hcuTransfer.i

<?php
/**
 * @package hcuTransfer.i
 * @uses    This file contains the shared functions needed for transfers. The difference
 *  between this and hcuTransferScheduled.i is that file has routines specific to
 *  scheduled transfers and may need to reference this file.
 *
 * Created: 10/10/17
 *
 * Primary entry points provided:
 *  PerformTransfer - The core logic of figuring out what kind of transfer operation that can be called by
 *                    the web-based .data entry, or by AppFeed. This will call any of the other entry points.
 *  ValidateTransfer - Validate the transfer parameters. NOTE that values are returned in reply with
 *                      derived secondary values.
 *  SubmitTransfer - Submit the transfer. This will only record the tranfer in the transhdr/transdtl tables.
 *  ApproveTransfer - Mark the transfer as approved in the transhdr table.
 *  ProcessTransfer - Process the transfer by submitting to core or as secure message. Don't call for ACH.
 *
 * NOTES:
 * 1. This file also has the core code to enter the transfer into the database and to update the
 *    database to signify the transfer has been approved.
 */

// Function to see if transfernotify email is set.
// * this is done by checking the email role 'transfernotify'
function _HasTransferNotify( $pDbh, $pCu ) {
    // ** Verify the feature is enabled for the Credit Union.
    // * this is done by check the role 'transfernotify'
    $sqlSelect = "SELECT email
                  FROM cuadmnotify
                  WHERE cu = '{$pCu}' AND role = 'transfernotify'";

    $sqlSelectRs = db_query( $sqlSelect, $pDbh );

    $sqlEmail = db_fetch_array( $sqlSelectRs, 0 );
    db_free_result( $sqlSelectRs );

    $hasEmail = strlen( trim( $sqlEmail["email"] ) ) > 0;

    return $hasEmail;
} // end _HasTransferNotifyEmail

/**
 * PerformTransfer:
 * @uses Make sure transfers are allowed and check permissions; called from the regular transfer screen
 *        but can handle an immediate or scheduled transfer.
 *
 * NOTE: Only the validation can return multple errors. Any other call will fail on tne first error. However,
 *        some error messages are added on to existing ones so need to be returned with the return structure,
 *        not thrown.
 *
 * @param $pHBEnv     - HB_ENV values, $pTransferValues
 *          ["SYSENV"]["logger"]
 *          ['Cu']
 *          (lower calls may need more values)
 * @param $pInputVars - all the inputs into the transfer
 * @param $pMC - dictionary
 *
 * @return status array with errors or data and info
 *
 * If there are no errors then the return info can be in:
 *    return["data"]["posted"]    - message if submitted for approval
 *    return["data"]["txn"]  - results from submit (may still need approval)
 *    return["data"]["repeat"]    - scheduled transfer result - might be a success message or an error message
 */
function PerformTransfer( $pHBEnv, $pInputVars, $pMC ) {
  $retStatusAry = Array(
    'status' => Array('code'=>'000', 'errors' => Array()),
    'data' => '',
    'info' => ''
  );

  try {
    // set up some environment info for easier access
    $dbh = $pHBEnv["dbh"];

    // these are needed in a variety of places so get them now
    $sourceParts = isset( $pInputVars['txFromSuffix'] ) ? explode( "|", $pInputVars['txFromSuffix'] ) : array(); // eg "D|1103|10|0
    $destParts = isset( $pInputVars["txToSuffix"] ) ? explode( "|", $pInputVars["txToSuffix"] ) : array();

    // check if feature is regular, external, or M2M transfer
    if ( (isset( $sourceParts[0] ) && $sourceParts[0] === "X") ||
         (isset( $destParts[0] ) && $destParts[0] === "X") ) {
      $transferFeatureCode = FEATURE_EXTERNAL_TRANSFERS;
    } else if ( isset( $destParts[0] ) && $destParts[0] === "M" ) {
      $transferFeatureCode = FEATURE_M2M_TRANSFERS;
    } else {
      $transferFeatureCode = FEATURE_TRANSFERS;
    }

    // NOTE: This level can return multiple errors, if the called function returns multiple errors
    $errorMessage = array();

    // ** FOR Transfer, also verify the email if MailTxn is checked
    if ( $pHBEnv['Fset'] & GetFlagsetValue("CU_MAILTXNS") ) {
      // ** Verify the feature is enabled for the Credit Union.
      $hasTransferNotify = _HasTransferNotify( $dbh, $pHBEnv["Cu"] );

      if ( !$hasTransferNotify ) {
        throw new Exception ( $pMC->msg('Option not set', HCU_DISPLAY_AS_RAW) );
      }
    }

    // get some allowed amounts for client-side validation
    $permissionInputs = array( "feature" => $transferFeatureCode );
    $limits = Perm_GetValidationLimits( $dbh, $pHBEnv, $permissionInputs );

    if ( $limits === false ) {
      // error occurred - assume count of zero
      $allowedAmount = 0;
    } else {
      $allowedAmount = floatval( $limits["amount_per_transaction"] );
    }

    // ** DEFAULT - if frequency is empty set to onetime
    if (!HCU_array_key_exists('txFrequency', $pInputVars) || $pInputVars['txFrequency'] == "") {
      $pInputVars['txFrequency'] = "OneTime";
    }

    // ** DEFAULT - since the dropdown to select immediate/future
    // was removed, we must set it based on current date and
    // selected interval.
    if (!HCU_array_key_exists('txDateStart', $pInputVars) || $pInputVars['txDateStart'] === null) {
      // when transferring to member that is not in our db
      // the start date is disabled the value will come in null.
      $pInputVars['txDateStart'] = date("m/d/Y");
    }

    // if repeating transfers is turned off, txDateEnd will not exist
    // and throw an undefined index notice in hcuTransfer.i
    // this key has no use in this case just set to today.
    if (!HCU_array_key_exists('txDateEnd', $pInputVars) || $pInputVars['txDateEnd'] === null) {
      // when transferring to member that is not in our db
      // the start date is disabled the value will come in null.
      $pInputVars['txDateEnd'] = date("m/d/Y");
    }

    if ( (date("Ymd", strtotime($pInputVars['txDateStart'])) <= date("Ymd")) &&
         ($pInputVars['txFrequency'] == "OneTime") ) {
      // ** if one time, set to immediate
      $pInputVars['txOption'] = "Immediate";
    } else {
      $pInputVars['txOption'] = "Future";
    }

    // ** CHECK
    // ** - scheduled transfers are allowed
    $txScheduledAllowed = (($pHBEnv['flagset2'] & GetFlagsetValue("CU2_PROCRECUR")) === GetFlagsetValue("CU2_PROCRECUR"));
    // ** - is payment or transfer

    // ** CHECK
    // ** - Immediate
    // ** - scheduled not allowed
    if (!$txScheduledAllowed || $pInputVars['txOption'] === "Immediate") {

      // ** VALIDATE - data was sanitized already
      $txValidateTransfer = ValidateTransfer( $pHBEnv, $dbh, $pMC, $pInputVars );

      if ( $txValidateTransfer['status']['code'] !== "000" ) {

        // validate has extra info that isn't used any more in the error handling
        for ( $i = 0; $i < count( $txValidateTransfer["status"]["errors"] ); $i++ ) {
          $errorMessage[] = $txValidateTransfer["status"]["errors"][$i]["message"];
        }

        // pass back any messages as a return value because cannot throw multiple messages
        $retStatusAry["status"]["code"] = "999";
        $retStatusAry["status"]["errors"] = $errorMessage;

        return $retStatusAry;
      }

      $htmlTransferAmount = $pInputVars['txAmount'];

      if ( $htmlTransferAmount > $allowedAmount ) {
        // error occurred - cannot allow operation - just say there was a limit error
        throw new Exception ( $pMC->msg('Perm Limit - Request over authorized limit', HCU_DISPLAY_AS_HTML) );
      }

      // get some allowed amounts for validation
      $permissionInputs = array( "feature" => $transferFeatureCode );
      $permissionInputs["amount"] = $htmlTransferAmount;

      // Because EXT transfers could be Remote to Local / Local to Remote
      // we must check for the account number/type in different places.

      // Remote to Local: Look in destParts
      // Local to Remote: Look in sourceparts

      // Also for Member to Member transfers
      // the local account will always be in sourceParts
      // because we only allow outgoing Member to Member transfers.
      if ($transferFeatureCode == FEATURE_EXTERNAL_TRANSFERS) {

        if ($sourceParts[0] == "X") { // Local account is destination
          $permissionInputs["account"] = $destParts[1];
          $permissionInputs["accounttype"] = $destParts[2];
        } else { // Local account is source
          $permissionInputs["account"] = $sourceParts[1];
          $permissionInputs["accounttype"] = $sourceParts[2];
        }
      } else {
        $permissionInputs["account"] = $sourceParts[1];
        $permissionInputs["accounttype"] = $sourceParts[2];
      }

      $return = Perm_CheckLimits( $dbh, $pHBEnv, $permissionInputs );
      if ( !$return || ($return["status"]["code"] !== "000") ) {
        // error occurred - cannot allow operation - just say there was a limit error
        $errorMessage = Perm_GetLimitErrDesc($pMC, $return["status"]["code"]);
        throw new Exception ( $errorMessage );
      }

      db_work( $dbh, HOMECU_WORK_BEGIN); // For both the submitting of the transfer and the approval.

      // ** Use the results from ValidateTransfer and pass into SubmitTransfer
      $submitTransferResult = SubmitTransfer( $dbh, $pHBEnv, $pMC, $txValidateTransfer['data'], $aryTransferResults );


      if ( $submitTransferResult === false || ($aryTransferResults["status"]["code"] != "000") ) {
        // error occurred - cannot allow operation
        if ( strlen( $submitTransferResult["status"]["errors"] ) > 0 ) {
          $errorMessage[] = $submitTransferResult["status"]["errors"];
        } else {
          $errorMessage[] = $pMC->msg("Transfer Error", HCU_DISPLAY_AS_HTML);
        }
      }

      // check if either of the two possible ways to return errors happened
      if ( count( $errorMessage ) > 0 ) {
        if ($pInputVars['txFrequency'] != 'OneTime') {
          // ** If we have an error from the POST routine AND the member tried to add
          // * a repeating, just mention that here..
          $errorMessage[] = $pMC->msg("Repeating Transfer not saved", HCU_DISPLAY_AS_RAW);
        }

        // need to return messages here since might have multiple
        $retStatusAry["status"]["code"] = "999";
        $retStatusAry["status"]["errors"] = $errorMessage;

        return $retStatusAry;
      }

      // see if confirmation not required
      $confirmationRequired = Perm_CheckConfirmReq($dbh, $pHBEnv, $permissionInputs);
      if (!$confirmationRequired) {
        // since can self-approve do that now (returning TX_Post data)
        $entryId = $aryTransferResults["txn"]["trans_id"];    // result from SubmitTransfer

        if ( !ApproveTransfer( $dbh, $pHBEnv, $pMC, $entryId, $aryApprovalResults ) ) {
          throw new Exception ( $pMC->msg("Trans approval failure", HCU_DISPLAY_AS_HTML) );
        }

        // If the approval stage is successful, replace the confirmation code
        // with the new one generated from this stage.
        $aryTransferResults['txn']['data_confirm'] = $aryApprovalResults['status']['confirm'];

        // for internal transfers, if it was self-approved it can be processed right away
        if ( $transferFeatureCode == FEATURE_TRANSFERS ||
             $transferFeatureCode == FEATURE_M2M_TRANSFERS ) {
          // * TRADITIONAL TRANSFER
          if ( !ProcessTransfer( $dbh, $pHBEnv, $pMC, $entryId, $aryProcessResults ) ) {
            $errorMessage[] = $pMC->msg("Trans processing failure", HCU_DISPLAY_AS_HTML);

            if ( count( $aryProcessResults["status"]["errors"] ) > 0 ) {
              for ( $i = 0; $i < count( $aryProcessResults["status"]["errors"] ); $i++ ) {
                $errorMessage[] = $aryProcessResults["status"]["errors"][$i];
              }
            }

            // need to return messages here since might have multiple
            $retStatusAry["status"]["code"] = "999";
            $retStatusAry["status"]["errors"] = $errorMessage;

            // At this point we have already inserted records on {CU}transhdr and
            // {CU}transdtl tables but got the process transfer error. This implicitly
            // rollbacks all the db insertion and update operations executed so far.
            // However, we do want to record this request to the core in the `cucorerequests`
            // table. The records in `cucorerequests` have already been populated, we just
            // need to revert the transfer related insertions and commit the db transaction
            if (HCU_array_key_exists('trans_id', $aryTransferResults['txn'])) {
                RevertTransferAndAddCUCoreRequest($aryTransferResults['txn']['trans_id'],
                                                  $pHBEnv["dbh"],
                                                  $pHBEnv["Cu"]);
            }

            return $retStatusAry;
          }

          // If the process stage is successful, replace the confirmation code
          // with the new one generated from this stage.
          $aryTransferResults['txn']['data_confirm'] = $aryProcessResults['txn']['data_confirm'];
        }
      } else {
        // return message about awaiting approval, and just enough data for confirmation
        $retStatusAry["data"]['posted'] = $pMC->msg("Transfer submitted for confirmation", HCU_DISPLAY_AS_RAW);
      }

      db_work($dbh, HOMECU_WORK_COMMIT);

      // ** Successful transfer -- Need to return information..
      $retStatusAry["data"]["txn"] = $aryTransferResults["txn"];
    }

    // ** CHECK
    // ** - Future
    // ** - scheduled transfers allowed
    if ($txScheduledAllowed) {
      // ** VERIFY SCHEDULED is allowed for the credit union
      // ** REPEATING OR FUTURE

      /*
       * mws 6/5
       * When an option such as Mail Check is selected, the Repeating transfer options are GREYED OUT.
       * and their values are NOT coming over.  So, the ONLY time I will be making a repeating transfer
       * is if they are EXPLICITLY set to a value.  A blank means NO REPEATING TRANSFER WILL BE DONE
       */
      if (count($retStatusAry["status"]["errors"]) === 0) {

        // ** CHECK
        // ** - interval not one time
        // ** - option = future
        $txIsInterval = ($pInputVars['txFrequency'] != "" && $pInputVars['txFrequency'] != "OneTime");
        $txIsFuture = ($pInputVars['txOption'] != "" && $pInputVars['txOption'] == "Future");
        if ($txIsInterval || $txIsFuture) {

          /*
           * ** CHECK USER FEATURE PERMISSIONS **
           * NOTE: DO NOT AUTO-REDIR.  Handle perm error here
           */
          $permissionScheduled = array( "feature" => FEATURE_SCHEDULED_TRANSFERS );

          // check if user has create rights
          $accessRights = Perm_AccessRights( $dbh, $pHBEnv, $permissionScheduled );
          if ( !HCU_array_key_value( "access", $accessRights ) ) {
            $retStatusAry["data"]['repeat'][] = $pMC->msg('Rights not set', HCU_DISPLAY_AS_HTML);
          } else {
            // ** VALIDATE - scheduled transfer values
            $txValidateTransfer = ValidateTransfer($pHBEnv, $dbh, $pMC, $pInputVars);

            if ($txValidateTransfer['status']['code'] === "000") {
              // Check Amount Per Transaction limit
              $htmlTransferAmount = $txValidateTransfer['data']['txAmount'];

              if ( $htmlTransferAmount > $allowedAmount ) {
                // error occurred - cannot allow operation - just say there was a limit error
                throw new Exception ( $pMC->msg('Perm Limit - Request over authorized limit', HCU_DISPLAY_AS_HTML) );
              }
              // setup values for new entry
              $txScheduleValues = array(
                "txDateStart" => $txValidateTransfer['data']['txDateStart'],
                "txDateEnd" => $txValidateTransfer['data']['txDateEnd'],
                "txFrequency" => $txValidateTransfer['data']['txFrequency'],
                "txFrequencyCount" => $txValidateTransfer['data']['txFrequencyCount'],
                "txParameters" => TxnSchedParameters($txValidateTransfer['data']),
                "txData" => TxnSchedData($txValidateTransfer['data']),
                "txFeature" => $transferFeatureCode
              );

              // ** CREATE - new schedule
              $txCreateSchedule = TxnSchedCreate($pHBEnv, $dbh, $pMC, $txScheduleValues);

              // ** CHECK - errors
              if ($txCreateSchedule['status']['code'] !== "000") {
                // ** FOR the transfer script, the error for the repeating, after a successful
                // * transfer is returned in the repeat element, instead of errors
                $retStatusAry["data"]['repeat'] = $txCreateSchedule['status']['errors'];
              } else {
                $retStatusAry["data"]['repeat'] = $pMC->msg('Repeating transfer scheduled', HCU_DISPLAY_AS_RAW) . ".";
              }
            } else {
              // need to return messages here since might have multiple
              $retStatusAry["status"]["code"] = "999";
              $retStatusAry["status"]["errors"] = $txValidateTransfer['status']['errors'];

              return $retStatusAry;
            }
          }
        }
      }
    }
  } catch(Exception $ex) {
    // roll back the transaction
    db_work($dbh, HOMECU_WORK_ROLLBACK);

    // pass back any messages
    $retStatusAry["status"]["code"] = "999";
    $retStatusAry["status"]["errors"] = $ex->getMessage();
  }

  // safety check for errors being returned since not all paths necessarily set the status code
  if ( is_array( $retStatusAry["status"]["errors"] ) ) {
    if ( count( $retStatusAry["status"]["errors"] ) > 0 ) {
      $retStatusAry["status"]["code"] = "999";
    }
  } else if ( strlen( $retStatusAry["status"]["errors"] ) > 0 ) {
    $retStatusAry["status"]["code"] = "999";
  }

  return $retStatusAry;
} // end PerformTransfer


/**
 * Utility function to delete already inserted transfer transactions details
 * from ${CU}transhdr and ${CU}transdtl tables when the attemnted transfer
 * process fails.
 *
 * @param $transferId - transfer id to delete
 * @param $dbh - database handler
 * @param $Cu - CU code
 *
 * @throws Exception if the transhdr and transdtl records deletion fails
 *
 */
function RevertTransferAndAddCUCoreRequest($transferId, $dbh, $Cu) {
    $cu = trim(strtolower($Cu));

    try {
        $transHdrTbl = $cu . "transhdr";
        $transDtlTbl = $cu . "transdtl";

        // delete transDTL and transHDR records
        $sqlDeleteDtlHdr = "DELETE from ${transDtlTbl}".
                         " WHERE transhdr_id=${transferId};".
                         " DELETE from ${transHdrTbl}".
                         " WHERE id=${transferId};";

        $sqlDeleteDtlHdrRs = db_query($sqlDeleteDtlHdr, $dbh);

        if (!$sqlDeleteDtlHdrRs) {
            throw new Exception("Reverting transfer failed on core request failure.");
        } else {
            // commit the db changes
            // this will only commit the changes in the cucorerequests table
            // as we deleted the un-commited transfers related records
            db_work($dbh, HOMECU_WORK_COMMIT);
        }
    } catch (Exception $ex) {
        throw $ex;
    }
}

/**
 * PerformTransferScheduled:
 * @uses Make sure transfers are allowed and check permissions; called from the hcuTransferSchedule.prg and
 *        can handle reading, deleting, or creating scheduled transfers.
 *
 * NOTE: Only the validation can return multple errors. Any other call will fail on tne first error. However,
 *        some error messages are added on to existing ones so need to be returned with the return structure,
 *        not thrown.
 *
 * @param $pHBEnv     - HB_ENV values, $pTransferValues
 *          ["SYSENV"]["logger"]
 *          ['Cu']
 *          (lower calls may need more values)
 * @param $pInputVars - all the inputs into the transfer
 * @param $pMC - dictionary
 *
 * @return status array with errors or data and info
 *
 * If there are no errors then the return info can be in:
 *    return["data"]    - scheduled dates info (multiple elements)
 *    return["info"]["repeat"]    - scheduled transfer result - might be a success message or an error message
 */
function PerformTransferScheduled( $pHBEnv, $pInputVars, $pMC ) {
  $retStatusAry = Array(
    'status' => Array('code'=>'000', 'errors' => Array()),
    'data' => '',
    'info' => ''
  );

  try {
    // set up some environment info for easier access
    $dbh = $pHBEnv["dbh"];

    // these are needed in a variety of places so get them now
    $sourceParts = isset( $pInputVars['txFromSuffix'] ) ? explode( "|", $pInputVars['txFromSuffix'] ) : array(); // eg "D|1103|10|0
    $destParts = isset( $pInputVars["txToSuffix"] ) ? explode( "|", $pInputVars["txToSuffix"] ) : array();

    // check if feature is regular, external, M2M or ACH transfer
    if ( (isset( $sourceParts[0] ) && $sourceParts[0] === "X") ||
         (isset( $destParts[0] ) && $destParts[0] === "X") ) {
      $transferFeatureCode = FEATURE_EXTERNAL_TRANSFERS;
    } else if ( isset( $destParts[0] ) && $destParts[0] === "M" ) {
      $transferFeatureCode = FEATURE_M2M_TRANSFERS;
    } else if ( (isset( $sourceParts[0] ) && $sourceParts[0] === "AC") ) {
      $transferFeatureCode = FEATURE_ACH_COLLECTIONS;
    } else if ( (isset( $destParts[0] ) && $destParts[0] === "AP") ) {
      $transferFeatureCode = FEATURE_ACH_PAYMENTS;
    } else {
      $transferFeatureCode = FEATURE_TRANSFERS;
    }

    // ** Verify the feature is enabled for the Credit Union.
    $hasTransferNotify = _HasTransferNotify( $dbh, $pHBEnv["Cu"] );

    if ( !$hasTransferNotify ) {
      throw new Exception ( $pMC->msg('Option not set', HCU_DISPLAY_AS_RAW) );
    }

    // ** are scheduled transfers allowed?
    $txScheduledAllowed = (($pHBEnv['flagset2'] & GetFlagsetValue("CU2_PROCRECUR")) === GetFlagsetValue("CU2_PROCRECUR"));

    if (!$txScheduledAllowed) {
      // ** Verify the option is enabled for the credit union
      throw new Exception ( $pMC->msg('Option not set', HCU_DISPLAY_AS_RAW) );
    }

    /*
     * ** CHECK USER FEATURE PERMISSIONS **
     * NOTE: DO NOT AUTO-REDIR.  Handle perm error here
     */
    $permissionInputs = array( "feature" => FEATURE_SCHEDULED_TRANSFERS );

    if (!PermCheckFeatureScreen($dbh, $pHBEnv, $pMC, $permissionInputs["feature"], '', false)) {
      throw new Exception ( $pMC->msg('Rights not set', HCU_DISPLAY_AS_RAW) );
    }

    // get some allowed amounts for client-side validation
    $permissionInputs = array ( "feature" => $transferFeatureCode );
    $limits = Perm_GetValidationLimits( $dbh, $pHBEnv, $permissionInputs );

    if ( $limits === false ) {
      // error occurred - assume count of zero
      $allowedAmount = 0;
    } else {
      $allowedAmount = intval( $limits["amount_per_transaction"]);
    }

    if ($pInputVars['action'] == "readSchedule") {
      $txScheduleData = TxnSchedRead($pHBEnv, $dbh, $pMC);

      // check if valid read
      if ($txScheduleData['status']['code'] !== "000") {
        $retStatusAry["status"]["errors"] = $txScheduleData['status']['errors'];
      } else {
        // create start and end dates for calendar
        $txDateStart = mktime(0,0,0, date("m"), date("d") + 1);
        $txDateEnd = mktime(0,0,0, date("m") + 12, date("d") + 2);
        $txScheduleDates = GetCalendarData($pHBEnv, $pMC,
          $txScheduleData['data'],
          date("m/d/Y", $txDateStart),
          date("m/d/Y", $txDateEnd));

        $retStatusAry["data"]['scheduleItems'] = $txScheduleDates['valid'];
        $retStatusAry["data"]['scheduleDates'] = $txScheduleDates['dates'];
        $retStatusAry["data"]['scheduleOccur'] = $txScheduleDates['occur'];
      }
    } else if ($pInputVars['action'] == "deleteSchedule") {
      $txDeleteTransfer = TxnSchedDelete($pHBEnv, $dbh, $pMC, $pInputVars);
      // ** CHECK - errors
      if ($txDeleteTransfer['status']['code'] !== "000") {
        // ** FOR the transfer script, the error for the repeating, after a successful
        // * transfer is returned in the repeat element, instead of errors
        $retStatusAry["status"]["errors"] = $txDeleteTransfer['status']['errors'];
      } else {
        $retStatusAry['info']['repeat'] = $pMC->msg('Transfer Delete', HCU_DISPLAY_AS_RAW) . ".";
      }
    } else {
      $pInputVars['txOption'] = "Future";
      // ** VALIDATE - incoming parameters
      // since read doesn't require parameter validation
      // i've moved everything into one place to make the code much simpler.
      // NOTE: ValidateTransfer also moves modified and new variables into the returned array.
      $txValidateTransfer = ValidateTransfer($pHBEnv, $dbh, $pMC, $pInputVars, true);

      if ($txValidateTransfer['status']['code'] !== "000") {
        $retStatusAry["status"]["code"] = "999";
        $retStatusAry["status"]["errors"] = $txValidateTransfer['status']['errors'];

        return $retStatusAry;
      }

      // Check Amount Per Transaction limit
      $htmlTransferAmount = $txValidateTransfer['data']['txAmount'];

      if ( $htmlTransferAmount > $allowedAmount ) {
        // error occurred - cannot allow operation - just say there was a limit error
        throw new Exception ( $pMC->msg('Perm Limit - Request over authorized limit', HCU_DISPLAY_AS_HTML) );
      }

      $txScheduleTransfer = null; // returned array from requested action
      $txScheduleTransferInfo = ""; // information for successfull action

      // set up scheduled transaction for internal transactions
      $txScheduleValues = array(
        "txDateStart" => $txValidateTransfer['data']['txDateStart'],
        "txDateEnd" => $txValidateTransfer['data']['txDateEnd'],
        "txFrequency" => $txValidateTransfer['data']['txFrequency'],
        "txFrequencyCount" => $txValidateTransfer['data']['txFrequencyCount'],
        "txParameters" => TxnSchedParameters($txValidateTransfer['data'])
      );

      // ** ACTION - perform requested action, create/update/delete
      if ($pInputVars['action'] == 'skipSchedule') {
        $txId = intval($pInputVars['txId']);
        $changeList = array($txId);
        $changeList = HCU_JsonEncode($changeList);
        $txSkipSchedule = SkipTrans($dbh, $pHBEnv["Cu"], $pHBEnv['Uid'], $changeList, $pMC);

        if ($txSkipSchedule['status'] !== "000") {
          throw new Exception($MC->msg("Skip Transaction Error", HCU_DISPLAY_AS_RAW), $txSkipSchedule['status']);
        }
        $txScheduleTransferInfo = $txSkipSchedule['info'];
      } else if ($pInputVars['action'] == "createSchedule") {
        // set up the transaction data
        $txScheduleValues['txData'] = TxnSchedData( $txValidateTransfer['data'] );
        $txScheduleValues['txFeature'] = $transferFeatureCode;

        // create te schedule entry
        $txScheduleTransfer = TxnSchedCreate($pHBEnv, $dbh, $pMC, $txScheduleValues);
        // ** CHECK - errors
        if ($txScheduleTransfer['status']['code'] !== "000") {
          throw new Exception( $pMC->msg("Transfer Save Error", HCU_DISPLAY_AS_RAW) );
        }

        $txScheduleTransferInfo = $pMC->msg('Scheduled transfer was saved', HCU_DISPLAY_AS_RAW) . ".";
      } else if ($pInputVars['action'] == "updateSchedule") {
        $txScheduleValues['txId'] = $txValidateTransfer['data']['txId'];
        $txScheduleValues['txStatus'] = $txValidateTransfer['data']['txStatus'];

        // get current tx_data values
        // get current transaction feature
        $txDataCurrent = FindTransactionData($dbh, $txValidateTransfer['data']['txId']);

        // decode data values to update
        // update necessary fields
        // ** this could need an if statement based on the FEATURE_CODE
        // ** because each feature type has different fields int the txn_data
        // ** string.
        $txDataUpdated = HCU_JsonDecode($txDataCurrent['txn_data']);
        $txDataUpdated['txn']['amount'] = $txValidateTransfer['data']['txAmount'];

        // decode parameters to get current interval count
        // this will be used to determine next interval date
        // if the frequency has changed, set interval count to 0.
        // if the frequency has not changed use current parameters
        $txDataParameters = HCU_JsonDecode($txDataCurrent['repeating_parameters']);

        if ($txDataParameters['interval'] !== $txScheduleValues['txFrequency']) {
          $txScheduleValues['txFrequencyCount'] = 0;
        } else {
          $txScheduleValues['txParameters'] = $txDataCurrent['repeating_parameters'];
        }

        // if the start date has changed, set interval count to 0.
        // if the start date has not changed, set start date to current start date
        if (strtotime($txDataCurrent['start_date']) !== strtotime($txScheduleValues['txDateStart'])) {
          $txScheduleValues['txFrequencyCount'] = 0;
        } else {
          $txScheduleValues['txDateStart'] = $txDataCurrent['start_date'];
        }

        // set new data to update
        $txScheduleValues['txData'] = HCU_JsonEncode($txDataUpdated);
        $txScheduleValues['txFeature'] = $txDataCurrent['feature_code'];
        $txScheduleTransfer = TxnSchedUpdate($pHBEnv, $dbh, $pMC, $txScheduleValues);
        // ** CHECK - errors
        if ($txScheduleTransfer['status']['code'] !== "000") {
          throw new Exception( $pMC->msg("Transfer Save Error", HCU_DISPLAY_AS_RAW) );
        }

        $txScheduleTransferInfo = $pMC->msg('Repeating transfer scheduled', HCU_DISPLAY_AS_RAW) . ".";
      }

      $retStatusAry['info']['repeat'] = $txScheduleTransferInfo;
    }
  } catch(Exception $ex) {
    // no need to roll back transaction because each one is discrete
    // pass back any messages
    $retStatusAry["status"]["code"] = "999";
    $retStatusAry["status"]["errors"] = $ex->getMessage();
  }

  // safety check for errors being returned since not all paths set the status code
  if ( count( $retStatusAry["status"]["errors"] > 0 ) ) {
    $retStatusAry["status"]["code"] = "999";
  }

  return $retStatusAry;
} // end PerformTransferScheduled


/**
 * ValidateTransfer:
 * @uses Validate incoming transfer requests, this will check for
 * valid transfer types and correct dates and values. It will gather all
 * the errors and return them all.
 *
 * @param $pEnv     - HB_ENV values
 *          ["SYSENV"]["logger"]
 *          ['Cu']
 *          (lower calls may need more values)
 * @param $pDbh     - database object
 * @param $pMC      - dictionary object
 * @param $pValues  - transfer request values
 * @param #pShowZeroBalance  -   if this validation is for the scheduled transfer
 * screen, the TX_list function must show accounts with zero balance.
 *
 * [ txId ]         - transfer id: 0 if new
 * [ txFromMember ] - source account member number
 * [ txFromSuffix ] - source account member sub-account
 * [ txToMember ]   - target account member number
 * [ txToSuffix ]   - target account member sub-account
 * [ txCode ]       - transaction code: null if new txn
 * [ txAmount ]     - amount to transfer
 * [ txMemo ]    - transfer comment
 * [ txPaymentComment ] - Transfer Payment Comment -- use for secure form payments
 * [ txFrequency ]  - tranfer frequency
 * [ txContinue ]   - continuous/continue until
 * [ txDateStart ]  - date to start repeating transfer
 * [ txDatEnd ]     - date to end repeating transfer
 * [ txStatus ]     - active/inactive transfer status
 *
 * Removed txToMisc1 from list (4/16/2018.)  This is a field passed from the core to the core when the transfer is sent.  It is not meant to go to the client side code.
 *
 * @return $retStatusAry  - validated values above
 */
function ValidateTransfer($pEnv, $pDbh, $pMC, $pValues, $pShowZeroBalance = false) {
  /*
   * When possible errors will return an array of objects
   *    Array ( 'id' => 'ID of the field that errored',
   *            'message' => 'Error string' )
   */
  $retStatusAry = Array(
    'status' => Array('code'=>'000', 'errors' => Array()),
    'data' => ''
  );

  // ** Setup the array for the returned data row --
  // ** This row will contain the valid options for inserting into the database
  // ** their naming is slightly different then the values coming in.
  $retDataRow = array();


  $txFromMember = isset($pValues['txFromMember']) ? $pValues['txFromMember'] : null;
  $txFromSuffix = isset($pValues['txFromSuffix']) ? $pValues['txFromSuffix'] : null;
  $txFromType = "";
  $txToMember = isset($pValues['txToMember']) ? $pValues['txToMember'] : null;
  $txToSuffix = isset($pValues['txToSuffix']) ? $pValues['txToSuffix'] : null;
  $txToType = "";
  $txMemAccount = isset($pValues['txMemAccount']) ? $pValues['txMemAccount'] : null;
  $txMemName = isset($pValues['txMemName']) ? $pValues['txMemName'] : null;
  $txMemType = isset($pValues['txMemType']) ? $pValues['txMemType'] : null;
  $txCode = isset($pValues['txCode']) ? $pValues['txCode'] : null;
  $txAmount = isset($pValues['txAmount']) ? $pValues['txAmount'] : null;
  $txMemo = isset($pValues['txMemo']) ? $pValues['txMemo'] : null;
  $txFrequency = isset($pValues['txFrequency']) ? $pValues['txFrequency'] : null;
  $txFrequencyCount = isset($pValues['txFrequencyCount']) ? $pValues['txFrequencyCount'] : 0;
  $txContinue = isset($pValues['txContinue']) ? $pValues['txContinue'] : null;
  $txDateStart =  isset($pValues['txDateStart']) ? $pValues['txDateStart'] : null;
  $txDateEnd = isset($pValues['txDateEnd']) ? $pValues['txDateEnd'] : null;
  $txStatus = isset($pValues['txStatus']) ? $pValues['txStatus'] : null;
  $txPmtComment = isset($pValues['paymentComment']) ? $pValues['paymentComment'] : null;
  $txFeatureCode = isset($pValues['feature_code']) ? $pValues['feature_code'] : null;

  $txDeposit = isset($pValues['txDeposit']) ? $pValues['txDeposit'] : null;

  /* DEFAULT VALUES */
  $txFromAcctSuffix = "";
  $txToAcctSuffix = "";

  // make sure feature code is present
  if ( strlen( trim( $txFeatureCode ) ) == 0 ) {
    $retStatusAry['status']['code'] = "999";
    $retStatusAry['status']['errors'][] = array(
      "id" => "txFeatureCode",
      "message" => $pMC->msg("Unknown feature type", HCU_DISPLAY_AS_RAW)
    );

    return $retStatusAry;
  }

  /**
   * Is this an External Transfer ?
   *   This is identified by FROM starting with an X or TO starting with X
   * NOTE: M2M is "internal" to the credit union
   */
  $isExtFromTrans = substr($txFromSuffix, 0, 1) == 'X';
  $isExtToTrans = substr($txToSuffix, 0, 1) == 'X';

  // ** Retrieve all the accounts we may use for transfers
  $txAcctList = TX_list($pDbh, $pEnv, "", $pShowZeroBalance);
  setFmsgTxCookie($pEnv, $txAcctList);

  // ** For A SCHEDULED TXN UPDATE -- DO NOT VALIDATE the from/to accounts.
  // ** they may not be changed
  // ** Verify the same account is NOT selected
  $txId = (isset($pValues['txId']) ? $pValues['txId'] : 0);
  if ($txId <= 0) {
    // ** VARIABLES - used for determining valid to/from accounts
    $txFromInfo = "";
    $txToInfo = "";

    // ** VALIDATE - to/from cannot be the same
    if ($pValues['txFromSuffix'] === $pValues['txToSuffix']) {
      $retStatusAry['status']['errors'][] = array(
        "id" => "txFrom",
        "message" => $pMC->msg('From account cannot be same', HCU_DISPLAY_AS_RAW)
      );
    } else {
      // get destination account parts to determine member to member
      // or regular transfers.
      $txToAcctParts = explode("|", $txToSuffix);
      $txFromAcctParts = explode("|", $txFromSuffix);

      // ** VALIDATE - to/from accounts are valid accounts
      if (is_array($txAcctList['acctlist'])) {
        // ** VALIDATE - from account is valid
        if (HCU_array_key_exists($pValues['txFromSuffix'], $txAcctList['acctlist'])) {
          // ** VALIDATE - ability to transfer FROM
          if (($isExtToTrans && $txAcctList['acctlist'][$pValues['txFromSuffix']]['from_ext'] !== "Y")
               || (!$isExtFromTrans && $txAcctList['acctlist'][$pValues['txFromSuffix']]['from_int'] !== "Y")) {
            /**
             * PERMISSION TEST
             *
             * IF EXTERNAL -- THEN THEY MUST HAVE ACCESS TO 'from_ext'
             *
             * IF INTERNAL -- THEN THEY MUST HAVE ACCESS TO 'from_int'
             *
             */
            $retStatusAry['status']['errors'][] = array(
              "id" => "txFrom",
              "message" => $pMC->msg('Perm Limit - Not Authorized', HCU_DISPLAY_AS_RAW)
            );
          } else {
            // ** PASSED

            $txFromInfo = $txAcctList['acctlist'][$pValues['txFromSuffix']];
            $txFromAcctSuffix = $txFromInfo['suffix'];
            $txFromType = $txFromInfo['acctclass'];

            if ($txFromType == "X") {
              // ** EXTERNAL Account source -- Save empty accountnumber
              $txFromMember = "";
            } else {
              $txFromMember = $txFromInfo['member'];
            }

            // make sure valid From account
            if ( $txFromInfo["from"] != 'Y' ) {
              $retStatusAry['status']['errors'][] = array(
                "id" => "txFrom",
                "message" => $pMC->msg('From invalid', HCU_DISPLAY_AS_RAW)
              );
            }
          }
        } else {
          // ** ERROR - FROM account not found
          $retStatusAry['status']['errors'][] = array(
            "id" => "txFrom",
            "message" => $pMC->msg('Account Type Missing', HCU_DISPLAY_AS_RAW)
          );
        }

        // handle ad-hoc M2M differently
        // ** This statment handles NON-M2M transfers
        if ( !($txToAcctParts[0] === "M" && $txToAcctParts[2] === "0") ) {

          // ** VALIDATE - TO account is valid
          if (HCU_array_key_exists($pValues['txToSuffix'], $txAcctList['acctlist'])) {

            $txToInfo = $txAcctList["acctlist"][$pValues['txToSuffix']];

            // At this point, validate the transfer across accounts flag.
            if (($pEnv["flagset3"] & GetFlagsetValue("CU3_DISALLOW_MULT_ACCOUNTS_TRANSFER")) != 0) {
              $relevantTypes = array("D", "L");
              if ($txFromInfo['member'] != $txToInfo["member"] && in_array($txFromInfo["acctclass"], $relevantTypes) && in_array($txToInfo["acctclass"], $relevantTypes)) {

                // Failed!  Check if there is a cross account.  If there is, then run the same test but also change the $txToInfo to the cross account so that correct trans code is passed.
                if (HCU_array_key_exists($txFromInfo['member'], $txAcctList["xacctlist"])
                    && HCU_array_key_exists($pValues["txToSuffix"], $txAcctList["xacctlist"][$txFromInfo['member']])) {
                  $xaTxToInfo = $txAcctList["xacctlist"][$txFromInfo['member']][$pValues["txToSuffix"]];

                  if ($txFromInfo['member'] != $xaTxToInfo["member"] && in_array($txFromInfo["acctclass"], $relevantTypes)
                      && in_array($xaTxToInfo["acctclass"], $relevantTypes)) {
                    $retStatusAry['status']['errors'][] = array(
                      "id" => "txTo",
                      "message" => $pMC->msg('Transfers between accounts are prohibited', HCU_DISPLAY_AS_RAW)
                    );
                  } else {
                    // Here override the $txToInfo so other checks work against the cross account instead of the regular account.
                    $txToInfo = $xaTxToInfo;
                  }
                } else { // Also failed at this point, there is no cross account and check returns false.
                  $retStatusAry['status']['errors'][] = array(
                    "id" => "txTo",
                    "message" => $pMC->msg('Transfers between accounts are prohibited', HCU_DISPLAY_AS_RAW)
                  );
                }
              }
            }

            if (($isExtFromTrans && $txToInfo['to_ext'] !== "Y")
                 || (!$isExtToTrans && $txToInfo['to_int'] !== "Y")) {
              /**
               * PERMISSION TEST
               *
               * IF EXTERNAL -- THEN THEY MUST HAVE ACCESS TO 'from_ext'
               *
               * IF INTERNAL -- THEN THEY MUST HAVE ACCESS TO 'from_int'
               *
               */
              $retStatusAry['status']['errors'][] = array(
                "id" => "txTo",
                "message" => $pMC->msg('Perm Limit - Not Authorized', HCU_DISPLAY_AS_RAW)
              );
            } else {
              // ** PASSED
              $txToAcctSuffix = $txToInfo['suffix'];
              $txToType = $txToInfo['acctclass'];

              $txTrust = $txToInfo['trust'];

              $txToMember = $txToInfo['member'];

              if ( $txToInfo["to"] != 'Y' ) {
                $retStatusAry['status']['errors'][] = array(
                  "id" => "txTo",
                  "message" => $pMC->msg('To invalid', HCU_DISPLAY_AS_RAW)
                );
              }
            }
            // Cannot have BOTH from and to accounts be external, or external to M2M, or external to Other,
            //  or Loan to external
            if ( $txFromType == "X" && $txToType == "X" ||
                 $txFromType == "X" && $txToType == "M" ||
                 $txFromType == "X" && $txToType == "O" ) {
              // ** ERROR - cannot do this type of transfer
              $retStatusAry['status']['errors'][] = array(
                "id" => "txTo",
                "message" => $pMC->msg('Transfer Error external', HCU_DISPLAY_AS_RAW)
              );
            }

          } else {
            // ** ERROR - TO account not found
            $retStatusAry['status']['errors'][] = array(
              "id" => "txTo",
              "message" => $pMC->msg('Account Type Not Found To Account', HCU_DISPLAY_AS_RAW)
            );
          }
        }

        // Loan to External account check
        if ( $txFromAcctParts[0] == "L" && $txToType == "X" ){
          // ** ERROR - cannot do this type of transfer
          $retStatusAry['status']['errors'][] = array(
            "id" => "txTo",
            "message" => $pMC->msg('Transfer Error loan to external', HCU_DISPLAY_AS_RAW)
          );
        }

        // some M2M validation

        // Don't allow Loan to M2M account until we learn if it is allowed
        if ( $txFromAcctParts[0] == "L" && $txToType == "M" ) {
          // ** ERROR - cannot do this type of transfer
          $retStatusAry['status']['errors'][] = array(
            "id" => "txTo",
            "message" => $pMC->msg('Transfer Error external', HCU_DISPLAY_AS_RAW)
          );
        }

        try {
          // ** VALIDATE ad-hoc member to member destination account
          if ($txToAcctParts[0] === "M" && $txToAcctParts[2] === "0") {
            // verify last name on account
            $txMemAccount = str_replace('_', '', $txMemAccount);
            $txMemAccount = trim($txMemAccount);
            $member = array(
              "dfi_account" => $txMemAccount,
              "name_on_account" => $txMemName
            );

            // validate account number
            if (trim($member['dfi_account']) === "") {
              throw new Exception($pMC->msg("ACH Validation DFI Account"));
            }

            // validate name on account
            if (trim($member['name_on_account']) === "") {
              throw new Exception($pMC->msg($pMC->msg("ACH Validation Name", HCU_DISPLAY_AS_HTML)));
            }

            // validate account type
            if (!(intval($pValues['txMemType']) === ACCOUNT_TYPE_CHECKING || intval($pValues['txMemType']) === ACCOUNT_TYPE_SAVINGS)) {
              throw new Exception($pMC->msg("ACH Validation DFI Type"));
            }

            // validate account using name on account
            // NOTE: only do this if there are no other errors
            if (count($retStatusAry['status']['errors']) === 0) {
              if (!_ConfirmM2MAccount($pEnv, $member)) {
                throw new Exception($pMC->msg("M2M Account Not Found", HCU_DISPLAY_AS_HTML));
              }
            }

            // fake out the "to" info for later checks
            $txToInfo = array( "acctclass" => "M" );
          }
        } catch (Exception $e) {
          $retStatusAry['status']['errors'][] = array(
            "id" => "txTo",
            "message" => $e->getMessage()
          );
        }

      } else {
        // ** ERROR - no accounts returned for the user
        $retStatusAry['status']['errors'][] = array(
          "id" => "txFrom",
          "message" => $pMC->msg('Error Occurred During Transfer Processing', HCU_DISPLAY_AS_RAW)
        );
      }
    }

    // ** VALIDATE - validate transfer type if no errors to this point
    if (count($retStatusAry['status']['errors']) === 0) {
      // ** must get credit union transfer settings
      // ** must get transaction code
      $txAllowed = Get_HaveTrans($pDbh, $pEnv);
      $txCode = FindTransactionCode($txFromInfo, $txToInfo, $txAllowed);
      $txError = "";

      if ($txCode == "") {
        // ** ERROR - repeating transfer not available
        $retStatusAry['status']['errors'][] = array(
          "id" => "txFrom",
          "message" => $pMC->msg('Transfer Error', HCU_DISPLAY_AS_RAW)
        );

      // Don't allow Loan Add-on to any M2M account
      } else if ( $txFromAcctParts[0] === "L" && $txCode == "MM"
        && $txToAcctParts[0] === "M" ) {
        // ** ERROR - cannot do this type of transfer
        $txError = $pMC->msg('Transfer Error M2M', HCU_DISPLAY_AS_RAW);

      // Loan Add-on allows one time scheduled transfers in the future but doesn't allow recurring transfers.
      } else if ( ($txFrequency != "OneTime") && (($txCode == "LA")) ) {
        // at this point in time cannot do repeating transfers with "Other Transactions"
        $txError = $pMC->msg('Repeating transfer not available', HCU_DISPLAY_AS_RAW);

      // Adhoc M2M transfers, Mail Check (CW), and other transfers (OT) are not allowed to be scheduled at all.
      } else if ( ($txFrequency != "OneTime" ||
                   date("Ymd", strtotime($txDateStart)) != date("Ymd")) &&
                  (($txToAcctParts[0] === "M" && $txToAcctParts[2] === "0") || ($txCode == "OT") || ($txCode == "CW")) ) {
        $txError = $pMC->msg('Repeating transfer not available', HCU_DISPLAY_AS_RAW);
      } else {
        // ** VALIDATE - transaction code is allowed
        if (trim($txFromMember) == trim($txToMember) && $txCode == "AT" && !HCU_array_key_value('AT', $txAllowed)) {
          $txError = $pMC->msg('Transfer Deposit Not Allowed', HCU_DISPLAY_AS_RAW);
        }
        if (trim($txFromMember) == trim($txToMember) && $txCode == "LP" && !HCU_array_key_value('LP', $txAllowed)) {
          $txError = $pMC->msg('Transfer Loan Not Allowed', HCU_DISPLAY_AS_RAW);
        }

        // ** VALIDATE - cross account transaction code is allowed
        if (trim($txFromMember) != trim($txToMember) && $txCode == "XA" && !HCU_array_key_value('XA', $txAllowed)) {
          $txError = $pMC->msg('Transfer Cross Deposit Not Allowed', HCU_DISPLAY_AS_RAW);
        }
        if (trim($txFromMember) != trim($txToMember) && $txCode == "XP" && !HCU_array_key_value('XP', $txAllowed)) {
          $txError = $pMC->msg('Transfer Cross Loan Not Allowed', HCU_DISPLAY_AS_RAW);
        }
      }

      // ** ERROR - tranfer not allowed
      if ($txError !== "") {
        $retStatusAry['status']['errors'][] = array(
          "id" => "",
          "message" => $txError
        );
      }
    }
  } else {
    // Updated existing transaction - no need for further validation (already done)
    $txToInfo = "";
    $txToInfo['trust'] = '';
  }

  if (count($retStatusAry['status']['errors']) === 0) {
    // ** VALIDATE - amount
    if ( floatval( $txAmount ) <= 0 ) {
      $retStatusAry['status']['errors'][] = array(
        "id" => "txAmount",
        "message" => $pMC->msg('Amount Missing', HCU_DISPLAY_AS_RAW)
      );
    }
  }

  // validations for immediate transfers
  if (count($retStatusAry['status']['errors']) === 0) {
    if ( !empty( $pValues["txOption"] ) && ($pValues["txOption"] == "Immediate") ) {
      // immediate transfers need the funds available
      if ( $txFromInfo["available"] < floatval( $txAmount) ) {
        $retStatusAry['status']['errors'][] = array(
        "id" => "txFrequency",
        "message" => $pMC->msg('Transfer exceeds', HCU_DISPLAY_AS_RAW)
        );
      }
    }
  }

  if (count($retStatusAry['status']['errors']) === 0) {
    // ** VALIDATE - frequency
    $transferFrequencyList = TxIntervalList($pEnv["MC"]);

    if (!FindFrequencyValue($transferFrequencyList, $pValues['txFrequency'])) {
      $retStatusAry['status']['errors'][] = array(
        "id" => "txFrequency",
        "message" => $pMC->msg('Transfer Invalid Interval', HCU_DISPLAY_AS_RAW)
      );
    }
  }

  if (count($retStatusAry['status']['errors']) === 0) {
    // ** VALIDATE - start date is a valid date
    if (!validateDate($txDateStart)) {
      if ($txFrequency == "OneTime") {
        $retStatusAry['status']['errors'][] = array(
          "id" => "txDateStart",
          "message" => $pMC->msg('Transfer On', HCU_DISPLAY_AS_RAW) . " " . $pMC->msg('is not a valid date', HCU_DISPLAY_AS_RAW)
        );
      } else {
        $retStatusAry['status']['errors'][] = array(
          "id" => "txDateStart",
          "message" => $pMC->msg('Start Date', HCU_DISPLAY_AS_RAW) . " " . $pMC->msg('is not a valid date', HCU_DISPLAY_AS_RAW)
        );
      }
    }
  }

  if (count($retStatusAry['status']['errors']) === 0) {
    // ** VALIDATE - if one time on continuous, do not validate end date
    $startTime = strtotime($pValues['txDateStart']);
    $endTime = strtotime($pValues['txDateEnd']);
    $nextTime = TxNextInterval(
      $txDateStart,
      $txFrequency,
      $txFrequencyCount);
    $nextTime = strtotime($nextTime);

    if ($txFrequency == "OneTime") {
      $txDateEnd = "";
    } else if ($txContinue == "continuous") {
      $txDateEnd = "";
    } else {
      if (!validateDate($pValues['txDateEnd'])) {
        $retStatusAry['status']['errors'][] = array(
          "id" => "txDateStart",
          "message" => $pMC->msg('Stop Date', HCU_DISPLAY_AS_RAW) . " " . $pMC->msg('is not a valid date', HCU_DISPLAY_AS_RAW)
        );
      } else if ($endTime < $nextTime) {
        $retStatusAry['status']['errors'][] = array(
          "id" => "txDateEnd",
          "message" => $pMC->msg('Continue Until greater than next', HCU_DISPLAY_AS_RAW)
        );
      } else if ($endTime < $startTime) {
        $retStatusAry['status']['errors'][] = array(
          "id" => "txDateEnd",
          "message" => $pMC->msg('Continue until greater than start', HCU_DISPLAY_AS_RAW)
        );
      } else {
        $txDateEnd = $pValues['txDateEnd'];
      }
    }
  }

  // these should all be sanitized on the inputs
  $retDataRow["txFeatureCode"] = trim($txFeatureCode);
  $retDataRow['txId']         = intval($txId);
  $retDataRow['txFromMember'] = trim($txFromMember);
  $retDataRow['txFromSuffix'] = trim($txFromAcctSuffix);
  $retDataRow['txFromType']   = trim($txFromType);
  $retDataRow['txFromAcctId'] = trim($txFromSuffix);
  $retDataRow['txToMember']   = trim($txToMember);
  $retDataRow['txToSuffix']   = trim($txToAcctSuffix);
  $retDataRow['txToType']     = trim($txToType);
  $retDataRow['txToAcctId']   = trim($txToSuffix);
  $retDataRow['txMemAccount'] = trim($txMemAccount);
  $retDataRow['txMemName'] = trim($txMemName);
  $retDataRow['txMemType'] = intval($txMemType);
  $retDataRow['txCode']       = trim($txCode);
  $retDataRow['txAmount']     = floatval($txAmount);
  $retDataRow['txMemo']       = trim($txMemo);
  $retDataRow['txPmtComment'] = trim($txPmtComment);
  $retDataRow['txFrequency']  = trim($txFrequency);
  $retDataRow['txFrequencyCount']  = trim($txFrequencyCount);
  $retDataRow['txDateStart']  = trim($txDateStart);
  $retDataRow['txDateEnd']    = trim($txDateEnd);
  $retDataRow['txContinue']   = ($txContinue == "continuous" ? 1 : 0);
  $retDataRow['txStatus']     = trim($txStatus);
  $retDataRow["txTrust"] = $txToInfo["trust"]; // Needed to distinguish between cross account and primary account when submitting transfer.

  if (count($retStatusAry['status']['errors']) == 0) {
    $retStatusAry['data'] = $retDataRow;
    $retStatusAry['data']['txlist'] = $txAcctList;
  } else {
    $retStatusAry['status']['code'] = "999";
  }

  return $retStatusAry;
} // end ValidateTransfer

/**
 * FindTransactionCode:
 * @uses This function was moved from hcuTransfer.data; it is used to get
 * the transaction code given a from account and to account suffix. The transaction
 * code will be saved in the <client>transhdr table, so not returning one should cause
 * a validation error.
 *
 * @param $fromAcctinfo - information regarding the from account
 * @param $toAcctInfo - information regarding the to account
 * @param $cuTransSupport - ?
 *
 * @return $retTranCode - transfer code
 */
function FindTransactionCode($fromAcctInfo, $toAcctInfo, $cuTransSupport) {
  $retTranCode = "";

  /*
   * Verify the acctclass key exists in the array,
   * If NOT, then return empty string, to error out
   */
  $transferFromAcctToTypes = "";
  if (HCU_array_key_exists('acctclass', $fromAcctInfo) && HCU_array_key_exists('acctclass', $toAcctInfo)) {
    $transferFromAcctToTypes = $fromAcctInfo['acctclass'] . '|' . $toAcctInfo['acctclass'];
  }
  // ** get the suffix for the toAcct
  $transferToSuffix = HCU_array_key_value("suffix", $toAcctInfo);

  switch($transferFromAcctToTypes) {
    case "D|D":
      if (HCU_array_key_value('trust', $toAcctInfo) == "transfer") {
        // ** Cross Account Transfer -- Use XA
        $retTranCode = 'XA';
      } else {
        $retTranCode = 'AT';
      }
      break;
    case "D|L":
      if (HCU_array_key_value('trust', $toAcctInfo) == "transfer") {
        // ** Cross Account Transfer -- Use XP
        $retTranCode = 'XP';
      } else {
        $retTranCode = 'LP';
      }
      break;
    case "L|D":
      // ** Loan Add-on Cross Account potential code definition
      $retTranCode = 'LA';
      break;
    case "D|C":
      $retTranCode = ($cuTransSupport['CC'] ? 'CP' : 'LP');
      break;
    case "C|D":
      /*
       *
       * Credit Card Advance
       * Original code had this coded as a 'CA', however, this is currently not an approved transaction code
       * This type of transaction should use 'LA', possibly in the future we can add CA, but we will still need
       *  to offer an option similar to CP in Home Banking.  For now all CC advance use LA posting to core
       *  mws 12/30/14
       */
      $retTranCode = 'LA';
      break;
    case "L|O":
    case "C|O":
      /*
       * Other Special Types will NOT be allowed to have a repeating/scheduled
       * transfer.  Caller should test for this.
       */
      $retTranCode = "OT";        // "Other" transactions may or may not cause Secure Form
      break;
    case "D|O":
      if ($transferToSuffix == "CW") {
        /*
         * CHECK WITHDRAWAL -- This overrides the OTHER type.  It will be posted
         *                     to the appliance and needs to retain the Transaction Code of CW
         *                     ONLY available for Source Accounts that are Deposits
         */
        $retTranCode = "CW";
      } else {
        /*
         * Other Special Types will NOT be allowed to have a repeating/scheduled
         * transfer.  Caller should test for this.
         */
        $retTranCode = "OT";        // "Other" transactions may or may not cause Secure Form
      }
      break;
    case "D|X":
    case "L|X":
      // to an external account
      $retTranCode = "1W";        // credit to receiving dfi, web transaction
      break;
    case "X|D":
    case "X|L":
      // from an external account
      $retTranCode = "2W";        // credit to receiving dfi, web transaction
      break;
    case "D|M":
    case "L|M":
      $retTranCode = "MM";
      break;
  }

  return $retTranCode;
}

/**
 * FindFrequencyValue:
 * @uses use this function to find the frequency value exists
 * in the global array
 *
 * this function was moved from hcuTransfer.data
 *
 * @param $freqArray - global frequencies
 * @param $valueToFind - frequency to find
 *
 * @return $valueFound - boolean
 */
function FindFrequencyValue($freqArray, $valueToFind) {
  $valueFound = False;

  if (count($freqArray) > 0) {
    foreach ($freqArray as $freqIdx => $freqVal) {
      if ($freqVal['value'] === $valueToFind) {
        $valueFound = True;
        break;
      }
    }
  }
  return $valueFound;
}

/**
 * Submit this transfer after gathering all the necessary data. Only set
 *  the posted information; other functions will handle the approve and processed
 *  fields.
 *
 * @param integer $pDbh           -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 *            ["Uid"]
 *            ["tz"]
 *            ["SYSENV"]["logger"]
 * @param object $pMC             -- Dictionary object
 * @param array $pPostVariables   -- An array with information passed from client
 *            "txFromAcctId"
 *            "txToAcctId"
 *            "txPmtComment"
 *            "txMemo"
 *            "txMemAccount"
 *            "txMemType"
 *            "txMemName"
 *            "txToMisc1"
 *            "txFromMember"
 *            "txAmount"
 *            "txFeatureCode"
 * @param object &$pResults       -- results of the operation
 *                                -- trans_id of just-added transaction id
 *
 * @return  True if operation successful, false or error structure otherwise
 */
function SubmitTransfer( $pDbh, &$pHBEnv, $pMC, $pPostVariables, &$pResults ) {
  try {
    $sourceParts = explode( "|", $pPostVariables["txFromAcctId"] ); // eg "D|1103|10|0
    $destParts = explode( "|", $pPostVariables["txToAcctId"] ); // eg "D|1103|10|0" or "O|1103|CP"

    // if external transfer, local account is the one to save in the header
    // if m2m transfer, then local account is the "from" account and save it in the header
    if ( $sourceParts[0] == "X" ) {
      $recordType = $destParts[0];
      $account = $destParts[1];
      $accountType = $destParts[2];
    } else if ( $destParts[0] == "X" || $destParts[0] == "M" ) {
      $recordType = $sourceParts[0];
      $account = $sourceParts[1];
      $accountType = $sourceParts[2];
    } else {
      $recordType = $sourceParts[0];
      $account = $sourceParts[1];
      $accountType = $sourceParts[2];
    }

    $htmlTransferComment = "";
    if ( $destParts[0] == 'O' && substr($destParts[2], 0, 1 ) == "P" ) {
      // this is the 3rd party credit card set up in Monitor / HomeBanking with a pre-defined comment
      $htmlTransferComment = $pPostVariables['txPmtComment'];
    } else {
      $htmlTransferComment = $pPostVariables['txMemo'];
    }

    // just set up what is needed to determine the transaction code
    $txFromInfo = array( "acctclass" => $sourceParts[0] );
    $txToInfo = array( "acctclass" => $destParts[0] );
    $txAllowed = Get_HaveTrans( $pDbh, $pHBEnv );

    /**
     * Transaction code is generated in either ValidateTransfer or the Scheduled process
     * --TRUST-- the transaction code that is passed into the function
     */
    // $txCode = FindTransactionCode( $txFromInfo, $txToInfo, $txAllowed );
    $txCode = HCU_array_key_value("txCode", $pPostVariables);

    // this should have been validated earlier but just to make sure
    if ( $txCode == "" ) {
      throw new Exception( $pMC->msg('Transfer Error external', HCU_DISPLAY_AS_RAW) );
    }

    if ( $sourceParts[0] == "X" || $destParts[0] == "X" ) {
      // for external transfer set up rdfi info for the trans data
      $externalAccountId = ( $sourceParts[0] == "X" ) ? $sourceParts[2] : $destParts[2];
      $referenceId = $externalAccountId;

      $rdfiData = GetRemoteAccountInfo( $pDbh, $pHBEnv, $externalAccountId );

      // make sure we found RDFI account info
      if ( $rdfiData  === "" ) {
        throw new Exception( $pMC->msg('EXT Acct Status Error', HCU_DISPLAY_AS_RAW) );
      }

      // unresolved - add addenda to the txn if there is any
      $rdfiData["rdfi"]["addenda"] = "";
      $sourceKey = null;
      $destKey = null;

      if ( $sourceParts[0] == "X" ) {
        // the external account is the source, local account is the destination
        $rdfiData["rdfi"]["rdfi_txn_type"] = "DB";
        $sourceAccountInfo = $rdfiData;
        $destAccountInfo = $pPostVariables["txToAcctId"];
        $destKey = array();
        if ($pPostVariables['txToType'] == "D") {
          $destKey['accountnumber'] = $pPostVariables['txToMember'];
          $destKey['recordtype'] = $pPostVariables['txToType'];
          $destKey['accounttype'] = $pPostVariables['txToSuffix'];
          $destKey['certnumber'] = $destParts[3];
        } else if ($pPostVariables['txToType'] == "L" || $pPostVariables['txToType'] == "C") {
          $destKey['accountnumber'] = $pPostVariables['txToMember'];
          $destKey['recordtype'] = $pPostVariables['txToType'];
          $destKey['loannumber'] = $pPostVariables['txToSuffix'];
        }
      } else {
        // the local account is the source, external account is the destination
        $rdfiData["rdfi"]["rdfi_txn_type"] = "CR";
        $destAccountInfo = $rdfiData;
        $sourceAccountInfo = $pPostVariables["txFromAcctId"];
        $sourceKey = array();
        if ($pPostVariables['txFromType'] == "D") {
          $sourceKey['accountnumber'] = $pPostVariables['txFromMember'];
          $sourceKey['recordtype'] = $pPostVariables['txFromType'];
          $sourceKey['accounttype'] = $pPostVariables['txFromSuffix'];
          $sourceKey['certnumber'] = $sourceParts[3];
        } else if ($pPostVariables['txFromType'] == "L" || $pPostVariables['txFromType'] == "C") {
          $sourceKey['accountnumber'] = $pPostVariables['txFromMember'];
          $sourceKey['recordtype'] = $pPostVariables['txFromType'];
          $sourceKey['loannumber'] = $pPostVariables['txFromSuffix'];
        }
      }
    } else if ( $destParts[0] == "M" ) {
      // for m2m transfer set up other member's account
      $externalAccountId = $destParts[2];
      $referenceId = $externalAccountId;

      $sourceKey = null;
      $destKey = null;

      // because some accounts may not be setup yet
      // we must fudge them here and not try to grab the info
      // from the database.
      if ($externalAccountId === "0") {
        $rdfiData = array(
          "account" => $pPostVariables['txMemAccount'],
          "type" => $pPostVariables['txMemType'],
          "name" => $pPostVariables['txMemName'],
          "display_name" => $pMC->msg( "M2M Account", HCU_DISPLAY_AS_RAW )
        );
      } else {
        $rdfiData = GetRemoteAccountInfo( $pDbh, $pHBEnv, $externalAccountId );
      }

      // make sure we found RDFI account info
      if ( $rdfiData  === "" ) {
        throw new Exception( $pMC->msg('EXT Acct Status Error', HCU_DISPLAY_AS_RAW) );
      }

      // the local account is the source, m2m account is the destination
      $sourceAccountInfo = $pPostVariables["txFromAcctId"];
      $sourceKey = array();
      if ($pPostVariables['txFromType'] == "D") {
        $sourceKey['accountnumber'] = $pPostVariables['txFromMember'];
        $sourceKey['recordtype'] = $pPostVariables['txFromType'];
        $sourceKey['accounttype'] = $pPostVariables['txFromSuffix'];
        $sourceKey['certnumber'] = $sourceParts[3];
      } else if ($pPostVariables['txFromType'] == "L" || $pPostVariables['txFromType'] == "C") {
        $sourceKey['accountnumber'] = $pPostVariables['txFromMember'];
        $sourceKey['recordtype'] = $pPostVariables['txFromType'];
        $sourceKey['loannumber'] = $pPostVariables['txFromSuffix'];
      }

      // make into M|account|type (where type is "checking"  or "savings")
      $destAccountInfo = "M|" . $rdfiData["account"] . "|" . $rdfiData["type"];
      $destKey = array();
      // some info that could be helpful if the account is removed
      $destKey['accountnumber'] = $rdfiData["account"];
      $destKey['accounttype'] = $rdfiData["type"]; // checking or savings
      $destKey["display_name"] = $rdfiData["display_name"];
      $destKey["name"] = $rdfiData["name"];
      $destKey['ext_id'] = $externalAccountId;
    } else {

      // Regular transfers
      $sourceAccountInfo = $pPostVariables["txFromAcctId"];
      $destAccountInfo = $pPostVariables["txToAcctId"];
      $sourceKey = array();
      if ($pPostVariables['txFromType'] == "D") {
        $sourceKey['accountnumber'] = $pPostVariables['txFromMember'];
        $sourceKey['recordtype'] = $pPostVariables['txFromType'];
        $sourceKey['accounttype'] = $pPostVariables['txFromSuffix'];
        $sourceKey['certnumber'] = $sourceParts[3];
      } else if ($pPostVariables['txFromType'] == "L" || $pPostVariables['txFromType'] == "C") {
        $sourceKey['accountnumber'] = $pPostVariables['txFromMember'];
        $sourceKey['recordtype'] = $pPostVariables['txFromType'];
        $sourceKey['loannumber'] = $pPostVariables['txFromSuffix'];
      }

      $destKey = array();
      if ($pPostVariables['txToType'] == "D") {
        // Cross accounts are slightly different.  (Who do you trust?)
        $destKey['accountnumber'] = $pPostVariables["txTrust"] == "transfer" ? $destParts[1] : $pPostVariables['txToMember'];
        $destKey['recordtype'] = $pPostVariables['txToType'];
        $destKey['accounttype'] = $pPostVariables['txToSuffix'];
        $destKey['certnumber'] = $destParts[3];
      } else if ($pPostVariables['txToType'] == "L" || $pPostVariables['txToType'] == "C") {
        // Cross accounts are slightly different.  (Who do you trust?)
        $destKey['accountnumber'] = $pPostVariables["txTrust"] == "transfer" ? $destParts[1] : $pPostVariables['txToMember'];
        $destKey['recordtype'] = $pPostVariables['txToType'];
        $destKey['loannumber'] = $pPostVariables['txToSuffix'];
      }

      $referenceId = $pHBEnv["Uid"];               // use the user id for regular transfers
    }

    // set up the transfer data
    $transData = array( "acct_source" => $sourceAccountInfo, "acct_dest" => $destAccountInfo, "source_key"=> $sourceKey, "dest_key" => $destKey );
    if (HCU_array_key_value('txToMisc1', $pPostVariables) !== '') {
      // using "misc" because M2M can also pass "misc" (name) info in the same field
      $transData['misc'] = HCU_array_key_value('txToMisc1', $pPostVariables);
    }
    // need to add the name for M2M transfer
    if ( $destParts[0] == "M" ) {
      // rdfiData should be present for M2M (it was checked above)
      $transData['misc'] = $rdfiData["name"];
    }

    $jsonTransData = HCU_JsonEncode( $transData );

    // Setup transaction metadata.
    // Single or Recurring transaction, and the current interval. In this case
    // the record is coming from an immediate source on Banking so it is not
    // recurring and has no interval.
    $transMeta = array();
    $transMeta["source"] = "immed";
    $transMeta["recurr"] = "no";
    $transMeta["interval"] = 0;
    $jsonTransMeta = HCU_JsonEncode($transMeta);
    $recordVariables["txMeta"] = $jsonTransMeta;

    $amount = $pPostVariables['txAmount'];

    // the feature code depends on where the transfer is going
    $recordVariables = array();
    $recordVariables["txFeatureCode"] = $pPostVariables['txFeatureCode'];
    $recordVariables["txPostedBy"] = $pHBEnv["Uid"];
    // ** Set the Authority Account for the transaction
    // Authority will always be the txFromMember that was determine in ValidateTransfer
    $recordVariables["txAuthAccount"] = $pPostVariables['txFromMember'];
    $recordVariables["txTransCode"] = $txCode;
    $recordVariables["txComment"] = $htmlTransferComment;
    $recordVariables["txReferenceId"] = $referenceId;
    $recordVariables["txAmount"] = $pPostVariables['txAmount'];
    $recordVariables["txData"] = $jsonTransData;
    $recordVariables["txMeta"] = $jsonTransMeta;

    // the pHBEnv is needed for CU and logging
    $transferResult = RecordTransfer( $pDbh, $pHBEnv, $recordVariables );
    if ( $transferResult["status"]["code"] != "000" ) {
      throw new Exception( $pMC->msg("Transfer Error", HCU_DISPLAY_AS_HTML) );
    }

    $postedDate = $transferResult["data"]["posted_date"];

    // build a confirmation code (so don't need to read the database)
    $confCodeBuilder["id"] = $transferResult["data"]["id"];
    $confCodeBuilder["posted_by"] = $pHBEnv["Uid"];
    $confCodeBuilder["posted_date"] = $postedDate;
    $confirmationCode = GetTransferConfirmCode( $pHBEnv, "post", $confCodeBuilder );
    $pHBEnv["confirmationCode"]= $confirmationCode; // #885 Ensure that confirmation codes are the same for a credit card payment for the confirmation and also the code in Admin.

    $myDateTime = new DateTime( $postedDate );

    // convert to local time for the display
    $myDateTime->setTimezone(new DateTimeZone($pHBEnv["tz"]));
    $readableDate = $myDateTime->format("m/d/Y g:ia");

    // need to use same names as database field names
    $transactionInfo = array( "transdata" => $jsonTransData,
                              "transactioncode" => $txCode );
/*
 * GetTransferDetails is expecting many more values in the array -
 * 'to' values for to_acct, to_desc, to_certnumber, to_accounttype, and to_displayname
 * 'from' values for from_acct, from_desc, from_certnumber, from_accounttype, and from_displayname
 *
 * Without them, data_from and data_to are coming back empty
 */

    $transDetail = GetTransferDetails( $pHBEnv, $transactionInfo );

    // return the id, amount, day, and confirmation code
    $pResults = array( "status" => array( "code" => "000" ),
                       "txn" => array( "trans_id" => $transferResult["data"]["id"],
                          "data_action" => $transDetail["action"],
                          "data_from" => $transDetail["from"],
                          "data_to" => $transDetail["to"],
                          "data_amount" => $amount,
                          "data_date" => $readableDate,
                          "data_confirm" => $confirmationCode ) );

    $success = true;
  } catch (Exception $ex) {
    $errors = array( $ex->getMessage() );
    $pHBEnv["SYSENV"]["logger"]->debug( "Record Transfer:" . $errors );

    $pResults["status"] = array( "code" => "999",
                                 "severity" => "ERROR",
                                 "errors" => $errors );

    $success = false;
  }

  return $success;

} // end SubmitTransfer

/**
 * Get the previously set up external account information.
 *
 *Return an empty string if any error, otherwise return structured account info.
 */
function GetRemoteAccountInfo( $pDbh, $pHBEnv, $externalAccountId ) {
  $returnInfo = "";

  // get the account, making sure it is active, AND this user owns the account
  $sql = "SELECT type, display_name, remote_info
              FROM {$pHBEnv["Cu"]}extaccount
              WHERE id = $externalAccountId
                AND user_id = {$pHBEnv["Uid"]}
                AND status = 'a' ";

  $rs = db_query( $sql, $pDbh );

  if ( $rs ) {
    // successful query
    list( $type, $displayName, $remoteInfo ) = db_fetch_array( $rs, 0 );

    $aryRemoteInfo = HCU_JsonDecode( $remoteInfo, true );

    if ( $type == "EXT" && strlen( $aryRemoteInfo["rdfi"]["routing"] ) > 0 ) {
      // {"rdfi":{"rdfi_routing":"878787878","rdfi_account":"888888","rdfi_account_type":"20","addenda":""},"remote_entity":{"name":"Mike Smith"}}
      $returnInfo = array( "rdfi" => array( "rdfi_routing" => $aryRemoteInfo["rdfi"]["routing"],
                                            "rdfi_account" => $aryRemoteInfo["rdfi"]["account"],
                                            "rdfi_account_type" => $aryRemoteInfo["rdfi"]["type"],
                                            "rdfi_txn_type" => "",
                                            "addenda" => "" ),
                           "remote_entity" => array( "name" => $aryRemoteInfo["rdfi"]["name"],
                                                     "entry_id" => $externalAccountId,
                                                     "display_name" => $displayName )
                          );
    } else if ( $type == "M2M"  && strlen( $aryRemoteInfo["rdfi"]["account"] ) > 0 ) {
      // just the account is important
      $returnInfo = array( "account" => $aryRemoteInfo["rdfi"]["account"],
                           "type" => $aryRemoteInfo["rdfi"]["type"],
                           "name" => $aryRemoteInfo["rdfi"]["name"],
                           "entry_id" => $externalAccountId,
                           "display_name" => $displayName
                           );
    }
  }

  return $returnInfo;
} // end GetRemoteAccountInfo


/**
 * Record this transfer into the <cu>transhdr and <cu>transdtl tables. Only set
 *  the posted information; other functions will handle the approve and processed
 *  fields. This can be called by the background process so it cannot be dependant
 *  on banking environment.
 *
 * @param integer $pDbh           -- Current database handle
 * @param array $pEnv              -- Needed environment values (for logging errors)
 * @param array $pRecordVariables   -- An array with information to be recorded
 *            "txFeatureCode"            -- HomeCU feature code
 *            "txPostedBy"                 -- User Id of user posting the transfer
 *            "txAuthAccount"            -- authorizing account number (usually the "from" account)
 *            "txTransCode"               -- Internal transaction code (so processing code knows what to do with it)
 *            "txComment"                  -- comment/memo for the transfer (size limits apply)
 *            "txReferenceId"              -- Reference Id (usually the Uid for this)
 *            "txAmount"                     -- Amount of transfer
 *            "txData"                          -- JSON representation of the transfer data
 *
 * @return  structure with success or error info
 */
function RecordTransfer( $pDbh, $pEnv, $pRecordVariables ) {
  $retStatusAry = array(
    "status" => array( "code"=>"000", "errors" => Array() ),
    "data" => ""
  );

  try {
    // get the necessary account meta data for use during processing the transfer
    $transDataWithMeta = AddAccountMetaData( $pEnv,
                                             $pRecordVariables["txFeatureCode"],
                                             $pRecordVariables["txTransCode"],
                                             $pRecordVariables["txData"] );

    // start a transaction if not already in one
    $transStatus = db_transaction_status( $pDbh );
    $startedTransaction = false;
    if ( !($transStatus === PGSQL_TRANSACTION_ACTIVE || $transStatus === PGSQL_TRANSACTION_INTRANS) ) {
        // start a transaction because adding both a header and a detail record
        $txnRs = db_work( $pDbh, HOMECU_WORK_BEGIN);

        $startedTransaction = true;
    }

    $txFeatureCode = prep_save($pRecordVariables["txFeatureCode"]);
    $txPostedBy = prep_save($pRecordVariables["txPostedBy"]);
    $txAuthAccount = prep_save($pRecordVariables["txAuthAccount"]);
    $txTransCode = prep_save($pRecordVariables["txTransCode"]);
    $txComment = prep_save($pRecordVariables["txComment"]);
    $txReferenceId = prep_save($pRecordVariables["txReferenceId"]);
    $txAmount = prep_save($pRecordVariables["txAmount"]);
    $txData = prep_save($transDataWithMeta);
    $txMeta = prep_save($pRecordVariables["txMeta"]);

    // this is only used on ach commercial transactions, no others will set this key.
    $txNotify = isset($pRecordVariables["txNotify"]) ? intval($pRecordVariables['txNotify']) : 0;

    // ACH effective date needs to account for cut-off time
    if ( $txFeatureCode == "TRNEXT") {
      // get the effective ACH date
      $effDate = ACH_GetEffectiveDate( $pEnv );

      // put it into correct format
      $effectiveDate = date( "Y-m-d", strtotime( $effDate ) );

      $effDateStr = "'$effectiveDate'";
    } else {
      $effDateStr = "(SELECT CURRENT_DATE)";
    }

    // set up the query for the header
    // ** Mws 7/2017 -- Saving 'NULL' for both accounttype and deposittype -- these values should be retrieved from transdtl
    $sql = "INSERT INTO {$pEnv["Cu"]}transhdr (feature_code, effective_date,
                 posted_by, posted_date, accountnumber, transactioncode, memo, transmeta)
               VALUES ('$txFeatureCode', {$effDateStr},
                 {$txPostedBy}, now(), '{$txAuthAccount}', '{$txTransCode}', '{$txComment}', '{$txMeta}' )
                RETURNING id, posted_date";

    $hdrRs = db_query( $sql, $pDbh );
    if ( !$hdrRs ) {
      throw new Exception( "Transfer header query error " . db_last_error() );
    }

    // use the insert id from the header in the detail
    list($headerId, $postedDate) = db_fetch_array($hdrRs, 0);

    if ( !$headerId ) {
      throw new Exception( "Error getting id of header after insert query" );
    }

    // set up the query for the detail
    $sql = "INSERT INTO {$pEnv["Cu"]}transdtl (transhdr_id, reference_id, amount, email_notify, transdata)
               VALUES ($headerId, $txReferenceId, $txAmount, $txNotify, '$txData')";

    $dtlRs = db_query( $sql, $pDbh );

    if ( !$dtlRs ) {
      throw new Exception( "Error inserting transfer detail" );
    }

    if ( $startedTransaction ) {
        // now commit
        $commitRs = db_work( $pDbh, HOMECU_WORK_COMMIT );
        if ( !$commitRs ) {
          // ** FAILED COMMIT
          throw new Exception ("Failed to Commit Work");
        }
    }

    // need to return posted date and header id
    $returnData = array( "id" => $headerId, "posted_date" => $postedDate );
    $retStatusAry["data"] = $returnData;
  } catch (Exception $ex) {
    $pEnv["SYSENV"]["logger"]->debug( "Record Transfer:" . $ex->getMessage() );

    if ( $startedTransaction ) {
        db_work( $pDbh, HOMECU_WORK_ROLLBACK );
    }

    $retStatusAry["status"]["code"] = "999";
  }

  return $retStatusAry;

} // end RecordTransfer

/**
 * Add the account meta data to the transdata information. Need to use the transdata info to
 * find the account meta data. The meta data depends on what type of account (e.g. local,
 * external, m2m).
 * If anything untoward happens just pass back the passed in data.
 *
 * @param array $pHBEnv         - Current HB_ENV values
 *            ["Uid"]
 *            ["SYSENV"]["logger"]
 * @param string $pFeatureCode  - Feature (e.g. TRN, TRNEXT)
 * @param string $pTxnCode      - Transaction code (e.g. LP, 1P, 2W)
 * @param string $pTransData    - Current transdata values in JSON string
 */
function AddAccountMetaData( $pHBEnv, $pFeatureCode, $pTxnCode, $pTransData ) {
  $returnTransData = $pTransData;

  try {
    $transData = HCU_JsonDecode( $pTransData );

    if ( empty( $transData ) ) {
      throw new Exception ("Bad transfer data");
    }

    // get the transfer account list
    // Note: using defaults and want with respect to the uid in $pHBEnv.
    $txAcctList = TX_list( $pHBEnv["dbh"], $pHBEnv );

    $sourceMeta = array( "deposit_ach_type" => "" );
    $destMeta = array( "deposit_ach_type" => "" );

    switch ( $pTxnCode ) {
      case "AT":
        // both source and dest are deposit accounts
        break;
      case "LP":
        // source is deposit account, dest is loan
        break;
      case "LA":
        // source is loan, dest is deposit account
        break;
      case "CP":
        // source is deposit account, dest is credit account
        break;
      case "CA":
        // source is credit account, dest is deposit account
        break;
      case "OT":
        // source can be deposit/loan/credit account, dest is "other"
        break;
      case "1W": // External, L2R
      case "1P": // ACH PPD, L2R (Payment)
      case "1C": // ACH CCD, L2R (Payment)
        // source is deposit or loan, dest is external account
        $sourceParts = explode( "|", $transData["acct_source"]);
        if ( $sourceParts[0] == "D" ) {
          $sourceDepositType = $txAcctList["acctlist"][$transData["acct_source"]]["deposittype"];
          $sourceDepositCode = $sourceDepositType == "Y" ? 10 : 20;
        } else {
          $sourceDepositCode = "";
        }

        // add the source meta data
        $sourceMeta["deposit_ach_type"] = $sourceDepositCode;
        $transData["source_meta"] = $sourceMeta;

        // re-encode the transdata, but test it worked right
        $transDataJson = HCU_JsonEncode($transData);
        if ( !empty( $transDataJson ) ) {
          $returnTransData = $transDataJson;
        }
        break;
      case "2W": // External, R2L
      case "2P": // ACH PPD, R2L (Collection)
      case "2C": // ACH CCD, R2L (Collection)
        // source is external account, dest is deposit or loan
        $destParts = explode( "|", $transData["acct_dest"]);
        if ( $destParts[0] == "D" ) {
          $destDepositType = $txAcctList["acctlist"][$transData["acct_dest"]]["deposittype"];
          $destDepositCode = $destDepositType == "Y" ? 10 : 20;
        } else {
          $destDepositCode = "";
        }

        // add the destination meta data
        $destMeta["deposit_ach_type"] = $destDepositCode;
        $transData["dest_meta"] = $destMeta;

        // re-encode the transdata, but test it worked right
        $transDataJson = HCU_JsonEncode($transData);
        if ( !empty( $transDataJson ) ) {
          $returnTransData = $transDataJson;
        }
        break;
      case "MM":
        // source is deposit or loan, dest is (external) M2M account
        break;
    }

  } catch( Exception $e ) {
    // not doing anything on error because it returns the input transdata
  }

  return $returnTransData;
} // end AddAccountMetaData

/**
 * See if this user can approve this transfer. If the feature needs confirmation the user cannot
 * confirm their own transfer.
 *
 *
 * @param integer $pDbh           -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 *            ["Uid"]
 *            ["SYSENV"]["logger"]
 * @param object $pMC             -- Dictionary object
 * @param integer $pWhich         -- Id of transfer to approve
 * @param object &$pResults       -- results of the operation
 *
 * @return  True if operation successful, false otherwise
 */
function ApproveTransfer( $pDbh, $pHBEnv, $pMC, $pWhich, &$pResults ) {

  $approvalInfo = array( "txId" => $pWhich,
                         "txApprover" => $pHBEnv["Uid"] );

  $returnInfo = MarkTransferApproved( $pDbh, $pHBEnv, $approvalInfo );

  // check the results
  if ( $returnInfo["status"]["code"] != "000" ) {
    $pResults["status"] = array( "code" => "999",
                                 "severity" => "ERROR",
                                 "errors" => $pMC->msg("Transfer Error", HCU_DISPLAY_AS_HTML) );
    $success = false;
  } else {
    $confCodeBuilder["id"] = $pWhich;
    $confCodeBuilder["approved_by"] = $pHBEnv["Uid"];
    $confCodeBuilder["approved_date"] = $returnInfo["data"]["approved_date"];
    $confirmationCode = GetTransferConfirmCode( $pHBEnv, "approve", $confCodeBuilder );

    // return confirmation code
    $pResults["status"] = array( "code" => "000", "confirm" => $confirmationCode );

    $success = true;
  }

  return $success;
} // end ApproveTransfer


/**
 * Mark this transfer as approved by updating the <cu>transhdr tables. Only set
 *  the posted information; other functions will handle the approve and processed
 *  fields. This can be called by the background process so it cannot be dependant
 *  on banking environment.
 *
 * @param integer $pDbh           -- Current database handle
 * @param array $pEnv              -- Needed environment values (for logging errors)
 * @param array $pApprovalVariables   -- An array with information used in approving
 *            "txId"                              -- Id of transaction
 *            "txApprover"                  -- User Id of user posting the transfer
 *
 * @return  structure with success or failure code
 */
function MarkTransferApproved( $pDbh, $pEnv, $pApprovalVariables ) {
  $retStatusAry = Array(
    "status" => Array( "code"=>"000", "errors" => Array() ),
    "data" => ""
  );

  // set up the query to mark the transaction approved
  $sql = "UPDATE {$pEnv["Cu"]}transhdr SET
            approved_by = '{$pApprovalVariables["txApprover"]}',
            approved_date = now(),
            approved_status = 10
          WHERE id = {$pApprovalVariables["txId"]}
          RETURNING id, approved_date";

  $hdrRs = db_query( $sql, $pDbh );

  // get the date
  list( $transId, $approvedDate) = db_fetch_array( $hdrRs, 0 );

  if ( !$hdrRs || !$transId ) {
    $retStatusAry["status"]["code"] = "999";
  } else {
    // return approved date
    $returnInfo["approved_date"] = $approvedDate;
    $retStatusAry["data"] = $returnInfo;
  }

  return $retStatusAry;
} // end MarkTransferApproved

/**
 * Post the transfer if it is an internal transfer this transaction as processed. If it is an ACH, this should not be called.
 *  NOTE: This might be a secure form for a credit card transfer, or a submission
 *               to the core. For external transfers (ACH) it will be picked up by the admin
 *               processing.
 *  NOTE: An internal transfer will onlyl have one detail record.
 *  NOTE: This function can be called by the background scheduler, so don't rely on the $MC dictionary.
 *  NOTE: The memo passed in via the $pTranRecord is assumed to meet the max length requirement for the core.
 *
 *
 * @param array $pHBEnv               -- Current Environment values (see what is used to know what is needed)
 *                  Ml                -- member's email (if is set)
 * @param array $pTranRecord          -- Data for entry being processed
 *                  acct_source       -- the source account data from the transdtl.transdata field ("D|1103|5|0")
 *                  acct_dest         -- the destination account data from the transdtl.transdata field ("D|1103|5|0")
 *                  misc1             -- if it exists, the misc1 data from the transdtl.transdata field
 *                  accountnumber     -- authorizing account (stored in the transhdr.accountnumber field)
 *                  transactioncode   -- transaction code that the appliance/core understands (from transhdr.transactioncode code field)
 *                  memo              -- memo for the transaction (from the transhdr.memo field)
 *                  amount            -- amount of the transaction (from the transdtl.amount field)
 *                  posted_by         -- original user_id (int) of user that created the transaction request
 *
 * @return  True if successful; error structure if not
 */
function PostInternalTransfer( $pHBEnv, $pTranRecord ) {
  try {
    $txfr = array(
      "status" => array( "code"=>'000', "errors" => Array() ),
      "txn" => array()
    );

    $dbh = HCU_array_key_value('dbh', $pHBEnv);
    $email = isset( $pHBEnv['Ml'] ) && strlen( $pHBEnv['Ml'] ) > 0 ? $pHBEnv['Ml'] : "";

    $txfr = array();

    $tranCode = $pTranRecord["transactioncode"];

    /**
     * Get the TX_list results
     * Use this list to determine the type of transfer and what values to send to core
     */
    $transferListAry = TX_list($dbh, $pHBEnv,'', false, intval(HCU_array_key_value('posted_by', $pTranRecord)));

    if (!HCU_array_key_exists('acctlist', $transferListAry)) {
      throw new Exception ("Unable to load transfer accounts. (99901)");
    }
    /* ** GET SOURCE ACCOUNT ** */
    $srcAcctList = HCU_array_key_value($pTranRecord['acct_source'], $transferListAry['acctlist']);
    /* ** GET DESTINATION ACCOUNT ** */
    $dstAcctList = ($tranCode != 'MM' ? HCU_array_key_value($pTranRecord['acct_dest'], $transferListAry['acctlist']) : Array());

    /* ** Throw an error if srcAcctList is empty
       ** OR if dstAcctList is empty and this is NOT Member2Member Transfer
       ** empty ___AcctList (NOT FOUND IN acctlist) ** */
    if (!$srcAcctList || (!$dstAcctList && $tranCode != 'MM')) {
      throw new Exception ("Unable to load transfer account. (99902)");
    }

    $tranAuthAccount = trim($pTranRecord['accountnumber']);

    $trMemo = $pTranRecord["memo"];

    # accept and validate transaction request
    $sourceInfo = explode( "|", $pTranRecord["acct_source"] );
    $destInfo = explode( "|", $pTranRecord["acct_dest"] );

    # try to post, but for now just return the stuff we will send
    $acct = $sourceInfo[1];
    $sourceSubAcct = $sourceInfo[2];
    # take care of one-sided (to-acctclass is O)
    $destSubAcct = ($destInfo[0] == 'O') ? "" : $destInfo[2];

    # don't think the no@email.com applies here, but make sure it works for legacy
    $memberEmail = ($email == "no\@email.com" ? " " : trim($email));
    $memberEmail = str_replace(" ","",trim($memberEmail));

    $miscField = "-";

    if ($tranCode == 'MM') {
      /**
        * Member 2 Member
        *   for member to member transfers the miscField will come out of the 'misc' field
        *   that should be in the pTranRecord.  This will be the LAST NAME for the
        *   associated account.
        *
        * **/
      if(HCU_array_key_exists("misc", $pTranRecord)) {
        $miscField = trim($pTranRecord['misc']);
      }
    } else {
      /**
       *  For all other types get the misc1 from the dstAcctList if it is found.
       *  This will normally only be present when the destination is a loan.
       */
      if(HCU_array_key_exists("misc1", $dstAcctList)) {
        $miscField = trim($dstAcctList['misc1']);
      }
    }

    $destAccount = $destInfo[1];
    $AMT = $pTranRecord["amount"];



    /* ** Evalute the member for the Source and Destination ** */
    /* IF they are the same then this is the traditional transfer code */
    /* If they are DIFFERENT then prepend an 'X' to the beginning of the transfer code */
      /* ** BUT ONLY FOR CERTAIN TRANSFER CODES ** */
    $tranCodeLookup = Array("AT", "LP", "CP", "LA");
    /* Cross Account Transaction Codes */
    $tranCodeXLookup = Array("XA", "XP");
    if (in_array($tranCode, $tranCodeLookup)) {
      if (HCU_array_key_value('member', $srcAcctList) != HCU_array_key_value('member', $dstAcctList)) {
        // ** ORIGINATING CORE member numbers are different -- BLIND TRANSFER -- no relationship on core
        /* ** BLIND TRANSFER ** */
        $tranCode = "X" . $tranCode;
      }
    } elseif (in_array($tranCode, $tranCodeXLookup)) {
      // ** Cross Account transfers have different transaction codes saved in banking {XA - Account Transfer, XP - Loan Payment}
      // ** However they still use the standard transfer types of AT, LP
      $tranCode = ($tranCode == "XP" ? "LP" : "AT");
    }


    /* How to post is now determined by a lower function. Batch or Live pass in parameters and let the function decide. */

      // This is a note for live
      # put this block of code where it will be executed for live only.
      // no batch clients have joint accounts, but looks like GetTrans
      // expects to simplify suffixes if overloads are found.  So post
      // simplified for live, but leave batch alone for now.
      //
      // Wondering if we ought to simplify in TX_list instead, but need
      // to trace the impact for batch, and for confirmation screens
      // before making that change
      //

    $errors = array();

    $txnValues = array( "member" => $acct,
                        "type"   => "T",
                        "tran_code" => $tranCode,
                        "ref1" => $sourceSubAcct,
                        "ref2" => $destSubAcct,
                        "ref3" => $memberEmail,
                        "ref4" => $miscField,
                        "ref5" => $destAccount,         // this could be 10/20 for checking/savings
                        "amount" => $AMT,
                        "tmemo" => $trMemo,
                        "tauth" => $tranAuthAccount
                      );

    $operation = "TRANSFER";

    $result = SendTransaction( $pHBEnv, $operation, $txnValues );

    if ( $result["status"]["code"] != "000" ) {
      // just assign all the errors
      $errors = $result["status"]["errors"];
    }

    if (count($errors) > 0) {
      $txfr['status']['code']='999';
      $txfr['status']['severity']='ERROR';
      $txfr['status']['errors']=$errors;
    } else {
      $txfr['status']['code']='000';
      $txfr['status']['severity']='INFO';

      // confimration code is now generated from the <client>transhdr table info, so we don't supply it here
      $txfr['txn']['acct']=$acct;
      $txfr['txn']['tcode']=$tranCode;
      $txfr['txn']['r1fsfx']=$sourceSubAcct;
      $txfr['txn']['r2tsfx']=$destSubAcct;
      $txfr['txn']['r3email']=urldecode($memberEmail);
      $txfr['txn']['r4misc1']=$miscField;
      $txfr['txn']['r5tmem']=$destAccount;
      $txfr['txn']['amount']=$AMT;
      $txfr['txn']['trmemo']=$trMemo;
    }
  } catch( Exception $ex ) {
    $pHBEnv["SYSENV"]["logger"]->debug( "PostInternalTransfer:" . $ex->getMessage() );
    $errors[] = $ex->getMessage();

    $txfr['status']['code'] = '999';
    $txfr['status']['severity'] = 'ERROR';
    $txfr['status']['errors'] = $errors;

  }
  return ($txfr);
} // end PostInternalTransfer

/**
 * Post the transfer as a secure form for a credit card transfer.
 * NOTE: Needs to return info similar to PostInternalTransfer since calling routine tests return info the same.
 * NOTE: This function is only expected to be called from the Banking transfer feature.
 *
 * @param array $pHBEnv                  -- Current Environment values (see what is used to know what is needed)
 * @param array $pTranRecord          -- Data for entry being processed
 *                  acct_source                     -- the source account data from the transdtl.transdata field ("D|1103|5|0")
 *                  acct_dest                         -- the destination account data from the transdtl.transdata field ("D|1103|5|0")
 *                  misc1                               -- if it exists, the misc1 data from the transdtl.transdata field
 *                  accountnumber                -- authorizing account (stored in the transhdr.accountnumber field)
 *                  transactioncode               -- transaction code that the appliance/core understands (from transhdr.transactioncode code field)
 *                  memo                               -- memo for the transaction (from the transhdr.memo field)
 *                  amount                             -- amount of the transaction (from the transdtl.amount field)
 *
 * @return  True if successful; error structure if not
 */
function PostSecureMessageTransfer( $pHBEnv, $tranData ) {

  try {
      $txfr = array(
        "status" => array( "code"=>'000', "errors" => Array() ),
        "txn" => array()
      );
      $errors = Array();

      $MC = $pHBEnv["MC"];

      // see if it is a credit card payment request (destination account has a Px)
      $destParts = explode( "|", $tranData["acct_dest"] );
      // unresolved - need to verify this: member or user?
      $sourceParts = explode( "|", $tranData["acct_source"] );

      $fromAcct = $sourceParts[2];
      $fromMbr = $sourceParts[1];

      // The request should already be validated; assume the core or admin use will make sure funds exist if the approval happend
      //  at a later date then the initial posting.

      // see if the name has been customized
      $cuAllowedTransactionsAry = Get_HaveTrans( $pHBEnv["dbh"], $pHBEnv );

      $key= trim($destParts[2]);

      $secureFormTitle = "";
      if ( HCU_array_key_exists($key, $cuAllowedTransactionsAry) ) {
        $secureFormTitle = $cuAllowedTransactionsAry[$key][2];
        if ( $secureFormTitle == "" ) {
          $secureFormTitle = $cuAllowedTransactionsAry[$key][0];
        }
      } else {
        $errors[] = $MC->msg('Option not set');
      }

      if ( $secureFormTitle == "" ) {
        $secureFormTitle = "Credit Card Payment Request";
      }

      /*
       * Define the location of the sslforms directory
       */
      $sslFormsDir = "/home/{$pHBEnv['chome']}/sslforms/";
      /*
       * File name should be
       * Vpmt[YYYYMMDDHHNNSS{PID}].html
       */
      $sslFormsFileName = 'CCPmt' . date('YmdHis') . posix_getpid() . '.html';

      // get the notification email
      $sql = "SELECT email
              FROM cuadmnotify
              WHERE cu = '{$pHBEnv['Cu']}'
                AND role = 'ccemail'";
      $emRs = db_query($sql, $pHBEnv["dbh"]);
      list($notifyEmail) = db_fetch_array($emRs);
      db_free_result($emRs);

      // ** Check the Email exists and directory has sufficient rights
      if ( trim($notifyEmail) == '' || !(is_writable($sslFormsDir)) ) {
        $errors[] = $MC->msg('Contact CU');
      }

      if ( count( $errors ) > 0 ) {
        $txfr['status']['code'] = '999';
        $txfr['status']['severity'] = 'ERROR';
        $txfr['status']['errors'] = $errors;
      } else {

        $dataConfirm= $pHBEnv["confirmationCode"];

        $tranCode = $tranData["transactioncode"];
        $trMemo = $tranData["memo"];

        // set up the secure message
        $amount = number_format( $tranData["amount"], 2 );
        $secureFormDataAry = array();
        $secureFormDataAry[] = Array( 'type' => 'field',
                                      'label' => "Submission Date",
                                      'value' => "Received on " . date( "m/d/Y") . " at " . date( "H:i T" ) );
        $secureFormDataAry[] = Array( 'type' => 'field',
                                      'label' => "User",
                                      'value' => $pHBEnv["Cn"]);
        $secureFormDataAry[] = Array( 'type' => 'field',
                                      'label' => "Transfer From Account",
                                      'value' => $sourceParts[1]);
        $secureFormDataAry[] = Array( 'type' => 'field',
                                      'label' => "Amount",
                                      'value' => "\$" . money_format('%.2n', $amount) );
        $secureFormDataAry[] = Array( 'type' => 'field',
                                      'label' => "Comments",
                                      'value' => $trMemo );
        $secureFormDataAry[] = Array( 'type' => 'field',
                                      'label' => "Confirmation Code",
                                      'value' => $dataConfirm );
        $secureFormDataAry[] = Array( 'type' => 'field',
                                      'label' => "",
                                      'value' => $pHBEnv["MC"]->msg( "CCPayNote") );

        // set the destination path/file
        $securePathFileName = $sslFormsDir . $sslFormsFileName;

        // set up the email message
        $emailInfo["target"] = $notifyEmail;
        $emailInfo["reply"] = "";
        $emailInfo["subject"] = "SECURE FORM NOTIFICATION (CCPmt)";
        $body =  "A secure document has been submitted to your site.  You\n";
        $body .= "can retrieve it in the password protected admin directory.\n";
        $body .= "\n\n{$pHBEnv["Cu"]}\n";
        $emailInfo["body"] = $body;

        $result = PostSecureMessage( $secureFormDataAry, $securePathFileName, $secureFormTitle, $emailInfo, $pHBEnv );

        // ** Set the values for display
        $dataFrom = $sourceParts[1];
        // ** do not change status code to '000' to be more consistent with other functions,
          // * I believe the apps are looking for the string '0', changes to this could break
          // * the apps
        $txfr['status']['code'] = '0';
        $txfr['status']['severity'] = 'INFO';
        $txfr['txn']['confirmid'] = $dataConfirm;
        $txfr['txn']['acct'] = $fromMbr;
        $txfr['txn']['tcode'] = $tranCode;
        $txfr['txn']['r1fsfx'] = $dataFrom;
        $txfr['txn']['r2tsfx'] = '';
        $txfr['txn']['r3email'] = '';
        $txfr['txn']['r4misc1'] = '';
        $txfr['txn']['r5tmem'] = $fromMbr;
        $txfr['txn']['amount'] = $amount;
        $txfr['txn']['trmemo'] = $trMemo;
      }
  } catch( Exception $ex ) {
    $pHBEnv["SYSENV"]["logger"]->debug( "PostSecureMessageTransfer:" . $ex->getMessage() );
    $errors[] = $ex->getMessage();

    $txfr['status']['code'] = '999';
    $txfr['status']['severity'] = 'ERROR';
    $txfr['status']['errors'] = $errors;

  }

  return ($txfr);
} // end PostSecureMessageTransfer

/**
 * Submit the internal transfer and then mark this transaction as processed. This can be done at the same
 *  time as the original submission or later when it is accepted.
 *
 *
 * @param integer $pDbh           -- Current database handle
 * @param array $pHBEnv           -- Current HB_ENV values
 *          ["SYSENV"]["logger"]
 *          ["Cu"]
 *          ["tz"]
 *          ["live"]
 *          ["Ml"]
 * @param object $pMC             -- Dictionary object
 * @param array $pWhich           -- Which entry is being processed
 * @param boolean $fromUserActivity -- If from user activity, it is slightly different processing.
 *
 * @return  False if error occurs, structure with info if successful
 */
function ProcessTransfer( $pDbh, $pHBEnv, $pMC, $pWhich, &$pResults, $fromUserActivity = false) {
  try {
    $errors = array();

    $Cu = $pHBEnv["Cu"];

    // there should just be one header and one detail
    $sql = "with uaua as (select user_id, accountnumber, accounttype, display_name, certnumber,
      trim(recordtype) || '|' || trim(accountnumber) || '|' || trim(accounttype) || '|' || certnumber as key from ${Cu}useraccounts),
        albalb as (select description, 'D|' || trim(accountnumber) || '|' || trim(accounttype) || '|' || certnumber as key, misc1 from ${Cu}accountbalance
        union all select description, 'L|' || trim(accountnumber) || '|' || trim(loannumber) || '|0' as key, misc1 from ${Cu}loanbalance)
        select txn.*, uafrom.display_name as from_displayname, albto.misc1 as tomisc1, albfrom.misc1 as frommisc1,
        albfrom.description as from_desc, uafrom.accountnumber as from_acct, uafrom.accounttype as from_accounttype, uafrom.certnumber as from_certnumber,
        uato.display_name as to_displayname, albto.description as to_desc, uato.accountnumber as to_acct, uato.accounttype as to_accounttype, uato.certnumber as to_certnumber from
        (select h.*, d.amount, d.transdata, d.transdata::json->>'acct_source' as fromkey, d.transdata::json->>'acct_dest' as tokey
        from ${Cu}transhdr h
        inner join ${Cu}transdtl d on d.transhdr_id = h.id) txn
        left join uaua uafrom
          on txn.fromkey = uafrom.key or txn.fromkey || '|0' = uafrom.key and uafrom.user_id = txn.posted_by
        left join albalb albfrom
          on txn.fromkey = albfrom.key or txn.fromkey || '|0' = albfrom.key
        left join uaua uato
          on txn.tokey = uato.key or txn.tokey || '|0' = uato.key
        left join albalb albto
          on txn.tokey = albto.key or txn.tokey || '|0' = albto.key
        where txn.id = $pWhich";
    $rs = db_query( $sql, $pDbh );

    if ( !$rs ) {
      throw new Exception( $pMC->msg("Transfer Error", HCU_DISPLAY_AS_HTML) );
    }

    $transferRecord = db_fetch_array( $rs, 0 );

    // if the feature is an external transfer then exit
    // NOTE: this is a safety check in case the calling function doesn't know what is going on
    if (in_array($transferRecord["feature_code"], array(FEATURE_EXTERNAL_TRANSFERS, FEATURE_ACH_PAYMENTS, FEATURE_ACH_COLLECTIONS))) {
      $errors[] = $pMC->msg("External Transfer", HCU_DISPLAY_AS_HTML);
      $pResults = array( "status" => array( "code" => "999",
                                      "severity" => "ERROR",
                                      "errors" => $errors ) );

      return false;
    }

    // this should have acct_source, acct_dest, and misc1 (if present)
    $transData = HCU_JsonDecode( $transferRecord['transdata'] );

    // see if it is a credit card payment request (destination account has a Px)
    $destParts = explode( "|", $transData["acct_dest"] );
    $sourceParts = explode( "|", $transData["acct_source"] );

    if (empty($destParts) || empty($sourceParts)) {
      $errors[] = $pMC->msg( 'Missing required values' );
    }

    if (count($errors) > 0) {
      $txfr['status']['code']='999';
      $txfr['status']['severity']='ERROR';
      $txfr['status']['errors']=$errors;
    } else {
      // populate all the transfer data
      $transData["transactioncode"] = $transferRecord["transactioncode"];
      $transData["memo"] = $transferRecord["memo"];
      $transData["amount"] = $transferRecord["amount"];
      // the authority account
      $transData["accountnumber"] = $transferRecord["accountnumber"];
      $transData['posted_by'] = $transferRecord['posted_by'];

      /*
       * Modified -
       * Part two of the transferTo is the account number, but for
       *    CUDP, they have a PLUS account, that starts with P, orginally this
       *          code ONLY checked the first letter of the account number for 'P'
       *  ADDED a check for the first segment to ensure it is a type 'O'ther, which
       *    should remove conflict with types from the core
       */

      if ( $destParts[0] == 'O' && substr( $destParts[2], 0, 1 ) == "P" ) {
          $aryTransferRequestResult = PostSecureMessageTransfer( $pHBEnv, $transData );
      } else {
          $aryTransferRequestResult = PostInternalTransfer( $pHBEnv, $transData );
      }

      if ( $aryTransferRequestResult["status"]["code"] != "999" ) {

        // set up the query to mark the transaction as processed ("*immed*" means processed by Banking user)
        $sql = "UPDATE {$pHBEnv["Cu"]}transhdr SET
                  processed_by = '*immed*',
                  processed_date = now(),
                  processed_status = 20
                WHERE id = $pWhich
                  RETURNING processed_date, posted_by";

        $rs = db_query( $sql, $pDbh );

        list( $processedDate, $postedBy ) = db_fetch_array( $rs, 0 );

        // build a confirmation code (so don't need to read the database)
        $confCodeBuilder["id"] = $pWhich;
        $confCodeBuilder["processed_by"] = "*immed*";
        $confCodeBuilder["posted_by"] = $postedBy;     // immediate transfers need the posted by id
        $confCodeBuilder["processed_date"] = $processedDate;
        $confirmationCode = GetTransferConfirmCode( $pHBEnv, "process", $confCodeBuilder );

        $confirmationCode = $confirmationCode;

        $transDetail = GetTransferDetails( $pHBEnv, $transferRecord );
    /*
    $pHBEnv["SYSENV"]["logger"]->info( "transDetail: " . print_r($transDetail,true) );
     * returns
     * (
     * [action] => Account Transfer
     * [from] => DRAFT/CHECKING
     * [to] => Savings x7654
     *  )

     */

        // ** get the values for displaying the accounts, date, amount, and confirmation id
        $myDateTime = new DateTime( $processedDate );

        // convert to local time for the display
        $myDateTime->setTimezone(new DateTimeZone($pHBEnv["tz"]));
        $readableDate = $myDateTime->format("m/d/Y g:ia");

        $dataAmount = mobile_formatnumber($aryTransferRequestResult['txn']['amount'], ",");
        $pResults = array( "status" => array( "code" => "000" ),
                                        "txn" => array( "data_action" => $transDetail["action"],
                                           "data_from" => $transDetail["from"],
                                           "data_to" => $transDetail["to"],
                                           "data_amount" => $dataAmount,
                                           "data_date" => $readableDate,
                                           "data_confirm" => $confirmationCode ) );

        $success = true;
      } else {
        // just pass on the status
        $pResults = array( "status" => $aryTransferRequestResult["status"] );

        $success = false;
      }
    }
  } catch (Exception $ex) {
    $pHBEnv["SYSENV"]["logger"]->debug( "Process Transfer:" . $ex->getMessage() );
    $errors[] = $ex->getMessage();
    $pResults = array( "status" => array( "code" => "999",
                                          "severity" => "ERROR",
                                          "errors" => $errors ) );
    $success = false;
  }



  return $success;
} // end ProcessTransfer

/**
 * Get the transfer action name and the From and To information. This information is used in
 *  more than one area so do it in a routine.
 *
 * @param array $pHBEnv                  -- Current Environment values (see what is used to know what is needed)
 * @param array $pTranRecord          -- Data for entry being processed (just enough fields to be successful)
 *
 * @return  structure with the action, from, and to information.
 */
function GetTransferDetails( $pHBEnv, $pTranRecord ) {

  try {
    $txnCode = $pTranRecord["transactioncode"];
    $dbh = $pHBEnv["dbh"];
    $Cu = $pHBEnv["Cu"];
    $fset3 = $pHBEnv["Fset3"];
    $Uid = $pHBEnv['Uid'];
    $MC = $pHBEnv['MC'];

    // both paths need this
    $transData = HCU_JsonDecode( $pTranRecord["transdata"] );
    // handle external transfers
    if ( $txnCode == "1W" || $txnCode == "2W" ) {
      $dataAction = $pHBEnv["MC"]->msg( "External Transfer", HCU_DISPLAY_AS_RAW );

      if ( substr( $txnCode, 0, 1 ) == "1" ) {

        // ** Get the Local Description
          // -- Originating Account will be DEPOSIT ONLY

        $srcAcctId = HCU_AcctIdExplode(HCU_array_key_value('acct_source', $transData));
        $srcAcctKey = $transData['source_key'];

        if ($srcAcctId['valid']) {
          $localFromArray = GetMemberDescription($dbh, $Cu, $Uid, $srcAcctKey);
          //$localFromArray = GetMemberDescription($dbh, $Cu, $Uid, $srcAcctId['type'], $srcAcctId['acctnumber'], $srcAcctId['segment3'], $srcAcctId['segment4']);
          $localFromDesc = $localFromArray['description'];
          $localFromDisp = $localFromArray['display_name'];
        } else {
          // * Something went wrong --
          throw new Exception ("Unknown Acct ID");
        }

        // payment from local to external
        if ($srcAcctKey['recordtype'] == "D") {
          $dataFrom = getAccountDescription($dbh, $Cu, $srcAcctKey['accountnumber'], $localFromDesc, $srcAcctKey['accounttype'], $localFromDisp, $fset3, $srcAcctId['segment4']);
        } else {
          $dataFrom = getAccountDescription($dbh, $Cu, $srcAcctKey['accountnumber'], $localFromDesc, $srcAcctKey['loannumber'], $localFromDisp, $fset3, $srcAcctId['segment4']);
        }

        $acctDest = $transData["acct_dest"];
        if (HCU_array_key_value('remote_entity', $acctDest) !='' ) {
          $dataTo = HCU_array_key_value('name', $acctDest['remote_entity']);
        } else {
          $dataTo = getAccountDescription($dbh, $Cu, $acctDest["rdfi"]["rdfi_account"], "", $acctDest["rdfi"]["rdfi_account_type"], "", $fset3, 0, true, true);
        }
      } else {
        // collection from external to local
        $acctSource = $transData["acct_source"];

        if (HCU_array_key_value('remote_entity', $acctSource) !='' ) {
          $dataFrom = HCU_array_key_value('name', $acctSource['remote_entity']);
        } else {
          $dataFrom = getAccountDescription($dbh, $Cu, $acctSource["rdfi"]["rdfi_account"], "", $acctSource["rdfi"]["rdfi_account"], "", $fset3, 0, true, true);
        }


        // ** Destination can either be a loan or deposit
        // ** Break apart the 'acct_dest' field in transdata
        $dstAcctId = HCU_AcctIdExplode(HCU_array_key_value('acct_dest', $transData));
        $dstAcctKey = $transData['dest_key'];
        if ($dstAcctId['valid']) {
          $localToArray = GetMemberDescription($dbh, $Cu, $Uid, $dstAcctKey);
          $localToDesc = $localToArray['description'];
          $localToDisp = $localToArray['display_name'];
        } else {
          // * Something went wrong --
          throw new Exception ("Unknown Acct ID");
        }

        if ($dstAcctKey['recordtype'] == "D") {
          $dataTo = getAccountDescription($dbh, $Cu, $dstAcctKey['accountnumber'], $localToDesc, $dstAcctKey['accounttype'], $localToDisp, $fset3, $dstAcctId['segment4']);
        } else {
          $dataTo = getAccountDescription($dbh, $Cu, $dstAcctKey['accountnumber'], $localToDesc, $dstAcctKey['loannumber'], $localToDisp, $fset3, $dstAcctId['segment4']);
        }
      }
    } else if ( $txnCode == "MM" ) {
      $dataAction = $pHBEnv["MC"]->msg( "M2M Transfer", HCU_DISPLAY_AS_RAW );

      $srcAcctId = HCU_AcctIdExplode(HCU_array_key_value('acct_source', $transData));
      $srcAcctKey = $transData['source_key'];

      if ($srcAcctId['valid']) {
        $localFromArray = GetMemberDescription($dbh, $Cu, $Uid, $srcAcctKey);
        $localFromDesc = $localFromArray['description'];
        $localFromDisp = $localFromArray['display_name'];
      } else {
        // * Something went wrong --
          throw new Exception ("Unknown Acct ID");
      }

      if ($srcAcctKey['recordtype'] == "D") {
        $dataFrom = getAccountDescription($dbh, $Cu, $srcAcctKey['accountnumber'], $localFromDesc, $srcAcctKey['accounttype'], $localFromDisp, $fset3, $srcAcctId['segment4']);
      } else {
        $dataFrom = getAccountDescription($dbh, $Cu, $srcAcctKey['accountnumber'], $localFromDesc, $srcAcctKey['loannumber'], $localFromDisp, $fset3, $srcAcctId['segment4']);
      }

      $dstAcctId = HCU_AcctIdExplode(HCU_array_key_value('acct_dest', $transData));
      // ** 11/2/17 - M2M not completed yet..
        // The destination member -- we will know {account number, last name, and type [checking/savings]}
      // ** Last name should be saved in the 'misc' element of transData
      $localToDesc = HCU_array_key_value('misc', $transData); // Last Name
      // ** Instead of print 10 or 20 for the selection, I want to print {checking / savings}
      $localToType = ($dstAcctId['segment3'] == '10' ? $MC->msg('ACH Checking') : $MC->msg('ACH Savings'));
      $dataTo = getAccountDescription($dbh, $Cu, $dstAcctId['acctnumber'], $localToDesc, $localToType, '', $fset3, 0, true, true);

    } else {
      // internal transfer
      $transferSource = $transData["acct_source"];
      $sourceParts = explode( "|", $transferSource );
      $srcAcctId = HCU_AcctIdExplode(HCU_array_key_value('acct_source', $transData));
      $srcAcctKey = $transData['source_key'];

      $transferDest = $transData["acct_dest"];
      $destParts = explode( "|", $transferDest );
      $dstAcctId = HCU_AcctIdExplode(HCU_array_key_value('acct_dest', $transData));
      $dstAcctKey = $transData['dest_key'];

      /*
       * Don't show the user a message referencing "Cross Account Transfer"
       *   Instead just show 'Account Transfer' / 'Loan Payment'
       */
      if ($txnCode == "XA") {
        $lookupTxCode = "AT";
      } elseif ($txnCode == "XP") {
        $lookupTxCode = "LP";
      } else {
        $lookupTxCode = $txnCode;
      }

      // get the data action
      $sql = "SELECT trandesc FROM cutrans WHERE trancode = '$lookupTxCode'";
      $sth = db_query($sql, $pHBEnv["dbh"]);
      list( $tranDesc ) = db_fetch_array( $sth, 0 );

      $dataAction = $tranDesc;

      # FIX FOR PROD - Error checking, anyone?
      # send appropriate status if post fails
      // get the "from" and "to" account info from the transData

      $thirdSpotTestCode = $dstAcctId['segment3'];       // credit card payments look like "O|1103|CP"

      /* OTHER TRANSFER TYPES */
      if ($dstAcctId['type'] == 'O') {
        // ** LOAD OTHER TYPE FROM cu_havetrans
        $dataAction = '';

        $cuOtherTrans = Get_HaveTrans($dbh, $pHBEnv);

        // ** LOOK for the "OTHER" transaction code in the cuhavetrans table config
        if (HCU_array_key_exists($thirdSpotTestCode, $cuOtherTrans)) {
          $transdesc = HCU_array_key_value($thirdSpotTestCode, $cuOtherTrans);
          // ** FOUND ** cu has setup the OTHER Transaction type
          $cudesc = isset($transdesc[2]) ? trim($transdesc[2]) : "";    // ** Credit Union Specific Description
          $noncudesc = isset($transdesc[0]) ? trim($transdesc[0]) : ""; // ** General Description
          $dataAction = $cudesc != "" ? $cudesc : $noncudesc;            // ** Determine the description to use for this transaction

        }
        if (!$dataAction) {
          $dataAction = $pHBEnv['MC']->msg("Unknown");
        }
        $dataTo = $dataAction;
      } else {
        // ** Get the description for the SOURCE account from the respective balance table
        $dstAcctId = HCU_AcctIdExplode(HCU_array_key_value('acct_dest', $transData));

        if ($dstAcctId['valid']) {

          /* Cross Account Transaction Codes */
          $tranCodeXLookup = Array("XA", "XP");

          if (in_array($txnCode, $tranCodeXLookup)) {
            /**
             * Cross Account Transaction
             * Construct the useraccounts lookup XX#1111 for the useraccounts table lookup
             */
            $acctTypeorLoan = ($dstAcctKey['recordtype'] == "L" || $dstAcctKey['recordtype'] == "C" ? "loannumber" : "accounttype");
            $localAcctKey = Array(
                                  "recordtype" => $dstAcctKey['recordtype'],
                                  "accountnumber" => $srcAcctKey['accountnumber'],
                                  $acctTypeorLoan => $dstAcctKey[$acctTypeorLoan] . '#' . $dstAcctKey['accountnumber'],
                                  "certnumber" => 0
                                );

          } else {
            $localAcctKey = $dstAcctKey;
          }

          // ** Gets the appropriate Core Description
          $localToArray = GetMemberDescription($dbh, $Cu, $Uid, $localAcctKey);

          $localToDesc = $localToArray['description'];
          $localToDisp = $localToArray['display_name'];

        } else {
          // * Something went wrong --
          throw new Exception ("Unknown Acct ID");
        }

        if ($dstAcctKey['recordtype'] == "D") {
          $dataTo = getAccountDescription($dbh, $Cu, $dstAcctKey['accountnumber'], $localToDesc, $dstAcctKey['accounttype'], $localToDisp, $fset3, $dstAcctId['segment4']);
        } else {
          $dataTo = getAccountDescription($dbh, $Cu, $dstAcctKey['accountnumber'], $localToDesc, $dstAcctKey['loannumber'], $localToDisp, $fset3, $dstAcctId['segment4']);
        }
      }

      // ** Get the description for the SOURCE account from the respective balance table
      if ($srcAcctId['valid']) {
        $localFromArray = GetMemberDescription($dbh, $Cu, $Uid, $srcAcctKey, $srcAcctId);
        $localFromDesc = $localFromArray['description'];
        $localFromDisp = $localFromArray['display_name'];
      } else {
        // * Something went wrong -- return empty string
          throw new Exception ("Unknown Acct ID");
      }

      // should always be an internal account in the Source
      if ($srcAcctKey['recordtype'] == "D") {
        $dataFrom = getAccountDescription($dbh, $Cu, $srcAcctKey['accountnumber'], $localFromDesc, $srcAcctKey['accounttype'], $localFromDisp, $fset3, $srcAcctId['segment4']);
      } else {
        $dataFrom = getAccountDescription($dbh, $Cu, $srcAcctKey['accountnumber'], $localFromDesc, $srcAcctKey['loannumber'], $localFromDisp, $fset3, $srcAcctId['segment4']);
      }
    }

    $transferDetail = array(
      "action" => $dataAction,
      "from" => $dataFrom,
      "to" => $dataTo
    );
  } catch (Exception $ex) {

    // return something so the caller will work
    $transferDetail = array(
      "action" => "Transfer",
      "from" => "Unknown",
      "to" => "Unknown"
    );
  }

  return $transferDetail;
} // end GetTransferDetails


/**
 *  This function will accept the posted values of the web form and will set defaults
 *  where necessary.
 *  It will NOT perform any validation.
 *  These values can then be used in the function
 *    ValidateTransaction
 *    RecortTransaction
 *
 *  @param array $pValues - Posted form values.  Most likely the results of HB_ENV['HCUPOST']
 *
 *  @return array
 */
function SanitizeTransaction ($pValues) {


  $retDataRow = array();

  $txFrom = null;
  $txTo = null;

  $txFromMember = isset($pValues['txFromMember']) ? $pValues['txFromMember'] : null;
  $txFromSuffix = isset($pValues['txFromSuffix']) ? $pValues['txFromSuffix'] : null;
  $txFromType = "";
  $txToMember = isset($pValues['txToMember']) ? $pValues['txToMember'] : null;
  $txToSuffix = isset($pValues['txToSuffix']) ? $pValues['txToSuffix'] : null;
  $txToType = "";
  $txCode = isset($pValues['txCode']) ? $pValues['txCode'] : null;
  $txAmount = isset($pValues['txAmount']) ? $pValues['txAmount'] : null;
  $txMemo = isset($pValues['txMemo']) ? $pValues['txMemo'] : null;
  $txFrequency = isset($pValues['txFrequency']) ? $pValues['txFrequency'] : null;
  $txContinue = isset($pValues['txContinue']) ? $pValues['txContinue'] : null;
  $txDateStart =  isset($pValues['txDateStart']) ? $pValues['txDateStart'] : null;
  $txDateEnd = isset($pValues['txDateEnd']) ? $pValues['txDateEnd'] : null;
  $txStatus = isset($pValues['txStatus']) ? $pValues['txStatus'] : null;




}

/**
 * function GetTransferToOptions($HB_ENV, $sourceParts, $txFromPermMember, $fromScheduledPage)
 * Get filtered list for the to dropdownlist on transfer and scheduled transactions.
 *
 * @param $HB_ENV -- the variables for banking.
 * @param $sourceParts -- the key split up in the from.
 * @param $txFromPermMember -- the account that is the permission member.
 * @param $fromScheduledPage -- if it is from the hcuTransferScheduled.prg page or not.
 *
 * @return $status -- "000" if successful, nonzero otherwise.
 * @return $error -- "" if successful, nonempty otherwise.
 * @return $transferToList -- filtered list for use in the to dropdownlists.
 */
function GetTransferToOptions($HB_ENV, $sourceParts, $txFromPermMember, $fromScheduledPage) {
  try {

    $transferList = TX_list($HB_ENV["dbh"], $HB_ENV);

    $txFromType = HCU_array_key_value(0, $sourceParts);
    $txFromMember = HCU_array_key_value(1, $sourceParts);
    // In the case of joint or cross accounts, this is different from $txFromPermMember.  In other cases, they are the same.
    $txFromSuffix = HCU_array_key_value(2, $sourceParts);

    $toArray = array();
    if (!HCU_array_key_exists("acctlist", $transferList)) {
      throw new exception ("Transfer list is not valid.", 1);
    }

    // ** get member to member/external account permissions
    $permissionInputs = array( "feature" => FEATURE_M2M_TRANSFERS );
    $permissionM2M = Perm_AccessRights($HB_ENV["dbh"], $HB_ENV, $permissionInputs );

    // get system status: live/batch
    $isLive = $HB_ENV['live'] == 0 ? false : true;


    // Need to check permissions from here if it is an external account.
    $fromAcctValues = $transferList["acctlist"][implode( "|", $sourceParts )];

    foreach ($transferList["acctlist"] as $acctKey => $acctValues) {

      $acctOrder = 0;
      $txToType = HCU_array_key_value("acctclass", $acctValues);
      $txToPermMember = HCU_array_key_value("member", $acctValues);
      $txToSuffix = HCU_array_key_value("suffix", $acctValues);
      $txToSuffix = explode("@", $txToSuffix)[0];
      $destParts = explode("|", $acctKey);
      $txToMember = HCU_array_key_value(1, $destParts);
      $acctInfo = Array();

      // Prevent "Other" types for scheduled transactions.
      if ($fromScheduledPage && $txToType == "O") {
        continue;
      }

      // Loan to External account check (Applied from #2464)
      if ($txFromType == "L" && $txToType == "X") {
        continue;
      }

      if ($acctValues["out_of_sync"] || !$acctValues["to"]) {
        continue; // Neither of these attributes show up in the to list.
      }

      // Do not allow the same account
      if ($txToMember == $txFromMember
        && $txToPermMember == $txFromPermMember
        && $txToSuffix == $txFromSuffix
        && $txToType == $txFromType) {
        continue;
      }

      // if member to member account and not live system or no access, do not add
      if ($txToType == "M" && !($isLive && $permissionM2M['access'])) {
        continue;
      }

      $relevantTypes = array("D", "L");
      // Do not allow transfer between accounts iff setting is set.
      if (($HB_ENV["flagset3"] & GetFlagsetValue("CU3_DISALLOW_MULT_ACCOUNTS_TRANSFER")) != 0) {

        if ($txToPermMember != $txFromPermMember && in_array($txFromType, $relevantTypes) && in_array($txToType, $relevantTypes)) {

          // TEMPORARY CHECK CROSS ACCOUNT LIST IN THE CASE THAT ACCOUNT IS IN CROSS ACCOUNTS AND HAS DIRECT ACCESS
          // SHOULD BE ABLE TO BE REMOVED AFTER #2062.
          if (HCU_array_key_exists($txFromPermMember, $transferList["xacctlist"])
              && HCU_array_key_exists($acctKey, $transferList["xacctlist"][$txFromPermMember])) {
            $acctValues = $transferList["xacctlist"][$txFromPermMember][$acctKey];
            $acctOrder = 0;
            $txToType = HCU_array_key_value("acctclass", $acctValues);
            $txToPermMember = HCU_array_key_value("member", $acctValues);
            $txToSuffix = HCU_array_key_value("suffix", $acctValues);
            $txToSuffix = explode("@", $txToSuffix)[0];
            $destParts = explode("|", $acctKey);
            $txToMember = HCU_array_key_value(1, $destParts);
            $acctInfo = Array();

            if ($txToPermMember != $txFromPermMember && in_array($txFromType, $relevantTypes) && in_array($txToType, $relevantTypes)) {
              continue;
            }
          } else {
            continue;
          }

        }
      }

      // ** are scheduled transfers allowed?
      $txScheduledAllowed = ($HB_ENV['flagset2'] & GetFlagsetValue("CU2_PROCRECUR")) != 0;

      if ($fromScheduledPage && !$txScheduledAllowed) {
        continue;
      }


      if ($txFromType == "X") {
        // Transfer Error external (PART1)
        if (!in_array($txToType, $relevantTypes)) {
          continue;
        }

        // Prevent EXT transfer out of account without permissions
        if ($acctValues["to_ext"] !== "Y") {
          continue;
        }
      } else {
        if (HCU_array_key_value("from_int", $fromAcctValues) !== "Y") {
          continue;
        }
      }

      if ($txToType == "X") {
        // Transfer Error external (PART2)
        if (!in_array($txFromType, $relevantTypes)) {
          continue;
        }

        if (HCU_array_key_value("from_ext", $fromAcctValues) !== "Y") {
          continue;
        }

      } else {
        if (HCU_array_key_value("to_int", $acctValues) !== "Y") {
          continue;
        }
      }

      // "The only valid source for M2M should be a Share account. (Savings/Checking)"
      if ($txFromType !== "D" && $txToType == "M") {
        continue;
      }

      // Loan Add-on cannot payment
      if ($txFromType == "L" && $txToType == "L") {
        continue;
      }

      // check if feature is regular, external, M2M or ACH transfer
      if ( $txFromType === "X" || $txToType === "X" ) {
        $transferFeatureCode = FEATURE_EXTERNAL_TRANSFERS;
      } else if ( $txToType === "M" ) {
        $transferFeatureCode = FEATURE_M2M_TRANSFERS;
      } else if ( $txFromType === "AC" ) {
        $transferFeatureCode = FEATURE_ACH_COLLECTIONS;
      } else if ( $txToType === "AP" ) {
        $transferFeatureCode = FEATURE_ACH_PAYMENTS;
      } else {
        $transferFeatureCode = FEATURE_TRANSFERS;
      }

      // ** Verify the feature is enabled for the Credit Union.
      $hasTransferNotify = _HasTransferNotify( $HB_ENV["dbh"], $HB_ENV["Cu"] );

      if ( !$hasTransferNotify && ($fromScheduledPage || ($HB_ENV["flagset"] & GetFlagsetValue("CU_MAILTXNS")))) {
        continue;
      }

      // Loan Add-on cannot check withdrawal
      $cuTransTypesAllowed = Get_HaveTrans($HB_ENV["dbh"], $HB_ENV);
      if ($txFromType == "L" && $acctValues["suffix"] == "CW" && !HCU_array_key_exists( 'LC', $cuTransTypesAllowed)) {
        continue;
      }

      /**
       * When 'trust' is transfer, this is a Cross-Account, there is no information to specify, the values would be empty
       */
      if ($acctValues['trust'] != 'transfer' && $acctValues['view_balances'] == 'Y') {
        switch ($txToType) {
          case "D":
          $acctInfo = Array(
            Array("desc" => $HB_ENV["MC"]->msg('Balance', HCU_DISPLAY_AS_RAW), "value" => $acctValues['balance'])
          );
          break;

          case "L":
            $acctInfo = Array(
              Array("desc" => $HB_ENV["MC"]->msg('Payoff', HCU_DISPLAY_AS_RAW), "value" => $acctValues['payoff']),
              Array("desc" => $HB_ENV["MC"]->msg('Balance', HCU_DISPLAY_AS_RAW), "value" => $acctValues['balance']),
              Array("desc" => $HB_ENV["MC"]->msg('Payment', HCU_DISPLAY_AS_RAW), "value" => $acctValues['paymentdue'])
            );
            break;

          case "C":
            // 10-19 make the transfer display follow the same rules as the balances screen in respect to CC's.
            $Fset2 = ($HB_ENV['Fset2']) ?? null;
            if (($Fset2 & GetFlagsetValue('CU2_CC18NOINFO')) != GetFlagsetValue('CU2_CC18NOINFO')) {
              $acctInfo = Array(
                Array("desc" => $HB_ENV["MC"]->msg('Payoff', HCU_DISPLAY_AS_RAW), "value" => $acctValues['payoff']),
                Array("desc" => $HB_ENV["MC"]->msg('Balance', HCU_DISPLAY_AS_RAW), "value" => $acctValues['balance']),
                Array("desc" => $HB_ENV["MC"]->msg('Payment', HCU_DISPLAY_AS_RAW), "value" => $acctValues['paymentdue'])
              );
            }

            break;
        }
      }
      $toArray[] = Array(
        "acctText" => htmlspecialchars_decode($acctValues['description'], ENT_QUOTES),
        "acctValue" => mobile_displayhtml($acctKey),
        "acctInfo" => $acctInfo,
        'acctClass' => $txToType,
        'acctGroup' => $acctValues['item-group'],
        'acctOrder' => $acctOrder,
        "permissionAcct" => $acctValues["member"] // For cross and joint accounts, I need the account that it is under for determining if the transfer is allowed.
      );

    } // End foreach


    // do not allow ad-hoc if system is not live or no permissions or it does not come from a Share account. (Savings/Checking)
    if (!$fromScheduledPage && $isLive && $permissionM2M['access'] && $txFromType == "D") {
      $toArray[] = array(
        "acctText" => $HB_ENV["MC"]->msg("Transfer to another member", HCU_DISPLAY_AS_RAW),
        "acctValue" => "M|" . $HB_ENV['Uid'] . "|0",
        "acctInfo" => array(),
        "acctClass" => "M",
        "acctGroup" => "6 - " . $HB_ENV["MC"]->msg("Other Member Accounts", HCU_DISPLAY_AS_RAW),
        "acctOrder" => $acctOrder
      );
    }

    $returnArray = array("status" => "000", "error" => "", "transferToList" => $toArray);
  } catch (exception $e) {
    $returnArray = array("status" => $e->getCode(), "error" => $e->getMessage(), "transferToList" => array());
  }
  return $returnArray;
}