From b0a90c953ddc9fb135d899aa9348c7afd3c75c0c Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Tue, 20 Feb 2024 07:58:13 -0700
Subject: [PATCH] Do not allow custom email address to match another user's
 email address.

---
 Rocksolid_Light/rocksolid/newsportal.php | 12 ++++++++++++
 Rocksolid_Light/spoolnews/user.php       | 14 ++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/Rocksolid_Light/rocksolid/newsportal.php b/Rocksolid_Light/rocksolid/newsportal.php
index 38e219f..e6658dc 100644
--- a/Rocksolid_Light/rocksolid/newsportal.php
+++ b/Rocksolid_Light/rocksolid/newsportal.php
@@ -2200,6 +2200,18 @@ function prune_dir_by_days($path, $days)
     return true;
 }
 
+function check_registered_email_addresses($email)
+{
+    global $config_dir;
+    $users = scandir($config_dir . "/userconfig");
+    foreach ($users as $user) {
+        if (strcmp(get_user_config($user, 'email'), $email) == 0) {
+            return $user;
+        }
+    }
+    return false;
+}
+
 function send_admin_message($admin, $from, $subject, $message)
 {
     global $config_dir, $spooldir;
diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php
index 85c346c..a3e0d2f 100644
--- a/Rocksolid_Light/spoolnews/user.php
+++ b/Rocksolid_Light/spoolnews/user.php
@@ -205,6 +205,20 @@ if ($_POST['command'] != 'Configuration' && $_POST['command'] != 'SaveConfig') {
 // Apply Config
 if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
     if ($OVERRIDES['disable_change_name'] != true) {
+        // Check if email already exists in user database
+        if($founduser = check_registered_email_addresses(trim($_POST['display_email']))) {
+            // Email exists in database
+            $myemail = get_user_config($user, 'email');
+            if (strtolower($user) != strtolower($founduser)) {
+                // It's someone else's email
+                echo '<b>'.$_POST['display_email']."</b> is unavailable.<br />Please try again";
+                echo '<form target="' . $frame['content'] . '" method="post" action="user.php">';
+                echo '<input name="command" type="hidden" id="command" value="Configuration" readonly="readonly">';
+                echo "<input type='hidden' name='username' value='" . $_POST['username'] . "' />";
+                echo '<button class="np_button_link" type="submit">Return to Configuration</button>';
+                exit;
+            }
+        }
         $user_config['display_name'] = $_POST['display_name'];
         $user_config['display_email'] = $_POST['display_email'];
     }