hcuMRDC.prg

<?php
  /*
   * File: hcuMRDC.prg
   *
   * Purpose:  This script is for the web-based RDC. It will handle enroll, view history,
   *           view instructions (custom content), start deposit, and submit a deposit.
   *           The start deposit will gather deposit account and amount and will launch
   *           an app to capture the image (which is uploaded separately). The app will
   *           inject a thumbnail back into the deposit/submit page.
   *
   * Created by Mike (from hcuMobilePay)
   *
   */

  // ** SET SCRIPT LEVEL VARIABLES
  $serviceShowInfo = true;
  $serviceLoadMenu = true;
  $serviceShowMenu = true;
  $serviceLiveCheck = true;
  // ** INCLUDE MAIN GLOBAL SCRIPT -- Handles security / global variable values
  require_once(dirname(__FILE__) . '/../library/hcuService.i');

  // needed to read trusted details for the RDC Vendor
  require_once(dirname(__FILE__) . '/../../shared/library/cutrusted.i');

  /* See if there needs to be a speedbump or only one account to choose from.
   * If return from this include, a variable will be added to $HB_ENV.
   * Only call if there is no rdc_token
   */
  if ( !HCU_array_key_exists( "rdc_token", $_REQUEST ) ) {
    $SPEEDBUMP_FEATURE = "RDC";
    require_once(dirname(__FILE__) . '/../includes/hcuAccountSelector.i');
    $accountToUse = $HB_ENV["selected_account"];
  }

  require_once(dirname(__FILE__) . '../../../banking/library/rdcCommon.i');

  /*
   * ** CHECK USER FEATURE PERMISSIONS **
   * NOTE: DOES NOT RETURN ON FAILURE
   */
  PermCheckFeatureScreen($dbh, $HB_ENV, $MC, FEATURE_MOBILE_RDC);

  // ** IMPORT FORM VALUES
  $inputVars = array();
  // ** INSERT BUSINESS LOGIC FOR THIS FORM
  $varOk = Array("rdcVendor"=>array("filter" => FILTER_SANITIZE_STRING),
                 "rdc_token"=>array("filter" => FILTER_SANITIZE_STRING),
                 "btnAgree"=>array("filter" => FILTER_SANITIZE_STRING),
                 "rdcEndorse"=>array("filter" => FILTER_SANITIZE_STRING)
               );
  HCU_ImportVars( $inputVars, "", $varOk );

  // THIS NEEDS TO BE CONFIGURABLE for any given vendor
  $rdcVendorKey = isset( $inputVars["rdcVendor"] ) ? $inputVars["rdcVendor"] : "";

  // THIS IS OPTIONAL AND SHOULD BE SANITIZED (it comes in on the GET command line)
  $rdcEndorse = isset( $inputVars["rdcEndorse"] ) ? $inputVars["rdcEndorse"] : "";

  $rdcDepositId = "";
  $skipTermsCheck = false;  //default
  $showTerms = false;
  //used for showing link to enroll in bill pay services - ENR
  $showEnroll = false;
  if ( isset( $inputVars['rdc_token'] ) && strlen( $inputVars['rdc_token'] ) > 0 ) {
    if ( strpos( $inputVars['rdc_token'], "=" ) !== false ||
         strpos( $inputVars['rdc_token'], "+" ) !== false ) {
      // already decoded
      $decodedToken = $inputVars['rdc_token'];
      $encodedToken = urlencode( $inputVars['rdc_token'] );
    } else {
      $encodedToken = $inputVars['rdc_token'];
      $decodedToken = urldecode( $inputVars['rdc_token'] );
    }
    $commonString = hcu_decrypturl( $decodedToken, $HB_ENV['2factorkey']);

    parse_str( $commonString, $commonParms );

    if ( strlen( $commonParms["rdcVendor"] ) > 0 ) {
      $rdcVendorKey = $commonParms["rdcVendor"];
    }

    $rdcDepositId = $commonParms["rdcToken"];
    $rdcAccount = $commonParms["rdcAccount"];

    // get the params from the token
    $rdcEndorse = isset( $commonParms["rdcEndorse"] ) ? $commonParms["rdcEndorse"] : "";

    $skipTermsCheck = true;

  } else {
    // use the selected account
    $rdcAccount = $accountToUse;
  }

  $rdcParams = array();

//Both TERMS and ACCOUNT information comes back from "AUTH" call. If need to present terms, don't use the account info
//If showing terms re-get the account info upon successful terms acceptance.
//If not showing terms, then use the account info

//Getting terms and/or account info will both return a deposit id. Use it for the rest of the session until a successful
//deposit or exiting the feature.

  // only do the auth if we don't already have a deposit id
  if ( !strlen( $rdcDepositId ) ) {
    $rdcParams["RDCVENDOR"] = $rdcVendorKey;
    $rdcParams["RDC_ACTION"] = "AUTH";
    $rdcParams["MBRACCT"]= $rdcAccount;

    // Get a token; once we get it we can keep using it so don't lose it.
    $rdcResultAry = HandleRDCRequest($HB_ENV, $rdcParams);

    // ** Did we get a deposit id??
    if ($rdcResultAry['STATUS']['CODE'] == 0 && strlen( $rdcResultAry["DEPOSITID"] ) > 0 ) {
      // capture the deposit id
      $rdcDepositId = $rdcResultAry["DEPOSITID"];
    } else if ( $rdcResultAry['STATUS']['CODE'] == "4011"  ) {
      // need to show resulting message; user not enrolled
      // NOTE: This comes back html entity encoded
      $serviceErrorMsg = html_entity_decode( $rdcResultAry['STATUS']['MESSAGE'] );
      $serviceErrorCode = '915';

      require_once(dirname(__FILE__) . '/../includes/hcuErrorPage.i');
      // ** DO NOT CONTINUE
      exit;
    } else {

      // ** If Error messages were included in the array that is returned, then show those errors, if NOT default to feature not set message
      if (isset($rdcResultAry['STATUS']['MESSAGE']) && (strlen($rdcResultAry['STATUS']['MESSAGE']) > 0) ) {
        // ** SET MSG HERE
        $noticeString = $MC->msg("Feature Not Set");
        // add the error message that was returned
        $noticeString .= "<br />" .  $rdcResultAry['STATUS']['MESSAGE'];
      } else {
        // ** Show custom errors here - no RDC
        $noticesAry = Get_NoticeInfo($dbh, $HB_ENV, $MC, "M", "mblNoRDC", true);

        $hasNoticePopup = false;

        if ( $noticesAry["status"]["code"] == "000" && $noticesAry["notice"][0]["notice_id"] ) {
          $hasNotice = true;
          $noticeOption = $noticesAry['notice'][0];

          $noticeOptions = Array (
                'docsid'      => $noticeOption['notice_id'],
                'docstype'    => $noticeOption['notice_type'],
                'device'      => 'M',
                'noticeOnly'  => '0',
                'expireTime'  => mktime() + 86400
            );

          $noticeString = $noticesAry["notice"][0]["notice_text"];

        } else {
          $noticeString = $MC->combo_msg('Requested Feature Unavailable', 0, '#msg#', "");
        }
      }

      // show error message
      $serviceErrorMsg = $noticeString;
      $serviceErrorCode = '915';

      //do not direct to error page if suscriber error - ENR
      if(!$showEnroll){
        require_once(dirname(__FILE__) . '/../includes/hcuErrorPage.i');
        // ** DO NOT CONTINUE
        exit;
      }
    }
  }

  // set up common parameters
  // NOTE: rdcEndorse is added to the token because it is needed for the Deposit, or if user comes back to
  //       this script with a token in place.
  $commonURL = "rdcDepositId=$rdcDepositId&rdcVendor=$rdcVendorKey&rdcAccount=$rdcAccount&rdcEndorse=" . urlencode($rdcEndorse);
  $encryptedCommonURL = hcu_encrypturl( $commonURL, $HB_ENV['2factorkey'] );
  $encodedCommonURL = urlencode( $encryptedCommonURL );

  if (isset($inputVars['btnAgree']) && $inputVars['btnAgree'] != '') {
    // ** User has agreed to the Terms and Conditions...
    // ** Post the Acceptance back to iPay
    // * No extra parameters need to be set
    $rdcParams["RDCVENDOR"] = $rdcVendorKey;
    $rdcParams["RDC_ACTION"] = "ACCEPT";
    $rdcParams["MBRACCT"] = $rdcAccount;
    $rdcParams["DEPOSITID"] = $rdcDepositId;
    $rdcResultAry = HandleRDCRequest($HB_ENV, $rdcParams);

    // ** if Response is ANYTHING but success then fail
    if ($rdcResultAry['STATUS']['CODE'] != '000') {
      // ** SOMETHING WENT WRONG -- AGAIN it should be the Feature NOT Set page
      $error_display = "An error was encountered with accepting the terms.";
      $serviceErrorMsg = $error_display;
      $serviceErrorCode = '915';

      require_once(dirname(__FILE__) . '/../includes/hcuErrorPage.i');
      // ** DO NOT CONTINUE
      exit;
    }
    else {
      $doTermsCheck = false;
      $showTerms = false;
    }
  }

  if ( strlen( trim( $rdcResultAry["RDC_RESPONSE"]["TERMS"] ) ) > 0 ) {
    // * Show the terms
    $showTerms = true;
  } else {
    // * Show the menu
    $showTerms = false;
  }

  // See if there are helpful instructions
  $noticesAry = Get_NoticeInfo($dbh, $HB_ENV, $MC, "D", "mblRDCInstructions", true);

//TODO Show this as a popup dialog
  $hasRDCInstructions = false;
  if ( $noticesAry["status"]["code"] == "000" && HCU_array_key_exists('0', $noticesAry['notice']) ) {
    if ( $noticesAry["notice"][0]["notice_id"] ) {
      $noticeLinkDisplay = $noticesAry["notice"][0]["notice_linkdisplay"];

      $noticeOption = $noticesAry['notice'][0];

      $noticeOptions = Array (
            'docsid'      => $noticeOption['notice_id'],
            'docstype'    => $noticeOption['notice_type'],
            'device'      => 'D',
            'noticeOnly'  => '0',
            'expireTime'  => mktime() + 86400
        );

      $encryptedDocDetails= HCU_PayloadEncode($HB_ENV['Cu'], $noticeOptions);

      $noticeOptions['noticeOnly'] = 1;

      $encryptedDocDetailsNoticeOnly= HCU_PayloadEncode($HB_ENV['Cu'], $noticeOptions);

      // build the url encoded string
      // * For the popup terms
      $noticeURLEXT = $HB_ENV['homebankingpath'] . '/hcuViewNotice.prg?cu=' . $HB_ENV['cu'] . '&x=' . urlencode($encryptedDocDetails);

      // * For the regular Button
      $noticeURLNoticeOnly = $HB_ENV['homebankingpath'] . '/hcuViewNotice.prg?cu=' . $HB_ENV['cu'] . '&x=' . urlencode($encryptedDocDetailsNoticeOnly);

      $hasRDCInstructions = true;
    }
  }

  require_once(dirname(__FILE__) . '/../includes/hcuPreContent.i');

  // if we have terms, the user needs to accept them to get to the menu
?>
  <?php if ( $showTerms == true) : ?>
    <form class='' id='formAcceptTerms' name='formAcceptTerms' method="post" action='<?php echo $actionPath ?>'>
      <div class='container-fluid'>
        <div class="row">
          <div class='k-content col-xs-12'>
            <?php echo html_entity_decode($rdcResultAry['RDC_RESPONSE']['TERMS']) ?>
          </div>
        </div>

      <div class="hcu-template">
        <div class="hcu-edit-buttons k-state-default">
          <a href="#" onclick="document.formAcceptTerms.submit();" id="btnAgree" class="k-button k-primary" name='btnAgree' value='Agree'>
            <i class="fa fa-check fa-lg"></i>Agree
          </a>
        </div>
      </div>

      </div>

      <!-- <div class='ui-block-b' style='text-align:right;'><input type='submit' name='btnAgree_old' value='Agree' data-inline='false' data-transition="flow" data-theme="a"></div> -->
      <input type='hidden' name='rdc_token' value='<?php echo $encodedCommonURL ?>'>
      <input type='hidden' name='btnAgree' value='Agree'>
    </form>
  <?php else : ?>
      <div class='container-fluid'>
        <div class="row">
          <div class='col-xs-12'>
            <div class="list-group" style="max-width:600px">
              <a href="hcuMRDCDeposit.prg?rdc_token=<?php echo $encodedCommonURL ?>&<?php echo $HB_ENV['cuquery'] ?>" class="list-group-item">
              <?php echo $MC->msg("New Deposit", HCU_DISPLAY_AS_HTML)?><span class="icon-angle-right pull-right"><i class="fa fa-chevron-right" aria-hidden="true"></i></span>
              </a>
              <span class="icon-angle-right pull-right"></span>
              <a href="hcuMRDCHistory.prg?rdc_token=<?php echo $encodedCommonURL ?>&<?php echo $HB_ENV['cuquery'] ?>" class="list-group-item">
              <?php echo $MC->msg("History", HCU_DISPLAY_AS_HTML)?><span class="icon-angle-right pull-right"><i class="fa fa-chevron-right" aria-hidden="true"></i></span>
            </a>
          <?php // Only show this if the custom content exists
            if ( $hasRDCInstructions ) : ?>
              <a onClick="ShowNotice('<?php echo $noticeURLNoticeOnly; ?>', '<?php echo $noticeLinkDisplay ?>');" class="list-group-item">
              <?php echo $MC->msg("Instructions", HCU_DISPLAY_AS_HTML)?><span class="icon-angle-right pull-right"><i class="fa fa-chevron-right" aria-hidden="true"></i></span>
            </a>
          <?php endif; ?>
            </div>
          </div>
        </div>
      </div>
     <script>
          $(document).ready(function () {

          });
      </script>

  <?php endif; ?>

<?php
  /*
   * ** END CONTENT
   */

  // ** INCLUDE POST CONTENT SCRIPT
  require_once(dirname(__FILE__) . '/../includes/hcuPostContent.i');

?>