$oauth_userinfo = $consumer->authenticate_user(); if ($oauth_userinfo === false) { COM_updateSpeedlimit('login'); COM_errorLog("OAuth Error: " . $consumer->error); echo COM_refresh($_CONF['site_url'] . '/users.php?msg=111'); // OAuth authentication error } $consumer->doAction($oauth_userinfo); } // end OAuth authentication method(s) } else { $status = -2; } if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { // logged in AOK. SESS_completeLogin($uid); $_GROUPS = SEC_getUserGroups($_USER['uid']); $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_SYSTEM['admin_session'] > 0 && $local_login) { if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) { $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']); SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } } if (!isset($_USER['theme'])) { $_USER['theme'] = $_CONF['theme']; $_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/'; $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme']; if ($_CONF['allow_user_themes'] == 1) { if (isset($_COOKIE[$_CONF['cookie_theme']])) { $theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
/** * Merge User Accounts * * This validates the entered password and then merges a remote * account with a local account. * * @return string HTML merge form if error, redirect on success * */ function USER_mergeAccounts() { global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20; $retval = ''; $remoteUID = COM_applyFilter($_POST['remoteuid'], true); $localUID = COM_applyFilter($_POST['localuid'], true); $localpwd = $_POST['localp']; $localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID); $localRow = DB_fetchArray($localResult); if (SEC_check_hash($localpwd, $localRow['passwd'])) { // password is valid $sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'"; $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows == 1) { $remoteRow = DB_fetchArray($result); if ($remoteUID == $remoteRow['uid']) { $remoteUID = (int) $remoteRow['uid']; $remoteService = substr($remoteRow['remoteservice'], 6); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } $sql = "UPDATE {$_TABLES['users']} SET remoteusername='******'remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID; DB_query($sql); $_USER['uid'] = $localRow['uid']; $local_login = true; SESS_completeLogin($localUID); $_GROUPS = SEC_getUserGroups($_USER['uid']); $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_SYSTEM['admin_session'] > 0 && $local_login) { if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) { $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']); SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } } COM_resetSpeedlimit('login'); // log the user out SESS_endUserSession($remoteUID); // Let plugins know a user is being merged PLG_moveUser($remoteUID, $_USER['uid']); // Ok, now delete everything related to this user // let plugins update their data for this user PLG_deleteUser($remoteUID); if (function_exists('CUSTOM_userDeleteHook')) { CUSTOM_userDeleteHook($remoteUID); } // Call custom account profile delete function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) { CUSTOM_userDelete($remoteUID); } // remove from all security groups DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID); // remove user information and preferences DB_delete($_TABLES['userprefs'], 'uid', $remoteUID); DB_delete($_TABLES['userindex'], 'uid', $remoteUID); DB_delete($_TABLES['usercomment'], 'uid', $remoteUID); DB_delete($_TABLES['userinfo'], 'uid', $remoteUID); // delete user photo, if enabled & exists if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}"); USER_deletePhoto($photo, false); } // delete subscriptions DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID); // in case the user owned any objects that require Admin access, assign // them to the Root user with the lowest uid $rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); $result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1"); $A = DB_fetchArray($result); $rootuser = $A['ug_uid']; if ($rootuser == '' || $rootuser < 2) { $rootuser = 2; } DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); // now delete the user itself DB_delete($_TABLES['users'], 'uid', $remoteUID); } else { // invalid password - let's try one more time // need to set speed limit and give them 3 tries COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge'); $last = COM_checkSpeedlimit('merge', 4); if ($last > 0) { COM_setMsg($LANG04[190], 'error'); echo COM_refresh($_CONF['site_url'] . '/users.php'); } else { COM_updateSpeedlimit('merge'); USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]); } return $retval; } // can't use COM_setMsg here since the session is being destroyed. echo COM_refresh($_CONF['site_url'] . '/index.php?msg=522'); }