Changeset 28668


Ignore:
Timestamp:
06/10/14 13:40:40 (5 years ago)
Author:
mistic100
Message:

prevent merging account with webmaster account

Location:
extensions/oAuth
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • extensions/oAuth/include/public_events.inc.php

    r26626 r28668  
    149149        } 
    150150         
    151         if ( pwg_login(false, $_POST['username'], $_POST['password'], false) ) 
    152         { 
     151        $user_id = get_userid($_POST['username']); 
     152         
     153        if ($user_id === false) 
     154        { 
     155          $page['errors'][] = l10n('Invalid username or email'); 
     156        } 
     157        else if ($user_id == $conf['webmaster_id']) 
     158        { 
     159          $page['errors'][] = l10n('For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'); 
     160        } 
     161        else if (pwg_login(false, $_POST['username'], $_POST['password'], false)) 
     162        { 
     163          // update oauth field 
     164          single_update( 
     165            USER_INFOS_TABLE, 
     166            array('oauth_id', $oauth_id), 
     167            array('user_id', $user['id']) 
     168            ); 
     169 
    153170          pwg_unset_session_var('oauth_new_user'); 
    154            
    155           // update oauth field 
    156           $query = ' 
    157 UPDATE ' . USER_INFOS_TABLE . ' 
    158   SET oauth_id = "' . $oauth_id . '" 
    159   WHERE user_id = ' . $user['id'] . ' 
    160 ;'; 
    161           pwg_query($query); 
    162171 
    163172          redirect('profile.php'); 
     
    168177        } 
    169178      } 
     179 
     180      // overwrite fields with remote datas 
     181      if ($provider == 'Persona') 
     182      { 
     183        $_POST['login'] = ''; 
     184        $_POST['mail_address'] = $user_identifier; 
     185      } 
    170186      else 
    171187      { 
    172         // overwrite fields with remote datas 
    173         if ($provider == 'Persona') 
    174         { 
    175           $_POST['login'] = ''; 
    176           $_POST['mail_address'] = $user_identifier; 
    177         } 
    178         else 
    179         { 
    180           $_POST['login'] = $remote_user->displayName; 
    181           $_POST['mail_address'] = $remote_user->email; 
    182         } 
     188        $_POST['login'] = $remote_user->displayName; 
     189        $_POST['mail_address'] = $remote_user->email; 
    183190      } 
    184191       
  • extensions/oAuth/language/en_UK/plugin.lang.php

    r26626 r28668  
    3030$lang['Associate with an existing account'] = 'Associate with an existing account'; 
    3131$lang['Allow users to merge existing account with new <i>Social Connect</i> identity'] = 'Allow users to merge existing account with new <i>Social Connect</i> identity'; 
     32$lang['For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'] = 'For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'; 
    3233 
    3334?> 
  • extensions/oAuth/language/fr_FR/plugin.lang.php

    r26626 r28668  
    3030$lang['Cancel'] = 'Annuler'; 
    3131$lang['Please enter your user ID'] = 'Veuillez entrer votre ID d\'utilisateur'; 
     32$lang['For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'] = 'Pour des raisons de sécurité, le compte webmaster principal ne peut être associé avec un compte distant, mais vous pouvez utiliser un autre compte webmaster.'; 
     33 
    3234?> 
  • extensions/oAuth/main.inc.php

    r26667 r28668  
    11<?php  
    22/* 
    3 Plugin Name: Social Connect (OAuth) 
     3Plugin Name: Social Connect 
    44Version: auto 
    55Description: Provides various ways to sign in your gallery (Twitter, Facebook, Google, etc.) 
Note: See TracChangeset for help on using the changeset viewer.