If any of these values are already set, then use those values
   * **
   */
  $defaultStrReplace = Array("CULOGIN" => strtolower($p_hb_env['Cu']),
                             "CUNAME" => HCU_array_key_exists("orgname", $p_hb_env) ? trim($p_hb_env['orgname']) : "",
                             "CUSERVER" => HCU_array_key_exists("cuhost", $p_hb_env) ? $p_hb_env['cuhost'] : "",
                             "DBPREFIX" => $p_hb_env['Cu'],
                             "HCUDIR" => 'banking'
                             );

  if ( !is_array( HCU_array_key_value( "noticeStrReplace", $p_hb_env ) ) ) {
    // ** Use the defaults
    $p_hb_env['noticeStrReplace'] = $defaultStrReplace;

  } else {
    // ** Merge the arrays together
    $p_hb_env['noticeStrReplace'] = array_merge($defaultStrReplace, $p_hb_env['noticeStrReplace']);
  }

  // * A generic updatecms was created -- When this is used in conjunction with
    // * a notice_id, it will lookup a specific record based on docs id rather
    // * than the docsname
  if ($p_noticefor === 'updatecms') {
    $accountnumber = HCU_array_key_value("notice_accountnumber", $p_hb_env["HCUPOST"]);
    $sql = "SELECT cucmsdocs.docsid, cucmsdocs.docsname, cucmsdocs.docsdesc,
              cucmsdocs.docsdefaultavail, cucmsdocs.docsresponsetype,
              cucmsdocs.docsdisplaytext, cucmsdocs.docsdisplaylink,
              cucmsfrags.cu, cucmsfrags.fragusedefault, cucmsfrags.fraguselink,
              cucmsfrags.fragclearresponse, coalesce((SELECT 'Y'
                  FROM cucmsresponse
                  WHERE cu = '" . prep_save($p_hb_env['Cu'], 10) . "' AND user_id = {$p_hb_env['Uid']}
                  " . ($accountnumber === false ? "" : "AND trim(accountnumber) = '" . prep_save(trim($accountnumber), 12) . "'") . "
                  AND cucmsresponse.docsid = cucmsdocs.docsid)::text, 'N') as responseexists
            FROM cucmsfrags
            JOIN cucmsdocs on cucmsdocs.docsid = cucmsfrags.docsid
            WHERE cucmsdocs.docsid = '" . intval($p_noticeid) . "'
              AND cucmsfrags.cu = '" . prep_save($p_hb_env['Cu'], 10) . "'
              AND (docsresponsetype = 'N'
                   OR (fraguselink = 'Y'
                        OR (docsresponsetype in ('D', 'T', 'F', 'A', 'E', 'P'))
                      )); ";

  } elseif ($p_noticefor === 'viewcms' || $p_noticefor === 'loadcms') {
    $sql = "SELECT cucmsdocs.docsid, cucmsdocs.docsname, cucmsdocs.docsdesc,
              cucmsdocs.docsdefaultavail, cucmsdocs.docsresponsetype,
              cucmsdocs.docsdisplaytext, cucmsdocs.docsdisplaylink,
              cucmsfrags.cu, cucmsfrags.fragusedefault, cucmsfrags.fraguselink,
              cucmsfrags.fragclearresponse
            FROM cucmsfrags
            JOIN cucmsdocs on cucmsdocs.docsid = cucmsfrags.docsid
            WHERE cucmsdocs.docsid = '" . intval($p_noticeid) . "'
              AND cucmsfrags.cu = '" . prep_save($p_hb_env['Cu'], 10) . "' ";

  } elseif ($p_noticefor == 'ALL' || $p_noticefor == 'PROMO') {
    //  Promos are also stored in the cucms tables, this query may return
      // mutliple records
      //
    // * ONLY return records that have NOT been responded too

    // * ONLY return records for estatements if the user has access
    // * to estatements
    $permissionInputs = array( "feature" => FEATURE_ESTATEMENTS );
    $permissionEstmt = Perm_AccessRights( $p_dbh, $p_hb_env, $permissionInputs );


    $Uid = (int) $p_hb_env['Uid'];

    $sql = "
      WITH base AS (
        SELECT
          d.docsid, d.docsname, d.docsdesc, d.docsdefaultavail, d.docsresponsetype, d.docsdisplaytext, d.docsdisplaylink, f.cu, f.fragusedefault, f.fraguselink, f.fragclearresponse, r.responseon
        FROM cucmsfrags f
        INNER JOIN cucmsdocs d
          ON f.docsid = d.docsid
        LEFT JOIN cucmsresponse r
          ON f.docsid = r.docsid
          AND r.cu = f.cu
          AND r.user_id = $Uid
        WHERE d.docsresponsetype IN ('A', 'E', 'P')
          AND (
            (f.fragstartdate IS null AND f.fragenddate IS NULL)
            OR
            (f.fragstartdate > now() AND f.fragenddate <= now())
          )
          AND f.cu = '{$p_hb_env['Cu']}'
          AND r.responseon IS NULL
      )";

      $sql .= "SELECT * FROM base b WHERE b.docsresponsetype <> 'E'";

      if ($permissionEstmt['access']) {
        $sql .= "
          UNION ALL
          SELECT b.* FROM base b
          INNER JOIN (
            SELECT bool_and(COALESCE(estmnt_flag, 'N') <> 'Y') AS estmt_unset
            FROM {$p_hb_env['Cu']}memberacct ma
            WHERE EXISTS (
              SELECT 'FOUND'
              FROM {$p_hb_env['Cu']}useraccounts ua
              WHERE ma.accountnumber = ua.accountnumber
                AND ua.user_id = $Uid)
          ) t
            ON b.docsresponsetype = 'E'
            AND t.estmt_unset";
      }
  } else {
    /*
     * Changing the query to now always return the information needed to evaluate
     * the Fragment.  The following code will decide what to return
     *
     */
    $Uid = (int) HCU_array_key_value( "Uid", $p_hb_env );
    $sql = "SELECT cucmsdocs.docsid, cucmsdocs.docsname, cucmsdocs.docsdesc,
              cucmsdocs.docsdefaultavail, cucmsdocs.docsresponsetype,
              cucmsdocs.docsdisplaytext, cucmsdocs.docsdisplaylink,
              cucmsfrags.cu, cucmsfrags.fragusedefault, cucmsfrags.fraguselink,
              cucmsfrags.fragclearresponse, cucmsresponse.responseon
            FROM cucmsfrags
            JOIN cucmsdocs on cucmsdocs.docsid = cucmsfrags.docsid
            LEFT JOIN cucmsresponse on cucmsresponse.docsid = cucmsfrags.docsid
              AND cucmsresponse.cu = cucmsfrags.cu
              AND cucmsresponse.user_id = $Uid
            WHERE cucmsdocs.docsname = '" . prep_save($p_noticefor) . "'
              AND cucmsfrags.cu = '" . prep_save($p_hb_env['Cu'], 10) . "'; ";
  }
  // ** Evaluate the records returned. Technically there should only be one record
    // * per doc type
  $fragRs = db_query($sql, $p_dbh);

  if (db_num_rows($fragRs) > 0) {
    $fragIdx = 0;

    // ** Loop through the list of messages, there should be only ONE row
      // * for most types, the exception is where the docresponsetype is {A,E,P}
      // * this if for Promo messages
    while ($fragRow = db_fetch_assoc($fragRs, $fragIdx)) {
      // ** Need to reset the Array each time.
      $tmp_Notices = $tmp_Notices_tmpl;
      $tmp_Notices['notice_type'] = 'C';

      // ** Now Locate the fragment
      // Are we using the Default?

      if ($p_inctext == 1) {
        // * I should be ALWAYS able to use the cucmsdocs.docsname from the dB
        // * it will prevent any issues when I have special code when using viewcms/udpatecms
        if ($fragRow['fragusedefault'] == 'Y') {
          $fragFileDir= "/home/homecu/public_html/bankingIncludes";
          $fragFileName = "skel_" . trim($fragRow['docsname']);     // Look for skel_xxx name
        } else {
          $fragFileDir = "/home/{$p_hb_env['chome']}/public_html/bankingIncludes";
          $fragFileName = trim($fragRow['docsname']) . ".html";     // Look for .html as extension
        }

        // ** Now decide the language we get
        $fragFilePath = '';
        if (is_readable($fragFileDir . "/" . $p_hb_env['Flang'] . "/" . $fragFileName)) {
          $fragFilePath = $fragFileDir . "/" . $p_hb_env['Flang'] . "/" . $fragFileName;
        } else if (is_readable($fragFileDir . "/en_US/" . $fragFileName)) {
          $fragFilePath = $fragFileDir . "/en_US/" . $fragFileName;
        } else {
          // ** NO FILE TO READ
        }

        /*
         * Setup the tmp_Notices array
         */

        // * if a path is set, then load
        // ** ONLY include text if it requested
        if ($fragFilePath != '' && is_readable($fragFilePath)) {
          // ** Set the notice text
          $tmp_Notices['notice_text'] = file_get_contents($fragFilePath);

          // see if there are any substitutions for keywords
          $substList = HCU_array_key_exists("noticeStrReplace", $p_hb_env) ? $p_hb_env["noticeStrReplace"] : null;

          // Instead of an array with a replace and whatnot, strreplace is a replace pairs whatnot so strtr works for translation.
          if (isset($substList) && is_array($substList))
          {
            $tmp_Notices["notice_text"]= strtr($tmp_Notices["notice_text"], $substList);
          }
        }
      }

      $tmp_Notices['notice_subtype'] = $fragRow['docsresponsetype'];
      $tmp_Notices['notice_id'] = $fragRow['docsid'];

      if ($p_noticefor != 'viewcms') {
        /*
         *  Notice Link Information
         */
        /*
         *  Create URL Hashed Value for Lookup
         */
        $tmp_ViewNotice['docsid'] = $fragRow['docsid'];
        $tmp_ViewNotice['Cu'] = $p_hb_env['Cu'];
        $tmp_ViewNotice['device'] = $p_device;
        $tmp_ViewNotice['chome'] = $p_hb_env['chome'];
        $tmp_ViewNotice['Flang'] = $p_hb_env['Flang'];

        $encryptedDocDetails= HCU_PayloadEncode($p_hb_env['Cu'], $tmp_ViewNotice);

        // ** Should this ALWAYS LINK to /hcubinX/hcuWebView ?
        $tmp_Notices['notice_linktarget'] = $p_hb_env['homebankingpath'] . '/hcuWebView.prg?x=' . urlencode($encryptedDocDetails) . '&cu=' . $p_hb_env['Cu'];

        $tmp_Notices["notice_responseexists"] = HCU_array_key_value("responseexists", $fragRow);

        if ($fragRow['fraguselink'] == 'Y') {
          $tmp_Notices['notice_linkdisplay'] = ($fragRow['docsdisplaylink'] == 'Y' ? $p_mc->msg($fragRow['docsdisplaytext']) : '');
        }


        /*
         *  Notice POSTING Target
         */
        if ($fragRow['docsresponsetype'] !== 'N') {
          // ** If docs responsetype is N, then we do NOT expect any posting for this type
            // * of notice

          // ** Depending on Device - the post target is different
          switch ($p_device) {
            case "D":
              // ** Desktop UPGRADE
              $tmp_Notices['notice_posttarget'] = $p_hb_env['loginpath'] . "/hcuViewNotice.prg?cu={$p_hb_env['Cu']}";
              break;
            case "M":
            case "R":
              // * Mobile Web App
              $tmp_Notices['notice_posttarget'] = $p_hb_env['loginpath'] . "/notices?cu={$p_hb_env['Cu']}";
              break;
            case "P":
              // * Native App
              $tmp_Notices['notice_posttarget'] = $p_hb_env['loginpath'] . "/notices?cu={$p_hb_env['Cu']}";
              break;
            case "C":
              // * Classic
              $tmp_Notices['notice_posttarget'] = $p_hb_env['loginpath'] . "/hcuViewNotice.prg?cu={$p_hb_env['Cu']}";
              break;
          }

        }

        $tmp_Notices['notice_intro'] = '';
        $tmp_Notices['notice_title'] = '';

        // msg_tx setup - NOT USED FOR THESE types
        if (in_array($fragRow['docsresponsetype'], Array('A', 'E', 'P'))) {
          $tmp_Notices['notice_msg_tx'] = 16384;
        } else {
          $tmp_Notices['notice_msg_tx'] = '';
        }
        $tmp_Notices['notice_msg_tx_show'] = '';
        $tmp_Notices['notice_donotshowtext'] = '';

        //** notice_popup - If they are required to answer then this
          // will be a popup
        if (HCU_array_key_value('responseon', $fragRow) == '' && in_array($fragRow['docsresponsetype'], Array('D', 'T', 'A', 'E', 'P'))) {
          // * If the response portion is blank, then I want to trigger as popup
            // * IF the type is a TERMS or DISCLOSURE
          if (HCU_array_key_exists("Fmsg_tx", $p_hb_env) && (($p_hb_env['Fmsg_tx'] & $tmp_Notices['notice_msg_tx']) == 0 )) {
            // This notice should be seen as a pop-up
            $tmp_Notices['notice_popup'] = 1;
          }
        }
        $tmp_Notices['notice_answertype'] = 'M';
        $tmp_Notices['notice_suppressresponse'] = 'Y';


        if ($fragRow['docsresponsetype'] == 'T') {
          $tmp_Answer = $tmp_Answers_tmpl;
          // Use Docs ID for answer
          $tmp_Answer['answer_id'] = $fragRow['docsid'];
          $tmp_Answer['answer_text'] = $p_mc->msg('I Accept the Terms');

          $tmp_Notices['notice_answers'][] = $tmp_Answer;

          // ** SET the Positive (Accept) / Negative (Decline) Text
          $tmp_Notices['notice_positive_caption'] = $p_mc->msg('Accept');
          $tmp_Notices['notice_negative_caption'] = $p_mc->msg('Cancel');
          // neutral is for notice-only display
          $tmp_Notices['notice_neutral_caption'] = $p_mc->msg('Close');
        } else if (in_array($fragRow['docsresponsetype'], Array('D', 'A', 'E', 'P'))) {
          $tmp_Answer = $tmp_Answers_tmpl;
          // Use Docs ID for answer
          $tmp_Answer['answer_id'] = $fragRow['docsid'];
          $tmp_Answer['answer_text'] = $p_mc->msg('Dont Tell Me Again');

          $tmp_Notices['notice_answers'][] = $tmp_Answer;

          // ** For Disclosures, ONLY send positive button
          // As of 10/29/14 send "Close" for estatement promos
          $tmp_Notices['notice_positive_caption'] = $fragRow['docsresponsetype'] == "E" ? $p_mc->msg('Close') : $p_mc->msg('Continue');
          // neutral is for notice-only display
          $tmp_Notices['notice_neutral_caption'] = $p_mc->msg('Close');
        } else {
          // currently (12/16/2013) this is the Notice only case
          // ** ELSE send a Close for the button
          $tmp_Notices['notice_neutral_caption'] = $p_mc->msg('Close');
        }
      }

      // ** Never add anything to the fragment, that is up to the presentation
      // ** ONLY Return the
      $retStatus_ary['notice'][$fragIdx] = $tmp_Notices;
      $fragIdx++;
    }
  } else {
    // ** NO Records to be found
    // ** Set status to 999 ??

  }

  return $retStatus_ary;
}


/**
 *
 * @param array $p_hb_env     -- Current array for HB_ENV
 * @param class $p_mc         -- This is the current object for MC Language
 * @param string $p_device    -- Pass in the device type, ** NOTE - NOT USED AT THIS TIME
 * @param string $p_noticefor -- This is the "form" I want to lookup if it has a notice
 * @param integer $p_inctext  -- {0, 1}
 *                               0 - do not return the file contents
 *                               1 - return the file contents in the field notice_text
 * @return array
 *            Structure follows:
 *
 * Returns the following array structure
 * [status]
 *          [code]      HB Standard codes 000 success, 999 error
 *          [severity]  {SUCCESS, ERROR}
 *          [errors]    List of errors if any exist
 * [notice]
 *    ** RETURNS ARRAY AS DEFINED BY Get_NoticeInfo
 *
 * Notices are a predetermined script.  If it's not one of the predetermined, then do NOT allow
 */
function Get_HBNoticeFile($p_hb_env, $p_mc, $p_device, $p_noticefor, $p_inctext) {
// ** This will either return the text or a link.  This is pulled out from the other
    // ** Function to all

  $retStatus_ary = Array('status' => Array('code'=>'000', 'severity'=>'SUCCESS', 'errors' => Array()), 'notice' => Array());

  $tmp_Notices = Array(
                        "notice_type"=>"",
                        "notice_id" => "",
                        "notice_text" => "",
                        "notice_linktarget" => "",
                        "notice_linkdisplay" => "",
                        "notice_posttarget" => "",
                        "notice_intro" => "",
                        "notice_title" => "",
                        "notice_msg_tx" => "",
                        "notice_donotshowtext" => "",
                        "notice_msg_tx_show" => "",
                        "notice_msg_tx_perm" => "",
                        "notice_popup" => 0,
                        "notice_answertype" => "",
                        "notice_answers" => Array()
                      );

  // ** First check if the noticefor is set.. IF NOT THEN EXIT
  $tmp_Notices['notice_type'] = 'N';
  $tmp_Notices['notice_id'] = $p_noticefor;

  $notice_link = '';
  if ($p_noticefor != '') {
    $notice_filename = "";

    switch ($p_noticefor) {
      case "transfer":
        switch ($p_device) {
          case 'P':
          case 'M':
          case 'R':
            $notice_filename = "mblTransfer";
            break;
          case 'C':
            $notice_filename = "Transfer";
            break;
        }
        $tmp_Notices['notice_msg_tx'] = 1;
        $tmp_Notices['notice_msg_tx_show'] = 1;
        $tmp_Notices['notice_msg_tx_perm'] = 1;
        $tmp_Notices['notice_linkdisplay'] = $p_mc->msg('Transfer Notices');
        $tmp_Notices['notice_donotshowtext'] = $p_mc->msg('Dont Tell Me Again');
        $tmp_Notices['notice_title'] = $p_mc->msg('Transfer Notices');
        break;
      case "estatement":
        switch ($p_device) {
          case 'P':
          case 'M':
          case 'R':
            $notice_filename = "mblEStatement";
            break;
          case 'C':
            $notice_filename = "EStatement";
            break;
        }
        $tmp_Notices['notice_msg_tx'] = 2;
        $tmp_Notices['notice_msg_tx_show'] = 1;
        $tmp_Notices['notice_msg_tx_perm'] = 1;
        $tmp_Notices['notice_donotshowtext'] = $p_mc->msg('Dont Tell Me Again');
        $tmp_Notices['notice_linkdisplay'] = $p_mc->msg('E-Statement Message');
        $tmp_Notices['notice_title'] = $p_mc->msg('Message');
        break;
      default:
        $retStatus_ary['status']['code'] = '999';
        $retStatus_ary['status']['severity'] = 'ERROR';
        $retStatus_ary['status']['errors'][] = 'Unknown notice parameter';

        // ** IMMEDIATELY RETURN -- NO SENSE BEING HERE
        return $retStatus_ary;
    }

    // ** Fragment Directory
    $fragdir = "/home/{$p_hb_env['chome']}/public_html/";
    $fragfile = $notice_filename;
    // ** Fragment File Language Extension
    $fragext = (trim($p_hb_env['Flang']) == "en_US" ? "" : "_" . substr($p_hb_env['Flang'], 0,strpos($p_hb_env['Flang'],"_")) );
    $fragfilename = ($fragext > "" && is_readable("{$fragdir}{$fragfile}{$fragext}.html") ? "{$fragfile}{$fragext}.html" : "{$fragfile}.html");

    // ** reset the fragment file to be the Directory/Filename
    $fragfile = $fragdir . $fragfilename;

    if (is_readable($fragfile)) {
      $notice_link = $p_hb_env['loginpath'] . "/notices?cu={$p_hb_env['Cu']}&Flang={$p_hb_env['Flang']}";

      if ($p_inctext == 1) {
        $tmp_Notices['notice_text'] = file_get_contents($fragfile);
      }

    } else {
      $retStatus_ary['status']['code'] = '999';
      $retStatus_ary['status']['severity'] = 'ERROR';
      $retStatus_ary['status']['errors'][] = 'Unable to read notice file.';
    }

    // ** Build the notices array
    if ($notice_link != '') {
      // ** FOR DIRECT LINK -- WE WILL add an option to end for VIEWING
      // * Add the options for viewing
      $notice_param = "&notice_type=N&notice_id={$p_noticefor}&notice_device={$p_device}";
      // ** If need be we can later allow different platform/devices link to different places
      //$tmp_Notices['notice_linktarget'] = $notice_Link . $notice_param;
      $tmp_Notices['notice_linktarget'] = $p_hb_env['cupublic'] . "/" . $fragfilename;

      $tmp_Notices['notice_posttarget'] = $notice_link;
    }

    if (($p_hb_env['Fmsg_tx'] & $tmp_Notices['notice_msg_tx']) == 0 ) {
      // This notice should be seen as a pop-up
      $tmp_Notices['notice_popup'] = 1;
    }

  }

  // ** SET the notices in the returned array
  $retStatus_ary['notice'][] = $tmp_Notices;

  return $retStatus_ary;
}

// p_noticefor -- this is to identify the requesting frm
/**
 *
 * @param integer $p_dbh    - handle to the current connection of the database
 * @param array $p_hb_env     -- Current array for HB_ENV
 * @param class $p_mc         -- This is the current object for MC Language
 * @param string $p_device    -- Pass in the device type, ** NOTE - NOT USED AT THIS TIME
 * @param string $p_noticefor -- This is the requesting form.. ONLY CERTAIN
 *                                FORMS will return portions of notices
 * @param int    $p_fulldetail - {0,1} - Defaults to FULL DETAIL (1)
 *                            0 - Do not include the notice_text in the returned array (useful for save operations)
 *                            1 - INCLUDE the notice TEXT in notice_text
 * @param int $p_noticeid     -- This is to specify a CERTAIN notice rather than a random
 *                                -- USEFUL when processing answers
 * @param string $p_action  - This could be {"SHOW", "RESULTS"}
 *                            SHOW - {DEFAULT} Return the options to SHOW the Message
 *                            RESULTS - This applies only to surveys, but return
 *                              the information for the RESULTS of active surveys

 * SPECIAL HB_ENV PARAMETERS
 * messageSuppressSurvey - {true/FALSE} When true -- DO NOT SHOW Surveys in results
 * messageSuppressMsg - {true/FALSE} When true -- DO NOT SHOW POPUP MESSAGES - ONLY INCLUDE EMBEDDED

 * @return array
 * Returns the following array structure
 * [status]
 *          [code]      HB Standard codes 000 success, 999 error
 *          [severity]  {SUCCESS, ERROR}
 *          [errors]    List of errors if any exist
 * [notice]
 *    ** RETURNS ARRAY AS DEFINED BY Get_NoticeInfo
 *

 */
function Get_HBSurveyMsg($p_dbh, $p_hb_env, $p_mc, $p_device, $p_noticefor, $p_fulldetail = 1, $p_noticeid = -1, $p_action = "SHOW") {
  $retStatus_ary = Array('status' => Array('code'=>'000', 'severity'=>'SUCCESS', 'errors' => Array()), 'notice' => Array());

  $messageSuppressSurvey = (key_exists('messageSuppressSurvey', $p_hb_env) ? $p_hb_env['messageSuppressSurvey'] : false);
  $messageSuppressMsg = (key_exists('messageSuppressMsg', $p_hb_env) ? $p_hb_env['messageSuppressMsg'] : false);

  $tmp_Notices = Array();
  $tmp_Notices_tmpl = Array(
                        "notice_type"=>"",
                        "notice_id" => "",
                        "notice_text" => "",
                        "notice_linktarget" => "",
                        "notice_linkdisplay" => "",
                        "notice_posttarget" => "",
                        "notice_intro" => "",
                        "notice_title" => "",
                        "notice_msg_tx" => "",
                        "notice_donotshowtext" => "",
                        "notice_msg_tx_show" => "",
                        "notice_msg_tx_perm" => "",
                        "notice_popup" => 0,
                        "notice_positive_caption" => "",
                        "notice_negative_caption" => "",
                        "notice_answertype" => "",
                        "notice_answers" => Array()
                      );

  $tmp_Answers_tmpl = Array (
                        "answer_id" => "",
                        "answer_text" => ""
                      );
  $tmp_Answer = Array();
  // ** FOR the purpose of fetching the RESULTS of a survey/message.
    // ** Add more elements here
  if ($p_action == "RESULTS") {
    $tmp_Notices_tmpl = array_merge($tmp_Notices_tmpl, Array("notice_suppressresponse" => "", "notice_answervotes_ttl" => "","notice_answervotes_ttldisplay" => ""));
    $tmp_Answers_tmpl = array_merge($tmp_Answers_tmpl, Array("answer_votes" => "","answer_pct" => ""));
  }

  // preset some options based on if this is for Mobile / Desktop

  // ** Mobile will ALWAYS RETURN ONE ONLY

  // ** DESKTOP will include all??
  $sql = "";
  $sql_criteria = "";
  $sql_employee = "";
  if (HCU_array_key_value('employee', $p_hb_env) == 'Y') {
    // ** ONLY return results that employees may see
    $sql_employee = " AND m.employee = 'Y' ";
  }

  $sql_embed = "";
  // ** NOT Sure if this is how I want to handle this
  if ($p_noticefor != '' && $p_device == 'C') {
    // ** ONLY FOR DESKTOP --
    // ** Honour the 'include in balances' flag
      // ** MOBILE DOES NOT honour this..  It will include them all in the same list
    if ($p_noticefor == 'Balances') {
      $sql_embed = " AND inc_balances = 'Y' ";
    }
  } elseif($p_device == 'C') {
    // * FOR DESKTOP -- ONLY include if we are
    $sql_embed = " AND (inc_balances is null or inc_balances <> 'Y') ";
  }

  // ** FOR MOBILE -- IT INCLUDES BOTH TYPE -- BUT EXITS ABOVE IF we are NOT in menu

  // ** SELECT the survey type {S - Survey / M - Marketing Message}
  if ($p_noticefor == 'S' && !$messageSuppressSurvey) {
    // ** ALL SURVEYS SKIPPED
    $sql_criteria .= " AND (surveytype is null or surveytype < 1) ";
  } elseif ($p_noticefor == 'M') {
    // ** Marketing Message - Check Suppress Value --
      // ** IF SUPPRESSED - ONLY show embedded
    if ($messageSuppressMsg) {
      // ** ONLY SHOW EMBEDDED
      $sql_criteria .= " AND (surveytype = 1 AND inc_balances = 'Y') ";
    } else {
      $sql_criteria .= " AND surveytype = 1 ";
    }
  } else {
    // ** B - BOTH types by default

    if ($messageSuppressMsg && $messageSuppressSurvey) {
      // ** BOTH ARE SUPPRESSED -- ONLY SHOW EMBEDDED MESSAGES
      $sql_criteria .= " AND (surveytype = 1 AND inc_balances = 'Y') ";
    } else {
      if ($messageSuppressSurvey) {
        // ** ONLY SUPPRESS SURVEY TYPES
        $sql_criteria .= " AND (surveytype is not null and surveytype > 0) ";
      } elseif ($messageSuppressMsg) {
        // ** ONLY SUPPRESS POPUP MSG -- INCLUDE Survey Types and Embedded Messages
        $sql_criteria .= " AND ((surveytype is null or surveytype < 1) OR (surveytype = 1 AND inc_balances = 'Y')) ";
      }
    }
  }




  // ** LOOKUP the header information for the notice--this will determine if more than
    // * One are being shown

  // ** IF p_noticeid is specified then QUERY THAT ID SPECIFICALLY
    // ** OTHERWISE WHERE ANSWER DOES NOT EXIST FOR MEMBER
  if ($p_noticeid > 0){
    // ** DO NOT INCLUDE DATE CRITERIA -- IF we know the noticeid to lookup
    $sql_criteria .= " AND m.surveyid = " . intval($p_noticeid) . " ";
  } else {

    $sql_criteria .= "
                      AND (startdate <= CURRENT_DATE and stopdate >= CURRENT_DATE)
                      AND NOT EXISTS (
                        SELECT *
                        FROM cusurveysays s
                        WHERE s.surveyid = m.surveyid
                          AND s.user_id = '{$p_hb_env['Uid']}') ";
  }


  /**
   *
   * Offset the sql query to the credit unions local time.  This will do a better job of
   *   handling the start/stop date for marketing messages. 
   * This started to be a problem as the database is running in UTC and we have clients 
   *   in the PACIFIC time zone.
   * Use 'SET LOCAL' so the timezone change does not affect other query results.
   *
   */
  $tzOffset = '';
  if (HCU_array_key_exists('tz', $p_hb_env) && trim($p_hb_env['tz']) != '') {
    $tzOffset = "SET LOCAL TIME ZONE '" . trim($p_hb_env['tz']) . "'; ";
  }

  $sql = "
          $tzOffset
          SELECT m.surveyid, m.qstyle, q.question, m.inc_balances, i.surveyintro , m.surveytype,
            m.dontshow, m.surveytitle
          FROM cusurveymaster as m
          JOIN cusurveyquest as q ON m.surveyid = q.surveyid AND m.cu = q.cu AND q.language = '{$p_hb_env['Flang']}'
          LEFT JOIN cusurveyintro as i on i.cu = m.cu AND i.language = '{$p_hb_env['Flang']}'

          WHERE
            runstat = 1
            AND m.cu='{$p_hb_env['Cu']}'
            {$sql_employee}
            {$sql_criteria}

          ";
  switch ($p_device) {
    case 'M':
      // ** MOBILE
      // ** FOR MOBILE -- COMBINE TOGETHER -- RANDOMLY CHOOSE ONE FROM EITHER TYPE

      $sql .= "
                ORDER BY random(), m.surveyid
                LIMIT 1
              ";
      // ** ALWAYS RETURNS ALL -- ORDERED RANDOMLY -- the presentation will decide
         // * What to show


      break;
    case 'R':
      // ** Responsive Mobile - Return all, the function Return_NoticeDialogs will limit the response
      break;
    case 'C':
      // ** Classic DESKTOP
        // ** FOR DESKTOP -- query separately UNION together to create list

      // ** LATER FOR DESKTOP -- WE MAY NEED To accomodate showing results after the
        // member has answered the survey, and up to 30 days after the survey has 'stopped'

      break;
    case 'P':
      $sql .= "
                ORDER BY random()
                LIMIT 1
              ";
    default:
  }

  if ($sql != '') {
    // * We have a query
    // * grab the results
    $notice_rs = db_query(($sql), $p_dbh);
    $notice_idx = 0;
    if ($notice_rs) {
      // * For Surveys, I will want to grab the answers.  I can do that here..
      while ($notice_row  = db_fetch_assoc($notice_rs, $notice_idx)) {
        $tmp_Notices[$notice_idx] = $tmp_Notices_tmpl;



        // ** Determine Notice type (S - Survey - M - Marketing Message)
        $tmp_Notices[$notice_idx]['notice_type'] = (intval($notice_row['surveytype']) == 1 ? 'M' : 'S');
        // ** Set the field surveyid as the notice_id being passed back
        $tmp_Notices[$notice_idx]['notice_id'] = $notice_row['surveyid'];
        // ** The text is located in the question field
        $tmp_Notices[$notice_idx]['notice_text'] = $notice_row['question'];
        // ** AT THIS TIME THESE ARE BLANK -- LATER THEY MAY BE direct LINKS to the Survey
        $tmp_Notices[$notice_idx]['notice_linktarget'] = "";
        $tmp_Notices[$notice_idx]['notice_linkdisplay'] = "";

        // * Record WHERE to post the answers
        if ($p_device == 'D') {
          $tmp_Notices[$notice_idx]['notice_posttarget'] = $notice_link = $p_hb_env['loginpath'] . "/hcuViewNotice.prg?cu={$p_hb_env['Cu']}";
        } else {
          $tmp_Notices[$notice_idx]['notice_posttarget'] = $notice_link = $p_hb_env['loginpath'] . "/notices?cu={$p_hb_env['Cu']}&Flang={$p_hb_env['Flang']}";
        }
        // ** Survey INTRO is from a different table, AND at this time only for surveys
          // ** LEFT  JOIN the table and include here
        $tmp_Notices[$notice_idx]['notice_intro'] = $notice_row['surveyintro'];

        // ** CREATE THE TITLE to be on the survey
          // ** Later we may need to put the product name here 9/14/2012
        if (intval($notice_row['surveytype']) == 1) {
          // ** FOR MARKETING MESSAGES ONLY
          $tmp_Notices[$notice_idx]['notice_title'] = ($notice_row['surveytitle'] == '' ? $p_mc->msg('Message') : $notice_row['surveytitle']);
          // *SET THE msg_tx value
          $tmp_Notices[$notice_idx]['notice_msg_tx'] = 256;
          // ** Determine how the answers will be displayed
          // * FOR NOW -- MARKETING is M (multiple) can be answerd.. BUT THERE IS ONLY ONE -- SHOWS A CHECKBOX rather than RADIO
          $tmp_Notices[$notice_idx]['notice_answertype'] = "M";
          $tmp_Notices[$notice_idx]["notice_suppressresponse"] = "Y";     // ALWAYS SUPPRESS MARKETING MESSAGES

        } else {
          $tmp_Notices[$notice_idx]['notice_title'] = $p_mc->msg('Survey');
          $tmp_Notices[$notice_idx]['notice_msg_tx'] = 8;
          // ** SURVEY is O - ONLY ONE .. WILL SHOW RADIO
          $tmp_Notices[$notice_idx]['notice_answertype'] = "O";
          $tmp_Notices[$notice_idx]["notice_suppressresponse"] = $notice_row['dontshow'];      // ** Grab suppress FLAG from cusurveymaster
        }
        $tmp_Notices[$notice_idx]['notice_msg_tx_perm'] = 0;
        $tmp_Notices[$notice_idx]['notice_msg_tx_show'] = 2;  // POST THE FIELD, HIDE ELEMENT FROM MEMBER

        // ** NOT NEEDED WHEN WE ARE NOT SHOWING FIELD
        $tmp_Notices[$notice_idx]['notice_donotshowtext'] = "";

        if (($p_hb_env['Fmsg_tx'] & $tmp_Notices[$notice_idx]['notice_msg_tx']) == 0 ) {
          if ($p_device == 'M' && intval($notice_row['surveytype']) != 1) {
            // ** ALL MOBILE SURVEYS WILL BE A POPUP
            $tmp_Notices[$notice_idx]['notice_popup'] = 1;
          } elseif (($p_device == 'D' || $p_device = 'R') && intval($notice_row['surveytype']) != 1) {
            // ** For Survey types with the NEW upgrade, set the popup = 1 for ALL types
            $tmp_Notices[$notice_idx]['notice_popup'] = 1;
          } else {
            // ** FOR DESKTOP I WILL USE INFORMATION FROM TABLE
            // * POPUP if inc_balances is 'N'
            $tmp_Notices[$notice_idx]['notice_popup'] = ($notice_row['inc_balances'] == 'Y' ? 0 : 1);
          }
        } else {
          // The member has already pressed close once. Do not bug them again until the next login
          // * SET the value to -1 , so I know that the message should not be viewed again.
          // * But for type Mkt Message and device 'D' upgrade desktop, set the value to 0
          // * for the notice_popup
          if (intval($notice_row['surveytype']) == 1 && $notice_row['inc_balances'] == 'Y') {
            $tmp_Notices[$notice_idx]['notice_popup'] = 0;
          } else {
            $tmp_Notices[$notice_idx]['notice_popup'] = 1;
          }
        }
        // ** SEPARATELY -- RETRIEVE ANSWERS
        if (intval($notice_row['surveytype']) == 1) {
          // ** FOR MARKETING MESSAGES ONLY
          // * THEY WILL ALWAYS HAVE ONE ANSWER -- THE
          $tmp_Answer = $tmp_Answers_tmpl;
          // ** USE SURVEY_ID FOR ANSWER
          $tmp_Answer['answer_id'] = $tmp_Notices[$notice_idx]['notice_id'];
          $tmp_Answer['answer_text'] = $p_mc->msg('Dont Tell Me Again');

          $tmp_Notices[$notice_idx]['notice_answers'][] = $tmp_Answer;

          $tmp_Notices[$notice_idx]["notice_positive_caption"] = $p_mc->msg('Close');
          $tmp_Notices[$notice_idx]["notice_negative_caption"] = $p_mc->msg('Dont show me again');

        } else {
          $tmp_Notices[$notice_idx]["notice_positive_caption"] = $p_mc->msg('Cast my Vote');
          $tmp_Notices[$notice_idx]["notice_negative_caption"] = 'Vote Later'; //$p_mc->msg('Vote Later');

          if ($p_action == "SHOW") {
            // ** QUERY THE DETAIL FOR THE SURVEY WE ARE LOOKING AT
            $sql = "SELECT *
                    FROM cusurveydetail
                    WHERE cu = '{$p_hb_env['Cu']}'
                      AND surveyid = {$notice_row['surveyid']}
                      AND language = '{$p_hb_env['Flang']}'
                    ORDER BY answerid
                  ";

            $answer_rs = db_query($sql, $p_dbh);
            $answer_idx = 0;
            while ($answer_row = db_fetch_assoc($answer_rs, $answer_idx)) {
              $tmp_Answer = $tmp_Answers_tmpl;
              // ** USE SURVEY_ID FOR ANSWER
              $tmp_Answer['answer_id'] = $answer_row['answerid'];
              if (function_exists('hcu_displayHtml')) {
                $tmp_Answer['answer_text'] = hcu_displayHtml($answer_row['answertext']);
              } else {
                $tmp_Answer['answer_text'] = dms_disphtml($answer_row['answertext']);
              }

              $tmp_Notices[$notice_idx]['notice_answers'][] = $tmp_Answer;

              $answer_idx++;
            }
            db_free_result($answer_rs);
          } elseif ($p_action == "RESULTS") {
            $answervotes_ttl = 0;
            // ** DO NOT JOIN cusurveysays on language.. RETURN ALL language results
            $sql = "
                    SELECT answerid, answertext,
                      (SELECT count(*)
                       FROM cusurveysays
                       WHERE cusurveysays.cu = cusurveydetail.cu
                        AND cusurveysays.surveyid = cusurveydetail.surveyid
                        AND cusurveysays.answerid = cusurveydetail.answerid) as answervotes
                    FROM cusurveydetail
                    WHERE cu = '{$p_hb_env['Cu']}'
                      AND surveyid = {$notice_row['surveyid']}
                      AND language = '{$p_hb_env['Flang']}'
              ";

            $answer_rs = db_query($sql, $p_dbh);
            $answer_idx = 0;
            while ($answer_row = db_fetch_assoc($answer_rs, $answer_idx)) {
              $tmp_Answer = $tmp_Answers_tmpl;
              // ** USE SURVEY_ID FOR ANSWER
              $tmp_Answer['answer_id'] = $answer_row['answerid'];
              if (function_exists('hcu_displayHtml')) {
                $tmp_Answer['answer_text'] = hcu_displayHtml($answer_row['answertext']);
              } else {
                $tmp_Answer['answer_text'] = dms_disphtml($answer_row['answertext']);
              }
              $tmp_Answer['answer_votes'] = intval($answer_row['answervotes']);
              $answervotes_ttl += intval($answer_row['answervotes']);

              $tmp_Notices[$notice_idx]['notice_answers'][] = $tmp_Answer;

              $answer_idx++;
            }
            db_free_result($answer_rs);

            // ** Before I go, I want to loop through all the answers
              // * COUNT THEM
              // * DETERMINE A PERCENTAGE
            // ** Set the TOTAL VOTES
            $tmp_Notices[$notice_idx]['notice_answervotes_ttl'] = $answervotes_ttl;
            $tmp_Notices[$notice_idx]['notice_answervotes_ttldisplay'] = $p_mc->msg('total votes');
            if (count($tmp_Notices[$notice_idx]['notice_answers']) > 0) {
              foreach ($tmp_Notices[$notice_idx]['notice_answers'] as $answer_key => $answer_row) {
                if ($answervotes_ttl == 0) {
                  // ** TRY AND PREVENT DIVIDE BY ZERO
                  $tmp_Notices[$notice_idx]['notice_answers'][$answer_key]['answer_pct'] = 0;
                } else {
                  $tmp_Notices[$notice_idx]['notice_answers'][$answer_key]['answer_pct'] =
                      number_format(floatval($answer_row['answer_votes'] / $answervotes_ttl) * 100, 1);
                }
              }
            }
          }
        }
        // INCREMENT INDEX to fetch next row
        $notice_idx++;
      }

    }

  }
  $retStatus_ary['notice'] = $tmp_Notices;
  return $retStatus_ary;
}

/**
 *
 * Update_NoticeInfo
 *    This function will allow us to post the results of a notice window and
 *    update the necessary fields
 *
 * @param integer $p_dbh    - handle to the current connection of the database
 * @param class $p_hb_env   - Current HB_ENV array, by reference
 * @param class $p_mc       - Current object for MC Language class
 *
 * @return array following structure
 * [status]
 *          [code]      HB Standard codes 000 success, 100 NO NOTICE RECORDS, 999 error
 *          [severity]  {SUCCESS, ERROR}
 *          [errors]    List of errors if any exist
 * [response]
 *          [notice_action] --
 *                      'CLOSE' -- The survey window should close
 *                      'DISPLAY' -- The survey window should show the display results
 *          [notice_results] -- THIS IS THE NOTICE ARRAY FROM Get_NoticeInfo
 *
 *
 * The following fields are expected in the field HB_ENV['HCUPOST']
 *
 * notice_type {M, S, N}
 *              M - Marketing Message
 *              S - Survey Message
 *              N - Notice (from a file)
 *              C - CMS Fragment Disclosure/Terms Notice
 *
 * notice_id    for M,S this is an integer
 *              for N this is a string identifier
 *
 * notice_link  {1,0} - This is used to identify if a notice/disclaimer was
 *              called via a link.  if so, then it will NOT affect the msg_tx
 *              value and will not show the button
 *
 * notice_device This is the type of device that is being used to request the data
 *                {M, R, C, P}
 *                (M)obile Device
 *                (R)esponsive Mobile Design
 *                (C)lassic Desktop
 *                HomeBanking Iphone Ap(P)
 * notice_response This is an ARRAY of the values posted from a Marketing Message / SURVEY
 *             [INDEX] => [VALUE]
 *                KEY -
 *                      -- BOTH TYPES - This is a UNIQUE index for the array to keep the values unique. [0...99]
 *                VALUE -
 *                      -- SURVEY TYPES - This will be the answerid  from cusurveydetail
 *                      -- MARKETING TYPES - This will be the noticeid (survey_id) from cusurveymaster
 *
 *  notice_msg_show This is the field posted when a 'do not show link again' message has
 *                  been selected.  The option when notice_donotshowtext was set with a value
 *
 * ** NOTE:
 *  The expected value for when the chooses not to show a notice, the fieldname is
 *
 *
 *
*/
Function Update_NoticeInfo($p_dbh, $p_hb_env, $p_mc ) {
  $retStatus_ary = Array('status' => Array('code'=>'000', 'severity'=>'SUCCESS', 'errors' => Array()));

  $retResp_ary = Array('notice_action' => '', 'notice_results' => Array());

  /* TEMPORARY FLAG BIT CONSTANT */
  // * The set the current constant for all temporary flags added together.
  $tempflags = 49464;

  /* NOTICE ACTIONS */

  switch ($p_hb_env['HCUPOST']['notice_type']) {
    case 'N':
  // ** LOOKUP the Notice being referenced
      // ** For the purpose of Updating, I do NOT want FULL Detail
      $HB_Notices_ary = Get_NoticeInfo($p_dbh, $p_hb_env, $p_mc, $p_hb_env['HCUPOST']['notice_device'], $p_hb_env['HCUPOST']['notice_id'], 0);

      // ** I EXPECT ONLY ONE RECORD TO BE RETURNED -- THE RECORD I ASKED FOR
      if ($HB_Notices_ary['status']['code'] == '000' && count($HB_Notices_ary['notice']) > 0) {
          // SUCCESSFULLY found the notice -- Now fulfill why we are here

        // ** We are posting information here --
        // * the only reason is to set the cookie and NOT SHOW AGAIN
        // ** Check to see if the member is allowed to make a change

        if (intval($HB_Notices_ary['notice'][0]['notice_msg_tx_show']) > 0 && intval($p_hb_env['HCUPOST']['notice_msg_show']) == 1) {
          // ** Member is allowed to make the change TO NOT SHOW AGAIN

          // ** SET msg_tx constant for this feature
          $nflag = intval($HB_Notices_ary['notice'][0]['notice_msg_tx']);

          $oflag = intval($p_hb_env['Fmsg_tx']);
          // * subtract the NEW flag constant from the OLD flag constant
          $nflag = $oflag | $nflag;

          // * Create a Flag constant with ALL temporary flags turned off
          $dflag = ~(~$nflag | $tempflags);

          // ** Check to see if the change is permamenent
          if (intval($HB_Notices_ary['notice'][0]['notice_msg_tx_perm']) > 0) {
            if (hcu_checkOffline($p_dbh, $p_hb_env)) {
              // ** Update the cuusers table
              $upd_list_array = Array("msg_tx" => "$dflag");
              $UpdTable_ary = Update_MemberInfo($p_dbh, $p_hb_env, $p_mc, serialize($upd_list_array), serialize(Array()));
              // * CHECK THE RESULTS
              if ($UpdTable_ary['status']['code'] != '000') {
                // ** We somehow failed, set the failed information here
                $retStatus_ary['status']['code'] = '999';
                $retStatus_ary['status']['severity'] = 'ERROR';
                $retStatus_ary['status']['errors'] = array_merge($retStatus_ary['status']['errors'], $UpdTable_ary['status']['errors']);
              }
            }
          }

          // FINALLY -- SAVE THE NEW COOKIE VALUE FOR THE MEMBER
          // ** ONLY SET THE TICKET for the proper device types
          if ($p_hb_env['HCUPOST']['notice_device'] == 'M' ||
              $p_hb_env['HCUPOST']['notice_device'] == 'R' ||
              $p_hb_env['HCUPOST']['notice_device'] == 'C') {
            SetTicket($p_hb_env, $_COOKIE['Ticket'],"Fmsg_tx=$nflag");
          }
        }
      } // ** STATUS GOOD

      break;
    case 'M':
    case 'S':
    case 'T': // ** Add Terms of Use type for this update procedure.
      // ** FIRST
      // ** We are looking up a specific notice -- no need to send the p_noticefor option
      // ** FOR the purposes of updating, we do NOT want fulldetail
      $HB_Notices_ary = Get_NoticeInfo($p_dbh, $p_hb_env, $p_mc, $p_hb_env['HCUPOST']['notice_device'], 'B', 0, $p_hb_env['HCUPOST']['notice_id']);
      // ** I EXPECT ONLY ONE RECORD TO BE RETURNED -- THE RECORD I ASKED FOR
      if ($HB_Notices_ary['status']['code'] == '000' && count($HB_Notices_ary['notice']) > 0) {
          // SUCCESSFULLY found the notice -- Now fulfill why we are here


          // ** WORRY ABOUT POSTING SAVED VALUES TO THE cusurveysays table
        // ** FROM THE ['HCUPOST']['notice_response'] ARRAY
        $noticeRespCount = (HCU_array_key_exists('notice_response', $p_hb_env['HCUPOST']) ? count($p_hb_env['HCUPOST']['notice_response']) : 0);
        //if (count($p_hb_env['HCUPOST']['notice_response']) > 0 && $p_hb_env['HCUPOST']['notice_cancel'] != 1) {
        if ($noticeRespCount > 0 && $p_hb_env['HCUPOST']['notice_cancel'] != 1) {
          $upd_sql = "";
          foreach ($p_hb_env['HCUPOST']['notice_response'] as $response_key => $response_value) {

            $upd_sql .= " INSERT INTO cusurveysays (cu, surveyid, user_id, accountnumber, language, answerid)

                         (SELECT '" . prep_save($p_hb_env['Cu']) ."', " . intval($p_hb_env['HCUPOST']['notice_id']) . ",
                          " . prep_save($p_hb_env['Uid']) . ", '',
                          '" . prep_save($p_hb_env['Flang']) . "', " . intval($response_value) . "
                          WHERE NOT EXISTS (SELECT (cu, surveyid, accountnumber)
                                            FROM cusurveysays as cus
                                            WHERE cus.cu = '" . prep_save($p_hb_env['Cu']) ."'
                                              AND cus.surveyid = " . intval($p_hb_env['HCUPOST']['notice_id']) . "
                                              AND cus.user_id = '" . prep_save($p_hb_env['Uid']) . "')
                        ) ";
          }

          if ($upd_sql != '') {
            if (!$upd_rs = db_query ($upd_sql, $p_dbh)) {
              // ** ERROR updating the datatable
              $retStatus_ary['status']['errors'][] = $p_mc->msg('Error udpating');
            }
          }
        }
        // ** SECOND
          // ** IF NEEDED -- SET THE TICKET APPROPRIATELY SO WE don't see message again
        // ** Survey/Marketing message are TEMPORARY msg_tx values ONLY - They do not get saved back to cuusers

        if (in_array($p_hb_env['HCUPOST']['notice_device'], array('M', 'R', 'C', 'D')) && intval($HB_Notices_ary['notice'][0]['notice_msg_tx']) > 0) {
          $oflag = $p_hb_env['Fmsg_tx'];
          $nflag  = $p_hb_env['Fmsg_tx'] | intval($HB_Notices_ary['notice'][0]['notice_msg_tx']);
          SetTicket($p_hb_env,$_COOKIE['Ticket'],"Fmsg_tx=$nflag");
        }
        // * AFTER POSTING -- I WANT to retrieve the results for the SURVEY(ONLY) posted
        if ($p_hb_env['HCUPOST']['notice_type'] == 'S' && count($p_hb_env['HCUPOST']['notice_response']) > 0 && $p_hb_env['HCUPOST']['notice_cancel'] != 1) {
          // ** SURVEY -- RETRIEVE THE RESULTS

          // ** CALL SurveyMsg directly
          $HB_Results_ary = Get_HBSurveyMsg($p_dbh, $p_hb_env, $p_mc, $p_hb_env['HCUPOST']['notice_device'], '', 1, $p_hb_env['HCUPOST']['notice_id'], "RESULTS");
          if ($HB_Results_ary['status']['code'] == '000') {
            // ** SUCCESSFUL
            // ** IF the survey is NOT set to suppress results then SHOW the information
            if ($HB_Results_ary['notice'][0]['notice_suppressresponse'] != 'Y') {
              // ** I WANT TO RETURN THE ['notice'] element in the current ['response']['notice_results'] element
              $retResp_ary['notice_action'] = 'DISPLAY';
              $retResp_ary['notice_results'] = $HB_Results_ary['notice'];
            } else {
              // ** CLOSE if Suppress Response is set to Y
              $retResp_ary['notice_action'] = 'CLOSE';
            }

          } else {
            // ** FAILED -- DO NOT SHOW ANYTHING
            $retResp_ary['notice_action'] = 'CLOSE';
          }


        }
      } // ** STATUS GOOD

      break;
    case 'C':
      // ** CU CMS TABLE NOTICES/FRAGMENTS
      // ** FIRST
      // ** We are looking up a specific notice -- no need to send the p_noticefor option
      // ** FOR the purposes of updating, we do NOT want fulldetail
      $HB_Notices_ary = Get_NoticeInfo($p_dbh, $p_hb_env, $p_mc, $p_hb_env['HCUPOST']['notice_device'], 'updatecms', 0, $p_hb_env['HCUPOST']['notice_id']);

      // ** I EXPECT ONLY ONE RECORD TO BE RETURNED -- THE RECORD I ASKED FOR
      if ($HB_Notices_ary['status']['code'] == '000' && count($HB_Notices_ary['notice']) > 0) {
          // SUCCESSFULLY found the notice -- Now fulfill why we are here


          // ** WORRY ABOUT POSTING SAVED VALUES TO THE cusurveysays table
        // ** FROM THE ['HCUPOST']['notice_response'] ARRAY
        $noticeRespCount = (HCU_array_key_exists('notice_response', $p_hb_env['HCUPOST']) ? count($p_hb_env['HCUPOST']['notice_response']) : 0);

        $responseexists = HCU_array_key_value("notice_responseexists", $p_hb_env["HCUPOST"]);
        $accountnumber = HCU_array_key_value("notice_accountnumber", $p_hb_env["HCUPOST"]);
        $accountnumber = $accountnumber === false ? "" : trim($accountnumber); // Keep the current functionality of inserting empty string in nearly all cases.
        if ($noticeRespCount > 0) {
          $upd_sql = "";
          // ** This type of notice will only have ONE answer..
          // ** An INSERT OR UPDATE may need to be executed.
          // ** INSERT

          foreach ($p_hb_env['HCUPOST']['notice_response'] as $response_key => $response_value) {
            if (intval($response_value) > 0) {

              $updateRs = false;
              if ($responseexists != "Y") {
                // ** NO RECORD exists in cucmsresponse
                $upd_sql = "INSERT INTO cucmsresponse (docsid, cu, accountnumber, user_id, responseon)
                            (SELECT " . intval($p_hb_env['HCUPOST']['notice_id']) . ", '" . prep_save($p_hb_env['Cu']) . "',
                              '$accountnumber', {$p_hb_env['Uid']}, current_date
                             WHERE NOT EXISTS (SELECT 'FOUND'
                                               FROM cucmsresponse as cur
                                               WHERE cur.docsid = " . intval($p_hb_env['HCUPOST']['notice_id']) . "
                                                 AND cur.cu = '" . prep_save($p_hb_env['Cu']) . "'
                                                 AND cur.user_id = {$p_hb_env['Uid']}
                                                 " . ($accountnumber == "" ? "" : "AND cur.accountnumber = '$accountnumber'") . "
                                              )
                            ); ";

                $updateRs = db_query($upd_sql, $p_dbh);
              }

              if ($responseexists == "Y" || ($updateRs && db_affected_rows($updateRs) === 0)) {
                // ** NO Rows affected -- NO INSERT -- SO UPDATE INSTEAD
                // ** UPDATE
                  // ** If the cucmsresponse record exist, but the responsedate is NULL, then I need
                $upd_sql = "UPDATE cucmsresponse
                            SET responseon = current_date
                            WHERE docsid = " . intval($p_hb_env['HCUPOST']['notice_id']) . "
                              AND cu = '" . prep_save($p_hb_env['Cu']) . "'
                              AND user_id = {$p_hb_env['Uid']}
                              " . ($accountnumber == "" ? "" : "AND accountnumber = '$accountnumber'") . "
                            ";

                $updateRs = db_query($upd_sql, $p_dbh);
              }

              if (!$updateRs) {
                $retStatus_ary['status']['errors'][] = $p_mc->msg('Error udpating');
              }
            }
          }
        }
        // ** SECOND
          // ** IF NEEDED -- SET THE TICKET APPROPRIATELY SO WE don't see message again
        // ** Session flags are stored in the Cookie value of Fmsg_tx.
        if (in_array($p_hb_env['HCUPOST']['notice_device'], array('M', 'R', 'C', 'D')) && intval($HB_Notices_ary['notice'][0]['notice_msg_tx']) > 0) {
          $oflag = $p_hb_env['Fmsg_tx'];
          $nflag  = $p_hb_env['Fmsg_tx'] | intval($HB_Notices_ary['notice'][0]['notice_msg_tx']);
          SetTicket($p_hb_env,$_COOKIE['Ticket'],"Fmsg_tx=$nflag");
        }


        /* At this There is no equivalent to the flag for not showing again in
         * the cookie.
         */

      } // ** STATUS GOOD

      break;
    default:
      $retStatus_ary['status']['errors'][] = $p_mc->msg('Error') . " (Invalid notice_type)";

  } // ** SWITCH NOTICE TYPE

  if (count($retStatus_ary['status']['errors']) > 0) {
    $retStatus_ary['status']['code'] = '999';
    $retStatus_ary['status']['severity'] = 'ERROR';
  } else {
    // ** FOR SUCCESSFUL NOTICES -- ALWAYS APPEND THE 'response' array to the status
    $retStatus_ary['response'] = $retResp_ary;
  }
  return $retStatus_ary;
}
/**
 * Update_MemberInfo
 * @param integer $p_dbh   - Current Database handle
 * @param array $p_hb_env  - Current HB_ENV
 * @param object $p_mc     -- This points to the current MC value for the language class
 * @param string $p_values  -- This array contains the values I want to save,
 *                          the values should be in php serialize string format {"field":"value"...}
 * @param string $p_primaryKeys -- This array contains the primary key values necessary to update the query
 *                          the values should be in php serialize string format {"field":"value"...}
 * @param boolean $p_BuildOnly -- {True, false}
 *                          true - The function will NOT execute any sql, instead
 *                            it will return the sql in the 'data' element of the returned
 *                            status array
 *                          false - function executes the sql, does NOT return data element
 *
 */
Function Update_MemberInfo($p_dbh, $p_hb_env, $p_mc, $p_values, $p_primaryKeys, $p_BuildOnly = false) {
  $retStatus_ary = Array('status' => Array('code'=>'000', 'severity'=>'', 'errors' => Array()));

  try {
    /* LIST OF APPROVED CUUSERS FIELDS */
    /* Types are
     *      I - Integer
     *      C?? - Character, followed by length, if there is one
     *      S - String (case insensitive)
     *      N - Numeric Standard 12,2
     *
     */
    $HB_CUUSERS_FIELDS_ary = Array( "passwd" => "C34",
                                    "email" => "C50",
                                    "confidence" => "C20",
                                    "user_name" => "S50",
                                    "estmt_flag" => "C1",
                                    "egenl_flag" => "C1",
                                    "failedremain" => "I",
                                    "employee" => "C1",
                                    "mfaquest" => "C0",
                                    "msg_tx" => "I");
    /*
     * LIST OF PRIMARY KEYS FOR UPDATE
     * ** THE difference is these fields should be REQUIRED ** rather than optional
     */
    $HB_CUUSERS_PRIMARY_KEYS_ary = Array( "user_name" => 'S50');

    // ** Get the cuusers field/value sets
    //$requested_fields_ary = json_decode($p_values);
    $requested_fields_ary = unserialize($p_values);
    if (is_array($requested_fields_ary)) {

      // * Get the update string from the passed in array
      $sql_field_update = PrepareExpressionList($HB_CUUSERS_FIELDS_ary, $requested_fields_ary);

      $requested_keys_ary = unserialize($p_primaryKeys);
      $sql_keys_list = PrepareExpressionList($HB_CUUSERS_PRIMARY_KEYS_ary, $requested_keys_ary, true);

      if ($sql_field_update != '' && $sql_keys_list != '') {
        // ** We have a list to update
        $sql = "UPDATE {$p_hb_env['Cu']}user
                SET
                  {$sql_field_update}
                WHERE {$sql_keys_list};
        ";

        if (!$p_BuildOnly) {
          // Execute the query
          if (!$trans_rs = db_query($sql, $p_dbh)) {
            // ** ERROR NOT AN ARRAY --
            throw new exception ($p_mc->msg('Error udpating'), '999');
          }
        } else {
          // ** BUILD ONLY
            $retStatus_ary['data']['sql'] = $sql;
        }
      } else {
        throw new exception ($p_mc->msg('Error'), '999');
      }
      // Create an array of the fields and their datatypes?

    } else {
      // ** ERROR NOT AN ARRAY --
      throw new exception ($p_mc->msg('Error'), '999');
    }
  } catch (exception $e) {

      $retStatus_ary['status']['code']= '999';
      $retStatus_ary['status']['severity'] = 'ERROR';
      $retStatus_ary['status']['errors'][] = $e->getMessage();

  }
  return $retStatus_ary;
}
/**
 *
 * Get_TxCodes
 * Get the Transaction codes and return them in an array
 *
 * @param integer $p_dbh - Current database handle
 * @param array $p_hb_env - Array for the current HB_ENV variable
 * @param object $p_mc - This is the current instance for the language class
 * @return array This will return a status/data array that should contain the data
 */
function Get_TxCodes($p_dbh, $p_hb_env, $p_mc) {
  $retStatus_ary = Array('status' => Array('code'=>'000', 'severity'=>'SUCCESS', 'errors' => Array()), 'data' => Array());

  $codelist = Array();
  $sql= "SELECT t.trancode, trim(t.trandesc) as trandesc,
          trim(ht.cudesc) as cudesc, t.specialproc
        FROM cutrans as t
        LEFT JOIN cuhavetrans as ht on ht.trancode = t.trancode AND ht.cu = '{$p_hb_env['Cu']}' ";


  $sth = db_query($sql, $p_dbh);

  //  Return a line for each allowed transaction type.

  $row = 0;
  while (list($code, $desc, $cudesc, $spec) = db_fetch_array($sth,$row)) {
    $row++;
    $desc = ($code == 'AT' ? "Transfer" : $desc );
    $desc = ($code == 'CW' ? "Check Withdrawal" : $desc );

    if ($spec > 0) {
        $desc = ($cudesc > '' ? $cudesc : $p_mc->msg($desc) );
    }

    $codelist[$code] = $desc;
  }

  // ** SET THE DATA
  $retStatus_ary['data'] = $codelist;

  return $retStatus_ary;
}

/**
 * Get_MemberChallengeResponses
 * This will retrieve the current challenge responses for the passed in user
 *
 *
 * @param integer $p_dbh -  Current database handle
 * @param array $p_hb_env - Array of the HB_ENV -- may or may NOT be complete
 * @param string $p_user  - This is the user to retrieve questions, it is separate because
 *                          the login screen may call this and the Cu value has NOT been set
 * @param integer $p_questid OPTIONAL - This is to look up a specific question from cu_questselect
 * @return array
 */
function Get_MemberChallengeResponses($p_dbh, $p_hb_env, $p_user, $p_questid = -1) {
  $retVal_ary = Array();

/**
 * FUNCTION DEPRECATED -- USE THE GetChallegeQuestions function
 */
  return $retVal_ary;

}
/**
 * GetUserInfo
 *
 * Similar to GetUserbyName
 *
 * This will make a request for the current members saved password hash,
 *    email, confidence word, -- and possibly more information later
 *
 *
 * @param integer $p_dbh - Current Database handle
 * @param array $p_hb_env - Current HB_ENV
 * @param object $p_mc -- This points to the current MC value for the language class
 * @param array $p_values -- This array contains the values I want to look up
 *  Expected values are:
 *      [user_id]         -- This is always the user_id value for the current authenticated OLB user
 *      [cu]              -- This is the credit union to lookup
 *
 * @return string This will return the value from the database for the password.
 *      It is the hashed value
 *
 * [status][code] - '000' OR '999'
 * [status][severity] - SUCCESS / ERROR
 * [status][errors] - Array of errors
 *
 * [data][cuusers_passwd] - This is the password hash from the member record
 * [data][cuusers_email] - This is the email for this member
 * [data][cuusers_confidence] - This is the confidence word
 */
function GetUserInfo($p_dbh, $p_hb_env, $p_mc, $p_values) {
  $retStatus_ary = Array('status' => Array('code'=>'', 'errors' => Array()));

  $sql = "SELECT passwd, email, confidence, egenl_flag, user_name,
            failedremain, userflags & " . intval(GetUserFlagsValue('MEM_FORCE_RESET')) . "::int4 as forcereset,
            employee, userflags, mfaquest, priorlogin, lastlogin
          FROM {$p_values['cu']}user
          WHERE user_id = '{$p_values['user_id']}' ";

  $mbr_rs = db_query($sql, $p_dbh);

  if ($mbr_row = db_fetch_assoc($mbr_rs)) {
    // * Get the password from the row
    $retStatus_ary['status']['code']= '000';
    $retStatus_ary['data']['cuusers_name'] = trim($mbr_row['user_name']);
    $retStatus_ary['data']['cuusers_passwd'] = trim($mbr_row['passwd']);
    $retStatus_ary['data']['cuusers_email'] = trim($mbr_row['email']);
    $retStatus_ary['data']['cuusers_confidence'] = trim($mbr_row['confidence']);
    $retStatus_ary['data']['cuusers_egenl_flag'] = trim($mbr_row['egenl_flag']);
    $retStatus_ary['data']['cuusers_user_name'] = trim($mbr_row['user_name']);
    $retStatus_ary['data']['cuusers_failedremain'] = trim($mbr_row['failedremain']);
    $retStatus_ary['data']['cuusers_forcereset'] = trim($mbr_row['forcereset']);
    $retStatus_ary['data']['cuusers_employee'] = trim($mbr_row['employee']);
    $retStatus_ary['data']['cuusers_userflags'] = trim($mbr_row['userflags']);
    $retStatus_ary['data']['cuusers_lastlogin'] = trim($mbr_row['lastlogin']);
    $retStatus_ary['data']['cuusers_priorlogin'] = trim($mbr_row['priorlogin']);

    $mbrMfaQuest = HCU_MFADecode(HCU_JsonDecode($mbr_row['mfaquest']));
    $retStatus_ary['data']['savecqid'] = $mbrMfaQuest['challenge'];
    $retStatus_ary['data']['chcount'] = $mbrMfaQuest['mfacount'];
    $retStatus_ary['data']['authcode'] = $mbrMfaQuest['authcode'];
    $retStatus_ary['data']['authexpires'] = $mbrMfaQuest['authexpires'];
    $retStatus_ary['data']['mfadate'] = $mbrMfaQuest['mfadate'];


  } else {
    // ** ERROR
    $retStatus_ary['status']['code']= '999';
    $retStatus_ary['status']['errors'][] = $p_mc->msg('Not Found');
    // ** Return an empty 'data' array in case of error.  This may prevent PHP array reference errors
    $retStatus_ary['data'] = Array();
  }
  return $retStatus_ary;
}

/**
 * GetChallengeQuestions
 *
 *     This function will get the challenge questions for the member based
 *     on the current settings for the credit union/member/purpose
 *
 * @param string $p_mode {DISPLAY, CHALLENGE, CURRENT}
 *            DISPLAY - Will return master list of all questions in the current Flang
 *            CHALLENGE - Set/retrieve the current challengeq questions for a member
 * @param integer $p_dbh - current database handle
 * @param array   $p_hb_env REFERENCE -- The CHALLENGE QUEST ID may be set
 * @param class   $p_mc - This is the reference to the MC class that describes the currently selected language
 * @param string  $p_username - The username that is being challenged
 *
 * @return  mixed
 *          Array of Arrays (CHALLENGE)
 *            [display] - Challenge question in display form
 *            [cqid]   - Challenge question id
 *            [cqanswer] - Challenge Question Answer
 *          Array of Arrays (CURRENT)
 *                 [mfacount] => "Number of answers in the mfaquest array" (ALWAYS RETURNED)
 *                 [answers] => "array of key(questid)->value(text) pairs "
 *                 [challenge] => "the active quest id for mfa challenge"
 */
function GetChallengeQuestions($p_mode, $p_dbh, &$p_hb_env, $p_mc, $p_username = '') {

  $retVal = Array();    // DEFAULT TO EMPTY ARRAY

  $mfaKeyAnswers = "answers";         // ** the answers array from the member's mfa quest array
  $mfaKeyChallenge = "challenge";
  $mfaKeyCount = "mfacount";

  try {
    // ** BASED
    switch ($p_mode) {
      case "CURRENT":
        /*
         * **********************
         * GET mfaquest (selected mfa answers) from [cucode]user table
         * **********************
         */
        $sql = "SELECT mfaquest
                FROM {$p_hb_env['cu']}user as cuuser
                WHERE lower(cuuser.user_name) = '" . strtolower(prep_save($p_username)) . "' ";

        $rsMfa = db_query($sql, $p_dbh);
        $mfaquest = '';
        if (db_num_rows($rsMfa) > 0) {
          // * retrieve the mfaquest field
          $recMfa = db_fetch_assoc($rsMfa);
          $mfaquest = $recMfa['mfaquest'];
          /*
           * SET the mfa quest array
           */
        }
        $retVal = HCU_MFADecode(HCU_JsonDecode($mfaquest));
        break;
      case "CHALLENGE":
        /*
         * **********************
         * GET mfaquest (selected mfa answers) from [cucode]user table
         * **********************
         */
        $sql = "SELECT mfaquest
                FROM {$p_hb_env['cu']}user as cuuser
                WHERE lower(cuuser.user_name) = '" . strtolower(prep_save($p_username)) . "' ";

        $rsMfa = db_query($sql, $p_dbh);
        if (db_num_rows($rsMfa) > 0) {
          // * retrieve the mfaquest field
          $recMfa = db_fetch_assoc($rsMfa);
          /*
           * SET the mfa quest array
           */
          $mbrMfaQuest = HCU_MFADecode(HCU_JsonDecode($recMfa['mfaquest']));

          $countMbrMfa = $mbrMfaQuest[$mfaKeyCount];
          if ($countMbrMfa > 0) {
            /*
             * **********************
             * IF THERE ARE ANSWERS, GET THE APPROPRIATE QUESTIONS
             * **********************
             */
            $sql = "SELECT quest_id, quest_text, example_text
                    FROM cuquestmaster as m
                    WHERE quest_lang = '{$p_mc->get_lang()}'
                    ORDER BY quest_id, quest_lang ";

            // ** Before this was always ordered by the SELECTED questions oid, but I don't have that table anymore
                // ** the quest master will be consistent order overall. I may want to change this in the future to be the order of the array in the
                // ** mfaquest, however, I will try this first mws 1/29/16
            $rsQstMaster = db_query($sql, $p_dbh);
            $recQstMaster = db_fetch_all($rsQstMaster);

            /*
             * **********************
             * USE ONLY ONE QUESTION ??
             * **********************
             */
            if (($p_hb_env['flagset2'] & $GLOBALS['CU2_RANDOM_CHAL']) == $GLOBALS['CU2_RANDOM_CHAL']) {
              if (intval($mbrMfaQuest[$mfaKeyChallenge]) == 0 ) {
                /*
                 * **********************
                 * RANDOM CHALLENGE
                 * NEED TO SET THE RANDOM QUESTION?
                 * **********************
                 */
                $mbrMfaQuest[$mfaKeyChallenge] = array_rand($mbrMfaQuest[$mfaKeyAnswers]);
                /*
                 * **********************
                 * UPDATE [cucode]user TABLE WITH QUEST ID
                 * **********************
                 */
                $mbrSaveMfaQuest = PrepareMfaQuestString($mbrMfaQuest);
                // ** update the user table
                $upd_list_array = serialize(Array("mfaquest" => $mbrSaveMfaQuest));
                $upd_keys_array = serialize(Array("user_name" => $p_username));
                $updateResponse = Update_MemberInfo($p_dbh, $p_hb_env, $p_mc, $upd_list_array, $upd_keys_array);

                if ($updateResponse['status']['code'] != '000') {
                  // ** Unable to process for some reason...
                  // ** What to do next
                  throw new Exception('User Record Not Updated', '905');
                }

              } else {

                /*
                 * **********************
                 * QUESTION ALREADY SET?
                 * Then return ONLY that array element
                 * **********************
                 */
              }
              /*
               * Challenge ID should now be set in the 'challenge'
               */
              if ($mbrMfaQuest[$mfaKeyChallenge] > 0) {
                // ** Get the question text by searching through the question master array where quest_id is the key being sought
                $masterQstIdx = array_search($mbrMfaQuest[$mfaKeyChallenge], array_column($recQstMaster, 'quest_id'));
                if ($masterQstIdx !== false) {
                  // SINGLE Response -- Challenge Found -- Return the Array
                  $retVal[] = Array("display" => $recQstMaster[$masterQstIdx]['quest_text'], "cqid" => $mbrMfaQuest[$mfaKeyChallenge], "cqanswer" => $mbrMfaQuest[$mfaKeyAnswers][$mbrMfaQuest[$mfaKeyChallenge]]);
                }
              }
            } else {
              /*
               * ***************************
               * SEND BACK ALL QUESTIONS :: SET BY USER
               *
               * ***************************
               */
              if ($mbrMfaQuest[$mfaKeyCount] > 0 and is_array($mbrMfaQuest[$mfaKeyAnswers])) {
                // ** Need to loop through each option and set the retVal array
                foreach ($mbrMfaQuest[$mfaKeyAnswers] as $questIdx => $questAnswer) {
                  $masterQstIdx = array_search($questIdx, array_column($recQstMaster, 'quest_id'));
                  if ($masterQstIdx !== false) {
                    $retVal[] = Array("display" => $recQstMaster[$masterQstIdx]['quest_text'], "cqid" => $questIdx, "cqanswer" => $questAnswer);
                  }
                }
              }
            }
          }
        }
        // ** UPDATE THE CHALLENGE QUEST ID HERE
        break;
      case "DISPLAY":
        // * DISPLAY */
        // ** RETURN the array for display purposes
        $sql = "SELECT quest_id as \"cqid\", trim(quest_text) as \"display\"
                FROM cuquestmaster
                WHERE quest_lang='{$p_mc->get_lang()}'
                ORDER BY quest_text ";
        $rsQstMaster = db_query($sql, $p_dbh);
        $retVal = db_fetch_all($rsQstMaster);
        if ($retVal == FALSE) {
          throw new Exception('No Master Records', '910');
        }

        break;
      default:
        throw new Exception('Invalid Option', '999');
    }
  } catch (Exception $e) {
    // ** ERROR OCCURRED return empty array
    $retVal = Array();
  }
  return $retVal;
}



/**
 * Update_AuditMember
 * Create a record in the cuauditusers table to take a snapshot of the current cuusers record
 *
 * @param integer $p_dbh -- current dB handle
 * @param array $p_hb_env -- Read-Only of HB_ENV array
 * @param string $p_action -- The audit action to be taken {0-From, 1-To, 2-RESET}
 * @param string $p_time -- * Optional date to be saved, if empty, now() will be used
 * @param string $p_post_build -- The value can be {True, false} and will determine if the
 *                                function will execute the query or append the query
 *                                {true} - POST NOW
 *                                {false} - build sql
 * @param string $p_build_sql -- REFERENCE -- this is a reference to the query that is
 *                                being appended
 */
function Update_AuditMember($p_dbh, $p_hb_env, $p_action, $p_time = "", $p_post_build, &$p_build_sql) {

  $retFuncFailed = false;   // **Did the query execute as expected

  if ($p_hb_env['live']) {
    $cutx = "culivetx";
    $showtx = ", show_livetx('{$p_hb_env['Cu']}','{$p_hb_env['Cn']}') ";
  } else {
    $cutx = "cubatchtx";
    $showtx = ", show_txacct('{$p_hb_env['Cu']}','{$p_hb_env['Cn']}') ";
  }


  $p_time = ($p_time == '' ? " now()" : $p_time);
  switch ($p_action) {
    case 1:
      $audit_action = "UPD_T";
      break;
    case 2:
      $audit_action = "RESET";
      break;
    default:
      $audit_action = "UPD_F";
  }

  $sql = "insert into cuauditusers
        (chdate, admuser, action,
          cu, user_name, user_alias, passwd, pktdate, pktstamp, email,
          estmt_flag, egenl_flag, failedremain, forcechange,
          forceremain, lastlogin, priorlogin, failedlogin,
          pwchange, msg_tx, billpayid, employee, txlist,
          depositlimit,userflags)
        select '{$p_time}', 'HomeCU_Member', '{$audit_action}',
          cuusers.cu, cuusers.user_name, cuusers.user_alias,
          cuusers.passwd, cuusers.pktdate, cuusers.pktstamp,
          cuusers.email, cuusers.estmt_flag, cuusers.egenl_flag,
          cuusers.failedremain, cuusers.forcechange,
          cuusers.forceremain, cuusers.lastlogin,
          cuusers.priorlogin, cuusers.failedlogin,
          cuusers.pwchange, cuusers.msg_tx, cuusers.billpayid,
          cuusers.employee $showtx,
          cuusers.depositlimit,userflags
        from cuusers where cu='{$p_hb_env['Cu']}' and user_name = '{$p_hb_env['Cn']}'; ";


    if ($p_post_build) {
      // * TRANSACTION -- IMMEDIATELY POST
      if (!$trans_rs = db_query($sql, $p_dbh)) {
        $retFuncFailed = true;
      }
    } else {
      $p_build_sql .= $sql;
    }

}
/**
 *
 * Update_ResetPassword
 *
 * Create the sql queries to update the RESET password
 * This function WILL do the update itself, NO DATA TRANSACTION OPTION
 * The array p_values will contain the following items.
   *
   *              This setting will be used to save a NEW password that has been
   *              reset
   *  [username]    - This is the username being updated
   *  [newpasswd_hash]   - This is the new HASHED password
   *  [failedremain]- Retry value to set the cuusers record
   *  [forceremain] - The value for the forceremain field
 *
 * @param type $p_dbh
 * @param type $p_hb_env
 * @param type $p_values
 */
function Update_ResetPassword($p_dbh, $p_hb_env, $p_values) {

  $retAry = Array("status" => Array ("code" => "", "severity" => "", "errors" => Array()));

  $trans_failed = false;
  $retFuncFailed = false;   // **Did the query execute as expected
  $sBuildSql = "";

  // * GET THE CURRENT dB time
  if ($time_rs = db_query("select now();", $p_dbh)) {
    list($chnow) = db_fetch_array($time_rs, 0);
  } else {
    // ** For some reason unable to get the current time
    $trans_failed = true;
  }

  $p_values['forceremain'] = intval($p_values['forceremain']);
  $p_values['failedremain'] = intval($p_values['failedremain']);

  // ** ONLY UPDATE IF newpasswd is defined in the p_values array
    // ** That way I may be able to use the current password as part of valiation and NO updated will occur
  if (array_key_exists('newpasswd_hash', $p_values)) {
    // ** Create the password hash
    $hash = crypt($p_values['newpasswd']);

    $sBuildSql = "UPDATE cuusers
                  SET passwd = '{$p_values['newpasswd_hash']}',
                    forcechange = 'Y',
                    pwchange = now(),
                    failedremain = '{$p_values['failedremain']}',
                    forceremain = '{$p_values['forceremain']}'
                  WHERE lower(user_name) = '" . strtolower($p_hb_env['Cn']) . "' and cu = '{$p_hb_env['Cu']}'; ";


    $trans_failed = Update_AuditMember($p_dbh, $p_hb_env, 2, $chnow, false, $sBuildSql);
    // END THE PROCESS

    // * WE NOW POST THE ACCUMULATED SQL
    if ($upd_rs = db_query($sBuildSql, $p_dbh)) {
      $retAry['status']['code'] = '000';
      $retAry['status']['severity'] = "SUCCESS";
    } else {
      // ** RECORD ERROR HERE
      $retAry['status']['code'] = '999';
      $retAry['status']['severity'] = 'ERROR';
      $retAry['status']['errors'][] = $p_mc->msg("Error Occurred updating settings");
    }
  } else {
    // ** RECORD ERROR HERE
    $retAry['status']['code'] = '999';
    $retAry['status']['severity'] = 'ERROR';
    $retAry['status']['errors'][] = $p_mc->msg("Error Occurred updating settings");
  }


  // ** RETURN THE status array
  return $retAry;
}
function Get_Billpayid($dbh, $HB_ENV, $TrustID='billpay', $pAcct) {
# returns array of bill pay override settings for member for specified Trustid vendor
    $Cu = $HB_ENV['Cu'];
    $Cn = $HB_ENV['Cn'];
    $billpay = array();

    $sql = "select trim(billpayid) from {$Cu}memberacct
            where accountnumber = '{$pAcct}'";

    $sth = db_query($sql, $dbh);
    if (db_num_rows($sth) == 0) {
        # return error -- account not found
        $billpay['status']['code'] = '999';
        $billpay['status']['severity'] = 'ERROR';
        $billpay['status']['errors'][] = "Account not found";
        $billpay['billpayid'] = "";
    } else {

        list($billpayid) = db_fetch_array($sth, 0);

        # GECU converted from Midatlantic to Ipay -- ignore stale billpayid settings
        if (trim($billpayid) == '' || "$Cu" == 'GECU') {
            $billpayid = $pAcct;
        }
        switch ($TrustID) {
            case 'IPAY':
            case 'MidIPAY':
            case 'IPAY_V3':
            case 'IPAYAPP':
            case 'IPAYTEST':
            case 'IPAYADA':
            case 'IPAYMBL':
                // no longer using
            case 'IPAYBPS':
                // if billpayid is less than 2 chars, left pad w/zero
                if (strlen($billpayid) < 2) {
                    $billpayid=substr("00$billpayid",-2,2);
                }
                break;
            default:
                break;
        }
        $billpay['status']['code']='000';
        $billpay['status']['severity']='SUCCESS';
        $billpay['billpayid'] = "$billpayid";
    }

    return ($billpay);
}

/**
 * Read_AllAlerts( $dbh, $pHBEnv )
 * Read all the current alerts.
 *
 * @param integer $pDbh           -- Current database handle
 * @param string $pCU             -- Current credit union
 * @param integer $pUid           -- Current user
 *
 * @returns $retAlert
 * ["code"]                       -- "000" success or "999" failure
 * ["errors"]                     -- Array of errors (if any)
 * ["data"]                       -- List of current alerts.
 */
function Read_AllAlerts( $pDbh, $pCu, $pUid ) {

  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  // set up the alert types
  $alertTypes= array("B" => array("type" => "bal", "name" => "Balance"),
                     "T" => array("type" => "trans", "name" => "Transaction"),
                     "C" => array("type" => "check", "name" => "Check"),
                     "L" => array("type" => "loan", "name" => "Loan"));

  // loan
  $sql = "SELECT alerttype, id, alert.accountnumber, emailtype, description,
                  notifymsg, inctransdesc, notifydesc, lastalert, alert.accounttype,
                  alert.alertstatus
          FROM cu_alerts alert
          INNER JOIN {$pCu}loanbalance lb ON lb.accountnumber = alert.accountnumber
            AND lb.loannumber = alert.accounttype
          WHERE alert.cu = '{$pCu}'
            AND alert.user_id = '{$pUid}' ";

  $sql .= " UNION ";

  /*
   * For 'trans' types, I need to also retrieve the column for inctransdesc.
   */
  $sql .= "SELECT alerttype, id, alert.accountnumber, emailtype, description,
                  notifymsg, inctransdesc, notifydesc, lastalert, alert.accounttype,
                  alert.alertstatus
          FROM cu_alerts alert
          INNER JOIN {$pCu}accountbalance ab ON ab.accountnumber = alert.accountnumber
            AND ab.accounttype = alert.accounttype
            AND ab.certnumber = alert.certnumber
          WHERE alert.cu = '{$pCu}'
            AND alert.user_id = '{$pUid}' ";

  // consistent sort order
  $sql .= " ORDER BY accountnumber, alerttype, description, id";

  $alertRS = db_query($sql, $pDbh);
  $iRow = 0;
  while ( $alertRow = db_fetch_assoc($alertRS, $iRow++) ) {

    // clean up the returned data
    foreach( $alertRow as $key => $value ) {
      $alertRow[$key] = trim($value);
    }

    // get the type names to return
    $typeRecord= $alertTypes[$alertRow["alerttype"]];

    $alertRow["type"] = $typeRecord["type"];
    $alertRow["type_name"] = $typeRecord["name"];

    // Don't print the last alert date if it is 1/1/2000
    $lastAlert = trim( $alertRow["lastalert"] );
    if ( $lastAlert == "01/01/2000" ) {
      $alertRow["lastalert"] = "";
    } else if ( strlen( $lastAlert ) ) {
      $lastAlertTime = strtotime($lastAlert);
      if ( date( "m/d/Y", $lastAlertTime ) == "01/01/2000" ) {
        $alertRow["lastalert"] = "";
      } else {
        $alertRow["lastalert"] = $lastAlert; // presentation level will need to format it
      }
    } else {
      $alertRow["lastalert"] = "";
    }

    $alertRow["description"] = trim( $alertRow["description"] ) . " - " . trim( $alertRow["accounttype"] );

    // * Build the notifydesc for trans type alerts
      /*
       * notifydesc for trans type will be different based on the value of
       * inctransdesc
       *   0 - USE the notifymsg as the descriptive text for THIS record
       *   1 - BUILD a message to display
       *          'Description Contains "notifydesc value"'
       *
       */
    if ($alertRow["alerttype"] == 'trans') {
      $alertRow["notifymsg"] = (intval($alertRow['inctransdesc']) == 1 ?
                        'Description Contains' . ' "' . $alertRow['notifydesc'] . '" ' :
                        $alertRow['notifymsg']);
    }

    $retAlert["data"][] = $alertRow;
  }

  db_free_result($alertRS);

  return $retAlert;
} // end Read_AllAlerts

/**
 * Read_OneAlert( $dbh, $pHBEnv )
 * Read a single alert.
 *
 * @param integer $dbh            -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Uid"]                 -- Current user's user id
 * $pHBEnv["HCUPOST"]["id"]       -- Id of alert in database table
 *
 * @returns $retAlert
 * ["code"]                       -- "000" success or "999" failure
 * ["errors"]                     -- Array of errors (if any)
 * ["data"]                       -- Detailed information about the specified alert (row in respective table).
 */
function Read_OneAlert(  $dbh, $pHBEnv ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $alertId = $pHBEnv["HCUPOST"]["id"];
  $Cu = $pHBEnv["Cu"];
  // really for another level of validation that reading correct alert
  $Uid = $pHBEnv["Uid"];

  // return the necessary data
  $sql = "SELECT *
          FROM cu_alerts
          WHERE id = '{$alertId}'
            AND cu = '{$Cu}'
            AND user_id = '{$Uid}' ";
  $alertRS = db_query( $sql, $dbh );
  $alertRow = db_fetch_assoc( $alertRS, 0 );

  // trim the data, if it exists
  if ( isset( $alertRow["id"] ) && $alertRow["id"] > 0 ) {
    foreach( $alertRow as $key => $value ) {
      $alertRow[$key] = trim($value);
    }
  }

  // loan accounts are refered to a different way
  if ( $alertRow["type"] == "l" ) {
    $selAcct = trim( $alertRow["loannumber"] );
  } else {
    $selAcct = trim( $alertRow["accounttype"] ) . "_" . trim( $alertRow["certnumber"] );
  }

  $alertRow["selacct"] = trim( $alertRow["accountnumber"] ) . "_" . $selAcct;

  $retAlert["data"] = $alertRow;

  return $retAlert;
}

/**
 * Delete_Alert( $dbh, $pHBEnv, $MC )
 * Delete a single alert.
 *
 * @param integer $dbh            -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 * @param object $MC              -- Language specific dictionary strings
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Uid"]                 -- Current user's user id
 * $pHBEnv["HCUPOST"]["id"]       -- Id of alert in respective database table
 *
 * @returns $retAlert
 * ["code"]                       -- "000" success or "999" failure
 * ["errors"]                     -- List of errors (if any)
 */
function Delete_Alert( $dbh, $pHBEnv, $MC ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $alertId = $pHBEnv["HCUPOST"]["id"];
  $Cu = $pHBEnv["Cu"];
  // just this user
  $Uid = $pHBEnv["Uid"];

  $sql = "DELETE
          FROM cu_alerts
          WHERE id = {$alertId}
            AND cu = '{$Cu}'
            AND user_id = '{$Uid}'";
  $delRS = db_query( $sql, $dbh );

  $aryReturnErrors = array();
  if ( !$delRS ) {
    $aryReturnErrors[] = $MC->msg('Alert Delete Fail');
  } else {
    $affectedRows = db_affected_rows( $delRS );

    if ( $affectedRows != 1 ) {
      $aryReturnErrors[] = $MC->msg('Alert Delete Fail');
    }
  }

  if ( count( $aryReturnErrors ) > 0 ) {
    // * validation errors occurred
    $retAlert['code'] = '999';
    $retAlert["errors"] = $aryReturnErrors;
  }

  return $retAlert;
}

/**
 * Validate_Alert( $dbh, $pHBEnv, $MC )
 * Verify the alert update inputs.
 *
 * @param integer $dbh            -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 * @param object $MC              -- Language specific dictionary strings
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Cn"]                  -- Current account number
 * $pHBEnv["HCUPOST"]["type"]     -- Type of alert (bal, trans, check, loan)
 * For balance alert:
 * $pHBEnv["HCUPOST"]["notifyamt"]    -- amount to trigger the alert
 * For transaction alert:
 * $pHBEnv["HCUPOST"]["notifydesc"]   -- exact description to trigger alert (at least three characters)
 * $pHBEnv["HCUPOST"]["userange"]     -- Y/N flag to also use a range
 * $pHBEnv["HCUPOST"]["desc_amtmin"]  -- minimum of range
 * $pHBEnv["HCUPOST"]["desc_amtmax"]  -- maximum of range
 * For check number alert:
 * $pHBEnv["HCUPOST"]["chknum"]       -- check number to trigger alert
 * For all alerts:
 * $pHBEnv["HCUPOST"]["notifymsg"]    -- message to send to member
 * $pHBEnv["HCUPOST"]["emailtype"]    -- "E" = email, "W" = wireless
 * $pHBEnv["HCUPOST"]["provider_id"]  -- wireless provider id
 * $pHBEnv["HCUPOST"]["notifyto"]     -- email or cell number
 *
 * @returns $retAlert
 * ["code"]                       -- "000" success or "999" failure
 * ["errors"]                     -- List of errors (if any)
 */
function Validate_Alert( $dbh, $pHBEnv, $MC ) {
  //  all the information that was needed has been entered.
  // This is done differently depending on which options were selected
  //  different options require different fields

  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $alertType = $pHBEnv["HCUPOST"]["type"];

  $aryReturnErrors = array();

  if ( trim( $pHBEnv["HCUPOST"]["mbr_account"] ) == "" ) {
    $aryReturnErrors[] = $MC->msg('Account Number Missing');
  }

  // An alert type MUST be selected
  $inctransdesc = 0;
  switch ( $alertType ) {
    case "bal":            // ** BALANCE ALERT
      // Balance alert
      // Validate an amount was selected for less than
      if (trim($pHBEnv["HCUPOST"]["notifyamt"]) == "" || !is_numeric($pHBEnv["HCUPOST"]["notifyamt"])) {
        $aryReturnErrors[] = $MC->msg('Amount Missing');
      }
    break;
    case "trans":          // ** TRANSACTION ALERT
      // Transaction Alert
      // Validate the range is correct if they selected to use an amount range
      if ( $pHBEnv["HCUPOST"]["userange"] == "1" ) {
        // validate the range values are entered
        if ( trim($pHBEnv["HCUPOST"]["desc_amtmin"]) == "" || !is_numeric($pHBEnv["HCUPOST"]["desc_amtmin"])  ) {
          $aryReturnErrors[] = $MC->msg('Amount Minimum');
        }
        if ( trim($pHBEnv["HCUPOST"]["desc_amtmax"]) == "" || !is_numeric($pHBEnv["HCUPOST"]["desc_amtmax"]) ) {
          $aryReturnErrors[] = $MC->msg('Amount Maximum');
        }
      }
      if ( strlen(trim($pHBEnv["HCUPOST"]["notifydesc"])) == 0 ) {
        $aryReturnErrors[] = $MC->msg('Description Missing');
      } elseif ( strlen(trim($pHBEnv["HCUPOST"]["notifydesc"])) < 3 ) {
        $aryReturnErrors[] = $MC->msg('Description Short');
      }
      // * For trans types, get the SUBMITTED user value for the include trans desc value
      $inctransdesc = intval($pHBEnv['HCUPOST']['inctransdesc']);
      break;
    case "check":            // ** CHECK NUMBER ALERT
      // Check Number Alert
      if ( strlen(trim($pHBEnv["HCUPOST"]["chknum"])) == 0 ) {
        $aryReturnErrors[] = $MC->msg('Check Number Missing');
      }
      break;
    case "loan":            // ** MISSED PAYMENT DATE
      // nothing to check
      break;
    default:
      $aryReturnErrors[] = $MC->msg('Invalid Alert Type');
  }

  // Require a message
  $notifyMsg = isset( $pHBEnv["HCUPOST"]["notifymsg"] ) && strlen( trim($pHBEnv["HCUPOST"]["notifymsg"]) ) > 0 ? trim($pHBEnv["HCUPOST"]["notifymsg"]) : "";
  if ( $notifyMsg == "" && (($alertType != 'trans') || ($alertType == 'trans' && $inctransdesc == 0))) {
    $aryReturnErrors[] = $MC->msg('Message Missing');
  }

  // Cell Phone/Email option
  $weType = isset( $pHBEnv["HCUPOST"]["emailtype"] ) && strlen( $pHBEnv["HCUPOST"]["emailtype"] ) ? $pHBEnv["HCUPOST"]["emailtype"] : "";
  $weType = substr(strtoupper($weType), 0, 1);
  $cellProvider = isset( $pHBEnv["HCUPOST"]["provider_id"] ) && strlen( $pHBEnv["HCUPOST"]["provider_id"] ) ? $pHBEnv["HCUPOST"]["provider_id"] : "";
  $notifyTo = isset( $pHBEnv["HCUPOST"]["notifyto"] ) && strlen( $pHBEnv["HCUPOST"]["notifyto"] ) ? trim( $pHBEnv["HCUPOST"]["notifyto"] ) : "";
  if ($weType == "E") {
    // Email -- be sure the value is selected
    if ( strlen( $notifyTo ) == 0 ) {
      $aryReturnErrors[] = $MC->msg('EMail Missing');
    } else {
      if ( !validateEmail( $notifyTo ) ) {
        $aryReturnErrors[] = $MC->msg('Email appears invalid');
      }
    }
  } else if ( $weType == "W" ) {
    // Cell Phone -- make sure a number is entered and just verify the provider
    if (strlen( $notifyTo ) == 0) {
      $aryReturnErrors[] = $MC->msg('Cell Number Missing');
    } elseif (strlen( $notifyTo ) != 10) {
      // ** Wrong number of digits entered
      $aryReturnErrors[] = $MC->msg('Cell Number Length');
    } elseif (!is_numeric( $notifyTo ) ) {
      // ** Be sure all are numeric digits
      $aryReturn['status']['errors'][] = $MC->msg('Cell Number Digits');
    }
    if (strlen( $cellProvider ) == '') {
      $aryReturn['status']['errors'][] = $MC->msg('Provider Missing');
    }
  } else {
    $aryReturn['status']['errors'][] = $MC->msg('Send Option Missing');
  }

  if ( count( $aryReturnErrors ) > 0 ) {
    // * validation errors occurred
    $retAlert['code'] = '999';
    $retAlert["errors"] = $aryReturnErrors;
  }

  return $retAlert;
}

/**
 * Update_Alert( $dbh, $pHBEnv, $MC )
 * Create/Update the alert.
 * NOTE: Verify_Alert should already have been called.
 *
 * @param integer $dbh            -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 * @param object $MC              -- Language specific dictionary strings
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Cn"]                  -- Current account number
 * $pHBEnv["HCUPOST"]["type"]     -- Type of alert (bal, trans, check, loan)
 * $pHBEnv["HCUPOST"]["id"]       -- Id of alert in respective database table (0 if creating one)
 * $pHBEnv["HCUPOST"]["mbr_account"]  -- Member account for alert
 * $pHBEnv["HCUPOST"]["selacct"]  -- selected account_account-type_cert# or _loan#
 * For balance alert:
 * $pHBEnv["HCUPOST"]["notifyamt"]    -- amount to trigger the alert
 * $pHBEnv["HCUPOST"]["incbal"]       -- 1/0 flag to include the balance in the alert
 * $pHBEnv["HCUPOST"]["useavailbal"]  -- use available balance (versus total balance)
 * $pHBEnv['HCUPOST']['inctransdesc'] -- 1/0 flag to use Transaction Desc (1) or custom message (0) *default
 * For transaction alert:
 * $pHBEnv["HCUPOST"]["notifydesc"]   -- exact description to trigger alert (at least three characters)
 * $pHBEnv["HCUPOST"]["userange"]     -- Y/N flag to also use a range
 * $pHBEnv["HCUPOST"]["desc_amtmin"]  -- minimum of range
 * $pHBEnv["HCUPOST"]["desc_amtmax"]  -- maximum of range
 * $pHBEnv["HCUPOST"]["incbal"]       -- 1/0 flag to include the balance in the alert
 * $pHBEnv["HCUPOST"]["incamt"]       -- 1/0 flag to include the amount in the description
 * $pHBEnv["HCUPOST"]["transtype"]    -- flag for both (B), deposit (D), withdrawl (W)
 * For check number alert:
 * $pHBEnv["HCUPOST"]["chknum"]       -- check number to trigger alert
 * $pHBEnv["HCUPOST"]["incamt"]       -- 1/0 flag to include the amount in the description
 * For loan alerts
 * $pHBEnv["HCUPOST"]["days_prior"]   -- number of days prior to due date
 * For all alerts:
 * $pHBEnv["HCUPOST"]["notifymsg"]    -- message to send to member
 * $pHBEnv["HCUPOST"]["emailtype"]    -- "E" = email, "W" = wireless
 * $pHBEnv["HCUPOST"]["provider_id"]  -- wireless provider id
 * $pHBEnv["HCUPOST"]["notifyto"]     -- email or cell number
 *
 * @returns $retAlert
 * ["code"]                       -- "000" success or "999" failure
 * ["errors"]                     -- List of errors (if any)
 */
function Update_Alert( $dbh, $pHBEnv, $MC ) {

  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $Cu = $pHBEnv["Cu"];
  $alertType = $pHBEnv["HCUPOST"]["type"];
  $alertId = $pHBEnv["HCUPOST"]["id"];

  $acctType = "";
  $certNumber = "";
  $loanNumber = "";
  if (isset($pHBEnv["HCUPOST"]["selacct"])) {
    if ( $alertType == "loan" ) {
      list( $mbrAccount, $loanNumber) = explode( "_", $pHBEnv["HCUPOST"]["selacct"] );
    } else {
      list( $mbrAccount, $acctType, $certNumber) = explode( "_", $pHBEnv["HCUPOST"]["selacct"] );
      $certNumber = intval($certNumber); // need to be an integer
    }
  } else {
    $mbrAccount = isset( $pHBEnv["HCUPOST"]["mbr_account"] ) && strlen( trim($pHBEnv["HCUPOST"]["mbr_account"]) ) > 0 ? trim($pHBEnv["HCUPOST"]["mbr_account"]) : '';
  }

  // which account
  // the message
  $notifyMsg = isset( $pHBEnv["HCUPOST"]["notifymsg"] ) && strlen( trim($pHBEnv["HCUPOST"]["notifymsg"]) ) > 0 ? trim($pHBEnv["HCUPOST"]["notifymsg"]) : "";

  // Cell Phone/Email option
  $weType = isset( $pHBEnv["HCUPOST"]["emailtype"] ) && strlen( $pHBEnv["HCUPOST"]["emailtype"] ) ? $pHBEnv["HCUPOST"]["emailtype"] : "";
  $weType = substr(strtoupper($weType), 0, 1);
  $cellProvider = isset( $pHBEnv["HCUPOST"]["provider_id"] ) && strlen( $pHBEnv["HCUPOST"]["provider_id"] ) ? $pHBEnv["HCUPOST"]["provider_id"] : "";
  $notifyTo = isset( $pHBEnv["HCUPOST"]["notifyto"] ) && strlen( $pHBEnv["HCUPOST"]["notifyto"] ) ? trim( $pHBEnv["HCUPOST"]["notifyto"] ) : "";

  // Now Prepare to save the alert, may be UPDATE or INSERT, but first we must prepare the data
  $save_n_desc = "NULL";  // Notification Message
  $save_n_chk = "NULL";    // Check Number save Null Unless that alert is specified
  $save_n_trans = "";    // Transaction type for tranasction alert
  $save_wire_emailtype = $weType;   // already formatted correctly
  $save_notifyto = prep_save( $notifyTo, 50 );
  $save_msg = prep_save( str_replace("\\", "", $notifyMsg), 255 );

  // SETUP THE DEFAULTS
  $save_n_min = "NULL";
  $save_n_max = "NULL";

  $save_loannumber = prep_save($loanNumber);
  $acctType = prep_save($acctType);
  $certNumber = prep_save($certNumber);
  $incBal = isset( $pHBEnv["HCUPOST"]["incbal"] ) && $pHBEnv["HCUPOST"]["incbal"] == 1 ? 1 : 0;
  $incAmt = isset( $pHBEnv["HCUPOST"]["incamt"] ) && $pHBEnv["HCUPOST"]["incamt"] == 1 ? 1 : 0;
  $incTransDesc = isset( $pHBEnv["HCUPOST"]["inctransdesc"] ) && $pHBEnv["HCUPOST"]["inctransdesc"] == 1 ? 1 : 0;
  $useAvailBal = isset( $pHBEnv["HCUPOST"]["useavailbal"] ) && $pHBEnv["HCUPOST"]["useavailbal"] == 1 ? 1 : 0;
  switch ( $alertType ) {
    case "bal":                // ** BALANCE ALERT
      $save_n_min = 0;      // For this type always save 0 as the minimum
      $save_n_max = $pHBEnv["HCUPOST"]["notifyamt"];
      break;
    case "trans":                // ** TRANSACTION ALERT
      $save_n_desc = prep_save($pHBEnv["HCUPOST"]["notifydesc"], 90);
      $save_n_trans = prep_save($pHBEnv["HCUPOST"]["transtype"]);
      if ($pHBEnv["HCUPOST"]["userange"] == "1") {
        $save_n_min = $pHBEnv["HCUPOST"]["desc_amtmin"];
        $save_n_max = $pHBEnv["HCUPOST"]["desc_amtmax"];
      }
      $save_notifyrange = prep_save($pHBEnv["HCUPOST"]["userange"]);
      break;
    case "check":                // ** CHECK NUMBER ALERT
      $save_n_chk = "'" . prep_save($pHBEnv["HCUPOST"]["chknum"], 8) . "'";
      break;
    case "loan":                // ** MISSED PAYMENT DATE ALERT
      switch (intval($pHBEnv["HCUPOST"]["days_prior"])) {
        case 5:
        case 10:
          $save_days_prior = intval($pHBEnv["HCUPOST"]["days_prior"]);
          break;
        default:
          $save_days_prior = 0;
      }
      break;
  }

  // Separate out the bank account information
  if ( $alertId > 0 ) {
    // UPDATE the correct fields in the cu_alerts table for the specific type of alert
    switch ( $alertType ) {
      case "bal":          // Balance Alert
        $field_value = "accounttype = '$acctType',
                        certnumber = '$certNumber',
                        incbal = '$incBal',
                        useavailbal = '$useAvailBal',
                        notifyamt = $save_n_max, ";

        break;
      case "trans":          // Transaction Alert
        $field_value = "accounttype = '$acctType',
                        certnumber = '$certNumber',
                        incbal = '$incBal',
                        incamt = '" . intval($incAmt) . "',
                        inctransdesc = '$incTransDesc',
                        notifyamtmin = $save_n_min,
                        notifyamtmax = $save_n_max,
                        notifyrange = '" . intval($save_notifyrange) . "',
                        notifydesc = '$save_n_desc',
                        notifytranstype = '$save_n_trans', ";
        break;
      case "check":          // Check Number Alert
        $field_value = "accounttype = '$acctType',
                        certnumber = '$certNumber',
                        incamt = '" . intval($incAmt) . "',
                        notifychknum = $save_n_chk, ";
        break;
      case "loan":          // Missed Payment Alert
        $field_value = "accounttype = '$save_loannumber',
                        notifyloandaysprior = $save_days_prior, ";

        break;
    }

    $sql = "UPDATE cu_alerts
            SET
              accountnumber = '$mbrAccount',
              $field_value
              emailtype = '$save_wire_emailtype',
              notifyto = '$save_notifyto',
              provider_id = '" . prep_save($cellProvider, 35) . "',
              notifymsg = '$save_msg'
            WHERE id = {$alertId} ";

  } else {
    // new entry
    switch ( $alertType ) {
      case "bal":      // Balance Alert
        // On Insert also set the lastalert date to be 1/1/2000
        $field_list = "alerttype, accounttype, certnumber,
             incbal, useavailbal, notifyamt, lastalert ";
        $value_list  = "'B', '$acctType', '$certNumber',
             $incBal, $useAvailBal, $save_n_max, NULL ";
        break;
      case "trans":      // Transaction Alert
        // For a Transaction Alert -- I need to get the max tracenumber
        $sql = "SELECT max(tracenumber) as maxtrace
                FROM {$Cu}accounthistory
                WHERE accountnumber = '$mbrAccount'
                  AND accounttype = '$acctType'
                  AND certnumber = '$certNumber'
                  AND tracenumber is not null ";
        $traceRS = db_query( $sql, $dbh );
        $traceRow = db_fetch_array($traceRS, 0);

        db_free_result($traceRS);

        $field_list = "alerttype, accounttype, certnumber,
             incbal, incamt, inctransdesc, notifyrange, notifyamtmin,
             notifyamtmax, notifydesc, notifytranstype, lasttrace, lastalert ";
        $value_list  = "'T', '$acctType', '$certNumber',
             '$incBal',
             '" . intval($incAmt) . "', $incTransDesc,
             '" . intval($save_notifyrange) . "', $save_n_min,
             $save_n_max, '$save_n_desc', '$save_n_trans', '{$traceRow['maxtrace']}', NULL ";
        break;
      case "check":      // Check Number Alert
        $field_list = "alerttype, accounttype, certnumber,
              incamt, notifychknum, lastalert ";
        $value_list  = "'C', '$acctType', '$certNumber',
             '" . intval($incAmt) . "',
             $save_n_chk, NULL ";
        break;
      case "loan":      // Missing Payment Alert
        // On Insert also set the lastalert date to be 1/1/2000
        $field_list = "alerttype, accounttype, lastalert, notifyloandaysprior ";
        $value_list = "'L', '$save_loannumber', NULL, $save_days_prior ";
        break;
    }

    $userId = $pHBEnv["Uid"];

    // get the next alert id since need to use it to return it and other info
    $sql = "SELECT nextval('cualerts_id_seq'::text) as alertid";
    $alertRS = db_query( $sql, $dbh );
    $alertRow = db_fetch_assoc( $alertRS );
    $alertId = $alertRow["alertid"];

    // INSERT into the cu_alerts table for the specific type of alert
    $sql = "INSERT INTO cu_alerts
            (id, cu, accountnumber, user_id, emailtype,
             notifyto, provider_id, notifymsg, alertstatus, $field_list )
            VALUES
            ($alertId, '{$Cu}', '$mbrAccount', $userId, '$save_wire_emailtype',
             '$save_notifyto', '" . prep_save($cellProvider, 35) . "',
             '$save_msg', 1, $value_list
            );";

  }

  if ((!$save_rs = db_query($sql, $dbh))) {
    // Error INSERTING The data
    $retAlert['errors'][] = $MC->msg('Error Saving Alert');

  }
  if ( count( $retAlert['errors'] ) > 0 ) {
    // * validation errors occurred
    $retAlert['code'] = '999';
  }

  return $retAlert;
}

/**
 * Check_AlertsEnabled( $dbh, $pHBEnv )
 * Check to see if the alert feature is enabled.
 *
 * @param integer $dbh            -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Cn"]                  -- Current account number
 *
 * @returns false if not enabled OR $retAlert
 * ["code"]                       -- "000" success
 * ["errors"]                     -- List of errors (if any)
 */
function Check_AlertsEnabled( $dbh, $pHBEnv ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  // make sure they have an alert e-mail set up
  $sql = "SELECT email FROM cuadmnotify
          WHERE cu = '{$pHBEnv["Cu"]}' AND role = 'alert'";
  $emRS = db_query($sql, $dbh);
  $emRow = db_fetch_array($emRS, 0);
  $notifyEmail = $emRow["email"];
  db_free_result($emRS);

  if ( !strlen( trim( $notifyEmail ) ) ) {
    $retAlert = false;
  }

  return $retAlert;
} // end Check_AlertsEnabled

/**
 * Get_AlertLimits(  )
 * Get the limits of totaly alerts and account-type limit for all alert types.
 *
 * @returns $retAlert
 * ["code"]                       -- "000" success
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- the alert limit data
 */
function Get_AlertLimits( ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  // use hard coded values
  define( "TRANS_LIMIT", 20 );      // This is the self-imposed limit for the number of transaction type alerts that may be created...
                                    // To change the maximum number of allowed alerts for transaction type, do it here...

  define( "CHECK_LIMIT", 4 );       // This is the self-imposed limit for the number of transaction type alerts that may be created...
                                    // To change the maximum number of allowed alerts for transaction type, do it here...

  $alertLimits = array();
  $alertLimits["bal"] =   array( "total_limit" => 0, "acct_type" => 2 );
  $alertLimits["trans"] = array( "total_limit" => TRANS_LIMIT, "acct_type" => 0 );
  $alertLimits["check"] = array( "total_limit" => CHECK_LIMIT, "acct_type" => 0 );
  $alertLimits["loan"] =  array( "total_limit" => 0, "acct_type" => 1 );

  $retAlert["data"] = $alertLimits;

  return $retAlert;
} // end Get_AlertLimits

/**
 * Get_AlerTypes(  )
 * Get the names for all alert types.
 *
 * @param object $MC              -- Language specific dictionary strings
 *
 * @returns $retAlert
 * ["code"]                       -- "000" success
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- the alert limit data
 */
function Get_AlertTypes( $pMC ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  // use hard coded values
  $alertTypes = array();
  $alertTypes[] = array( "name" => $pMC->msg('Balance'), "value" => "bal" );
  $alertTypes[] = array( "name" => $pMC->msg('Transaction'), "value" => "trans" );
  $alertTypes[] = array( "name" => $pMC->msg('Check Number'), "value" => "check" );
  $alertTypes[] = array( "name" => $pMC->msg('Missed Payment Date'), "value" => "loan" );

  $retAlert["data"] = $alertTypes;

  return $retAlert;
} // end Get_AlertTypes

/**
 * Get_AlertProviders( $dbh )
 * Get the alert cell phone provider names / ids.
 *
 * @param integer $dbh            -- Current database handle
 *
 * Expected inputs:
 *   None
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- Array of provider_id, provider_name pairs
 */
function Get_AlertProviders( $dbh, $showSQL= false) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $providers = array();

  $sql = "SELECT *
            FROM cualertproviders
            ORDER BY  provider_name ";
  $provRS = db_query($sql, $dbh);
  $dbRow = 0;
  while ($provRow = db_fetch_assoc($provRS, $dbRow++)) {
    $provRow["provider_id"] = trim( $provRow["provider_id"] );
    $provRow["provider_name"] = trim( $provRow["provider_name"] );
    $providers[] = $provRow;
  }

  $retAlert["data"] = $providers;
  if ($showSQL)
    $retAlert["sqls"]= array($sql);

  return $retAlert;
} // end Get_AlertProviders

/**
 * Get_AlertDesc( $alertType, $pMC )
 * Get the display name of the alert type.
 *
 * @param string $alertType       -- bal, trans, check, loan
 * @param object $MC              -- Language specific dictionary strings
 *
 * Expected inputs:
 *   None
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- Alert display name
 */
function Get_AlertDesc( $alertType, $pMC ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $alertName = "";
  switch ($alertType) {
    case "bal":
      $alertName = $pMC->msg('Balance');
      break;
    case "trans":
      $alertName = $pMC->msg('Transaction');
      break;
    case "check":
      $alertName = $pMC->msg('Check Number');
      break;
    case "loan":
      $alertName = $pMC->msg('Missed Payment Date');
      break;
  }

  $retAlert["data"] = $alertName;

  return $retAlert;
} // Get_AlertDesc

/**
 * Get_AlertAccounts( $pDbh, $pCu, $pUid )
 * Get a list of accounts for all types of alerts.
 *
 * @param integer $pDbh           -- Current database handle
 * @param string $pCu             -- Current credit union
 * @param string $pAcct           -- Current account number
 * @param string $pUid            -- Current user
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Cn"]                  -- Current account number
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- List of accounts, current count of each account in use
 */
function Get_AlertAccounts( $pDbh, $pHBEnv ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $cu = $pHBEnv["Cu"];
  $uId = $pHBEnv["Uid"];
  $Fset = $pHBEnv["Fset"];
  $Fset2 = $pHBEnv["Fset2"];
  $Fset3 = $pHBEnv["Fset3"];

  // must setup an order by to match the TX_list function
  // this way the list will match the profile descriptions
  // screen and any other screens on banking.

  // since this is a union, loannumber and accounttype are
  // displayed in the accounttype column. we will use a case
  // statement in the sql to determine which way to trim accounttype.
  $orderBy = "";
  $orderBy .= "display_order,";
  $orderBy .= " CASE recordtype";
  $tempOid = '0';
  if (($Fset & GetFlagsetValue("CU_SORTORDER4")) == GetFlagsetValue("CU_SORTORDER4")) {
    //$orderBy .= " WHEN 'D' THEN btrim(accounttype, 'DIS')";
    $orderBy .= " WHEN 'D' THEN btrim(accounttype,'DIS')";
  } else if (($Fset2 & GetFlagsetValue("CU2_SORTORDER6")) == GetFlagsetValue("CU2_SORTORDER6")) {
    $orderBy .= " WHEN 'D' THEN acctoid";
    //" order by ua.display_order, btrim(ab.accounttype,'DIS'),ab.certnumber";
    //$orderBy .= " WHEN 'D' THEN "

    /**
     * This is NOT ideal, but there are some tables that do NOT have oid specified.  So they can not have the 'oid' column referenced.
     *
     * If oid is NOT set then use the default value 0 as the column won't be used for ordering anyways.
     *
     * The 'oid' can not be referenced as it will break the query.
     *
     */
    $tempOid = "acct.oid";
  } else {
    $orderBy .= " WHEN 'D' THEN btrim(accounttype, 'DIS')";
    //$orderBy .= " WHEN 'D' THEN accounttype";
  }

  if ($Fset & GetFlagsetValue('CU_LNSORT2')) {
    $orderBy .= " WHEN 'L' THEN btrim(accounttype,'LC')";
    //$orderBy .= " WHEN 'L' THEN btrim(accounttype, 'LC')";
  } else {
    $orderBy .= " WHEN 'L' THEN accounttype";
    //$orderBy .= " WHEN 'L' THEN accounttype";
  }

  $orderBy .= " END,";
  $orderBy .= " accountnumber, certnumber";

  // bal and trans are the same accounts; checking accounts are bal/tran but with deposittype = Y
  $sql = "
    SELECT * FROM (
      SELECT acct.accountnumber, useracct.display_name, useracct.display_order, description, useracct.accounttype, useracct.certnumber,
             useracct.recordtype, useracct.view_balances, useracct.view_transactions, acct.deposittype, ma.restrictions, 1 as alertgroup, lpad({$tempOid}::varchar, 10, '0') as acctoid
    FROM {$cu}useraccounts as useracct
    INNER JOIN {$cu}accountbalance as acct ON acct.accountnumber = useracct.accountnumber
      AND acct.accounttype = useracct.accounttype
      AND acct.certnumber = useracct.certnumber
    INNER JOIN {$cu}memberacct ma ON ma.accountnumber = useracct.accountnumber
    WHERE useracct.user_id = $uId
      AND useracct.recordtype = 'D'

    UNION

    SELECT acct.accountnumber, useracct.display_name, useracct.display_order, description, useracct.accounttype, useracct.certnumber,
           useracct.recordtype, useracct.view_balances, useracct.view_transactions, 'N' as deposittype, ma.restrictions, 2 as alertgroup, lpad({$tempOid}::varchar, 10, '0') as acctoid
    FROM {$cu}useraccounts as useracct
    INNER JOIN {$cu}loanbalance as acct ON acct.accountnumber = useracct.accountnumber
      AND acct.loannumber = useracct.accounttype
    INNER JOIN {$cu}memberacct ma ON ma.accountnumber = useracct.accountnumber
    WHERE useracct.user_id ='$uId'
      AND useracct.recordtype = 'L'
    ) accts ORDER BY $orderBy";

  $acctRS = db_query( $sql, $pDbh );
  $rowCnt = 0;
  $acctListHolder = array();
  while ($acctRow = db_fetch_array( $acctRS, $rowCnt++ )) {
    // don't allow locked accounts
    if ( $acctRow["restrictions"] == "L" ) {
      continue;
    }

    $recordType = $acctRow["recordtype"];
    if ( $recordType == "L" ) {
      $ident = trim( $acctRow["accounttype"] );
    } else {
      $ident = trim( $acctRow["accounttype"] ) . "_" . trim( $acctRow["certnumber"] );
    }

    $account= trim($acctRow["accountnumber"]);

    // need to prepend the account number in case of multiple accounts
    $ident = $account . "_" . $ident;

    $acctListHolder[] =  array( "type" => $recordType,
                                "account" => $account,
                                "description" => getAccountDescription($pDbh, $cu, $account, $acctRow['description'], $acctRow["accounttype"], $acctRow['display_name'], $Fset3,
                                  $acctRow["certnumber"], false),
                                "deposit_acct" => strtoupper($acctRow["deposittype"]),
                                "view_balances" => $acctRow['view_balances'],
                                "view_transactions" => $acctRow['view_transactions'],
                                "identifier" => $ident );
  }

  $retAlert["data"] = $acctListHolder;
  return $retAlert;
} // end Get_AlertAccounts

/**
 * Get_AlertAccountList( $dbh, $pHBEnv )
 * Get a list of sub-accounts that can handle the different alert types for the given user.
 *
 * @param integer $pDbh           -- Current database handle
 * @param string $pCu             -- Current credit union
 * @param string $pAcct           -- Current account number
 * @param integer $pUid           -- Current user id
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- List of accounts, flagged for each type of alert it can be used.
 */
function Get_AlertAccountList( $pDbh, $pHbEnv ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $accountList = array();

  $return = Get_AlertAccounts( $pDbh, $pHbEnv );
  $alertAccounts = $return["data"];

  for ( $t = 0; $t < count( $alertAccounts ); $t++ ) {
    // see if already have this sub_account for the member account
    $found = false;
    for ( $i = 0; $i < count( $accountList ); $i++ ) {
      if ( ($alertAccounts[$t]["account"] == $accountList[$i]["accountnumber"]) &&
           ($alertAccounts[$t]["identifier"] == $accountList[$i]["acct_ident"]) ) {
        $found = true;
        break;
      }
    }

    if ( !$found ) {
      // create new entry
      $accountList[] = array (
          "acct_ident" => $alertAccounts[$t]["identifier"],
          "accountnumber" => $alertAccounts[$t]["account"],
          "description" => $alertAccounts[$t]["description"],
          "bal_allowed" => false,
          "trans_allowed" => false,
          "check_allowed" => false,
          "loan_allowed" => false );
    }

    // mark this type as allowed if the permission allows it as can be used by this type based on permissions
    // RULES: If type "B" (balances):
    if ( $alertAccounts[$t]["type"] == "D" ) {
      if ( $alertAccounts[$t]["view_balances"] == "t" ) {
        $accountList[$i]["bal_allowed"] = true;
      }
      if ( $alertAccounts[$t]["view_transactions"] == "t" ) {
        $accountList[$i]["trans_allowed"] = true;

        if ( $alertAccounts[$t]["deposit_acct"] == "Y" ) {
          $accountList[$i]["check_allowed"] = true;
        }
     }
    } else if ( $alertAccounts[$t]["type"] == "L" ) {
      if ( $alertAccounts[$t]["view_balances"] == "t" ) {
        $accountList[$i]["loan_allowed"] = true;
      }
    }

  }

  // count limits are checked via the permissions module

  $retAlert["data"] = $accountList;

  return $retAlert;
} // end Get_AlertAccountList

/**
 * Get_AlertsDetailed( $dbh, $pHBEnv)
 * Read all the current alerts with any extended data for each.
 * NOTE: The returned information will be a flat array of all possible alert information but with
 *       only that alert-specific information filled in.
 * NOTE: The "lastalert" value is returned unformatted. It is left to the presentation layer to format as necessary.
 *
 * @param integer $pDbh           -- Current database handle
 * @param string $pCu             -- Credit union code
 * @param integer $pUid           -- Current user id
 * @param boolean $showSQL        -- If true, then SQL will be returned.  (Only the first two parameters need to be defined.  If this isn't defined, then it is false.)
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["sqls"]                       -- List of sqls (if $showSQL is defined and set to true)
 * ["data"]                       -- List of current alerts - all possible info for all alert types.
 */
function Get_AlertsDetailed( $pDbh, $pCu, $pUid, $Fset3, $MC= null)
{
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  // initialize the return array
  $currAlerts = array();
  $sqls= array();

  // set up the alert types
  $alertTypes= array("B" => array("type" => "bal", "name" => isset($MC) ? $MC->msg("Balance", HCU_DISPLAY_AS_JS) : "Balance"),
                     "T" => array("type" => "trans", "name" => isset($MC) ? $MC->msg("Transaction", HCU_DISPLAY_AS_JS) : "Transaction"),
                     "C" => array("type" => "check", "name" => isset($MC) ? $MC->msg("Check", HCU_DISPLAY_AS_JS) : "Check"),
                     "L" => array("type" => "loan", "name" => isset($MC) ? $MC->msg("Loan", HCU_DISPLAY_AS_JS) : "Loan"));

  // this one for loans
  $sql = "SELECT alert.alerttype, alert.accountnumber, coalesce(nullif(trim(ua.display_name), ''), description) as descSort, ua.certnumber, ua.accounttype, alert.*, description,
          ua.display_name, ma.restrictions
          FROM cu_alerts alert
          INNER JOIN {$pCu}loanbalance lb ON lb.accountnumber = alert.accountnumber
            AND lb.loannumber = alert.accounttype
          INNER JOIN {$pCu}useraccounts ua ON ua.accountnumber = alert.accountnumber
            AND ua.accounttype = alert.accounttype
            AND ua.user_id = alert.user_id
          INNER JOIN {$pCu}memberacct ma ON ma.accountnumber = alert.accountnumber
          WHERE alert.cu = '{$pCu}'
            AND alert.alerttype = 'L'
            AND alert.user_id = '{$pUid}' ";

  // combine into a single query
  $sql .= " UNION ";

  // this one for non-loans
  $sql .= "SELECT alert.alerttype, alert.accountnumber, coalesce(nullif(trim(ua.display_name), ''), description) as descSort, ua.certnumber, ua.accounttype, alert.*, description,
          ua.display_name, ma.restrictions
          FROM cu_alerts alert
          INNER JOIN {$pCu}accountbalance ab ON ab.accountnumber = alert.accountnumber
            AND ab.accounttype = alert.accounttype
            AND ab.certnumber = alert.certnumber
          INNER JOIN {$pCu}useraccounts ua ON ua.accountnumber = alert.accountnumber
            AND ua.accounttype = alert.accounttype
            AND ua.certnumber = alert.certnumber
            AND ua.user_id = alert.user_id
          INNER JOIN {$pCu}memberacct ma ON ma.accountnumber = alert.accountnumber
          WHERE alert.cu = '{$pCu}'
            AND alert.alerttype IN ('B', 'T', 'C')
            AND alert.user_id = '{$pUid}' ";

  // consistent ordering
  $sql .= "ORDER BY 1, 2, 3";

  $sqls[]= $sql;

  $alertRS = db_query($sql, $pDbh);
  $iRow = 0;
  while ( $alertRow = db_fetch_assoc($alertRS, $iRow++) ) {

    // clean up the returned data
    foreach( $alertRow as $key => $value ) {
      $alertRow[$key] = trim($value);
    }

    // Don't print the last alert date if it is 1/1/2000
    $lastAlert= trim($alertRow["lastalert"]);
    if ( $lastAlert == "01/01/2000" ) {
      $alertRow["lastalert"] = "";
    } else if ( strlen( $lastAlert ) ) {
      $lastAlertTime = strtotime($lastAlert);
      if ( date( "m/d/Y", $lastAlertTime ) == "01/01/2000" ) {
        $alertRow["lastalert"] = "";
      } else {
        $alertRow["lastalert"] = $lastAlert;
      }
    } else {
      $alertRow["lastalert"] = "";
    }

    /*
     * notifymsg for trans type will be different based on the value of
     * inctransdesc
     *   0 - USE the notifymsg as the descriptive text for THIS record
     *   1 - BUILD a message to display
     *          'Description Contains "notifydesc value"'
     *
     */
    $lNotifyMsg = (intval($alertRow['inctransdesc']) == 1 ?
                      'Description Contains' . ' ' . $alertRow['notifydesc'] :
                      $alertRow['notifymsg']);

    // get the type names to return
    $type= $alertRow["alerttype"];
    $typeRecord= $alertTypes[$type];

    $accountnumber= trim($alertRow["accountnumber"]);

    // loan accounts are referred to a different way than non-loans
    $selAcct = $type == "L" ? trim( $alertRow["accounttype"] ) : trim( $alertRow["accounttype"] ) . "_" . trim( $alertRow["certnumber"] );
    $selAcct = trim( $alertRow["accountnumber"] ) . "_" . $selAcct;

    // return consistent information even if this alert type doesn't use that information
    $currAlerts[] = array(
        "type" => $typeRecord["type"],
        "type_name" => $typeRecord["name"],
        "id" => $alertRow["id"],
        "description" => getAccountDescription($pDbh, $pCu, $accountnumber, $alertRow["description"], $alertRow["accounttype"], $alertRow['display_name'], $Fset3, $alertRow["certnumber"]),
        "accountnumber" => $accountnumber,
        "emailtype" => $alertRow["emailtype"],
        "notifyto" => $alertRow["notifyto"],
        "provider_id" => $alertRow["provider_id"],
        "provider_name" => isset( $alertRow["provider_name"] ) ? $alertRow["provider_name"] : "",
        "notifymsg" => $alertRow["notifymsg"],
        "notifydisplaymsg" => $lNotifyMsg,
        "lastalert" => $alertRow["lastalert"],
        "alertstatus" => $alertRow["alertstatus"],
        "restrictions" => $alertRow["restrictions"],
        "selacct" => $selAcct,
        "incbal" => $type == "B" || $type == "T" ? $alertRow["incbal"] : "",            // bal, trans
        "inctransdesc" => $type == "T" ? $alertRow["inctransdesc"] : "0",        // trans
        "notifyamt" => $type == "B" ? $alertRow["notifyamt"] : "",      // bal
        "useavailbal" => $type == "B" ? $alertRow["useavailbal"] : "",  // bal
        "incamt" => $type == "T" || $type == "C" ? $alertRow["incamt"] : "",             // check, trans
        "notifychknum" => $type == "C" ? $alertRow["notifychknum"] : "",       // check
        "alert_days_prior" => $type == "L" ? $alertRow["notifyloandaysprior"] : "",   // loan
        "notifyrange" => $type == "T" ? $alertRow["notifyrange"] : "",        // trans
        "notifyamtmin" => $type == "T" ? $alertRow["notifyamtmin"] : "",       // trans
        "notifyamtmax" => $type == "T" ? $alertRow["notifyamtmax"] : "",       // trans
        "notifydesc" => $type == "T" ? $alertRow["notifydesc"] : "",         // trans
        "notifytranstype" => $type == "T" ? $alertRow["notifytranstype"] : ""     // trans
    );
  }

  db_free_result($alertRS);

  $retAlert["data"] = $currAlerts;

  return $retAlert;
} // end Get_AlertsDetailed

/**
 * Get_UserAccounts( $dbh, $pHBEnv, $alertType )
 * Get the accounts the user can work with.
 *
 * @param integer $pDbh           -- Current database handle
 * @param string $pCu             -- Current HB_ENV values
 * @param integer $pUid           -- Current HB_ENV values
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- Default email if any.
 */
function Get_UserAccounts( $pDbh, $pCu, $pUid ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $cu = strtolower( $pCu );

  $sql = "SELECT DISTINCT accountnumber
          FROM {$cu}useraccounts
          WHERE user_id = $pUid ";
  $accountRS = db_query( $sql, $pDbh );

  $accountList = array();
  $iRow = 0;
  while ( $alertRow = db_fetch_assoc($accountRS, $iRow++) ) {
    $accountList[] = trim( $alertRow["accountnumber"] );
  }

  db_free_result( $accountRS );

  $retAlert["data"] = $accountList;
  $retAlert["sql"] = $sql;

  return $retAlert;
} // end Get_UserAccounts


/**
 * Get_AlertDefaultEmail( $dbh, $pHBEnv )
 * Get the default email for the given user.
 *
 * @param integer $dbh            -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Uid"]                 -- Current user id
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- Default email if any.
 */
function Get_AlertDefaultEmail( $dbh, $pHBEnv ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $Cu = $pHBEnv["Cu"];
  $Uid = $pHBEnv["Uid"];

  $cu = strtolower( $Cu );
  $sql = "SELECT email
          FROM {$cu}user
          WHERE user_id = $Uid ";
  $emailRS = db_query( $sql, $dbh );
  $emailRow = db_fetch_array( $emailRS, 0 );
  db_free_result( $emailRS );

  $defaultEmail = "";
  if ( strlen( trim( $emailRow['email'] ) ) ) {
    if (function_exists('hcu_displayHtml')) {
      $defaultEmail = hcu_displayHtml( $emailRow['email'], ENT_QUOTES, true );
    } else {
      $defaultEmail = disp_i18n( $emailRow['email'], ENT_QUOTES );
    }
  }

  $retAlert["data"] = $defaultEmail;

  return $retAlert;
} // end Get_AlertDefaultEmail

/**
 * Get_AlertDefaultCell( $dbh, $pHBEnv )
 * Get the default cell for the given user by looking through previously set up alerts.
 *    - get this regardless of which account the alert was set up for
 *
 * @param integer $dbh            -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 * @param string &$cellProvider   -- Return value of cell provider
 * @param string &$cellProviderId -- Return value of cell provider id
 *
 * Expected inputs:
 * $pHBEnv["Cu"]                  -- Current credit union
 * $pHBEnv["Uid"]                 -- Current user's user id
 *
 * @returns $retAlert
 * ["code"]                       -- HB Standard codes 000 success, 999 error
 * ["errors"]                     -- List of errors (if any)
 * ["data"]                       -- Default cell: name of provider, provider id
 */
function Get_AlertDefaultCell( $dbh, $pHBEnv ) {
  // initialize the return array
  $retAlert = array( "code" => "000", "errors" => array(), "data" => array() );

  $Cu = $pHBEnv["Cu"];
  // just this user
  $Uid = $pHBEnv["Uid"];

  $sql = "
          SELECT notifyto, provider_id
          FROM cu_alerts
          WHERE cu = '$Cu'
            AND user_id = '{$Uid}'
            AND emailtype = 'W'
          GROUP BY notifyto, provider_id
          ORDER BY notifyto, provider_id
        ";

  $cellRS = db_query( $sql, $dbh );
  $cellRow = db_fetch_array( $cellRS, 0 );
  db_free_result($cellRS);

  if ( $cellRow ) {
    if (function_exists('hcu_displayHtml')) {
      $cellProvider["cell_number"] = hcu_displayHtml( $cellRow['notifyto'], ENT_QUOTES, true );
    } else {
      $cellProvider["cell_number"] = disp_i18n( $cellRow['notifyto'], ENT_QUOTES );
    }
    $cellProvider["provider_id"] = trim( $cellRow['provider_id'] );            // Set the cellular provider selected
  } else {
    $cellProvider["cell_number"] = "";
    $cellProvider["provider_id"] = "";
  }

  $retAlert["data"] = $cellProvider;

  return $retAlert;
} // end Get_AlertDefaultCell

/**
 *  Update_AlertStatuses($dbh, $cuCode, $userId, $alerts, $loggedInUser, $showSQL=false)
 *
 * @param integer $dbh      the database connection
 * @param string $cuCode     the Credit Union
 * @param string $userId      the user Id
 * @param boolean $alerts     Alert list
 * @param string $loggedInUser  the logged in user
 *
 * @return $returnArray["code" => code, "errors" => errors, "sqls" => sqls]
 * If there is a syntax error on the SQL, then code= 1 and errors = array(error).  Otherwise code=0 and errors= array().
 * If $showSQL is true, then $returnArray["sqls"] is also available: the list of sqls.
 */
function Update_AlertStatuses($dbh, $cuCode, $userId, $alerts, $loggedInUser) {
  $code = 0;
  $errors = array();

  try {
    if (trim($alerts) != "") {
      $alerts = HCU_JsonDecode($alerts, false);
      if (!is_array($alerts)) {
        throw new Exception("Alerts are not encoded correctly.", 2);
      }
    } else {
      $alerts = array();
    }

    $updateArray = array();
    foreach($alerts as $alert) {
      if (!(isset($alert["id"]) && isset($alert["alertstatus"]))) {
        throw new Exception("Alert is not formatted correctly.", 3);
      }
      $updateArray[] = array("_action" => "update", "id" => $alert["id"], "alertstatus" => $alert["alertstatus"]);
    }

    $updateArray=  array("alert" => $updateArray);

    // TODO: this is in a function in userSupport.data.  If it is used elsewhere, need to change variables.
    $context = "admin";
    $script = "userSupport.prg";
    $email = "";

    $sql = "select email from cuadminusers where user_name = '$loggedInUser' and cu= '$cuCode'";
    if (($sth = db_query($sql, $dbh)) !== false) {
      $email = db_fetch_row($sth)[0];
    } else {
      throw new Exception("Email query failed.", 7);
    }

    if (count($updateArray["alert"]) > 0 && DataUserTableUpdate($dbh, array("cu" => $cuCode), null, $updateArray, $userId, "ALT_STATUS", $context, $script, "A", "Alert Status Update",
      $loggedInUser, $email, trim($_SERVER["REMOTE_ADDR"])) === false) {
        throw new Exception("Alert status update failed.", 6);
      }
  } catch(Exception $e) {
    $errors = array($e->getMessage());
    $code = $e->getCode();
  }

  $returnArray = array("code" => $code, "errors" => $errors);
  return $returnArray;
}

/**
 *
 * Get_BannerText($dbh, $HB_ENV, $MC, $device)
 * Get the stored banner text, if any, for the cu / device in use
 *
 * @param integer $dbh      - Current database handle
 * @param array $HB_ENV     - Current HB_ENV values
 * @param class $p_mc       - Current object for MC Language class
 * @param string $p_device  - {M,R,C,D,P}Pass in the device type
 *                            M - Mobile Device
 *                            P - Iphone App Device
 *                            C - Classic device
 *                            D - Desktop (NEW) Presentation *
 * Expected inputs:
 * $HB_ENV["Cu"]                -- Current credit union
 * $HB_ENV["Cn"]                -- Current account number
 *
 * Returns:
 * [status]
 *          [code]      HB Standard codes 000 success, 999 error
 *          [errors]    List of errors if any exist
 * [banner]
 *          [bannertext] banner content text
 *          [startdate] defined start date for banner YYYY-MM-DD
 *          [stopdate] defined stop date for banner YYYY-MM-DD
 */

function Get_BannerText($dbh, $HB_ENV, $MC, $device) {
    # look for embedded banner info
    $aryReturn = Array("status" => Array("code", "errors" => Array()));

  switch ($device) {
    case "M":
    case "P":
        $stype=3;
        break;
    case "C":
    case "D":
    default:
        $stype=2;
        break;
    }
    $Cu = $HB_ENV['Cu'];

    $bannertext="";
    $bnrSql = "select trim(question) as question,
                 to_char(startdate,'YYYY-MM-DD') as startdate,
                 to_char(stopdate,'YYYY-MM-DD') as stopdate
        from cusurveymaster
            where cu = '$Cu' and surveytype = $stype
                    and startdate <= CURRENT_DATE
                    and stopdate >= CURRENT_DATE";

    if (!$sbh = db_query($bnrSql, $dbh)) {
        $aryReturn['status']['errors'][] = $MC->msg('Error Finding Form');
    } else {
        $bnrRow = db_fetch_array( $sbh, 0 );
        $bannertext=stripslashes($bnrRow['question']);
    }

  if ( count( $aryReturn['status']['errors'] ) > 0 ) {
    // * validation errors occurred
    $aryReturn['status']['code'] = '999';
    $aryReturn['banner']=array();
  } else {
    // * SUCCESS
    $aryReturn['status']['code'] = '000';
    $aryReturn['banner']['bannertext'] = $bannertext;
    $aryReturn['banner']['startdate'] = $bnrRow['startdate'];
    $aryReturn['banner']['stopdate'] = $bnrRow['startdate'];
    $aryReturn['banner']['bnrRow'] = $bnrRow;
    $aryReturn['banner']['bnrSql'] = $bnrSql;
  }

  return $aryReturn;

}

function Translate_BannerText($HB_ENV, $btext) {
    $Cu = $HB_ENV['Cu'];
    $Cn = $HB_ENV['Cn'];

    $aryfind = array('$Cn','$Cu');
    $aryreplace = array("$Cn","$Cu");

    $bannertext = str_replace($aryfind, $aryreplace,$btext);

    if ( empty($bannertext) ) {
        $aryReturn['status']['code'] = '999';
        $aryReturn['banner']['bannertext'] = '';
    } else {

        $aryReturn['status']['code'] = '000';
        $aryReturn['banner']['bannertext'] = $bannertext;
    }

  return $aryReturn;

 }

  /**
   * Post_CUEStmt
   *
   * Purpose: This function will post the necessary pieces for the estatement
   *          enrollment.
   *
   *    Options are:
   *        Post packet to CU Core
   *        Set the ES flag on cuusers table
   *        Create the CU sslform
   *
   * @param integer $pDbh - Current Database handle
   * @param array $pHBEnv - Current HB_ENV
   *                esProcessMode - {start, stop} - determines the processing type
   *
   *                ['HCUPOST']['stop_reason'] - esProcessMode = 'stop' ONLY  This is the reason
   *                                              member is stopping. It is required for 'stop'
   *
   * @param object $pMC -- This points to the current MC value for the language class
   * @param string $pAcct -- account number
   *
   * @return array Return status array
   *                'status' : '000' - Success
   *                           '999' - Error found
   *
   */
  function Post_CUEStmt($pDbh, $pHBEnv, $pMC, $pAcct) {

    $retStatus_ary = Array('status' => Array('code'=>'000', 'errors' => Array()));

    try {
      /*
       * Verify Credit Union has EStatements setup
       * Validate the information is ready to post
       * ** PROCESS **
       * Post Packet to CU Core if Applicable
       * Write the CU secure form
       * Update the Member ES Flag
       * Send email to the CU Admin Notify
       */

      /*
       * ** VERIFY CU IS SET UP**
       */
      $retCUStatus = Get_EstmtEnrollStatus($pDbh, $pHBEnv, $pMC, $pAcct);
      if ($retCUStatus['status']['code'] == '999') {
        if ($retCUStatus['status']['errors'][0] != '') {
          $errMsg = $retCUStatus['status']['errors'][0];
        } else {
          $errMsg = $pMC->msg('Contact CU');
        }
        throw new Exception($errMsg);
      }

      /*
       * ** VALIDATE ANY DATA HERE**
       */
      $esFormNotes = Array();
      if (strtoupper($pHBEnv['esProcessMode']) == 'STOP') {
        // * Stop Mode
        $esFormMode = 'N';
        $esFormNotes[] = 'This is a STOP request.';
      } else {
        // * Start Mode
        $esFormMode = 'Y';
      }
      if ($pHBEnv['Ml'] == '') {
        // ** THERE is NO email,
        $esFormNotes[] = 'No valid email set.';
      }

      // ** Validate the stop_reason is entered for stop mode
      if ($esFormMode == 'N') {
        if (trim($pHBEnv['HCUPOST']['stop_reason']) == '') {
          $errMsg = 'Please provide the reason for stopping e-statements.';
          throw new Exception($errMsg);
        }
      }

      $secureFormTitle = $pMC->msg('E-STATEMENT ' . strtoupper($pHBEnv['esProcessMode']) . ' REQUEST');

      /*
       * ** POST TO CU CORE??
       * 09/19: we need to know if the ES flag is enabled in CU Home Banking in order to add the
       * online transaction message to the response for admin secure forms. Previously this
       * was done with an SQL query in Post_CUESPacket(), after it is needed here. Use
       * Get_HaveTrans() for this purpose, moving the logic here and only call
       * Post_CUESPacket() if we need to, making Post_CUESPacket()follow
       * SRP. We can also eliminate the DB param sent to Post_CUESPacket().
       */
      $trans_array = Get_HaveTrans($pDbh, $pHBEnv);

      // ** This is a LIVE system and the ES feature is ENABLED
      if (isset($pHBEnv['live']) && array_key_exists('ES', $trans_array)) {

        $packetValues = Array(
                            'Tc' => 'ES',
                            'R1' => ' ',
                            'R2' => ' ',
                            'R3' => $pHBEnv['Ml'],
                            'R4' => ' ',
                            'R5' => $esFormMode,
                            "selectedAccount" => $pAcct
                           );
        $postEntryPacketAry = Post_CUESPacket($pHBEnv, $pMC, $packetValues);

        if ($postEntryPacketAry['status']['error'] != '') {
          if ($postEntryPacketAry['status']['code'] == '000') {
            // ** Packet was posted.. Capture the string returned from the core
            $esFormNotes[] = 'This request was processed as an online transaction';
          } else {
            throw new Exception($postEntryPacketAry['status']['error']);
          }
        }
      }

      /*
       * ** WRITE SECURE FORM
       */
      $entryFields = Array (
                          "Cn" => Array('required' => false, 'dataKey' => '', 'dataLabel' => 'CU Account Number'),
                          "Ml" => Array('required' => true, 'dataKey' => '', 'dataLabel' => 'E-mail Address')
                         );
      if ($esFormMode == 'N') {
        $entryFields["stop_reason"] = Array('required' => true, 'dataKey' => 'HCUPOST', 'dataLabel' => $pMC->msg('Why Stop'));
      }
      foreach ($entryFields as $fieldKey => $fieldAttr) {
        // ** loop through each field add to the form data array
        $secureFormDataAry[] = Array('type' => 'field',
                                      'label' => $fieldAttr['dataLabel'],
                                      'value' => ($fieldAttr['dataKey'] != '' ? $pHBEnv[$fieldAttr['dataKey']][$fieldKey] : $pHBEnv[$fieldKey]));
      }

      $secureFormData = <<< printblock
<?xml version="1.0"?><!doctype html>
<html  xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>$secureFormTitle</title>
    <link href="https://{$pHBEnv['cloudfrontDomainName']}/homecu/css/KendoUI/{$pHBEnv['homecuKendoVersion']}/kendo.common.min.css" rel="stylesheet">
    <link href="https://{$pHBEnv['cloudfrontDomainName']}/homecu/css/KendoUI/{$pHBEnv['homecuKendoVersion']}/kendo.default.min.css" rel="stylesheet">

    <script type="text/javascript" src="https://{$pHBEnv['cloudfrontDomainName']}/jquery/js/jquery-1.9.1.min.js.gz"></script>
    <script src="https://{$pHBEnv['cloudfrontDomainName']}/homecu/js/KendoUI/{$pHBEnv['homecuKendoVersion']}/kendo.web.min.js"></script>
  </head>
  <style>
    .k-block {width: 500px}
    .field-label-wrapper { margin: 0px 5px 5px 5px; padding: 0px 5px 5px 20px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; }
    .field-label-wrapper label { display: block; padding: 10px 0 6px 4px; color: #333333; font-size:1.2em; margin-left: -10px; width: 100%; }
    .field-label-wrapper label.note {color: red;font-weight: bold;}
    .field-label-wrapper label.note:before {content: "NOTE: "}
    .field-label-wrapper label.field:after {content: ":"}
    .field-label-wrapper label hr { z-index: 0; display:inline-block; width: 100%; position:relative; top:-24px;background-color:#000000; }
  </style>
  <body>
    <div class='k-content'>
      <div class="k-block"><div class="k-header k-shadow">$secureFormTitle</div>
printblock;

    // ** First Print any NOTES AT the top of the form
      foreach ($esFormNotes as $printNote) {
        $printLabel = "<label class='note'>{$printNote}</label>";
        $secureFormData .= <<< printblock
          <div class='field-label-wrapper'>
            {$printLabel}
          </div>
printblock;
      }
      // ** Loop through the fields and print
      foreach ($secureFormDataAry as $dataIdx => $dataAttr) {

        $printLabel = ($dataAttr['label'] != '' ? "<label class='{$dataAttr['type']}'>{$dataAttr['label']}</label>" : '');
        $secureFormData .= <<< printblock
          <div class='field-label-wrapper'>
            {$printLabel}
            <div class='field-value'>{$dataAttr['value']}</div>
          </div>
printblock;
      }
      // ** Set the ending of the file
      $secureFormData .= <<< printblock
      </div>
    </div>
  </body>
</html>
printblock;

      /*
       * File name should be
       * estmt[YYYYMMDDHHNNSS{PID}].html
       */
      $sslFormsFileName = 'estmt' . date('YmdHis') . posix_getpid() . '.html';

      /*
       * Open and Write the data to the secure form
       */
      $secureFormFileHdl = fopen($retCUStatus['estmt']['sslformsdir'] . $sslFormsFileName, 'w');
      if ($secureFormFileHdl) {
        fwrite($secureFormFileHdl, $secureFormData);
        fclose($secureFormFileHdl);
      } else {
        // ** ERROR -- Was it caught automatically by the try..catch?
        throw new Exception($pMC->msg('Errors found'));
      }

      /*
       * ** UPDATE the cuusers table
       */
      $validateEntryAry['estmnt'] = $esFormMode;
      $updateMbrAry = Update_CUMbrEs($pDbh, $pHBEnv, $pMC, $validateEntryAry, $pAcct);

      if ($updateMbrAry['status']['code'] == '999') {
        $retStatus_ary['homecuErrors'] = $updateMbrAry['status']['errors'];
        throw new Exception($pMC->msg('Errors found'));
      }
      /*
       * ** SEND EMAIL
       */
      $notify = new ErrorMail;
      $notify->mailto = $retCUStatus['estmt']['notifyemail'];
      $notify->replyto = ($pHBEnv['Ml'] != '' ? $pHBEnv['Ml'] : $retCUStatus['estmt']['notifyemail']);
      $notify->subject = "SECURE FORM NOTIFICATION (estmt)";
      $notify->msgbody =  "\tSECURE FORM NOTIFICATION (estmt)\n\n";
      $notify->msgbody .= "{$pHBEnv['Cn']} has left a secure document at your site.  ";
      $notify->msgbody .= "\nYou can retrieve it in the password protected ";
      $notify->msgbody .= "admin directory.\n\n";

      $notify->msgbody .= "Member Email:   " . ($pHBEnv['Ml'] != '' ? $pHBEnv['Ml'] : 'Member needs to validate e-mail') . "\n";
      $notify->callingfunction = __FUNCTION__;
      $notify->file = __FILE__;
      $notify->cu = $pHbEnv['Cu'];
      $notify->SendMail();

      /*
       * Prepare for returning the data
       */
      $retStatus_ary['homecuInfo'] = $pMC->msg('Thank you your request will be sent');


    } catch (Exception $ex) {
      // ** Errors processed here
      $retStatus_ary['status']['errors'][] = $ex->getMessage();
      $retStatus_ary['status']['code'] = '999';
    }


    return $retStatus_ary;
  }
  /**
   *
   * Post_CUESPacket
   *
   * 09/19 This function should only be called if we are posting the ES packet, removed the
   * logic deciding whether it has to post to core or not. That logic should precede call.
   * Must be ENV['live'] and array key exists 'ES' fromGet_HaveTrans() call.
   *
   * @param array $PHbEnv   - Current HB Environment array
   * @param object  $pMc     - The current language class
   * @param array $pValues   - Current values being passed in to validate
   *                            ARRAY SHOULD CONSIST OF
   *                            [Tc] - Transaction code to post
   *                            [R1] - Reference field 1 for packet post
   *                            [R2] - Reference field 2 for packet post
   *                            [R3] - Email
   *                            [R4] - Reference field 4 for packet post
   *                            [R5] - Value to post to core for e-Statement setting
   *
   * @return array
   *          HomeCU [status]
   *                    [code] {000, 999}
   *                    [error] [string]
   *                 [data]
   *                    Data returned is a string value from the core if the
   *                      value was posted.  EMPTY if not posted
   *
   */
  function Post_CUESPacket($pHbEnv, $pMC, $pValues) {

    $retStatus_ary = Array(
                         'status' => Array('code'=>'000', 'error' =>''),
                         'data' => ''
                         );
    /**
     * STOP E-STATEMENT REQUESTS *
     * 7/22/19 - Reactivating Stop requests
     * --------------------------------------------
     * Skip stop requests being sent to core *
     * Prodigy has not added this to their core yet and will result in an error
     * By skipping this part the credit union will get a secure form
     */
    $stopRequest = (HCU_array_key_value("R5", $pValues) == "N");

    /* ** NEW SYNTAX ** */
    $txnValues = array(
      "member" => $pValues['selectedAccount'],
      "type" => "T",
      "tran_code" => $pValues['Tc'],
      "ref1" => $pValues['R1'],
      "ref2" => $pValues['R2'],
      "ref3" => $pValues['R3'],
      "ref4" => $pValues['R4'],
      "ref5" => $pValues['R5']
    );

    $esAction = $stopRequest ? 'ESTMTSTOP' : 'ESTMTACTIVATE';
    $sendResp = SendTransaction( $pHbEnv, $esAction, $txnValues );

    $statcode = $sendResp['status']['code'];
    if ($statcode == '000') {
      // ** SUCCESS
      $retDataMsg = $pMC->msg('E-Statement Request OK', HCU_DISPLAY_AS_RAW);

    } else {
      $statreason = HCU_array_key_value("desc", $sendResp['data']);
      $retStatus_ary['status']['code'] = '999';
      $retStatus_ary['status']['error'] = $pMC->msg('E-Statement Request Error', HCU_DISPLAY_AS_RAW)
                                            . $pMC->msg('Contact CU', HCU_DISPLAY_AS_RAW);

      // Undefined variables . . .
      //$retDataMsg = $pMC->msg('E-Statement Request Error', HCU_DISPLAY_AS_RAW) . " [$Cn $R3 $R5] $statcode $statreason";
      // 11/19 We are storing two errors in this condition. ['status']['error'] is what will
      // display in the Exception. the one stored below does not display anywhere as it
      // contains sensitive information. It also doesn't currently log anywhere, so
      // it can be considered strictly a debugging hook.
      $retDataMsg = $pMC->msg('E-Statement Request Error', HCU_DISPLAY_AS_RAW)
        . " [{$pHbEnv['Cn']} {$pValues['R3']} {$pValues['R5']}] $statcode $statreason";
    }

    $retStatus_ary['data'] = $retDataMsg;

    return $retStatus_ary;

  }

/**
   *
   * Update the member record for the e-statement flag and possibly the email
   * Take a snapshot of the record before and after and insert into cuauditusers
   *
   * @param integer $pDbh - Current integer pointer to the database handle
   * @param array $pHbEnv   - Current HB Environment array
   * @param class  $pMc     - The current lanaguage class
   * @param array $pValues   - Current values being passed in to validate
   *                            ARRAY SHOULD CONSIST OF
   *                            [estmt] - Transaction code to post
   * @param string-ish $pSelectedAccount - The selected account.
   *
   * @return array
   *          HomeCU [status]
   *                    [code] {000, 999}
   *                    [errors] {array of strings}
   *                 [data]
   *                    No Data returned
   */
  function Update_CUMbrEs($pDbh, $pHbEnv, $pMC, $pValues, $pSelectedAccount) {

    $retStatus_ary = Array(
                         'status' => Array('code'=>'000', 'errors' => Array()),
                         'data' => ''
                         );


    $updateTrans = false;
    $sBuildSql = '';

    try {

      if ($time_rs = db_query("select now();", $pDbh)) {
        list($chnow) = db_fetch_array($time_rs, 0);
      } else {
        // ** For some reason unable to get the current time
        throw new Exception($pMC->msg("Error Occurred updating settings"));
      }

    # update the usermember entry
    $updateTableArray = array(
      'memberacct' => array(
        array(
        '_action' => 'update',
        'accountnumber' => $pSelectedAccount,
        'estmnt_flag' => $pValues['estmnt'])
      )
    );
      # SEND DATA TO UPDATE USER
      $result = DataUserTableUpdate($pDbh, $pHbEnv, $pMC, $updateTableArray, $pHbEnv["Uid"], 'U_UPD', $pHbEnv['platform'], $pHbEnv['currentscript'], 'U', 'E-Statement Update',
        $pHbEnv['Cn'], $pHbEnv['Ml'], $pHbEnv['remoteIp'], false, $pSelectedAccount);
      if ( $result === false ) {
        $retStatus_ary['status']['errors'][] = $pMC->msg("Error Occurred updating settings");
      }

    } catch (Exception $ex) {
      $retStatus_ary['status']['errors'][] = $ex->getMessage();
    }
    // ** Evaluate and see if any errors were found
    if (count($retStatus_ary['status']['errors']) > 0) {
      $retStatus_ary['status']['code'] = '999';
    }

    return $retStatus_ary;
  }



/**
 * getMask($dbh, $Cu, $showSQL=false)
 * Gets the mask from a TODO UNDEFINED column, currently maskconfig.
 * @param integer $dbh      the database connection
 * @param string $Cu        the Credit Union
 * @param boolean $showSQL  if defined and true, sqls will show up in the array.
 *
 * @return $returnArray["code" => code, "errors" => errors, "sqls" => sqls]
 * Code is 0, 1, 2, or 3 depending on the errors shown (3 is errors 1+2)
 * If $showSQL is true, then $returnArray["sqls"] is also available: the list of sqls.
 */
function GetMask($dbh, $Cu, $showSQL=false)
{
  $code= 0;
  $errors= array();

  // TODO: For #695, "use" this function.  When working on #111 later, I will need to rework this logic.
  // ----------------------------------------------
  // $sql= "select maskconfig from cuadmin where cu= '$Cu'";
  // $sth= db_query($sql, $dbh);
  // $lastError= trim(db_last_error());

  // if ($lastError != "")
  // {
  //   $errors[]= $lastError;
  //   $code+= 1;
  // }

  // $row= db_fetch_array($sth, 0);
  // db_free_result($sth);
  // $mask= trim($row[0]);


  // if ($mask == "")
  //   $mask= array();
  // else
  // {
  //   $mask= json_decode($mask, true);
  //   if (!is_array($mask))
  //   {
  //     $errors[]= "Mask is not valid.";
  //     $code+= 2;
  //     $mask= array();
  //   }
  // }
  // $returnArray= array("errors" => $errors, "code" => "$code", "data" => $mask);
  // if ($showSQL)
  //   $returnArray["sqls"]= array($sql);

  // Temp for #695
  $returnArray= array("error" => array(), "code" => 0, "data" => array("start" => -2));
  return $returnArray;
}

/**
 * applyMask($stringInput, $maskArray)
 *
 * @param string $stringInput   String to mask
 * @param array $maskArray      Contains "start" and "length" (but doesn't have to contain either)
 */
function ApplyMask($stringInput, $maskArray)
{
  $stringInput= trim($stringInput);
  $mask= preg_replace("/\S/", "*", $stringInput);
  $start= HCU_array_key_exists("start", $maskArray) ? intval($maskArray["start"]) : 0;
  $stringLength= strlen($stringInput);
  $maskLength= HCU_array_key_exists("length", $maskArray) ? intval($maskArray["length"]) : null;

  $returnString= $start > 0 ? substr($mask, 0, $start) : ($start < 0 ? substr($mask, 0, $stringLength+$start) : "");
  $returnString.= isset($maskLength) ? substr($stringInput, $start, $maskLength) : substr($stringInput, $start);
  $returnString.= substr($mask, strlen($returnString)); // Add the remainder of the mask.

  if (strpos($returnString, "*") === false)
    $returnString= "****" . $returnString;

  return $returnString;
}

/**
 * function getAccountDescription($dbh, $Cu, $acct, $desc, $type, $display, $Fset3, $cert=0, $doEncode=true)
 * This gets a consistent account description for the many places in banking.
 *
 * @param $dbh -- the database connection.  This will be needed to get the mask.
 * @param $Cu -- the credit union.  This will be needed to get the mask.
 * @param $acct -- the member account number.
 * @param $desc -- the description from the core-ish.
 * @param $type -- the accounttype.
 * @param $display -- the display name.
 * @param $Fset3 -- the third flagset.
 * @param $cert -- the certificate number.
 * @param $doEncode -- if true, encode the description.  Needs to be false if it is going into a Kendo component because Kendo automatically encodes it.
 *
 * @return the full description according to if the flags are set.
 */
function getAccountDescription($dbh, $Cu, $acct, $desc, $type, $display, $Fset3, $cert=0, $doEncode=true, $isM2M=false) {

  $display= trim($display);
  if ($display != "") // Use custom description instead
    return $display;

  $desc= trim($desc);
  $type= trim($type);
  $cert= trim($cert);
  $acct= trim($acct);

  if ($doEncode) // If going through a kendo widget, then Kendo does this automatically.
  {
    // ** BEFORE it's used, encode the description with UTF-8 Encoding.
    // * setting it here eliminates the need to set it each time it's called in this loop
    $desc = utf8_encode($desc);
    $desc = htmlspecialchars($desc, ENT_QUOTES);

  }

  // If member to member, always show masked account.  Decision made 10/18/2017.
  $doPrepend= $isM2M || ($Fset3 & GetFlagsetValue('CU3_PREPEND_MBR_DESC')) != 0;
  $doMask= $isM2M || ($Fset3 & GetFlagsetValue('CU3_MASK_MBR_DESC')) != 0;

  $acct= $doPrepend ? $acct : "";
  if ($doPrepend && $doMask)
  {
    $mask= GetMask($dbh, $Cu);
    $mask= $mask["code"] != 0 ? array("start" => -2) : $mask["data"]; // Just return the default mask in this case.
    $acct= ApplyMask($acct, $mask);
  }

  if ($isM2M)
    $desc= "$acct / $type";
  else
  {
    $desc= $acct == "" ? $desc : "$acct / $desc";
    $desc= $cert == 0 ? "$desc - $type" : "$desc # $cert - $type";
  }

  return $desc;
}

/**
 * Get_FeatureAccounts( $pHBEnv, $pFeature, $pPlatform )
 * Use the {cu}memberacctrights table to determine the accounts that can access the given feature for the given platform.
 * If there is any error or anything wrong, just return an empty list.
 * NOTE: Locked accounts are not returned (read-only are just for E-Statements).
 *
 * @param object $pHBEnv          Banking environment object
 * @param string $pFeature          String such as: BP, RDC, ES
 * @param string $pPlatform         Character: D(esktop), M(obiile), A(pp)
 *
 * @return array with list of accounts that can be accessed.
 */
function Get_FeatureAccounts( $pHBEnv, $pFeature, $pPlatform ) {
  $resultAccounts = array();

  try {
    // some error checking
    if ( !( $pPlatform == "D" ||
            $pPlatform == "A" ) ) {
      throw new Exception( "Get_FeatureAccounts: Invalid platform parameter" );
    }

    $restrictedList = array( "L", "R" );
    switch ( $pFeature ) {
      case "BP":
        // no read-only or locked
        $restrictedList = array( "L", "R" );
        break;
      case "ES":
        // no locked
        $restrictedList = array( "L" );
        break;
      case "RDC":
        // no read-only or locked
        $restrictedList = array( "L", "R" );
        break;
      case "LOAN":
        // no read-only or locked
        $restrictedList = array( "L", "R" );
        // ** LOAN is not an access rigfht at this time.. Use the right of ACCESS
          // * to determine if the user has access for the purposes of adding a loan
        $pFeature = 'BP';
        break;
      default:
        throw new Exception( "Get_FeatureAccounts: Invalid feature parameter" );
        break;
    }

    // get some parameters
    $Cu = $pHBEnv["Cu"];
    $Uid = $pHBEnv["Uid"];
    $dbh = $pHBEnv["dbh"];

    // check the access
    $sql = "SELECT DISTINCT mar.accountnumber, mar.platform, ma.restrictions
              FROM {$Cu}memberacctrights mar
              INNER JOIN {$Cu}memberacct ma ON ma.accountnumber = mar.accountnumber
              WHERE mar.user_id = {$Uid}
                AND mar.whichright = '{$pFeature}'
                AND mar.allowed = TRUE";
    $rs = db_query( $sql, $dbh );

    $row = 0;
    while ( $aRow = db_fetch_array( $rs, $row++ ) ) {
        if ( in_array( $aRow["restrictions"], $restrictedList )) {
          continue;
        }
        $platforms = HCU_JsonDecode( $aRow["platform"] );
        if ( in_array( $pPlatform, $platforms )) {
          // found one, add to array
          $resultAccounts[] = trim( $aRow["accountnumber"] );
        }
    }

    // return the list of accounts found
  } catch (Exception $e) {
    // log an error
    $pHBEnv["SYSENV"]["logger"]->error( $e->getMessage() );

    $resultAccounts = array();
  }

  return $resultAccounts;
} // end Get_FeatureAccounts

/**
 *
 *  Get the Member's Description from the 'accountbalance' or 'loanbalance' record.
 *     ** NOTE: 11/2/17 Later this will also apply to Cross Account records
 *
 *  @param integer $pDbh     - Current Database handle
 *  @param string  $pCu      - Credit Union
 *  @param integer $pUid     - Authenticted User's id from <client>user
 *  @param arrray $pAcctKey - This variable contains the elements that make up the Account we are looking for
 *                            [recordtype] - {D, L}  Which type of account are we looking up?
 *                                D - Deposit
 *                                L - Loan
 *                            [accountnumber] - Accountnumber field we will be looking up
 *                            [accounttype] - Sub-Account identifier
 *                            [certnumber] - Cert number if applicable
 *
 *  @return array
 *            [description]
 *                  Returns the specified account's account description from either
 *                          <client>accountbalance
 *                          <client>loanbalance
 *            [display_name]
 *                  Returns the custom description for this account from
 *                          <client>useraccount for this user/account combination
 *
 */
function GetMemberDescription ($pDbh, $pCu, $pUid, $pAcctKey) {
  $retDesc = Array("description" => '', "display_name" => "");    // Returned array
  $sql = '';        // Balance Description SQL
  $userSql = '';    // User Custom Description SQL

  $acctTypeorLoan = (in_array(HCU_array_key_value('recordtype', $pAcctKey), array("L", "C")) ? "loannumber" : "accounttype");
  $isCrossAccount = strpos(HCU_array_key_value($acctTypeorLoan, $pAcctKey), '#');

  switch ($pAcctKey['recordtype']) {
    case "D":
      if ($isCrossAccount) {
        // ** CROSS-ACCOUNT LOOKUP
        /*
         * Separate the Cross Account member suffix from Key
         */
        list ($localXASfx, $localXAMbr) = explode('#', $pAcctKey['accounttype']);
        $sql = "SELECT trim(description) as description, useraccount.display_name
                FROM " . prep_save($pCu, 10) . "crossaccounts as crossaccounts
                LEFT JOIN " . prep_save($pCu, 10) . "useraccounts as useraccount ON
                  useraccount.accountnumber = crossaccounts.accountnumber
                  AND useraccount.recordtype = 'T'
                  AND useraccount.accounttype = trim(crossaccounts.accounttype) || '#' || trim(crossaccounts.tomember)
                  AND useraccount.certnumber = 0
                  AND useraccount.user_id = " . intval($pUid) . "
                WHERE crossaccounts.accountnumber = '" . prep_save($pAcctKey['accountnumber'], 12) . "'
                  AND crossaccounts.tomember = '" . prep_save($localXAMbr, 12) . "'
                  AND crossaccounts.accounttype = '" . prep_save($localXASfx, 12) . "'
                  AND crossaccounts.deposittype in ('Y', 'N'); ";

      } else {
        // ** DEPOSIT
        $sql = "SELECT trim(description) as description,
                  useraccount.display_name
                FROM " . prep_save($pCu, 10) . "accountbalance as accountbalance
                LEFT JOIN " . prep_save($pCu, 10) . "useraccounts as useraccount ON
                  useraccount.accountnumber = accountbalance.accountnumber
                  AND useraccount.recordtype = 'D'
                  AND useraccount.accounttype = accountbalance.accounttype
                  AND useraccount.certnumber = accountbalance.certnumber
                  AND useraccount.user_id = " . intval($pUid) . "
                WHERE accountbalance.accountnumber = '" . prep_save($pAcctKey['accountnumber'], 12) . "'
                  AND accountbalance.accounttype = '" . prep_save($pAcctKey['accounttype'], 25) . "'
                  AND accountbalance.certnumber = " . intval($pAcctKey['certnumber']) . "; ";
      }
      break;
    case "L":
    case "C":
      if ($isCrossAccount) {
        // ** CROSS-ACCOUNT LOOKUP
        /*
         * Separate the Cross Account member suffix from Key
         */
        list ($localXASfx, $localXAMbr) = explode('#', $pAcctKey['loannumber']);
        $sql = "SELECT trim(description) as description, useraccount.display_name
                FROM " . prep_save($pCu, 10) . "crossaccounts as crossaccounts
                LEFT JOIN " . prep_save($pCu, 10) . "useraccounts as useraccount ON
                  useraccount.accountnumber = crossaccounts.accountnumber
                  AND useraccount.recordtype = 'P'
                  AND useraccount.accounttype = trim(crossaccounts.accounttype) || '#' || trim(crossaccounts.tomember)
                  AND useraccount.certnumber = 0
                  AND useraccount.user_id = " . intval($pUid) . "
                WHERE crossaccounts.accountnumber = '" . prep_save($pAcctKey['accountnumber'], 12) . "'
                  AND crossaccounts.tomember = '" . prep_save($localXAMbr, 12) . "'
                  AND crossaccounts.accounttype = '" . prep_save($localXASfx, 12) . "'
                  AND crossaccounts.deposittype = 'L'; ";


      } else {
        // ** LOAN
        $sql = "SELECT trim(description) as description,
                  useraccount.display_name
                FROM " . prep_save($pCu, 10) . "loanbalance as loanbalance
                LEFT JOIN " . prep_save($pCu, 10) . "useraccounts as useraccount ON
                  useraccount.accountnumber = loanbalance.accountnumber
                  AND useraccount.recordtype = 'L'
                  AND useraccount.accounttype = loanbalance.loannumber
                  AND useraccount.user_id = " . intval($pUid) . "
                WHERE loanbalance.accountnumber = '" . prep_save($pAcctKey['accountnumber'], 12) . "'
                  AND loanbalance.loannumber = '" . prep_save($pAcctKey['loannumber'], 25) . "'; ";
      }
      break;
    // ** default -- leave empty return nothing
  }

  if ($sql != '' && db_connection_status($pDbh) === PGSQL_CONNECTION_OK) {
    // ** Execute SQL -- Get the description
    $descRs = db_query($sql, $pDbh);
    $descRow = db_fetch_assoc($descRs);
    if ($descRow) {
      // ** Row was found -- return the description
      $retDesc['description'] = trim($descRow['description']);
      $retDesc['display_name'] = trim($descRow['display_name']);
    }
  }
  return $retDesc;
}

/**
 *
 *  Search for a specific account/accounttype combo from the <client>useraccount
 *    table for a user
 *
 *  @param integer $pDbh     - Current Database handle
 *  @param string  $pCu      - Credit Union
 *  @param integer $pUid     - Authenticted User's id from <client>user
 *  @param string $pAcctType - {D, L, X}  Which type of account are we looking up?
 *                                D - Deposit
 *                                L - Loan
 *                                X - Cross Account
 *  @param string $pAcctNbr - Account Number
 *  @param string $pAcctSfx - Suffix (sub-account) related to the specified account
 *  @param string $pCertNo  - The Related Cert no (for Deposit types only)
 *
 *  @return mixed
 *            false -- IF NOT FOUND
 *            array -- Returns the array of information if found
 *
 */
function FindUserAccountExists ($pDbh, $pCu, $pUid, $pAcctType, $pAcctNbr, $pAcctSfx, $pCertNo='') {
  $retVal = false;
  $sql = '';        // Balance Description SQL

  switch ($pAcctType) {
    case "D":
    case "T":
      // ** DEPOSIT
      $sql = "SELECT useraccount.*
              FROM " . prep_save($pCu, 10) . "useraccounts as useraccount
              WHERE
                useraccount.recordtype = '" . prep_save($pAcctType, 1) . "'
                AND useraccount.accountnumber = '" . prep_save($pAcctNbr, 12) . "'
                AND useraccount.accounttype = '" . prep_save($pAcctSfx, 25) . "'
                AND useraccount.certnumber = " . intval($pCertNo) . "
                AND useraccount.user_id = " . intval($pUid) . "; ";

      break;
    case "L":
    case "P":
      // ** LOAN
      $sql = "SELECT useraccount.*
              FROM " . prep_save($pCu, 10) . "useraccounts as useraccount
              WHERE
                useraccount.recordtype = '" . prep_save($pAcctType, 1) . "'
                AND useraccount.accountnumber = '" . prep_save($pAcctNbr, 12) . "'
                AND useraccount.accounttype = '" . prep_save($pAcctSfx, 25) . "'
                AND useraccount.user_id = " . intval($pUid) . "; ";
      break;
    // ** default -- leave empty return nothing
  }

  if ($sql != '' && db_connection_status($pDbh) === PGSQL_CONNECTION_OK) {
    // ** Execute SQL -- Get the description
    $descRs = db_query($sql, $pDbh);
    $descRow = db_fetch_assoc($descRs);
    if ($descRow) {
      $retVal = Array("data" => $descRow);
    }
  }

  return $retVal;
}


/**
 *
 *  Search for a specific account in the <client>memberacct table
 *
 *  @param integer $pDbh     - Current Database handle
 *  @param string  $pCu      - Credit Union
 *  @param string $pAcctNbr - Account Number
 *
 *  @return mixed
 *            false -- IF NOT FOUND
 *            array -- Returns the array of information if found
 *
 */
function FindMemberAccountExists ($pDbh, $pCu, $pAcctNbr) {
  $retVal = false;
  $sql = '';        // Balance Description SQL

  $sql = "SELECT *
          FROM " . prep_save($pCu, 10) . "memberacct as memberacct
          WHERE
            accountnumber = '" . prep_save($pAcctNbr, 12) . "'; ";

  if ($sql != '' && db_connection_status($pDbh) === PGSQL_CONNECTION_OK) {
    // ** Execute SQL -- Get the description
    $descRs = db_query($sql, $pDbh);
    $descRow = db_fetch_assoc($descRs);
    if ($descRow) {
      $retVal = Array("data" => $descRow);
    }
  }

  return $retVal;
}


/**
 * Get the list of users that have ACCESS rights to a member account
 *
 * @param integer $pDbh -- Database handle
 * @param array   $pHBEnv -- The current environment array
 * @param string  $pMbrAcct -- the member account we are querying
 *
 * @return array -- Empty array if no values found, otherwise it is an array of (user_id)
 *
 */
function GetMemberAccessList($pDbh, $pHBEnv, $pMbrAcct) {
  $retList = Array();

  try {
    $sql = "SELECT user_id, allowed
            FROM " . prep_save($pHBEnv['Cu'], 10) . "memberacctrights as mar
            WHERE accountnumber = '" . prep_save($pMbrAcct, 12) . "'
              AND whichright = 'ACCESS'
              AND allowed = true";

    $accessRS = db_query($sql, $pDbh);
    $accessRows = db_fetch_all( $accessRS);

    if (is_array($accessRows)) {
      // ** ALL rows are returned -- Loop through them and create the returned data array
      for ($idx = 0; $idx < count($accessRows); $idx++) {
        $retList[] = intval($accessRows[$idx]['user_id']);
      }
    }
  } catch (Exception $ex) {
    $retList = Array();
  }
  return $retList;
}

/**
 * function CanActivateUser($pHBEnv, $pMbrAcct)
 * See if the user can be activated for the account number.
 *
 * @param $pHBEnv -- the environment variables
 * @param $pMbrAcct -- the member account to check
 *
 * @return array --
 *    exists -- true if the user exists, false otherwise.
 *    isNullPassword -- true if the password is set to the special "NULL PASSWORD" string.
 *    isFailed -- true if the failedremain is less than or equal to zero.  (Needed for the special locked out error.)
 */
function CanActivateUser($pHBEnv, $pMbrAcct) {
  try {
    $Cu = $pHBEnv["Cu"];
    $dbh = $pHBEnv["dbh"];

    $returnArray = array("memberExists" => false, "userExists" => false, "isNullPassword" => false, "isFailed" => false, "allowEnroll" => false);

    // Needs to be broken up.  Once checks for account existence and one for user existence.  In the case of failed checks, a record is only created in user.
    $sql = "select ma.accountnumber, ma.allowenroll from ${Cu}memberacct ma where ma.accountnumber = '$pMbrAcct'";

    $sth = db_query ($sql, $dbh);
    if (!$sth) {
      throw new exception("Member query failed.", 4);
    }

    if (db_num_rows($sth) > 0) { // Found user so return isnull and isfailed
      $row = db_fetch_assoc($sth, 0);
      $returnArray ["memberExists"] = true;
      $returnArray ["allowEnroll"] = isset($row["allowenroll"]) && trim($row["allowenroll"]) == "t";
    }

    $sql = "select u.user_id, u.passwd, u.failedremain from ${Cu}user u
            left join ${Cu}memberacct ma on u.user_id = ma.primary_user and u.user_name = '$pMbrAcct'
            where u.user_name = '$pMbrAcct' or ma.primary_user is not null";

    $sth = db_query ($sql, $dbh);
    if (!$sth) {
      throw new exception("User account query failed.", 3);
    }

    if (db_num_rows($sth) > 0) { // Found user so return isnull and isfailed
      $row = db_fetch_assoc($sth, 0);
      $returnArray ["userExists"] = true;
      $returnArray ["isNullPassword"] = trim($row["passwd"]) == 'NULL PASSWORD';
      $returnArray ["isFailed"] = $row["failedremain"] <= 0;
    }

  } catch (exception $e) {
    $pHBEnv["SYSENV"]["logger"]->error($e->getMessage());
  }

  return $returnArray;
}

function FindAccountDisplay($pEnv, $pDbh, $pCu, $pMember, $pSuffix, $pType, $pCert = 0) {

  $acctKey = array(
    "accountnumber" => $pMember,
    "recordtype" => $pType
  );

  if ($acctKey['recordtype'] == "D" ) {
    $acctKey['accounttype'] = $pSuffix;
    $acctKey['certnumber'] = $pCert;
  } else if ($acctKey['recordtype'] == "L" || $acctKey['recordtype'] == "C") {
    $acctKey['loannumber'] = $pSuffix;
  }

  $acctDisp = GetMemberDescription($pDbh, $pCu, $pEnv['Uid'], $acctKey);
  if ($acctKey['recordtype'] == "D") {
    $acctDesc = getAccountDescription($pDbh, $pCu, $acctKey['accountnumber'], $acctDisp['description'], $acctKey['accounttype'], $acctDisp['display_name'], $pEnv["Fset3"], $acctKey['certnumber'], false);
  } else if ($acctKey['recordtype'] == "L" || $acctKey['recordtype'] == "C") {
    $acctDesc = getAccountDescription($pDbh, $pCu, $acctKey['accountnumber'], $acctDisp['description'], $acctKey['loannumber'], $acctDisp['display_name'], $pEnv["Fset3"], 0, false);
  } else {
    $acctDesc = $pEnv["MC"]->msg( "Unknown", HCU_DISPLAY_AS_RAW );
  }

  return $acctDesc;

}