1 files changed, 53 insertions, 8 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index c7ebd1fb7f..e3f8394bba 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -191,7 +191,7 @@ class oauth extends \phpbb\auth\provider\base
 			return $provider->login($username, $password);
 		}
 
-		// Requst the name of the OAuth service
+		// Request the name of the OAuth service
 		$service_name_original = $this->request->variable('oauth_service', '', false);
 		$service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);
 		if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))
@@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base
 			$this->service_providers[$service_name]->set_external_service_provider($service);
 			$unique_id = $this->service_providers[$service_name]->perform_auth_login();
 
-			// Check to see if this provider is already assosciated with an account
+			/**
+			 * Check to see if this provider is already associated with an account.
+			 *
+			 * Enforcing a data type to make data contains strings and not integers,
+			 * so values are quoted in the SQL WHERE statement.
+			 */
 			$data = array(
-				'provider'	=> $service_name_original,
-				'oauth_provider_id'	=> $unique_id
+				'provider'			=> (string) $service_name_original,
+				'oauth_provider_id'	=> (string) $unique_id
 			);
 
 			$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
@@ -264,7 +269,7 @@ class oauth extends \phpbb\auth\provider\base
 			}
 
 			// Retrieve the user's account
-			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
+			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts
 				FROM ' . $this->users_table . '
 					WHERE user_id = ' . (int) $row['user_id'];
 			$result = $this->db->sql_query($sql);
@@ -276,11 +281,36 @@ class oauth extends \phpbb\auth\provider\base
 				throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');
 			}
 
+			/**
+			 * Check if the user is banned.
+			 * The fourth parameter, return, has to be true,
+			 * otherwise the OAuth login is still called and
+			 * an uncaught exception is thrown as there is no
+			 * token stored in the database.
+			 */
+			$ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true);
+			if (!empty($ban))
+			{
+				$till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : '';
+				$message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
+
+				$contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext);
+				$message = $this->user->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>');
+				$message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : '';
+				$message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '</em>' : '';
+
+				return array(
+					'status'	=> LOGIN_BREAK,
+					'error_msg'	=> $message,
+					'user_row'	=> $row,
+				);
+			}
+
 			// Update token storage to store the user_id
 			$storage->set_user_id($row['user_id']);
 
 			/**
-			* Event is triggered after user is successfuly logged in via OAuth.
+			* Event is triggered after user is successfully logged in via OAuth.
 			*
 			* @event core.auth_oauth_login_after
 			* @var    array    row    User row
@@ -398,7 +428,7 @@ class oauth extends \phpbb\auth\provider\base
 			if ($credentials['key'] && $credentials['secret'])
 			{
 				$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
-				$redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;
+				$redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name;
 				$login_data['BLOCK_VARS'][$service_name] = array(
 					'REDIRECT_URL'	=> redirect($redirect_url, true),
 					'SERVICE_NAME'	=> $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
@@ -609,6 +639,21 @@ class oauth extends \phpbb\auth\provider\base
 	*/
 	protected function link_account_perform_link(array $data)
 	{
+		// Check if the external account is already associated with other user
+		$sql = 'SELECT user_id
+			FROM ' . $this->auth_provider_oauth_token_account_assoc . "
+			WHERE provider = '" . $this->db->sql_escape($data['provider']) . "'
+				AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'";
+		$result = $this->db->sql_query($sql);
+		$row = $this->db->sql_fetchrow($result);
+		$this->db->sql_freeresult($result);
+
+		if ($row)
+		{
+			trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED');
+		}
+
+		// Link account
 		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
 			' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
@@ -714,7 +759,7 @@ class oauth extends \phpbb\auth\provider\base
 				AND user_id = " . (int) $user_id;
 		$this->db->sql_query($sql);
 
-		// Clear all tokens belonging to the user on this servce
+		// Clear all tokens belonging to the user on this service
 		$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
 		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
 		$storage->clearToken($service_name);