From 307c7ee23f753064937bf186f6a49d750dd75625 Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Sat, 6 Jul 2013 17:47:50 +0200
Subject: [PATCH] Enforce unique account emails

* display an error if user tries to re-use an email address
* moved SQL files to indicate the order of SQL import
* added unique email index SQL file

This will address #389, still needs email validation.
---
 public/include/classes/user.class.php                  | 9 ++++++++-
 sql/{mmcfe_ng_structure.sql => 000_base_structure.sql} | 0
 sql/001_unique_email.sql                               | 1 +
 3 files changed, 9 insertions(+), 1 deletion(-)
 rename sql/{mmcfe_ng_structure.sql => 000_base_structure.sql} (100%)
 create mode 100644 sql/001_unique_email.sql

diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 69ebf8de..68616e3e 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -50,6 +50,9 @@ class User {
   public function getUserIp($id) {
     return $this->getSingle($id, 'loggedIp', 'id');
   }
+  public function getEmail($email) {
+    return $this->getSingle($email, 'email', 'email', 's');
+  }
   public function getUserFailed($id) {
    return $this->getSingle($id, 'failed_logins', 'id');
   }
@@ -439,6 +442,10 @@ class User {
    **/
   public function register($username, $password1, $password2, $pin, $email1='', $email2='') {
     $this->debug->append("STA " . __METHOD__, 4);
+    if ($this->getEmail($email1)) {
+      $this->setErrorMessage( 'This e-mail address is already taken' );
+      return false;
+    }
     if (strlen($password1) < 8) { 
       $this->setErrorMessage( 'Password is too short, minimum of 8 characters required' );
       return false;
@@ -479,7 +486,7 @@ class User {
     if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username, $password_hash, $email1, $pin_hash, $apikey_hash)) {
       if (!$stmt->execute()) {
         $this->setErrorMessage( 'Unable to register' );
-        if ($stmt->sqlstate == '23000') $this->setErrorMessage( 'Username already exists' );
+        if ($stmt->sqlstate == '23000') $this->setErrorMessage( 'Username or email already registered' );
         return false;
       }
       $stmt->close();
diff --git a/sql/mmcfe_ng_structure.sql b/sql/000_base_structure.sql
similarity index 100%
rename from sql/mmcfe_ng_structure.sql
rename to sql/000_base_structure.sql
diff --git a/sql/001_unique_email.sql b/sql/001_unique_email.sql
new file mode 100644
index 00000000..30d2882e
--- /dev/null
+++ b/sql/001_unique_email.sql
@@ -0,0 +1 @@
+ALTER TABLE  `accounts` ADD UNIQUE (`email`);