From ecb39bc435946afc930ef68c86bb5ec441e9e3c0 Mon Sep 17 00:00:00 2001
From: rubencm <rubencm@gmail.com>
Date: Wed, 14 Aug 2019 06:48:11 +0000
Subject: [ticket/13175] Check if account is already linked when using OAuth

PHPBB3-13175
---
 phpBB/phpbb/auth/provider/oauth/oauth.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'phpBB/phpbb')

diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index 1a3083d42e..0d94acfbca 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -634,6 +634,21 @@ class oauth extends \phpbb\auth\provider\base
 	*/
 	protected function link_account_perform_link(array $data)
 	{
+		// Check if the external account is already associated with other user
+		$sql = 'SELECT user_id
+			FROM ' . $this->auth_provider_oauth_token_account_assoc . "
+			WHERE provider = '" . $this->db->sql_escape($data['provider']) . "'
+				AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'";
+		$result = $this->db->sql_query($sql);
+		$row = $this->db->sql_fetchrow($result);
+		$this->db->sql_freeresult($result);
+
+		if ($row)
+		{
+			trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED');
+		}
+
+		// Link account
 		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
 			' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
-- 
cgit v1.2.1