/**
* custom function to mark an account for password reset
* for active accounts, move their status to Reset and create a new CODE
* otherwise throw an error
*
* @param string $email
*/
public static function reminder($email, $inactive = false)
{
// extra wrinkle to prevent from scenarios from converting an inactive user to active
// ie if a public user wants to reset an account, they can only reset active accounts
if ($inactive) {
$where = "email = :email:";
} else {
$where = "email = :email: AND active <> 0";
}
// SELECT u.email, o.account_id
// FROM owners AS o
// JOIN accounts AS a ON o.account_id = a.id
// JOIN users AS u ON o.user_id = u.id
// WHERE a.active <> 0
// AND u.email = '*****@*****.**';
// look for either active or password reset
$query = \PhalconRest\Models\Users::query()->where($where);
$search = array('email' => $email);
$users = $query->bind($search)->execute();
$user = $users->getFirst();
if ($user) {
//only process owners this way
if ($user->user_type == 'Owner') {
$owner = $user->Owners;
$account = $owner->Accounts;
// mark for password reset
// this way a user can only attempt to reset the password of an account that has performed this step
// check that account is valid
if ($account and $account->active !== 0) {
// should work for either Owner or Employee
$user->active = 2;
// generate a pseudo random string for the activation code
$user->code = substr(md5(rand()) . md5(rand()), 0, 45);
// send email somewhere around here
// update record
if ($user->save() == false) {
throw new ValidationException("Could not request reminder.", array('dev' => 'Could not update user record while resetting the password', 'code' => '9891861681618761584684'), $user->getMessages());
} else {
return true;
}
} else {
// modify the user and return the code
throw new HTTPException("Bad activation data supplied.", 400, array('dev' => "Account is not eligable for password resets. Email: {$email}", 'code' => '2168546681'));
}
} else {
//other code for an employee
}
} else {
// somehow test for false results
throw new HTTPException("The identifier you supplied is invalid.", 400, array('dev' => "Supplied identifier was not valid. Email: {$email}", 'code' => '89841911385131'));
}
return false;
}
public function get()
{
if ($this->isSearch) {
$results = $this->search();
} else {
if ($this->isSorted) {
$result = Users::query()->order($this->sortFields)->execute();
$results = $result->toArray();
} else {
$result = Users::find();
$results = $result->toArray();
}
}
return $this->respond($results);
}
/**
* custom function to take in a email and activation code
* if a match is found on three criteria
* 1)active
* 2)code
* 3)email
* ....switch the account from inactive to active
*
* @throws HTTPException
* @return array
*/
public function activate()
{
$email = $this->request->getPost("email", array("email"));
$code = $this->request->getPost("code", array("string", "alphanum"));
if (strlen($code) < 25 or strlen($email) < 6) {
throw new ValidationException("Bad activation data supplied", ['dev' => "Supplied activation email or code were not valid. Email: {$email}", 'code' => '98411916891891'], ['code' => 'The could should be 25 characters or greater', 'email' => 'The email must be greater than 5 characters']);
}
$search = array('email' => $email, 'code' => $code);
$users = \PhalconRest\Models\Users::query()->where("email = :email:")->andWhere("active = 0")->andWhere("code = :code:")->bind($search)->execute();
$user = $users->getFirst();
if ($user) {
$user->active = 1;
$user->code = NULL;
$result = $user->save();
// update account as well
if ($user->user_type == 'Owner') {
$owner = $user->Owners;
$account = $owner->Accounts;
$account->active = 1;
$result = $account->save();
if ($result) {
return array('status' => 'Active', 'result' => $result);
} else {
throw new ValidationException("Internal error activating user", array('code' => '6456513131', 'dev' => 'Error while attempting to activate account'), $account->getMessages());
}
}
return array('status' => 'Active', 'result' => $result);
} else {
throw new HTTPException("Bad activation data supplied", 400, array('dev' => "Could not find valid account Email: {$email}", 'code' => '2168546681'));
}
}