lnappfunctions.i

<?php
  /*
   * File: lnappfunctions
   * Purpose: The purpose of this file is to have the global functions for lnapp
   *          included in one place, but not take up extra room in the AppMain script
   */
/*
 * SET SOME GLOBAL VALUES
 *
 */
  $MasterKey = 'ndcng/Mwln#TR-3APMkxf68MaFWeaXaD';

function StartDMSTag($pStartTag, $pIdx=0, $pMenuVal='') {
    global $LAYOUT_PAGE, $LAYOUT_GROUP, $LAYOUT_LINE, $CURRENT_LAYOUT, $Build_CSS_Menu, $PAGE_COUNT, $GROUP_COUNT;

    // * start a new Tag -- CLose any open tags based on the tag that is set to start

    // Okay, I want to start a new TAG
    // ** First I want to make sure I close any open tags..
    for ($idx = $CURRENT_LAYOUT; $idx >= $pStartTag; $idx--) {
      // * closing each tag may be different for each
      switch ($idx) {
        case $LAYOUT_PAGE:
          // * End div tag
          print "</div>";
          break;
        case $LAYOUT_GROUP:
          // * End div
          print "</div><!--form-horizontal --></div><!-- well -->";
          break;
        case $LAYOUT_LINE:
          // * Simple div tag
          print "</div>";
          break;
      }
    }

    if ($pIdx >= 0 ) {
      // ** Start the new tag
      switch ($pStartTag) {
        case $LAYOUT_PAGE:
          print "<div id='securepage$pIdx' class='noshow'>";
          break;
        case $LAYOUT_GROUP:
          print "<div class='well well-sm col-xs-12 groupgo_{$GROUP_COUNT}'><div class='form-horizontal'>";
          break;
        case $LAYOUT_LINE:
          print "<div class='newrow'>";
          break;
      }
    }
    $CURRENT_LAYOUT = $pStartTag;



    // ** Do something similar for the DMS Menu
    for ($idxMenu = $CURRENT_LAYOUT; $idxMenu >= $pStartTag; $idxMenu--) {
      switch ($idxMenu) {
        case $LAYOUT_PAGE:

          if ($Build_CSS_Menu != '') {
            $Build_CSS_Menu .= "</ul></li>";
          }
          break;
        case $LAYOUT_GROUP:

          break;
      }
      if ($idxMenu >= 0 && $pMenuVal != '') {
        switch ($pStartTag) {
          case $LAYOUT_PAGE:
            $Build_CSS_Menu .= "<li class='' data-rowid=''><a class='' href='#' target=''><div id='pghdr_{$PAGE_COUNT}' title='$pMenuVal'>$pMenuVal</div></a><ul class='nav nav-second-level collapse in'>";
            break;
          case $LAYOUT_GROUP:
            $Build_CSS_Menu .= "<li id='group_{$GROUP_COUNT}'><a href='#groupgo_{$GROUP_COUNT}' id='page{$PAGE_COUNT}'><i class='fa fa-long-arrow-right local-menu-error' aria-hidden='true'></i>$pMenuVal</a></li>";
            break;
        }
      }
    }

  }

//* Load_AnswerList -- Load the answer list into an array
function Load_AnswerList ($p_ansid) {
  global $DB_TABLE_PREFIX, $App_AnswerDetail, $dbh;
  // ** First determine if I already have some answers listed in the array.
  // * my goal is to populate an array with the values because some forms may
  // * utitlize the same options more than once. and then I would only query
  // * the database once for each answer set

  $sql = "SELECT *
          FROM {$DB_TABLE_PREFIX}anslookupdetail
          WHERE ansid = " . intval($p_ansid) . "
          ORDER BY ansdisplay ";

  $ans_rs = db_query($sql, $dbh);

  $ansid = 0;

  /*
   *
   * Add a blank option if one is NOT provided from the database
   *  The query MUST be ordered by text where the blank is expected first
   *
   */
  $ansIdx = 0;
  while ($ans_row = db_fetch_array($ans_rs, $ansid)) {
    $ansIdx++;

    if ($ansIdx == 1 && trim($ans_row['ansvalue']) != '') {
      // * FIRST ROW -- VALUE in DB
      // * ADD BLANK ROW
      $App_AnswerDetail[$p_ansid][''] = '';
    }
    $App_AnswerDetail[$p_ansid][$ans_row['ansvalue']] = $ans_row['ansdisplay'];
    $ansid++;

  }
  if ($ansid == 0){
    // -- no rows were added so I need to record something here for that
    $App_AnswerDetail[$p_ansid] = "NO ROWS";
  }

}

function Display_AnswerList($p_ansid, $p_fieldname, $p_displaytype, $p_fieldlabel, $p_returndisplayof = "", $p_setdefaultval = "", $p_valueconditionalname='', $p_fieldclass='') {
  global $App_AnswerDetail, $GROUP_COUNT;
  // * this will display the answer list in either a SELECT or RADIO option

  // $p_returndisplayof -- If this is set, the function will ONLY return the
        // display value of the particlur field instead of returning a <SELECT>or <INPUT> code

  if (!isset($App_AnswerDetail[$p_ansid])) {
    // ** Send to load the answer
    Load_AnswerList($p_ansid);
  }
  // ** If there were rows then insert the data -- OR test to see if it is an array...
  $Answer_Field = "";

  // ** For first row, set the ID for a radio with the p_fieldname
  $radio_id_value = " id='{$p_fieldname}' ";
  if ($App_AnswerDetail[$p_ansid] != "NO ROWS") {
    foreach ($App_AnswerDetail[$p_ansid] as $Ans_key => $Ans_value) {
      if ($p_returndisplayof == '') {
        $default_val = "";
        switch($p_displaytype) {
          case "S":
            $default_val = ($p_setdefaultval != '' && $Ans_key == $p_setdefaultval ? " SELECTED " : "");
            $Answer_Field .= "<option value='$Ans_key' $default_val>$Ans_value</option>";
            break;
          case "R":
            // * *FOR RADIO OPTIONS, DO NOT INCLUDE if ans_key and ans_value are blank
            if ($Ans_key != '' && $Ans_value != '') {
              $default_val = ($p_setdefaultval != '' && $Ans_key == $p_setdefaultval ? " CHECKED " : "");

              $Answer_Field .= <<< APP_AR
              <label class="radio-inline">
                <input type='radio' group='group_{$GROUP_COUNT}' id='{$p_fieldname}' {$default_val} name='{$p_fieldname}' {$p_valueconditionalname} value='{$Ans_key}'/> {$Ans_value}
              </label>
APP_AR;
              $radio_id_value = '';     // SET id value to empty, so no others are set
            }
            break;

        }
      } else {
        // * Check to see if the value is the same
        if ($Ans_key == $p_returndisplayof) {
          $Answer_Field = $Ans_value;
          break;
        }
      }
    }
    if ($p_displaytype == "S" && $p_returndisplayof == '') {
      $Answer_Field = "<select class='$p_fieldclass' data-role='dropdownlist' id='$p_fieldname' name='$p_fieldname' class='t' style='width: 100%' title='$p_fieldlabel' {$p_valueconditionalname}>$Answer_Field</select>";

    }
  }
  return $Answer_Field;
}

/**
 * Encrypt a value using openssl_encrypt
 *
 * @param string $data - String to be encrypted
 * @param string $key - Key used for encryption
 * @param string $method - Default (AES-256-CBC) - One of the allowed php cipher methods
 *
 * @return string Base 64 encoded encrypted string
 */
function encrypt($data, $key, $method='AES-256-ECB') {

    $ivSize = openssl_cipher_iv_length($method);
    $iv = openssl_random_pseudo_bytes($ivSize);

    $encrypted = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);

    // For storage/transmission, we simply concatenate the IV and cipher text
    $encrypted = base64_encode($iv . $encrypted);

    return $encrypted;

}

/**
 * Decrypt a value using openssl_decrypt
 *
 * @param string $data - String to be decrypted
 * @param string $key - Key used for encryption
 * @param string $method - Default (AES-256-CBC) - One of the allowed php cipher methods
 *
 * @return string Base 64 encoded encrypted string
 */
function decrypt($data, $key, $method='AES-256-ECB') {
    $data = base64_decode($data);
    $ivSize = openssl_cipher_iv_length($method);
    $iv = substr($data, 0, $ivSize);
    $data = openssl_decrypt(substr($data, $ivSize), $method, $key, OPENSSL_RAW_DATA, $iv);

    return $data;
}

function Check_Credentials() {
  global $DB_TABLE_PREFIX, $DMSAPP_USERID_CookieString, $MasterKey, $dbh, $DMSAPP_CURRENTCUCODE, $DMSAPP_SECRET_KEY;
  $ret_user = "";
  $ret_email = "";
  $ret_status = false;
  $l_cookieval_ary = array();

  //*** THIS FUNCTION ASSUMES FAIL UNTIL THE INFORMATION IS AUTHENTICATED -- ALL ELSE STATEMENTS ASSUME FALSE

  // ** This will check the credentials for the current user.. they will be sent
  // * to the intro page if the cookie does not exist..

  if (isset($_COOKIE[$DMSAPP_USERID_CookieString])) {
    // ** COOKIE IS SET --- EXPLODE OUT THE PIECES THAT ARE HERE..

    parse_str($_COOKIE[$DMSAPP_USERID_CookieString], $l_cookieval_ary);
    $l_user = trim(decrypt($l_cookieval_ary['C1'], $MasterKey));

    if (intval($l_user) != $l_user) {
      // ** Be sure l_user matches what was decrypted.. if not then fail
      $l_user = -1;
    } else {
      $l_user = intval($l_user);
    }
    /*
    print_r($l_cookieval_ary);
    print "<BR>C1 - " . $l_cookieval_ary['C1'];
    print "<br>" . encrypt($l_user, $MasterKey);
    print "<br>::$l_user::";
    print "<br/>Secret key :: $DMSAPP_SECRET_KEY";
    print "<Br>" . sha1($DMSAPP_SECRET_KEY . $l_cookieval_ary['C1'] . $l_cookieval_ary['C2'] . $l_cookieval_ary['C3']);
    $l_exptime = 999999999;
    */

    // ** Now authenticate the information looks correct -- by taking pieces and recreating the hashed value, if they are the same, then we are good
    // ** The decrypted user id MUST be an integer..
    if ((sha1($DMSAPP_SECRET_KEY . $l_cookieval_ary['C1'] . $l_cookieval_ary['C2'] . $l_cookieval_ary['C3']) == $l_cookieval_ary['C4'])) {
      // * DO I dare do a check here to see if the user is real...
      // * Do I now check the contents of the DEVICE cookie.. to ensure
      // it is correct??
      $sql = "SELECT *
              FROM {$DB_TABLE_PREFIX}user
              WHERE userid = " . intval($l_user);
      $user_rs = db_query($sql, $dbh);

      if ($user_row = db_fetch_array($user_rs)) {
        // Fetch the information needed to rebuild the Device Cookie and
        //
        $ret_user = $l_user;
        $l_email = trim($user_row['email']);
        $l_banking_user_id = trim($user_row['banking_user_id']);
        $l_pwd = trim($user_row['pwd']);
        $l_confword = trim($user_row['confidenceword']);

        $l_device_cookie_name = ReturnDeviceCookieName($DMSAPP_CURRENTCUCODE, $l_cookieval_ary['C3'], $l_email, $ret_user);

        if (isset($_COOKIE[$l_device_cookie_name])) {
          // ** Now rebuild the COOKIE VALUE AND MATCH WITH THE VALUE IN COOKIE
          //$l_CookieVal = sha1($DMSAPP_SECRET_KEY . $l_pwd . $l_email . $l_confword . $l_username);
          $l_CookieVal = sha1($DMSAPP_SECRET_KEY . $l_pwd . $l_email . $l_confword . $l_banking_user_id);

          if ($l_CookieVal == $_COOKIE[$l_device_cookie_name]) {
            // The information IS Correct...
            // Wonder if I should set email here as well..

            $ret_email = $l_email;

            // ** LASTLY CHECK THE TIME is still good
            if (time() < $l_cookieval_ary['C2']) {
              $ret_status = true;
            } // !! ELSE FAIL {TIME EXPIRED}

          }
        }  // !! ELSE FAIL {DEVICE COOKIE NOT FOUND}
      } // !! ELSE FAIL {USER NOT FOUND}
    }  // !! ELSE FAIL {TICKET CONTENTS CORRUPT}

  }  // !! ELSE FAIL


  return Array($ret_status, $ret_user, $ret_email, $l_cookieval_ary['C3']);
}

function ReturnDeviceCookieName($p_cucode, $p_logintype, $p_email, $p_userid) {
  global $DB_TABLE_PREFIX;
  return sha1("{$DB_TABLE_PREFIX}{$p_cucode}Tu0geethSaith7ch{$p_logintype}{$p_email}{$p_userid}");
}

function SetLnappDeviceCookie($p_hb_env, $p_cookiename, $p_cookieval, $pSessionCookie = false) {
  global $DMSAPP_Device_Cookie_ExpireTime, $DMSAPP_Cookie_Domain;

  $cooked_exp = $pSessionCookie ? 0 : time() + $DMSAPP_Device_Cookie_ExpireTime;     // Expire the time using the configurable option

  // ** Later can use the option for httponly -- this limits certain browsers
  // * from allowing scripting languages access to the cookie

  HCU_setcookie_env($p_hb_env['SYSENV'], $p_cookiename, $p_cookieval, $cooked_exp);
}
// ** DMSAppSetCookie
// ** This function will be my standard function to set the cookie.. At this time
  // * it is located in the usermaint but it may need to be put into the AppMain
  // * file
  // * Cookie will be valid for 30 minutes at this time
function DMSAppSetCookie($p_hb_env, $userid, $p_logintype, $p_ForceExpired = false) {

  global $MasterKey, $DMSAPP_Cookie_ExpireTime, $DMSAPP_USERID_CookieString, $DMSAPP_Cookie_Domain, $DMSAPP_SECRET_KEY;

//  $cooked_val = encrypt($userid, $MasterKey);
//  $cooked_exp = time() + 60 * $DMSAPP_Cookie_ExpireTime;     // Expire the time using the configurable option
  $l_uid = encrypt($userid, $MasterKey);

  if (!$p_ForceExpired) {
    $l_exptime = time() + (60 * $DMSAPP_Cookie_ExpireTime);     // Expire the time using the configurable option
  } else {
    $l_exptime = time() - 60;
  }


  // * values being saved on the cookie are
  // * C1 - The user ID
  // * C2 - The Expiring time
  // * C3 - User Login Type {H,L} HomeBanking/LoanApp
  // * C4 - an sha1 hash of the values PLUS the DMS SECRET KEY
  $cooked_val = "C1=" . urlencode($l_uid) . "&C2=$l_exptime&C3=$p_logintype&C4=" . sha1($DMSAPP_SECRET_KEY . $l_uid . $l_exptime . $p_logintype);

  // ** Later can use the option for httponly -- this limits certain browsers
  // * from allowing scripting languages access to the cookie
//  setcookie($DMSAPP_USERID_CookieString, $cooked_val, $cooked_exp, "/", $DMSAPP_Cookie_Domain, 1);

  // ** -- Purpose is to be similar to what is being done in home banking.. Create a cookie that
    // * Contains the needed information in the cookie, however at the same time I want to create
    // * the cookie to exist as long as the user does NOT close the browser. so if they time out
    // * they immediately end up at the password screen again..

  HCU_setcookie_env($p_hb_env['SYSENV'], $DMSAPP_USERID_CookieString, $cooked_val);
}

// If the cookie is still valid then reset the expiration time.
function DMSAppCookieResetTimer($p_hb_env) {
  global $DMSAPP_Cookie_Domain, $DMSAPP_USERID_CookieString, $DMSAPP_Cookie_ExpireTime, $MasterKey, $DMSAPP_SECRET_KEY;

  // ** This will check the credentials for the current user.. they will be sent
  // * to the intro page if the cookie does not exist..

  if (isset($_COOKIE[$DMSAPP_USERID_CookieString])) {
    // ** COOKIE IS SET --- EXPLODE OUT THE PIECES THAT ARE HERE..

    $l_cookieval_ary = array();
    parse_str($_COOKIE[$DMSAPP_USERID_CookieString], $l_cookieval_ary);
    $l_user = trim(decrypt($l_cookieval_ary['C1'], $MasterKey));

    if (intval($l_user) == $l_user) {
      $l_user = intval($l_user);
    }

    // ** Now authenticate the information looks correct -- by taking pieces and recreating the hashed value, if they are the same, then we are good
    // ** The decrypted user id MUST be an integer..
    if ((sha1($DMSAPP_SECRET_KEY . $l_cookieval_ary['C1'] . $l_cookieval_ary['C2'] . $l_cookieval_ary['C3']) == $l_cookieval_ary['C4'])) {
      // also
      if (time() < $l_cookieval_ary['C2']) {
        $l_exptime = time() + (60 * $DMSAPP_Cookie_ExpireTime);     // Expire the time using the configurable option
        $newC4 = sha1($DMSAPP_SECRET_KEY . $l_user . $l_exptime . $p_logintype);

        $reBakedVal = "C1={$l_cookieval_ary['C1']}&C2=$l_exptime&C3={$l_cookieval_ary['C3']}&C4=" . $newC4;

        setcookie($DMSAPP_USERID_CookieString, $reBakedVal, 0, "/", $DMSAPP_Cookie_Domain, 1);
      }
    }
  }

  return;
}

function Disclosure_Exists($p_LoanID = -1, $p_RespID = -1) {
  global $dbh, $DMSAPP_CUHOME_PATH;
  // ** Purpose - This function will determine if a Disclosure exists for a specific loan
    // * it can look up a disclosure by either the LoanID or by the RespID from the
    // * lnappuserresponse table.
  // * It will lookup the disclosure name from the lnappschemaheader table and
    // * and then verify the file exists on the File System.

  // ** Parameters - p_LoanID - The LoanID from the lnappschemaheader table
  //                 p_RespID - The RespID from the lnappuserresponse table
  // ** Returns: This function will return a {True/False} boolean

  $l_Return = False;        // * I will assume False UNTIL FOUND

  if ($p_LoanID >= 0 || $p_RespID >= 0) {
    // ** Determine the query to use to lookup
    $sql = "";
    if ($p_LoanID >= 0) {
      $sql = "SELECT loandisclosure_fragment
              FROM lnappschemamaster
              WHERE loanid = " . intval($p_LoanID) . " ";
    } elseif ($p_RespID >= 0) {
      $sql = "SELECT loandisclosure_fragment
              FROM lnappschemamaster
              JOIN lnappuserresponse on lnappuserresponse.loanid = lnappschemamaster.loanid
              WHERE respid = " . intval($p_RespID) . " ";
    }
    $disc_rs = db_query($sql, $dbh);
    list($disc_filename) = db_fetch_array($disc_rs);

    if (trim($disc_filename) != '') {
      // * *NOW LOOK UP THE FILE to see if it exists
      if (file_exists($DMSAPP_CUHOME_PATH . $disc_filename)) {
        // ** FILE EXISTS -- SO I WILL BE SHOWING
        $l_Return = True;
      }
    }
  } else {
    // * NEITHER value is set... why??
    $l_Return = False;
  }


  return $l_Return;
}
function SetAppMode($p_dbh, $p_cu, $p_dmsapp_online, $p_allowReadonly) {

  $retMode = Array("offline" => false, "offlineReadonly" => false, "offlineDesc" => "The loan application is currently offline. Please check back later.");
  // ** Need to retrieve the Offline status from the core
  $sql = "SELECT offlinestat, offlineblurb
          FROM cuadmin
          WHERE cu = '{$p_cu}'; ";

  if ($off_rs = db_query($sql, $p_dbh)) {
    $off_row = db_fetch_assoc($off_rs, 0);
    $curOfflineStat = $off_row['offlinestat'];
    $retMode['offlineDesc'] = $off_row['offlineblurb'];

    // ** Allow ReadOnly should only be set for certain scripts
    $setArray = array('Cu'=>$p_cu, 'offline'=>$curOfflineStat, 'live'=>$GLOBALS['DMSAPP_CULIVE'], 'allowReadonly'=>$p_allowReadonly);
    $retMode['offline'] = hcu_checkOffline($p_dbh, $setArray);

    // ** offline Readonly is to help me to identify if the credit union is offline for readonly mode
      // ** some scripts I will have different permissions.  I will allow the script as a whole to be executed
      // ** however, I will NOT let them do certain features for READONLY
    $retMode['offlineReadonly'] = ($curOfflineStat == "R");
  }

  // offline
      // ** true -- Continue with the script, we are either "live/batch" and online OR
        // batch -- readonly and this script allows readonly access
      // ** false -- do NOT continue with "live" actions, such as application submits

  return $retMode;
}

function RefreshCookie($p_hb_env) {
  global $DMSAPP_CURRENTUSERID, $DMSAPP_CURRENTEMAIL, $DMSAPP_LOGINTYPE;

  // ** GUILTY!! unless proven INNOCENT
  $Refresh_Return = "False";

  // ** GET THE COOKIE --
  list($check_status, $check_user, $check_email, $check_logintype) = Check_Credentials();
  if (intval($check_user) == $check_user) {
    $DMSAPP_CURRENTUSERID = $check_user;
    $DMSAPP_CURRENTEMAIL = strtolower($check_email);
    $DMSAPP_LOGINTYPE = $check_logintype;

    if ($check_status) {
      // ** THE CREDENTIALS ARE VALID -- EXTEND THE COOKIE
      DMSAppSetCookie($p_hb_env, $DMSAPP_CURRENTUSERID, $DMSAPP_LOGINTYPE);
      $Refresh_Return = "True";
    }
  }

  return $Refresh_Return;
} // end RefreshCookie

/**
 *  Get all the loans associated with a specified user.
 *
 *  @param array pHbEnv - The current environment array
 *  @param integer pUserId - Loan User Id associated to the search
 *
 *  @return array
 *            [code]  -- {000, 999}
 *            [error] -- * optional
 *            [data]  -- array of array
 *              [LoanRespId] - Response Id for this User Loan
 *              [LoanType] - Loan Description
 *              [LoanName] - Loan Name
 *              [LoanStartOn] - Loan Started On
 *              [LoanSubmitOn] - Loan Submitted On
 *              [CuLoanStatus] - Loan Response Status
 *              [CuLoanResp] - Loan Response Status Desc
 *              [CuLoanId] - Loan Response Core Id
 *              [LoanDispStatus] - Loan Display Response
 *              [LoanAction] -- What actions can be taken against this loan
 *                    [edit] - can the loan be viewed
 *                    [delete] - can the loan be deleted
 *                    [view] - can the loan be viewed/printed
 */
function GetAllUserLoans($pHbEnv, $pUserId) {

/*
 *      // ** This has not been submitted -- Allow Edit
      if (($DMSAPP_CULIVE) || (!$DMSAPP_CULIVE && !($DMSAPP_MODE_ARY['offline'] && $DMSAPP_MODE_ARY['offlineReadonly'])) ) {
        // ** DO NOT ALLOW EDITING if Batch and readonly, which is only way to get here.. I think..
        $row_Action = "<a href='$self_full_url?f=entry&load=" . disp_text($resp_row['respid']) . "' title='Edit Application'><img src='{$http_script_path}images/appedit.png' class='icons' /></a>";

        $row_Action .= "&nbsp;<a href='$self_full_url?f=loandelete&remove=" . disp_text($resp_row['respid']) . "' title='Delete Application'><img src='{$http_script_path}images/apptrash.png' class='icons' /></a>";
      }
      $row_Action .= "&nbsp;<a href='$self_full_url?f=viewapplication&viewapp=" . disp_text($resp_row['respid']) . "' target='_blank' title='View Application'><img src='{$http_script_path}images/appinfo.png' class='icons' /></a>";
*/

  global $DMSAPP_CULIVE, $DMSAPP_MODE_ARY;


  $retVal = Array("code" => "000", "data" => Array());
  try {
    $dbh = HCU_array_key_value('dbh', $pHbEnv);

    if (db_connection_status($dbh) !== PGSQL_CONNECTION_OK) {
      throw new Exception ("Database Error");
    }
    /* * GENERATE QUERY * */
    $sql = "SELECT  userresponse.*, schemamaster.loantitle,
              to_char(userresponse.respstarton,'MM/DD/YYYY HH12:MI') as user_startedon,
              to_char(userresponse.respsubmiton,'MM/DD/YYYY  HH12:MI') as user_submiton,
              trim(userresponse.resplname) || ', ' || trim(userresponse.respfname) || ' ' || userresponse.respmname as name,
              case when resplastinquire + interval '5' minute < now() then 'T' else 'F' end as inquire
            FROM {$pHbEnv['DB_TABLE_PREFIX']}userresponse as userresponse
            JOIN  {$pHbEnv['DB_TABLE_PREFIX']}schemamaster as schemamaster
              ON schemamaster.loanid = userresponse.loanid
            WHERE userid = " . intval($pUserId) . "
            ORDER BY respstarton desc ";

//        echo $sql;
  $resp_rs = db_query($sql, $dbh);


    /*
     * PROCESS EACH ROW
     */
    $resp_cnt = 0;

    while ($resp_row = db_fetch_array($resp_rs, $resp_cnt)) {
      $resp_cnt++;  // Increment for next row

      $dataRow = Array();  // * Reset row array
  /*
      if ($resp_cnt == 1) {
        // ** FOR THE FIRST ROW start with the header table informaiton
    print "
            <h4 class='divTableCaption'>Current Loan Applications</h4>
            <div class='divTableHeadRow'>
              <div class='divTableCell'><h5 class='divTableColHdr'>Action&nbsp;</h5></div>
              <div class='divTableCell2'><h5 class='divTableColHdr'>Loan For&nbsp;</h5></div>
              <div class='divTableCell2'><h5 class='divTableColHdr'>Loan Type</h5></div>
              <div class='divTableCell'><h5 class='divTableColHdr'>Started On</h5></div>
              <div class='divTableCell'><h5 class='divTableColHdr'>Submitted On</h5></div>
              <div class='divTableCell2'><h5 class='divTableColHdr'>Loan Status</h5></div>
  <!--            <div class='divTableCell2'><h5 class='divTableColHdr'>Submit Response</h5></div>
             </div>
             <div class='divTableHeadRow'>
              <div class='divTableCell'><h5 class='divTableColHdr'>CU Loan ID</h5></div>-->
            </div> ";     // ** END THE TABLE CREATION and header row
      }
  */
      $dataRow['LoanRespId'] = intval($resp_row['respid']);
      $dataRow['LoanId'] = intval($resp_row['loanid']);
      $dataRow['LoanType'] = disp_text($resp_row['loantitle']);
      $dataRow['LoanName'] = disp_text($resp_row['name']);
      $tempName = disp_text($resp_row['resplname']) . ', ' . disp_text($resp_row['respfname']) . ' ' . disp_text($resp_row['respmname']);
      $dataRow['LoanName'] = (strlen(trim($tempName)) > 1 ? $tempName : '');
      $dataRow['LoanStartOn'] = disp_text($resp_row['user_startedon']);
      $dataRow['LoanSubmitOn'] = disp_text($resp_row['user_submiton']);

      $dataRow['CuLoanStatus'] = disp_text($resp_row['respstatus']);
      $dataRow['CuLoanResp'] = disp_text($resp_row['respstatusdesc']);

      $dataRow['CuLoanId'] = (disp_text($resp_row['respcoreloanappid']) == -1 ? "" : disp_text($resp_row['respcoreloanappid']));
      $dataRow['LoanAction'] = Array("edit" => false,
                                     "delete" => false,
                                     "view" => false);

      // * Based on the submitted date, it will either allow editing OR print summary
      $row_Action = "";
      if (!isset($row_SubmitOn) || $row_SubmitOn == "") {
        // ** This has not been submitted -- Allow Edit
        if (($DMSAPP_CULIVE) || (!$DMSAPP_CULIVE && !($DMSAPP_MODE_ARY['offline'] && $DMSAPP_MODE_ARY['offlineReadonly'])) ) {

          $dataRow['action']['edit'] = true;
          $dataRow['action']['delete'] = true;

          // ** DO NOT ALLOW EDITING if Batch and readonly, which is only way to get here.. I think..
  //        $row_Action = "<a href='$self_full_url?f=entry&load=" . $dataRow['LoanRespId'] . "' title='Edit Application'><img src='{$http_script_path}images/appedit.png' class='icons' /></a>";

  //        $row_Action .= "&nbsp;<a href='$self_full_url?f=loandelete&remove=" . $dataRow['LoanRespId'] . "' title='Delete Application'><img src='{$http_script_path}images/apptrash.png' class='icons' /></a>";
        }
        $dataRow['action']['view'] = true;

  //      $row_Action .= "&nbsp;<a href='$self_full_url?f=viewapplication&viewapp=" . $dataRow['LoanRespId'] . "' target='_blank' title='View Application'><img src='{$http_script_path}images/appinfo.png' class='icons' /></a>";
      } else {
        $dataRow['action']['view'] = true;
        // ** This has been submitted -- ONLY ALLOW Print
  //      $row_Action = "<a href='$self_full_url?f=viewapplication&viewapp=" . $dataRow['LoanRespId'] . "' target='_blank' title='View Application'><img src='{$http_script_path}images/appinfo.png' class='icons' /></a>";

        // ** For certain loan statuses I want to requery the core for possible loan status update
        // ** ONLY 026 -- Loan App Pending
        // * First check to verify it has been about 5 minutes
        // * values are T for it has been 5 minutes or F if it has not
        if ($resp_row['inquire'] == 'T' && $DMSAPP_ONLINE && $DMSAPP_MODE_ARY['offline']) {

          if ((strpos(":" . $dataRow['CuLoanStatus'] . ":", ":026:") !== false) && ($dataRow['LoanId'] > 0)) {
            list($inq_status, $inq_desc) = InquireApplication($dataRow['LoanRespId'], $dataRow['LoanId']);
  //          $inq_status = $resp_row['respstatus'];
            // * if the descriptions do not match then do the next part
            //
            //** ALWAYS SET THE LAST INQUIRE -- SO WE DON't OVER DO SUBMITTING TO CORE
            // ** REMOVE COMMENT
            // ** 999 was found -- the application was ALREADY submitted once to get the 000 or 026
              // * status .. but if we now have gotten here and the status returned is 999
              // * then the throtlpkt did NOT update the record with the resplastinquire and
              // * I will do that here
            $sql = "UPDATE {$DB_TABLE_PREFIX}userresponse
                    SET resplastinquire = now()
                    WHERE respid = " . $dataRow['LoanRespId'] . "
                      AND userid = " . intval($pHbEnv['Uid']) . " ";

            $upd_rs = db_query($sql, $dbh);

            if (trim($inq_status) != trim($resp_row['respstatus'])) {
              // ** If the descriptions changed, tehn use the one from the inquire app funciton
              $dataRow['CuLoanStatus'] = $inq_status;
              $dataRow['CuLoanResp'] = disp_text($inq_desc);

            }
          }
        }
        if ($dataRow['CuLoanResp'] != '') {
  //        $row_CULoanResp_Img = "<a href='#' class='popup' title='$row_CULoanResp'><img src='{$http_script_path}images/appnote.png' class='icons'/></a>";
        }

        switch ($dataRow['CuLoanStatus']) {
          case "000":
            $row_DisplayStatus = "Received";
            break;
          case "020":
            // ** SUBMIT ERROR - Missing Field
          case "021":
            // ** SUBMIT ERROR - Invalid Member #
          case "022":
            // ** SUBMIT ERROR - Member # and SSN mismatch
            $row_DisplayStatus = "Submit Error";
            break;
            // ** 025, 026, 027, 028, 029 -- are relevent to an INQAPP request
          case "025":
            // ** Invalid Application ID
            // *nothing to do right now for this..
            break;
          case "027":
            // ** Application Approved -_ NEED APPROVAL DATE
            $row_DisplayStatus = "Approved";
          case "028":
            // ** Application Rejected -- NEED REJECTED DATE
            $row_DisplayStatus = "Rejected";
          case "026":
            // ** Application Pending
            $row_DisplayStatus = "Pending";
            break;
          case "029":
            // ** Application Submitted -- Needs further review
          case "030":
            // ** Application Submitted -- Contact Credit Union for additional information
            $row_DisplayStatus = "Submitted";
        }
        $dataRow['CuLoanResp'] = $row_DisplayStatus;
      }
      // ** Append new row
      $retVal['data'][] = $dataRow;
    }
  } catch (Exception $e) {
    $retVal['code'] = '999';

  }

  /* RETURN ARRAY */
  return $retVal;
}


/**
 * GetClassPropertyVal
 *
 * This will return a property of a class object, but only if it is set.
 * Adding this to help when json is decoded into a class object.
 *
 * @param object $objVal - The object in question
 * @param string $property - The object propert we want
 *
 * @return mixed
 *         false - the property does not exist
 *           else - the value of the property of the object
 */
function GetClassPropertyVal($objVal, $property) {
  $bolRet = false;

  if (is_object($objVal)) {
    if (property_exists($objVal, $property)) {
      $bolRet = $objVal->{$property};
    }
  }

  return $bolRet;
}

/**
 * This function will verify the specified user has LOAN account access for the
 * specified account.
 * It will use the Banking function Get_FeatureAccounts to retrieve the list
 *   and verify the account is one of the valid options
 *
 * @param object $pHbEnv - The Session Environment options
 * @param integer $pUserId - The banking user id to verify
 * @param string $pSelAcct - The selected account for the user
 * @param string $pPlatform - Character: D(esktop), M(obiile), A(pp)
 *
 * @return boolean
 *      true - Valid Account
 *      false - Invalid Account
 */
function VerifyUserAccountAccessForLoan($pHBEnv, $pUserId, $pSelAcct) {

  $pHBEnv['Uid'] = $pUserId;

  $pUsePlat = ($pHBEnv['platform'] == "MBL" ? "M" : "D");
  $acctList = Get_FeatureAccounts( $pHBEnv, "LOAN", $pUsePlat );

  return (in_array($pSelAcct, $acctList) !== false);

}