From ecb39bc435946afc930ef68c86bb5ec441e9e3c0 Mon Sep 17 00:00:00 2001 From: rubencm Date: Wed, 14 Aug 2019 06:48:11 +0000 Subject: [ticket/13175] Check if account is already linked when using OAuth PHPBB3-13175 --- phpBB/language/en/common.php | 1 + phpBB/phpbb/auth/provider/oauth/oauth.php | 15 +++++++++++++++ 2 files changed, 16 insertions(+) diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 835030762c..bde8cf33b2 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -91,6 +91,7 @@ $lang = array_merge($lang, array( 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'AUTHOR' => 'Author', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', + 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked with other user.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.', 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created', diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 1a3083d42e..0d94acfbca 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -634,6 +634,21 @@ class oauth extends \phpbb\auth\provider\base */ protected function link_account_perform_link(array $data) { + // Check if the external account is already associated with other user + $sql = 'SELECT user_id + FROM ' . $this->auth_provider_oauth_token_account_assoc . " + WHERE provider = '" . $this->db->sql_escape($data['provider']) . "' + AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'); + } + + // Link account $sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . ' ' . $this->db->sql_build_array('INSERT', $data); $this->db->sql_query($sql); -- cgit v1.2.1