function qa_handle_email_validate($handle, $email, $allowuserid = null)
{
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-maxima.php';
require_once QA_INCLUDE_DIR . 'qa-util-string.php';
$errors = array();
if (empty($handle)) {
$errors['handle'] = qa_lang('users/handle_empty');
} elseif (preg_match('/[\\@\\+\\/]/', $handle)) {
$errors['handle'] = qa_lang_sub('users/handle_has_bad', '@ + /');
} elseif (qa_strlen($handle) > QA_DB_MAX_HANDLE_LENGTH) {
$errors['handle'] = qa_lang_sub('main/max_length_x', QA_DB_MAX_HANDLE_LENGTH);
} else {
$handleusers = qa_db_user_find_by_handle($handle);
if (count($handleusers) && (!isset($allowuserid) || array_search($allowuserid, $handleusers) === false)) {
$errors['handle'] = qa_lang('users/handle_exists');
}
}
if (empty($email)) {
$errors['email'] = qa_lang('users/email_required');
} elseif (!qa_email_validate($email)) {
$errors['email'] = qa_lang('users/email_invalid');
} elseif (qa_strlen($email) > QA_DB_MAX_EMAIL_LENGTH) {
$errors['email'] = qa_lang_sub('main/max_length_x', QA_DB_MAX_EMAIL_LENGTH);
} else {
$emailusers = qa_db_user_find_by_email($email);
if (count($emailusers) && (!isset($allowuserid) || array_search($allowuserid, $emailusers) === false)) {
$errors['email'] = qa_lang('users/email_exists');
}
}
return $errors;
}
/**
*
* @param NKUser $userData
*/
private function join_or_add(NKUser $userData)
{
$email_users = qa_db_user_find_by_email($userData->email());
if (count($email_users) === 1) {
$this->join_user_data($email_users[0], $userData);
}
qa_log_in_external_user(Q2ANKConnect::LOGIN_SOURCE, $userData->id(), array('email' => $userData->email(), 'avatar' => $userData->thumbnailUrl(), 'name' => $userData->name(), 'confirmed' => true, 'handle' => $this->generateUserHandle($userData)));
}
function qa_handle_email_filter(&$handle, &$email, $olduser = null)
{
require_once QA_INCLUDE_DIR . 'db/users.php';
require_once QA_INCLUDE_DIR . 'util/string.php';
$errors = array();
// sanitise 4-byte Unicode
$handle = qa_remove_utf8mb4($handle);
$filtermodules = qa_load_modules_with('filter', 'filter_handle');
foreach ($filtermodules as $filtermodule) {
$error = $filtermodule->filter_handle($handle, $olduser);
if (isset($error)) {
$errors['handle'] = $error;
break;
}
}
if (!isset($errors['handle'])) {
// first test through filters, then check for duplicates here
$handleusers = qa_db_user_find_by_handle($handle);
if (count($handleusers) && (!isset($olduser['userid']) || array_search($olduser['userid'], $handleusers) === false)) {
$errors['handle'] = qa_lang('users/handle_exists');
}
}
$filtermodules = qa_load_modules_with('filter', 'filter_email');
$error = null;
foreach ($filtermodules as $filtermodule) {
$error = $filtermodule->filter_email($email, $olduser);
if (isset($error)) {
$errors['email'] = $error;
break;
}
}
if (!isset($errors['email'])) {
$emailusers = qa_db_user_find_by_email($email);
if (count($emailusers) && (!isset($olduser['userid']) || array_search($olduser['userid'], $emailusers) === false)) {
$errors['email'] = qa_lang('users/email_exists');
}
}
return $errors;
}
function qa_log_in_external_user($source, $identifier, $fields)
{
if (qa_to_override(__FUNCTION__)) {
$args = func_get_args();
return qa_call_override(__FUNCTION__, $args);
}
require_once QA_INCLUDE_DIR . 'db/users.php';
$users = qa_db_user_login_find($source, $identifier);
$countusers = count($users);
if ($countusers > 1) {
qa_fatal_error('External login mapped to more than one user');
}
// should never happen
if ($countusers) {
// user exists so log them in
qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source);
} else {
// create and log in user
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
qa_db_user_login_sync(true);
$users = qa_db_user_login_find($source, $identifier);
// check again after table is locked
if (count($users) == 1) {
qa_db_user_login_sync(false);
qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source);
} else {
$handle = qa_handle_make_valid(@$fields['handle']);
if (strlen(@$fields['email'])) {
// remove email address if it will cause a duplicate
$emailusers = qa_db_user_find_by_email($fields['email']);
if (count($emailusers)) {
qa_redirect('login', array('e' => $fields['email'], 'ee' => '1'));
unset($fields['email']);
unset($fields['confirmed']);
}
}
$userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']);
qa_db_user_login_add($userid, $source, $identifier);
qa_db_user_login_sync(false);
$profilefields = array('name', 'location', 'website', 'about');
foreach ($profilefields as $fieldname) {
if (strlen(@$fields[$fieldname])) {
qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]);
}
}
if (strlen(@$fields['avatar'])) {
qa_set_user_avatar($userid, $fields['avatar']);
}
qa_set_logged_in_user($userid, $handle, false, $source);
}
}
}
}
// Process submitted form after checking we haven't reached rate limit
$passwordsent = qa_get('ps');
if (qa_clicked('dologin')) {
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_limits_remaining(null, QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
qa_limits_increment(null, QA_LIMIT_LOGINS);
$inemailhandle = qa_post_text('emailhandle');
$inpassword = qa_post_text('password');
$inremember = qa_post_text('remember');
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_handle($inemailhandle);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login and redirect
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], $inremember ? true : false);
$topath = qa_get('to');
if (isset($topath)) {
qa_redirect_raw(qa_path_to_root() . $topath);
} elseif ($passwordsent) {
function check_merge(&$useraccount, &$mylogins, $tolink)
{
global $qa_cached_logged_in_user, $qa_logged_in_userid_checked;
$userid = $findid = $useraccount['userid'];
$findemail = $useraccount['oemail'];
// considering this is an openid user, so use the openid email
if (empty($findemail)) {
$findemail = $useraccount['email'];
// fallback
}
if ($tolink) {
// user is logged in with $userid but wants to merge $findid
$findemail = null;
$findid = $tolink['userid'];
} else {
if (qa_get('confirm') == 2 || qa_post_text('confirm') == 2) {
// bogus confirm page, stop right here
qa_redirect('logins');
}
}
// find other un-linked accounts with the same email
$otherlogins = qa_db_user_login_find_other__open($findid, $findemail, $userid);
if (qa_clicked('domerge') && !empty($otherlogins)) {
// if cancel was requested, just redirect
if ($_POST['domerge'] == 0) {
$tourl = qa_post_text('to');
if (!empty($tourl)) {
qa_redirect($tourl);
} else {
qa_redirect($tolink ? 'logins' : '');
}
}
// a request to merge (link) multiple accounts was made
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$recompute = false;
$email = null;
$baseid = $_POST["base{$_POST['domerge']}"];
// POST[base1] or POST[base2]
// see which account was selected, if any
if ($baseid != 0) {
// just in case
foreach ($otherlogins as $login) {
// see if this is the currently logged in account
$loginid = $login['details']['userid'];
$is_current = $loginid == $userid;
// see if this user was selected for merge
if (isset($_POST["user_{$loginid}"]) || $is_current) {
if ($baseid != $loginid) {
// this account should be deleted as it's different from the selected base id
if (!empty($login['logins'])) {
// update all associated logins
qa_db_user_login_sync(true);
qa_db_user_login_replace_userid__open($loginid, $baseid);
qa_db_user_login_sync(false);
}
// delete old user but keep the email
qa_delete_user($loginid);
$recompute = true;
if (empty($email)) {
$email = $login['details']['email'];
}
if (empty($email)) {
$email = $login['details']['oemail'];
}
}
}
}
}
// recompute the stats, if needed
if ($recompute) {
require_once QA_INCLUDE_DIR . 'qa-db-points.php';
qa_db_userpointscount_update();
// check if the current account has been deleted
if ($userid != $baseid) {
$oldsrc = $useraccount['sessionsource'];
qa_set_logged_in_user($baseid, $useraccount['handle'], false, $oldsrc);
$useraccount = qa_db_user_find_by_id__open($baseid);
$userid = $baseid;
// clear some cached data
qa_db_flush_pending_result('loggedinuser');
$qa_logged_in_userid_checked = false;
unset($qa_cached_logged_in_user);
}
// also check the email address on the remaining user account
if (empty($useraccount['email']) && !empty($email)) {
// update the account if the email address is not used anymore
$emailusers = qa_db_user_find_by_email($email);
if (count($emailusers) == 0) {
qa_db_user_set($userid, 'email', $email);
$useraccount['email'] = $email;
// to show on the page
}
}
}
$conf = qa_post_text('confirm');
$tourl = qa_post_text('to');
if ($conf) {
$tourl = qa_post_text('to');
if (!empty($tourl)) {
qa_redirect($tourl);
} else {
qa_redirect($tolink ? 'logins' : '');
}
}
// update the arrays
$otherlogins = qa_db_user_login_find_other__open($userid, $findemail);
$mylogins = qa_db_user_login_find_mine__open($userid);
}
// remove the current user id
unset($otherlogins[$userid]);
return $otherlogins;
}
function core_login($username, $password, $remember = false)
{
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($username);
} else {
$matchusers = qa_db_user_find_by_handle($username);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false);
return $userinfo;
} else {
$this->error = new IXR_Error(1512, qa_lang('users/password_wrong'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/user_not_found'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/login_limit'));
}
qa_limits_increment(null, QA_LIMIT_LOGINS);
// log on failure
return false;
}
