1 files changed, 246 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php
new file mode 100644
index 0000000000..bfe4804286
--- /dev/null
+++ b/phpBB/includes/ucp/ucp_login_link.php
@@ -0,0 +1,246 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_login_link
+* Allows users of external accounts link those accounts to their phpBB accounts
+* during an attempted login.
+*/
+class ucp_login_link
+{
+	/**
+	* @var	string
+	*/
+	public $u_action;
+
+	/**
+	* Generates the ucp_login_link page and handles login link process
+	*
+	* @param	int		$id
+	* @param	string	$mode
+	*/
+	function main($id, $mode)
+	{
+		global $phpbb_container, $request, $template, $user;
+		global $phpbb_root_path, $phpEx;
+
+		// Initialize necessary variables
+		$login_error = null;
+		$login_link_error = null;
+		$login_username = null;
+
+		// Build the data array
+		$data = $this->get_login_link_data_array();
+
+		// Ensure the person was sent here with login_link data
+		if (empty($data))
+		{
+			$login_link_error = $user->lang['LOGIN_LINK_NO_DATA_PROVIDED'];
+		}
+
+		// Use the auth_provider requested even if different from configured
+		$provider_collection = $phpbb_container->get('auth.provider_collection');
+		$auth_provider = $provider_collection->get_provider($request->variable('auth_provider', ''));
+
+		// Set the link_method to login_link
+		$data['link_method'] = 'login_link';
+
+		// Have the authentication provider check that all necessary data is available
+		$result = $auth_provider->login_link_has_necessary_data($data);
+		if ($result !== null)
+		{
+			$login_link_error = $user->lang[$result];
+		}
+
+		// Perform link action if there is no error
+		if (!$login_link_error)
+		{
+			if ($request->is_set_post('login'))
+			{
+				$login_username = $request->variable('login_username', '', true, \phpbb\request\request_interface::POST);
+				$login_password = $request->untrimmed_variable('login_password', '', true, \phpbb\request\request_interface::POST);
+
+				$login_result = $auth_provider->login($login_username, $login_password);
+
+				// We only care if there is or is not an error
+				$login_error = $this->process_login_result($login_result);
+
+				if (!$login_error)
+				{
+					// Give the user_id to the data
+					$data['user_id'] = $login_result['user_row']['user_id'];
+
+					// The user is now logged in, attempt to link the user to the external account
+					$result = $auth_provider->link_account($data);
+
+					if ($result)
+					{
+						$login_link_error = $user->lang[$result];
+					}
+					else
+					{
+						// Finish login
+						$result = $user->session_create($login_result['user_row']['user_id'], false, false, true);
+
+						// Perform a redirect as the account has been linked
+						$this->perform_redirect();
+					}
+				}
+			}
+		}
+
+		$template->assign_vars(array(
+			// Common template elements
+			'LOGIN_LINK_ERROR'		=> $login_link_error,
+			'PASSWORD_CREDENTIAL'	=> 'login_password',
+			'USERNAME_CREDENTIAL'	=> 'login_username',
+			'S_HIDDEN_FIELDS'		=> $this->get_hidden_fields($data),
+
+			// Registration elements
+			'REGISTER_ACTION'	=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
+
+			// Login elements
+			'LOGIN_ERROR'		=> $login_error,
+			'LOGIN_USERNAME'	=> $login_username,
+		));
+
+		$this->tpl_name = 'ucp_login_link';
+		$this->page_title = 'UCP_LOGIN_LINK';
+	}
+
+	/**
+	* Builds the hidden fields string from the data array.
+	*
+	* @param	array	$data	This function only includes data in the array
+	*							that has a key that begins with 'login_link_'
+	* @return	string	A string of hidden fields that can be included in the
+	*					template
+	*/
+	protected function get_hidden_fields($data)
+	{
+		$fields = array();
+
+		foreach ($data as $key => $value)
+		{
+			$fields['login_link_' . $key] = $value;
+		}
+
+		return build_hidden_fields($fields);
+	}
+
+	/**
+	* Builds the login_link data array
+	*
+	* @return	array	All login_link data. This is all GET data whose names
+	*					begin with 'login_link_'
+	*/
+	protected function get_login_link_data_array()
+	{
+		global $request;
+
+		$var_names = $request->variable_names(\phpbb\request\request_interface::GET);
+		$login_link_data = array();
+		$string_start_length = strlen('login_link_');
+
+		foreach ($var_names as $var_name)
+		{
+			if (strpos($var_name, 'login_link_') === 0)
+			{
+				$key_name = substr($var_name, $string_start_length);
+				$login_link_data[$key_name] = $request->variable($var_name, '', false, \phpbb\request\request_interface::GET);
+			}
+		}
+
+		return $login_link_data;
+	}
+
+	/**
+	* Processes the result array from the login process
+	* @param	array	$result	The login result array
+	* @return	string|null	If there was an error in the process, a string is
+	*						returned. If the login was successful, then null is
+	*						returned.
+	*/
+	protected function process_login_result($result)
+	{
+		global $config, $request, $template, $user, $phpbb_container;
+
+		$login_error = null;
+
+		if ($result['status'] != LOGIN_SUCCESS)
+		{
+			// Handle all errors first
+			if ($result['status'] == LOGIN_BREAK)
+			{
+				trigger_error($result['error_msg']);
+			}
+
+			switch ($result['status'])
+			{
+				case LOGIN_ERROR_ATTEMPTS:
+
+					$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
+					$captcha->init(CONFIRM_LOGIN);
+
+					$template->assign_vars(array(
+						'CAPTCHA_TEMPLATE'			=> $captcha->get_template(),
+					));
+
+					$login_error = $user->lang[$result['error_msg']];
+				break;
+
+				case LOGIN_ERROR_PASSWORD_CONVERT:
+					$login_error = sprintf(
+						$user->lang[$result['error_msg']],
+						($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
+						($config['email_enable']) ? '</a>' : '',
+						($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
+						($config['board_contact']) ? '</a>' : ''
+					);
+				break;
+
+				// Username, password, etc...
+				default:
+					$login_error = $user->lang[$result['error_msg']];
+
+					// Assign admin contact to some error messages
+					if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
+					{
+						$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
+					}
+
+				break;
+			}
+		}
+
+		return $login_error;
+	}
+
+	/**
+	* Performs a post login redirect
+	*/
+	protected function perform_redirect()
+	{
+		global $phpbb_root_path, $phpEx;
+		$url = append_sid($phpbb_root_path . 'index.' . $phpEx);
+		redirect($url);
+	}
+}