[ticket/13175] Check if account is already linked when using OAuth

PHPBB3-13175
author: rubencm <rubencm@gmail.com> 2019-08-14 06:48:11 +0000
committer: rubencm <rubencm@gmail.com> 2019-08-14 14:51:19 +0000
commit: ecb39bc435946afc930ef68c86bb5ec441e9e3c0 (patch)
tree: 92db130a177558d1ef223209a73d91e2f4dea844 /phpBB/phpbb/auth/provider/oauth/oauth.php
parent: a4436fb54d6b3f18d183bf919d873459eb54a9e2 (diff)
download: forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar
forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar.gz
forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar.bz2
forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar.xz
forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index 1a3083d42e..0d94acfbca 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -634,6 +634,21 @@ class oauth extends \phpbb\auth\provider\base
 	*/
 	protected function link_account_perform_link(array $data)
 	{
+		// Check if the external account is already associated with other user
+		$sql = 'SELECT user_id
+			FROM ' . $this->auth_provider_oauth_token_account_assoc . "
+			WHERE provider = '" . $this->db->sql_escape($data['provider']) . "'
+				AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'";
+		$result = $this->db->sql_query($sql);
+		$row = $this->db->sql_fetchrow($result);
+		$this->db->sql_freeresult($result);
+
+		if ($row)
+		{
+			trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED');
+		}
+
+		// Link account
 		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
 			' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
author	rubencm <rubencm@gmail.com>	2019-08-14 06:48:11 +0000
committer	rubencm <rubencm@gmail.com>	2019-08-14 14:51:19 +0000
commit	ecb39bc435946afc930ef68c86bb5ec441e9e3c0 (patch)
tree	92db130a177558d1ef223209a73d91e2f4dea844 /phpBB/phpbb/auth/provider/oauth/oauth.php
parent	a4436fb54d6b3f18d183bf919d873459eb54a9e2 (diff)
download	forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar.gz forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar.bz2 forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.tar.xz forums-ecb39bc435946afc930ef68c86bb5ec441e9e3c0.zip