diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-08-17 11:13:51 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-08-17 11:13:51 +0200 |
| commit | e59af343b898950ac004a949b6391d3724f0a551 (patch) | |
| tree | 7e8d4d5e2b77745cc02081da6b615d64dbd71fa7 /phpBB/phpbb/auth/provider | |
| parent | 9a992a48666b1769522002d84f5d6e995dca80fb (diff) | |
| parent | ecb39bc435946afc930ef68c86bb5ec441e9e3c0 (diff) | |
| download | forums-e59af343b898950ac004a949b6391d3724f0a551.tar forums-e59af343b898950ac004a949b6391d3724f0a551.tar.gz forums-e59af343b898950ac004a949b6391d3724f0a551.tar.bz2 forums-e59af343b898950ac004a949b6391d3724f0a551.tar.xz forums-e59af343b898950ac004a949b6391d3724f0a551.zip | |
Merge pull request #5658 from rubencm/ticket/13175
[ticket/13175] Check if account is already linked when using OAuth
Diffstat (limited to 'phpBB/phpbb/auth/provider')
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 1a3083d42e..0d94acfbca 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -634,6 +634,21 @@ class oauth extends \phpbb\auth\provider\base */ protected function link_account_perform_link(array $data) { + // Check if the external account is already associated with other user + $sql = 'SELECT user_id + FROM ' . $this->auth_provider_oauth_token_account_assoc . " + WHERE provider = '" . $this->db->sql_escape($data['provider']) . "' + AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'); + } + + // Link account $sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . ' ' . $this->db->sql_build_array('INSERT', $data); $this->db->sql_query($sql); |