hcuArchiveCheck_8data_source.html

<?php
/*
 * File: hcuArchiveCheck.data
 * Purpose: Validate inputs and create a URL string to send to the third party.
 *
 * Call this script with the following parameters
 *  action - what the client side is requesting.
 *
 *
 * Returns JSON OBJECT.
 */

try {
  // ** SET HOMECU FLAGS
  $serviceShowInfo = false;
  $serviceLoadMenu = false;
  $serviceShowMenu = false;
  $serviceAllowReadonly = true;


  // ** INCLUDE MAIN GLOBAL SCRIPT -- Handles security / global variable values
  // unresolved - hcuService will be returning a status object: e.g. ["homecuErrors":{[{"message":"message1"}...{"message":"messagen"}]}]
  require_once(dirname(__FILE__) . '/../library/hcuService.i');


  // ** IMPORT FORM VALUES
        $varOk = array(
            "action" => array("filter" => FILTER_SANITIZE_STRING),
            "check_number" => array("filter" => FILTER_SANITIZE_STRING),
            "date_cleared" => array("filter" => FILTER_SANITIZE_STRING),
            "amount" => array("filter" => FILTER_SANITIZE_STRING),
            "account" => array("filter" => FILTER_SANITIZE_STRING)
        );
        HCU_ImportVars( $HB_ENV, "HCUPOST", $varOk );

  $Cu = $HB_ENV["Cu"];
  $Cn = $HB_ENV["Cn"];

  header('Content-Type: application/json');


  //get the database connection
  // $dbh is set up
  // ** First check the refer script -- make sure coming from right place
  $parseRefer = parse_url($_SERVER['HTTP_REFERER']);
  $referScript = basename($parseRefer['path']);
  if (!in_array($referScript, array('hcuArchiveCheck.prg'))) {
    // ** Wrong script calling this data routine
    $aryErrors[] = $MC->msg('Feature Unavailable', HCU_DISPLAY_AS_RAW);
    throw new Exception (json_encode($aryErrors));
  }

  /*
   * ** CHECK USER FEATURE PERMISSIONS **
   * NOTE: DO NOT AUTO-REDIR.  Handle perm error here
   */
  if (!PermCheckFeatureScreen($dbh, $HB_ENV, $MC, FEATURE_BASIC, '', false)) {
        throw new Exception (HCU_JsonEncode(Array($MC->msg('Rights not set', HCU_DISPLAY_AS_HTML))));
    }


    if (!$dbh) {
        // The connection was not made to the database
        // not calling the database as of 09/04/2014
    }

  // initialize the error and result objects
  $aryResult = array();
  $aryErrors =  array();
  $aryInfo = array();
  $aryReply = array();


  // do the requested operation
  switch ( $HB_ENV["HCUPOST"]["action"] ) {
    case "create_url":
            // Validate all information is correct and entered before creating the URL for the image
            if (trim($HB_ENV["HCUPOST"]["check_number"]) == '' || !is_numeric($HB_ENV["HCUPOST"]["check_number"])) {
                $aryErrors[] = $MC->msg('Check Number Must Be Numeric', HCU_DISPLAY_AS_RAW);
            } else {
                $check_number = trim($HB_ENV["HCUPOST"]["check_number"]);
            }

            if (trim($HB_ENV["HCUPOST"]["amount"]) == '' || !is_numeric($HB_ENV["HCUPOST"]["amount"])) {
                $aryErrors[] = $MC->msg('Invalid entry for check amount', HCU_DISPLAY_AS_RAW);
            } else {
                $check_amount = number_format($HB_ENV["HCUPOST"]["amount"], 2, '.', '');
            }

            if (trim($HB_ENV["HCUPOST"]["account"]) == '' ) {
                $aryErrors[] = $MC->msg('Please select an account', HCU_DISPLAY_AS_RAW);
            }
            list($ck_micr,$ck_acct,$ck_type) = explode("|",$HB_ENV["HCUPOST"]["account"]);

            list($mm,$dd,$yyyy) = preg_split("#[/-]#",$HB_ENV["HCUPOST"]["date_cleared"]);
            $mm = intval($mm);
            $dd = intval($dd);
            $yyyy = intval($yyyy);

      $dateTest = strtotime( "$mm/$dd/$yyyy" );
            if (!$dateTest) {
                $aryErrors[] = $MC->msg('Invalid Date Format', HCU_DISPLAY_AS_RAW);
            } else {
                $check_date = date('m/d/Y', strtotime($HB_ENV["HCUPOST"]["date_cleared"]));
            }

            if ( count( $aryErrors ) > 0 ) {
        throw new Exception (json_encode($aryErrors));
          } else {
        $sql = "SELECT img, rt, flagset
                FROM cuadmin
                WHERE cu = '$Cu' ";

        $img_rs = db_query($sql, $dbh);

        list($img_vendor, $cu_rt, $flagset) = db_fetch_row($img_rs, 0);
        $img_vendor = trim($img_vendor);
        $cu_rt = trim($cu_rt);
        db_free_result($img_rs);

                // Look for override micr settings applying to this check
                $check_number = intval($check_number);
                $use_rt = $cu_rt;
                $use_micr = $ck_micr;

                $sql_om = "select trim(rt), trim(micraccount) from cuovermicr
                                     where cu='$Cu' and accountnumber='$ck_acct'
                                     and accounttype = '$ck_type'
                                     and startcheck <= $check_number
                                     order by startcheck desc
                                     limit 1";
                $om_rs = db_query($sql_om, $dbh);
                if(db_num_rows($om_rs) == 1) {
                    list ($use_rt, $use_micr) = db_fetch_row($om_rs, 0);
                }


        //Create a CKHASH like $dmskey and CKITEM with all the stuff passed on url and add a CKARCHIVE flag (to both CKHASH and url.
        //In ImageSOLO decode key based on CKARCHIVE and gather enough info to make the call.

//        $dmskey=sha1("{$Cu}{$img_vendor}{$check_number}{$check_amount}{$check_date}{$use_rt}{$use_micr}{$Cn}cierto");
//              $img_url = "https://{$_SERVER['HTTP_HOST']}" .
//                    dirname($_SERVER['PHP_SELF']) . "/ImageSRC"
//                                      . "?cu=$Cu&img=$img_vendor&check=$check_number&amount=$check_amount"
//                                      . "&date=$check_date&rt={$use_rt}&micr={$use_micr}&dmskey=${dmskey}";

# pass micr as $sk (sortkey)
# for MidAt clients using tracenumber, not micr, for image retrieval
/*
 * changed 12/19/12 if FEDIMAGE, send check_number; if MAC send check_micr; else send ''
 * so old legacy hacks for FEDIMAGE and MAC still work without breaking new alternate MICR for
 * WASATCH / ISUCU
 *
 * Apparently lost these changes on the switch from ImageSRC to ImageSOLO (Mammoth upgrade)
 * but really do need them...
 */

        $sk='';
        if ($img_vendor == 'FEDIMAGE') {
            $sk = $check_number;
        } elseif ($img_vendor == 'MAC') {
            $sk = $use_micr;
        } else {
            $sk = '';
        }

        $archiveFlag = "2";     // this needs to match in the check in ImageSOLO

        $infoParts = "$Cu|$img_vendor|$check_number|$check_amount|$check_date|$use_rt|$use_micr|$Cn|$sk";
        $dmskey=sha1("{$Cu}{$img_vendor}{$check_number}{$check_amount}{$check_date}{$use_rt}{$use_micr}{$archiveFlag}{$Cn}cierto");
        $ckitem=hcu_encrypturl( $infoParts, $chk_key );
        $img_url = $HB_ENV['homebankingpath']  . "/ImageSOLO.prg?" . $HB_ENV['cuquery'] . "&CKITEM=$ckitem&CKARCHIVE=2&CKHASH=$dmskey";

        $aryResult["img_url"] = $img_url;
            }
      break;
    default:
      $aryErrors[] = array( "message" => "Unexpected action: {$HB_ENV["HCUPOST"]["action"]}" );
      throw new Exception (json_encode($aryErrors));
      break;
  }
}
catch(Exception $ex)
{
  //Return error message
    $aryReply["homecuErrors"] = json_decode( $ex->getMessage() );

  // if an error, don't return data
  $aryResult = array();

  // if an error, don't return info
  $aryInfo = array();
}

  if ( count( $aryResult ) ) $aryReply["homecuData"] = $aryResult;

  if ( count( $aryInfo ) ) $aryReply["homecuInfo"] = $aryInfo;

  print json_encode($aryReply);