function qa_handle_email_validate($handle, $email, $allowuserid = null) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-maxima.php'; require_once QA_INCLUDE_DIR . 'qa-util-string.php'; $errors = array(); if (empty($handle)) { $errors['handle'] = qa_lang('users/handle_empty'); } elseif (preg_match('/[\\@\\+\\/]/', $handle)) { $errors['handle'] = qa_lang_sub('users/handle_has_bad', '@ + /'); } elseif (qa_strlen($handle) > QA_DB_MAX_HANDLE_LENGTH) { $errors['handle'] = qa_lang_sub('main/max_length_x', QA_DB_MAX_HANDLE_LENGTH); } else { $handleusers = qa_db_user_find_by_handle($handle); if (count($handleusers) && (!isset($allowuserid) || array_search($allowuserid, $handleusers) === false)) { $errors['handle'] = qa_lang('users/handle_exists'); } } if (empty($email)) { $errors['email'] = qa_lang('users/email_required'); } elseif (!qa_email_validate($email)) { $errors['email'] = qa_lang('users/email_invalid'); } elseif (qa_strlen($email) > QA_DB_MAX_EMAIL_LENGTH) { $errors['email'] = qa_lang_sub('main/max_length_x', QA_DB_MAX_EMAIL_LENGTH); } else { $emailusers = qa_db_user_find_by_email($email); if (count($emailusers) && (!isset($allowuserid) || array_search($allowuserid, $emailusers) === false)) { $errors['email'] = qa_lang('users/email_exists'); } } return $errors; }
/** * * @param NKUser $userData */ private function join_or_add(NKUser $userData) { $email_users = qa_db_user_find_by_email($userData->email()); if (count($email_users) === 1) { $this->join_user_data($email_users[0], $userData); } qa_log_in_external_user(Q2ANKConnect::LOGIN_SOURCE, $userData->id(), array('email' => $userData->email(), 'avatar' => $userData->thumbnailUrl(), 'name' => $userData->name(), 'confirmed' => true, 'handle' => $this->generateUserHandle($userData))); }
function qa_handle_email_filter(&$handle, &$email, $olduser = null) { require_once QA_INCLUDE_DIR . 'db/users.php'; require_once QA_INCLUDE_DIR . 'util/string.php'; $errors = array(); // sanitise 4-byte Unicode $handle = qa_remove_utf8mb4($handle); $filtermodules = qa_load_modules_with('filter', 'filter_handle'); foreach ($filtermodules as $filtermodule) { $error = $filtermodule->filter_handle($handle, $olduser); if (isset($error)) { $errors['handle'] = $error; break; } } if (!isset($errors['handle'])) { // first test through filters, then check for duplicates here $handleusers = qa_db_user_find_by_handle($handle); if (count($handleusers) && (!isset($olduser['userid']) || array_search($olduser['userid'], $handleusers) === false)) { $errors['handle'] = qa_lang('users/handle_exists'); } } $filtermodules = qa_load_modules_with('filter', 'filter_email'); $error = null; foreach ($filtermodules as $filtermodule) { $error = $filtermodule->filter_email($email, $olduser); if (isset($error)) { $errors['email'] = $error; break; } } if (!isset($errors['email'])) { $emailusers = qa_db_user_find_by_email($email); if (count($emailusers) && (!isset($olduser['userid']) || array_search($olduser['userid'], $emailusers) === false)) { $errors['email'] = qa_lang('users/email_exists'); } } return $errors; }
function qa_log_in_external_user($source, $identifier, $fields) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } require_once QA_INCLUDE_DIR . 'db/users.php'; $users = qa_db_user_login_find($source, $identifier); $countusers = count($users); if ($countusers > 1) { qa_fatal_error('External login mapped to more than one user'); } // should never happen if ($countusers) { // user exists so log them in qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source); } else { // create and log in user require_once QA_INCLUDE_DIR . 'app/users-edit.php'; qa_db_user_login_sync(true); $users = qa_db_user_login_find($source, $identifier); // check again after table is locked if (count($users) == 1) { qa_db_user_login_sync(false); qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source); } else { $handle = qa_handle_make_valid(@$fields['handle']); if (strlen(@$fields['email'])) { // remove email address if it will cause a duplicate $emailusers = qa_db_user_find_by_email($fields['email']); if (count($emailusers)) { qa_redirect('login', array('e' => $fields['email'], 'ee' => '1')); unset($fields['email']); unset($fields['confirmed']); } } $userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']); qa_db_user_login_add($userid, $source, $identifier); qa_db_user_login_sync(false); $profilefields = array('name', 'location', 'website', 'about'); foreach ($profilefields as $fieldname) { if (strlen(@$fields[$fieldname])) { qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]); } } if (strlen(@$fields['avatar'])) { qa_set_user_avatar($userid, $fields['avatar']); } qa_set_logged_in_user($userid, $handle, false, $source); } } }
} // Process submitted form after checking we haven't reached rate limit $passwordsent = qa_get('ps'); if (qa_clicked('dologin')) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_limits_remaining(null, QA_LIMIT_LOGINS)) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; qa_limits_increment(null, QA_LIMIT_LOGINS); $inemailhandle = qa_post_text('emailhandle'); $inpassword = qa_post_text('password'); $inremember = qa_post_text('remember'); $errors = array(); if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($inemailhandle); } else { $matchusers = qa_db_user_find_by_handle($inemailhandle); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $inremember ? true : false); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw(qa_path_to_root() . $topath); } elseif ($passwordsent) {
function check_merge(&$useraccount, &$mylogins, $tolink) { global $qa_cached_logged_in_user, $qa_logged_in_userid_checked; $userid = $findid = $useraccount['userid']; $findemail = $useraccount['oemail']; // considering this is an openid user, so use the openid email if (empty($findemail)) { $findemail = $useraccount['email']; // fallback } if ($tolink) { // user is logged in with $userid but wants to merge $findid $findemail = null; $findid = $tolink['userid']; } else { if (qa_get('confirm') == 2 || qa_post_text('confirm') == 2) { // bogus confirm page, stop right here qa_redirect('logins'); } } // find other un-linked accounts with the same email $otherlogins = qa_db_user_login_find_other__open($findid, $findemail, $userid); if (qa_clicked('domerge') && !empty($otherlogins)) { // if cancel was requested, just redirect if ($_POST['domerge'] == 0) { $tourl = qa_post_text('to'); if (!empty($tourl)) { qa_redirect($tourl); } else { qa_redirect($tolink ? 'logins' : ''); } } // a request to merge (link) multiple accounts was made require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; $recompute = false; $email = null; $baseid = $_POST["base{$_POST['domerge']}"]; // POST[base1] or POST[base2] // see which account was selected, if any if ($baseid != 0) { // just in case foreach ($otherlogins as $login) { // see if this is the currently logged in account $loginid = $login['details']['userid']; $is_current = $loginid == $userid; // see if this user was selected for merge if (isset($_POST["user_{$loginid}"]) || $is_current) { if ($baseid != $loginid) { // this account should be deleted as it's different from the selected base id if (!empty($login['logins'])) { // update all associated logins qa_db_user_login_sync(true); qa_db_user_login_replace_userid__open($loginid, $baseid); qa_db_user_login_sync(false); } // delete old user but keep the email qa_delete_user($loginid); $recompute = true; if (empty($email)) { $email = $login['details']['email']; } if (empty($email)) { $email = $login['details']['oemail']; } } } } } // recompute the stats, if needed if ($recompute) { require_once QA_INCLUDE_DIR . 'qa-db-points.php'; qa_db_userpointscount_update(); // check if the current account has been deleted if ($userid != $baseid) { $oldsrc = $useraccount['sessionsource']; qa_set_logged_in_user($baseid, $useraccount['handle'], false, $oldsrc); $useraccount = qa_db_user_find_by_id__open($baseid); $userid = $baseid; // clear some cached data qa_db_flush_pending_result('loggedinuser'); $qa_logged_in_userid_checked = false; unset($qa_cached_logged_in_user); } // also check the email address on the remaining user account if (empty($useraccount['email']) && !empty($email)) { // update the account if the email address is not used anymore $emailusers = qa_db_user_find_by_email($email); if (count($emailusers) == 0) { qa_db_user_set($userid, 'email', $email); $useraccount['email'] = $email; // to show on the page } } } $conf = qa_post_text('confirm'); $tourl = qa_post_text('to'); if ($conf) { $tourl = qa_post_text('to'); if (!empty($tourl)) { qa_redirect($tourl); } else { qa_redirect($tolink ? 'logins' : ''); } } // update the arrays $otherlogins = qa_db_user_login_find_other__open($userid, $findemail); $mylogins = qa_db_user_login_find_mine__open($userid); } // remove the current user id unset($otherlogins[$userid]); return $otherlogins; }
function core_login($username, $password, $remember = false) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; $errors = array(); if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($username); } else { $matchusers = qa_db_user_find_by_handle($username); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false); return $userinfo; } else { $this->error = new IXR_Error(1512, qa_lang('users/password_wrong')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/user_not_found')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/login_limit')); } qa_limits_increment(null, QA_LIMIT_LOGINS); // log on failure return false; }