Пример #1
0
 /**
  * custom function to mark an account for password reset
  * for active accounts, move their status to Reset and create a new CODE
  * otherwise throw an error
  *
  * @param string $email            
  */
 public static function reminder($email, $inactive = false)
 {
     // extra wrinkle to prevent from scenarios from converting an inactive user to active
     // ie if a public user wants to reset an account, they can only reset active accounts
     if ($inactive) {
         $where = "email = :email:";
     } else {
         $where = "email = :email: AND active <> 0";
     }
     // SELECT u.email, o.account_id
     // FROM owners AS o
     // JOIN accounts AS a ON o.account_id = a.id
     // JOIN users AS u ON o.user_id = u.id
     // WHERE a.active <> 0
     // AND u.email = '*****@*****.**';
     // look for either active or password reset
     $query = \PhalconRest\Models\Users::query()->where($where);
     $search = array('email' => $email);
     $users = $query->bind($search)->execute();
     $user = $users->getFirst();
     if ($user) {
         //only process owners this way
         if ($user->user_type == 'Owner') {
             $owner = $user->Owners;
             $account = $owner->Accounts;
             // mark for password reset
             // this way a user can only attempt to reset the password of an account that has performed this step
             // check that account is valid
             if ($account and $account->active !== 0) {
                 // should work for either Owner or Employee
                 $user->active = 2;
                 // generate a pseudo random string for the activation code
                 $user->code = substr(md5(rand()) . md5(rand()), 0, 45);
                 // send email somewhere around here
                 // update record
                 if ($user->save() == false) {
                     throw new ValidationException("Could not request reminder.", array('dev' => 'Could not update user record while resetting the password', 'code' => '9891861681618761584684'), $user->getMessages());
                 } else {
                     return true;
                 }
             } else {
                 // modify the user and return the code
                 throw new HTTPException("Bad activation data supplied.", 400, array('dev' => "Account is not eligable for password resets. Email: {$email}", 'code' => '2168546681'));
             }
         } else {
             //other code for an employee
         }
     } else {
         // somehow test for false results
         throw new HTTPException("The identifier you supplied is invalid.", 400, array('dev' => "Supplied identifier was not valid. Email: {$email}", 'code' => '89841911385131'));
     }
     return false;
 }
Пример #2
0
 public function get()
 {
     if ($this->isSearch) {
         $results = $this->search();
     } else {
         if ($this->isSorted) {
             $result = Users::query()->order($this->sortFields)->execute();
             $results = $result->toArray();
         } else {
             $result = Users::find();
             $results = $result->toArray();
         }
     }
     return $this->respond($results);
 }
Пример #3
0
 /**
  * custom function to take in a email and activation code
  * if a match is found on three criteria
  * 1)active
  * 2)code
  * 3)email
  * ....switch the account from inactive to active
  *
  * @throws HTTPException
  * @return array
  */
 public function activate()
 {
     $email = $this->request->getPost("email", array("email"));
     $code = $this->request->getPost("code", array("string", "alphanum"));
     if (strlen($code) < 25 or strlen($email) < 6) {
         throw new ValidationException("Bad activation data supplied", ['dev' => "Supplied activation email or code were not valid. Email: {$email}", 'code' => '98411916891891'], ['code' => 'The could should be 25 characters or greater', 'email' => 'The email must be greater than 5 characters']);
     }
     $search = array('email' => $email, 'code' => $code);
     $users = \PhalconRest\Models\Users::query()->where("email = :email:")->andWhere("active = 0")->andWhere("code = :code:")->bind($search)->execute();
     $user = $users->getFirst();
     if ($user) {
         $user->active = 1;
         $user->code = NULL;
         $result = $user->save();
         // update account as well
         if ($user->user_type == 'Owner') {
             $owner = $user->Owners;
             $account = $owner->Accounts;
             $account->active = 1;
             $result = $account->save();
             if ($result) {
                 return array('status' => 'Active', 'result' => $result);
             } else {
                 throw new ValidationException("Internal error activating user", array('code' => '6456513131', 'dev' => 'Error while attempting to activate account'), $account->getMessages());
             }
         }
         return array('status' => 'Active', 'result' => $result);
     } else {
         throw new HTTPException("Bad activation data supplied", 400, array('dev' => "Could not find valid account Email: {$email}", 'code' => '2168546681'));
     }
 }