public function profile()
{
if ($this->request->isGet()) {
$data['session_user'] = $this->session->get('user');
$user = \PhalconRest\Models\Users::findFirst(array("username = :username:", 'bind' => array('username' => $data['session_user']['username'])));
$data['message'] = 'you are ok';
$data['user'] = $user;
return $this->respond($data);
}
}
/**
* custom function to mark an account for password reset
* for active accounts, move their status to Reset and create a new CODE
* otherwise throw an error
*
* @param string $email
*/
public static function reminder($email, $inactive = false)
{
// extra wrinkle to prevent from scenarios from converting an inactive user to active
// ie if a public user wants to reset an account, they can only reset active accounts
if ($inactive) {
$where = "email = :email:";
} else {
$where = "email = :email: AND active <> 0";
}
// SELECT u.email, o.account_id
// FROM owners AS o
// JOIN accounts AS a ON o.account_id = a.id
// JOIN users AS u ON o.user_id = u.id
// WHERE a.active <> 0
// AND u.email = '*****@*****.**';
// look for either active or password reset
$query = \PhalconRest\Models\Users::query()->where($where);
$search = array('email' => $email);
$users = $query->bind($search)->execute();
$user = $users->getFirst();
if ($user) {
//only process owners this way
if ($user->user_type == 'Owner') {
$owner = $user->Owners;
$account = $owner->Accounts;
// mark for password reset
// this way a user can only attempt to reset the password of an account that has performed this step
// check that account is valid
if ($account and $account->active !== 0) {
// should work for either Owner or Employee
$user->active = 2;
// generate a pseudo random string for the activation code
$user->code = substr(md5(rand()) . md5(rand()), 0, 45);
// send email somewhere around here
// update record
if ($user->save() == false) {
throw new ValidationException("Could not request reminder.", array('dev' => 'Could not update user record while resetting the password', 'code' => '9891861681618761584684'), $user->getMessages());
} else {
return true;
}
} else {
// modify the user and return the code
throw new HTTPException("Bad activation data supplied.", 400, array('dev' => "Account is not eligable for password resets. Email: {$email}", 'code' => '2168546681'));
}
} else {
//other code for an employee
}
} else {
// somehow test for false results
throw new HTTPException("The identifier you supplied is invalid.", 400, array('dev' => "Supplied identifier was not valid. Email: {$email}", 'code' => '89841911385131'));
}
return false;
}
public function search()
{
$records = Users::find();
$records = $records->toArray();
$results = array();
foreach ($records as $record) {
$match = true;
foreach ($this->searchFields as $field => $value) {
if (!(strpos(strtolower($record[$field]), strtolower($value)) !== FALSE)) {
$match = false;
}
}
if ($match) {
$results[] = $record;
}
}
return $results;
}
/**
* run after login to reset the local token
*/
public function resetToken($wipe = false)
{
$search = "email = '{$this->email}' and active = '1'";
$user = \PhalconRest\Models\Users::findFirst($search);
if (!$user) {
throw new HTTPException("No valid user account was found", 401, array('dev' => "This has to be a bug to have made it this far.", 'internalCode' => '760708898897686'));
break;
}
if ($wipe) {
$this->token = $user->token = null;
$this->expiresOn = $user->token_expires = null;
// last login
} else {
$this->token = $user->token = $this->generateToken();
$this->expiresOn = $user->token_expires = $this->generateExpiration();
// last login
}
return $user->save();
}
/**
* check the username & password against the local user table source
*
* @param string $email
* @param false $password
* @return boolean
*/
function authenticate($email, $password)
{
$users = \PhalconRest\Models\Users::find(array("email = '{$email}'", "active" => 1));
switch ($users->count()) {
case 1:
$user = $users->getFirst();
// compare password
$security = $this->di->get('security');
if ($security->checkHash($password, $user->password)) {
// The password is valid
return true;
} else {
return false;
}
break;
default:
// to many user accounts found
return false;
break;
}
}
/**
* custom function to take in a email and activation code
* if a match is found on three criteria
* 1)active
* 2)code
* 3)email
* ....switch the account from inactive to active
*
* @throws HTTPException
* @return array
*/
public function activate()
{
$email = $this->request->getPost("email", array("email"));
$code = $this->request->getPost("code", array("string", "alphanum"));
if (strlen($code) < 25 or strlen($email) < 6) {
throw new ValidationException("Bad activation data supplied", ['dev' => "Supplied activation email or code were not valid. Email: {$email}", 'code' => '98411916891891'], ['code' => 'The could should be 25 characters or greater', 'email' => 'The email must be greater than 5 characters']);
}
$search = array('email' => $email, 'code' => $code);
$users = \PhalconRest\Models\Users::query()->where("email = :email:")->andWhere("active = 0")->andWhere("code = :code:")->bind($search)->execute();
$user = $users->getFirst();
if ($user) {
$user->active = 1;
$user->code = NULL;
$result = $user->save();
// update account as well
if ($user->user_type == 'Owner') {
$owner = $user->Owners;
$account = $owner->Accounts;
$account->active = 1;
$result = $account->save();
if ($result) {
return array('status' => 'Active', 'result' => $result);
} else {
throw new ValidationException("Internal error activating user", array('code' => '6456513131', 'dev' => 'Error while attempting to activate account'), $account->getMessages());
}
}
return array('status' => 'Active', 'result' => $result);
} else {
throw new HTTPException("Bad activation data supplied", 400, array('dev' => "Could not find valid account Email: {$email}", 'code' => '2168546681'));
}
}
