/** * Creates data provider instance with search query applied * * @param array $params * * @return ActiveDataProvider */ public function search($params) { $query = Users::find(); $dataProvider = new ActiveDataProvider(['query' => $query]); $this->load($params); if (!$this->validate()) { // uncomment the following line if you do not want to return any records when validation fails // $query->where('0=1'); return $dataProvider; } $query->andFilterWhere(['id' => $this->id, 'admin' => $this->admin]); $query->andFilterWhere(['like', 'login', $this->login])->andFilterWhere(['like', 'password', $this->password])->andFilterWhere(['like', 'name', $this->name])->andFilterWhere(['like', 'email', $this->email])->andFilterWhere(['like', 'phone', $this->phone])->andFilterWhere(['like', 'photo', $this->photo]); return $dataProvider; }
/** * @api {post} /admin/users/login POST /users/login * @apiExample Example usage: * curl -i -X POST "http://apibeta.compargo.com/v1/admin/users/login/?countryCode=ph&language=en" * -H "X-COMPARE-REST-API-KEY: 1234567890" * -d "emailAddress=steve@moneymax.ph&password=secret" * @apiDescription Authenticates a User * @apiName LoginUser * @apiGroup Users * * @apiHeader {String} X-COMPARE-REST-API-KEY Users unique access-key. * * @apiParam {String} language Mandatory Language. * @apiParam {String} countryCode Mandatory Country Code. * @apiParam {String} emailAddress Mandatory Email Address of the User. * @apiParam {String} password Mandatory Password of the User. * * @apiSuccess {Number} id ID of the User. * @apiSuccess {Number} groupId ID of the Group. * @apiSuccess {String} emailAddress Email Address of the User. * @apiSuccess {String} firstName Firstname of the User. * @apiSuccess {String} lastName Lastname of the User. * @apiSuccess {String} password Password of the User. * @apiSuccess {String} status Status of the User. * @apiSuccess {String} created Creation date of the User. * @apiSuccess {String} modified Modification date of the User. * * @apiSuccessExample Success-Response: * HTTP/1.1 200 OK * { * "id": "a8838d12-1dcc-11e4-b32d-eff91066cccf", * "groupId": "56c4b6c2-1d54-11e4-b32d-eff91066cccf", * "emailAddress": "*****@*****.**", * "firstName": "John", * "lastName": "Doe", * "status": 1, * "active": 1, * "created": "2014-07-11 09:13:27", * "modified": "2014-07-11 09:52:08", * "createdBy": "a8838d12-1dcc-11e4-b32d-eff91066cccf", * "modifiedBy": "a8838d12-1dcc-11e4-b32d-eff91066cccf" * } * * @apiError BadInputParameter The request cannot be fulfilled due to bad syntax. * * @apiErrorExample Error-Response: * HTTP/1.1 400 * { * "error": "BadInputParameter" * } * * * @apiError InvalidAccessToken The access token is invalid. * * @apiErrorExample Error-Response: * HTTP/1.1 401 Unauthorized * { * "error": "InvalidAccessToken" * } * * @apiError MissingAuthenticationCredentials The authentication credentials are missing. * * @apiErrorExample Error-Response: * HTTP/1.1 401 Unauthorized * { * "error": "MissingAuthenticationCredentials" * } * * @apiError RouteNotFound That route was not found on the server. * * @apiErrorExample Error-Response: * HTTP/1.1 404 * { * "error": "RouteNotFound" * } * @apiError InvalidUsernamePassword The email address and/or password are invalid. * * @apiErrorExample Error-Response: * HTTP/1.1 422 Request unable to be followed due to semantic errors * { * "error": "InvalidUsernamePassword" * } */ public function login() { $request = $this->di->get('request'); $emailAddress = $request->get('emailAddress'); $password = $request->get('password'); $user = new Users(); $result = $user->authenticate($emailAddress, $password); if (!$result) { throw new HTTPException("Request unable to be followed due to semantic errors", 422, array('dev' => 'Invalid username and/or password', 'internalCode' => 'P1000', 'more' => '')); } return $result; }
/** * Authenticate login credentials */ public function authenticate($email, $password) { $user = Users::findFirst('emailAddress = "' . $email . '"'); if (empty($user)) { return false; } $salt = $user->salt; $hash = $user->hash; $password = $salt . $password; $isPasswordOk = validate_password($password, $hash); if (!$isPasswordOk) { return false; } return $user; }
/** * Finds the Users model based on its primary key value. * If the model is not found, a 404 HTTP exception will be thrown. * @param integer $id * @return Users the loaded model * @throws NotFoundHttpException if the model cannot be found */ protected function findModel($id) { if (($model = Users::findOne($id)) !== null) { return $model; } else { throw new NotFoundHttpException('The requested page does not exist.'); } }