Changeset 28668


Ignore:
Timestamp:
Jun 10, 2014, 1:40:40 PM (6 years ago)
Author:
mistic100
Message:

prevent merging account with webmaster account

Location:
extensions/oAuth
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • extensions/oAuth/include/public_events.inc.php

    r26626 r28668  
    149149        }
    150150       
    151         if ( pwg_login(false, $_POST['username'], $_POST['password'], false) )
    152         {
     151        $user_id = get_userid($_POST['username']);
     152       
     153        if ($user_id === false)
     154        {
     155          $page['errors'][] = l10n('Invalid username or email');
     156        }
     157        else if ($user_id == $conf['webmaster_id'])
     158        {
     159          $page['errors'][] = l10n('For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.');
     160        }
     161        else if (pwg_login(false, $_POST['username'], $_POST['password'], false))
     162        {
     163          // update oauth field
     164          single_update(
     165            USER_INFOS_TABLE,
     166            array('oauth_id', $oauth_id),
     167            array('user_id', $user['id'])
     168            );
     169
    153170          pwg_unset_session_var('oauth_new_user');
    154          
    155           // update oauth field
    156           $query = '
    157 UPDATE ' . USER_INFOS_TABLE . '
    158   SET oauth_id = "' . $oauth_id . '"
    159   WHERE user_id = ' . $user['id'] . '
    160 ;';
    161           pwg_query($query);
    162171
    163172          redirect('profile.php');
     
    168177        }
    169178      }
     179
     180      // overwrite fields with remote datas
     181      if ($provider == 'Persona')
     182      {
     183        $_POST['login'] = '';
     184        $_POST['mail_address'] = $user_identifier;
     185      }
    170186      else
    171187      {
    172         // overwrite fields with remote datas
    173         if ($provider == 'Persona')
    174         {
    175           $_POST['login'] = '';
    176           $_POST['mail_address'] = $user_identifier;
    177         }
    178         else
    179         {
    180           $_POST['login'] = $remote_user->displayName;
    181           $_POST['mail_address'] = $remote_user->email;
    182         }
     188        $_POST['login'] = $remote_user->displayName;
     189        $_POST['mail_address'] = $remote_user->email;
    183190      }
    184191     
  • extensions/oAuth/language/en_UK/plugin.lang.php

    r26626 r28668  
    3030$lang['Associate with an existing account'] = 'Associate with an existing account';
    3131$lang['Allow users to merge existing account with new <i>Social Connect</i> identity'] = 'Allow users to merge existing account with new <i>Social Connect</i> identity';
     32$lang['For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'] = 'For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.';
    3233
    3334?>
  • extensions/oAuth/language/fr_FR/plugin.lang.php

    r26626 r28668  
    3030$lang['Cancel'] = 'Annuler';
    3131$lang['Please enter your user ID'] = 'Veuillez entrer votre ID d\'utilisateur';
     32$lang['For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'] = 'Pour des raisons de sécurité, le compte webmaster principal ne peut être associé avec un compte distant, mais vous pouvez utiliser un autre compte webmaster.';
     33
    3234?>
  • extensions/oAuth/main.inc.php

    r26667 r28668  
    11<?php
    22/*
    3 Plugin Name: Social Connect (OAuth)
     3Plugin Name: Social Connect
    44Version: auto
    55Description: Provides various ways to sign in your gallery (Twitter, Facebook, Google, etc.)
Note: See TracChangeset for help on using the changeset viewer.