hcuAlerts.data

<?php
/*
 * File: hcuAlerts.data
 * Purpose: Handle the CRUD portion of the Alerts.  When returning the requested alert data
 *            do it in a JSON format, for the client to display accordingly.
 *
 *
 * Call this script with the following parameters
 *  action - what the client side is requesting.
 *
 * Alert Types: 1 = Balance, 2 = Transactions, 3 = Check Number, 4 = Loan / Missed Payment Date
 *
 * Returns JSON OBJECT.
 */
try {
  // ** SET HOMECU FLAGS
  $serviceShowInfo = true;
  $serviceLoadMenu = true;
  $serviceShowMenu = true;

  // ** INCLUDE MAIN GLOBAL SCRIPT -- Handles security / global variable values
  // hcuService will be returning a status object: e.g. ["homecuErrors":{[{"message":"message1"}...{"message":"messageN"}}]
  require_once(dirname(__FILE__) . '/../library/hcuService.i');

  $logger= $HB_ENV["SYSENV"]["logger"];

  // ** IMPORT FORM VALUES
  $string= array("filter" => FILTER_SANITIZE_STRING);
  $string_special = array("filter" => FILTER_SANITIZE_SPECIAL_CHARS);
  $digits= array("filter" => FILTER_SANITIZE_NUMBER_INT);
  $dms_ok=array( 'action'=>$string, "mbr_account" => $string,
                 'type'=>$string,'id'=>$string, 'chome'=>$string,
                 'selacct'=>$string, 'emailtype'=>$string,
                 'notifyto'=>$string,
                 'notifymsg'=>$string_special, 'incbal'=>$string, 'notifyamt'=>$string,
                 'useavailbal'=>$string, 'desc_amtmin'=>$string, 'desc_amtmax'=>$string,
                 'userange'=>$string, 'transtype'=>$string,
                 'notifydesc'=>$string_special, 'days_prior'=>$string,
                 'chknum'=>$string, 'incamt'=>$string, 'inctransdesc'=>$digits);

  HCU_ImportVars($HB_ENV, 'HCUPOST', $dms_ok);

  header('Content-Type: application/json');

    if (!$dbh) {
        // The connection was not made to the database
        // unresolved: return an error??
    }

  $altopts = "";
  $myaccount = "";

  // initialize the error and result objects
  $aryResult = array();
  $aryErrors =  array();
  $aryReply = array();
  $aryInfo = array();
  // ** First check the refer script -- make sure coming from right place
  $parseRefer = parse_url($_SERVER['HTTP_REFERER']);
  $referScript = basename($parseRefer['path']);
  if (!in_array($referScript, array('hcuAlerts.prg'))) {
    // ** Wrong script calling this data routine
    $aryErrors[] = $MC->msg('Feature Unavailable', HCU_DISPLAY_AS_RAW);
    throw new Exception (HCU_JsonEncode($aryErrors));
  }

  /*
   * ** CHECK USER FEATURE PERMISSIONS **
   * NOTE: DO NOT AUTO-REDIR.  Handle perm error here
   */
  if (!PermCheckFeatureScreen($dbh, $HB_ENV, $MC, FEATURE_ALERTS, '', false)) {
        throw new Exception (HCU_JsonEncode(Array($MC->msg('Rights not set', HCU_DISPLAY_AS_HTML))));
    }

  $alertsEnabled = Check_AlertsEnabled( $dbh, $HB_ENV );
  if ( $alertsEnabled === false ) {
    $aryErrors[] = $MC->msg('Feature Not Set', HCU_DISPLAY_AS_RAW);
    throw new Exception (HCU_JsonEncode($aryErrors));
  }

  // do the requested operation
  switch ( $HB_ENV["HCUPOST"]["action"] ) {
    case "create":
    case "update":            // update has an id
      // validate the inputs

      // convert any UTF-8 characters to encoded html entities
      $HB_ENV["HCUPOST"]["notifymsg"] = ConvertFromUTF8( $HB_ENV["HCUPOST"]["notifymsg"] );
      // notifydesc only exists for transaction type alerts
      $HB_ENV["HCUPOST"]["notifydesc"] = HCU_array_key_exists("notifydesc", $HB_ENV["HCUPOST"]) ?
        ConvertFromUTF8( $HB_ENV["HCUPOST"]["notifydesc"] ) : "";

      // must decode because single quotes cannot be sanitized with special chars like `<, > and &`
      // when using FILTER_SANITIZE_SPECIAL_CHAR we decode them back to the actual characters.
      $HB_ENV["HCUPOST"]["notifymsg"] = html_entity_decode( $HB_ENV["HCUPOST"]["notifymsg"], ENT_QUOTES, "UTF-8" );
      // notifydesc only exists for transaction type alerts
      $HB_ENV["HCUPOST"]["notifydesc"] = HCU_array_key_exists("notifydesc", $HB_ENV["HCUPOST"]) ?
        html_entity_decode( $HB_ENV["HCUPOST"]["notifydesc"], ENT_QUOTES, "UTF-8" ) : "";

      // verify the parameters
      $aryUpdate = Validate_Alert( $dbh, $HB_ENV, $MC );

      if ($aryUpdate['code'] == '000') {
        $aryUpdate = Update_Alert( $dbh, $HB_ENV, $MC );
      }

      if ($aryUpdate['code'] != '000') {
        // an error occurred
        $aryErrors = array();
        for ( $e = 0; $e < count( $aryUpdate["errors"] ); $e++ ) {
          $aryErrors[] = $aryUpdate["errors"][$e];
        }

        throw new Exception (HCU_JsonEncode($aryErrors));
      } else {
        // return status
        if ( $HB_ENV["HCUPOST"]["id"] > 0 ) {
          $aryInfo[] = $MC->msg('Alert Updated', HCU_DISPLAY_AS_RAW);
        } else {
          $aryInfo[] = $MC->msg('Alert Saved', HCU_DISPLAY_AS_RAW);
        }
      }

      break;
    case "read":
      $return = Get_AlertsDetailed( $dbh, $HB_ENV["Cu"], $HB_ENV["Uid"], $HB_ENV["Fset3"]);

      $aryResult = $return["data"];
      for ( $i = 0; $i < count( $aryResult ); $i++ ) {
        // decode the row display message and the edit/details display message
        $aryResult[$i]["notifymsg"] = html_entity_decode( $aryResult[$i]["notifymsg"], ENT_QUOTES, "UTF-8" );
        $aryResult[$i]["notifydisplaymsg"] = html_entity_decode( $aryResult[$i]["notifymsg"], ENT_QUOTES, "UTF-8" );
        if ( isset( $aryResult[$i]["lastalert"] ) && strlen( $aryResult[$i]["lastalert"] ) > 0 ) {
          $aryResult[$i]["lastalert"] = date( "M j, Y g:ia", strtotime( $aryResult[$i]["lastalert"] ) );
        }
      }
      break;
    case "read_alert_accounts":
      $return = Get_AlertAccountList( $dbh, $HB_ENV );

      $aryResult = $return["data"];
      break;
    case "destroy":
      $aryDelete = Delete_Alert( $dbh, $HB_ENV, $MC );

      if ($aryDelete['code'] != '000') {
        // an error occurred
        $aryErrors = array();
        for ( $e = 0; $e < count( $aryDelete["errors"] ); $e++ ) {
          $aryErrors[] = $aryDelete["errors"][$e];
        }

        throw new Exception (HCU_JsonEncode($aryErrors));
      } else {
        $aryInfo[] = $MC->msg('Alert Deleted', HCU_DISPLAY_AS_RAW);
      }

      break;
    case "readalert":
      // return as a result
      $oneAlert = Read_OneAlert( $dbh, $HB_ENV );
      $aryResult[] = $oneAlert["data"];

      $aryResult[0]["notifymsg"] = html_entity_decode( $aryResult[0]["notifymsg"], ENT_COMPAT | ENT_HTML401, "UTF-8" );

      break;
    default:
      $aryErrors[] = "Unexpected action: {$HB_ENV["HCUPOST"]["action"]}";
      throw new Exception (HCU_JsonEncode($aryErrors));
  }
}
catch(Exception $ex)
{
  //Return error message
    $aryReply["homecuErrors"] = HCU_JsonDecode( $ex->getMessage() );

  // if returning error, not replying with data
  $aryResult = array();

  // if returning error, not returning status
  $aryInfo = array();
}

  if ( count( $aryInfo ) ) {
    $aryReply["homecuInfo"] = $aryInfo;
  }

  if ( count( $aryResult ) ) {
    $aryReply["homecuData"] = $aryResult;
  }

  print HCU_JsonEncode($aryReply);