<?php
require './_shared.php';
?>
<h1>WePay Demo App: Open Account</h1>
<a href="index.php">Back</a>
<br />

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	if (isset($_POST['account_name']) && isset($_POST['account_description'])) {
		// WePay sanitizes its own data, but displaying raw POST data on your own site is a XSS security hole.
		$name = htmlentities($_POST['account_name']);
		$desc = htmlentities($_POST['account_description']);
		try {
			$wepay = new WePay($_SESSION['wepay_access_token']);
			$account = $wepay->request('account/create', array(
				'name' => $name,
				'description' => $desc,
			));
			echo "Created account $name for '$desc'! View on WePay at <a href=\"$account->account_uri\">$account->account_uri</a>. See all of your accounts <a href=\"accountlist.php\">here</a>.";
		}
		catch (WePayException $e) {
			// Something went wrong - normally you would log
			// this and give your user a more informative message
			echo $e->getMessage();
		}
	}
	else {
		echo 'Account name and description are both required.';
	}
}
?>

<form method="post">
	<fieldset>
		<legend>Account Info</legend>

		<label for="account_name">Account Name:</label><br />
		<input type="text" id="account_name" name="account_name" placeholder="Ski Trip Savings"/>

		<br /><br />

		<label for="account_description">Account Description: </label><br />
		<textarea name="account_description" rows="10" cols="40" placeholder="Saving up some dough for our ski trip!"></textarea>

		<br /><br />

		<input type="submit" value="Open account" />
	</fieldset>
</form>