*

Tango

  • ***
  • 60 posts
Phone Number Login Plugin - User Account
« on: January 06, 2021, 11:54:47 AM »
Hello,

While using Phone Number Login Plugin I've noticed that at localhost/user/profile (update user account page) it doesn't check if the phone is already in use.
This kinda makes the Phone number verification feature useless, as it only performs the check at Register. But if a user updates his account, he can set whatever number he likes, regardless if it's in use or not.

I've seen that this function handles the verification at register:
Code: [Select]
// WHEN NEW USER REGISTER, CHECK IF PHONE DOES NOT EXIST
function phl_check_register() {
  $phone = trim(Params::getParam('s_phone_mobile'));

  if($phone <> '') {
    $user = ModelPHL::newInstance()->findUserByPhone($phone);

    if($user && isset($user['pk_i_id'])) {
      osc_add_flash_error_message(sprintf(__('Phone number %s is already registered to another account, please use different number', 'phone_login'), $phone));
      header('Location:' . osc_register_account_url());
      exit;
    }
  }
}

What other check do we need to add, in order to make it work for the user profile page too?

Thanks!

*

Tango

  • ***
  • 60 posts
Re: Phone Number Login Plugin - User Account
« Reply #1 on: August 11, 2021, 07:02:01 PM »
Hello,

Is there any feedback on this?

This is a big problem, as we're having users with the same phone numbers after they edit their profiles.

Thanks!

*

MB Themes

Re: Phone Number Login Plugin - User Account
« Reply #2 on: August 16, 2021, 10:10:20 AM »
@Tango
Based on this:
https://docs.osclasspoint.com/Hooks

It should be this one:
pre_user_post: Run before an user complete the registration, or edit his account (*3.1*)

So basically it should be enough to change this:
Code: [Select]
osc_add_hook('before_user_register', 'phl_check_register');

into this:
Code: [Select]
osc_add_hook('pre_user_post', 'phl_check_register');

Also in that function this line:
Code: [Select]
      header('Location:' . osc_register_account_url());

Into this one:
Code: [Select]
      if(osc_is_web_user_logged_in()) {
        header('Location:' . osc_user_profile_url());
      } else {
        header('Location:' . osc_register_account_url());
      }

And last one this:
Code: [Select]
    if($user && isset($user['pk_i_id'])) {

into this:
Code: [Select]
    if($user && isset($user['pk_i_id']) && $user['pk_i_id'] != osc_logged_user_id()) {
« Last Edit: August 16, 2021, 10:13:51 AM by MB Themes »
  To get fast support, we need following details: Detail description, URL to reproduce problem, Screenshots