MDL-29320 user: Make email query case-insensitive

NoelDeMartin · Apr 30, 2019 · 1b3a6e7 · 1b3a6e7
1 parent 5a158f8
commit 1b3a6e7
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 21 deletions.
diff --git a/user/edit_form.php b/user/edit_form.php
@@ -210,10 +210,18 @@ public function validation($usernew, $files) {
             // Mail not confirmed yet.
         } else if (!validate_email($usernew->email)) {
             $errors['email'] = get_string('invalidemail');
-        } else if (($usernew->email !== $user->email)
-                and empty($CFG->allowaccountssameemail)
-                and $DB->record_exists('user', array('email' => $usernew->email, 'mnethostid' => $CFG->mnet_localhost_id))) {
-            $errors['email'] = get_string('emailexists');
+        } else if (($usernew->email !== $user->email) && empty($CFG->allowaccountssameemail)) {
+            // Make a case-insensitive query for the given email address.
+            $select = $DB->sql_equal('email', ':email', false) . ' AND mnethostid = :mnethostid AND id <> :userid';
+            $params = array(
+                'email' => $usernew->email,
+                'mnethostid' => $CFG->mnet_localhost_id,
+                'userid' => $usernew->id
+            );
+            // If there are other user(s) that already have the same email, show an error.
+            if ($DB->record_exists_select('user', $select, $params)) {
+                $errors['email'] = get_string('emailexists');
+            }
         }
 
         if (isset($usernew->email) and $usernew->email === $user->email and over_bounce_threshold($user)) {

diff --git a/user/editadvanced_form.php b/user/editadvanced_form.php
@@ -298,9 +298,18 @@ public function validation($usernew, $files) {
         if (!$user or (isset($usernew->email) && $user->email !== $usernew->email)) {
             if (!validate_email($usernew->email)) {
                 $err['email'] = get_string('invalidemail');
-            } else if (empty($CFG->allowaccountssameemail)
-                    and $DB->record_exists('user', array('email' => $usernew->email, 'mnethostid' => $CFG->mnet_localhost_id))) {
-                $err['email'] = get_string('emailexists');
+            } else if (empty($CFG->allowaccountssameemail)) {
+                // Make a case-insensitive query for the given email address.
+                $select = $DB->sql_equal('email', ':email', false) . ' AND mnethostid = :mnethostid AND id <> :userid';
+                $params = array(
+                    'email' => $usernew->email,
+                    'mnethostid' => $CFG->mnet_localhost_id,
+                    'userid' => $usernew->id
+                );
+                // If there are other user(s) that already have the same email, show an error.
+                if ($DB->record_exists_select('user', $select, $params)) {
+                    $err['email'] = get_string('emailexists');
+                }
             }
         }
 

diff --git a/user/emailupdate.php b/user/emailupdate.php
@@ -60,22 +60,32 @@
     $user->email = $preferences['newemail'];
 
     // Detect duplicate before saving.
-    if ($DB->get_record('user', array('email' => $user->email))) {
-        redirect(new moodle_url('/user/view.php', ['id' => $user->id]), get_string('emailnowexists', 'auth'));
-    } else {
-        // Update user email.
-        $authplugin = get_auth_plugin($user->auth);
-        $authplugin->user_update($olduser, $user);
-        user_update_user($user, false);
-        $a->email = $user->email;
-        redirect(
-                new moodle_url('/user/view.php', ['id' => $user->id]),
-                get_string('emailupdatesuccess', 'auth', $a),
-                null,
-                \core\output\notification::NOTIFY_SUCCESS
-            );
+    if (empty($CFG->allowaccountssameemail)) {
+        // Make a case-insensitive query for the given email address.
+        $select = $DB->sql_equal('email', ':email', false) . ' AND mnethostid = :mnethostid AND id <> :userid';
+        $params = array(
+            'email' => $user->email,
+            'mnethostid' => $CFG->mnet_localhost_id,
+            'userid' => $user->id
+        );
+        // If there are other user(s) that already have the same email, cancel and redirect.
+        if ($DB->record_exists_select('user', $select, $params)) {
+            redirect(new moodle_url('/user/view.php', ['id' => $user->id]), get_string('emailnowexists', 'auth'));
+        }
     }
 
+    // Update user email.
+    $authplugin = get_auth_plugin($user->auth);
+    $authplugin->user_update($olduser, $user);
+    user_update_user($user, false);
+    $a->email = $user->email;
+    redirect(
+        new moodle_url('/user/view.php', ['id' => $user->id]),
+        get_string('emailupdatesuccess', 'auth', $a),
+        null,
+        \core\output\notification::NOTIFY_SUCCESS
+    );
+
 } else {
     $preferences['newemailattemptsleft']--;
     set_user_preference('newemailattemptsleft', $preferences['newemailattemptsleft'], $user->id);