Support ensuring email is unique

Fixes #9093

account_update.php

@@ -87,9 +87,6 @@
 
 # Update email (but only if LDAP isn't being used)
 if( !( $t_ldap && config_get( 'use_ldap_email' ) ) ) {
-	email_ensure_valid( $f_email );
-	email_ensure_not_disposable( $f_email );
-
 	if( $f_email != user_get_email( $t_user_id ) ) {
 		user_set_email( $t_user_id, $f_email );
 		$t_email_updated = true;

config_defaults_inc.php

@@ -549,6 +549,11 @@
  */
 $g_email_login_enabled = ON;
 
+/**
+ * Ensure that email addresses are unique.
+ */
+$g_email_ensure_unique = ON;
+
 /**
  * set to OFF to disable email check
  * @global integer $g_check_mx_record
@@ -4271,7 +4276,7 @@
 	'class_path','library_path', 'language_path', 'absolute_path_default_upload_folder',
 	'ldap_simulation_file_path', 'plugin_path', 'bottom_include_page', 'top_include_page',
 	'default_home_page', 'logout_redirect_page', 'manual_url', 'logo_url', 'wiki_engine_url',
-	'cdn_enabled', 'public_config_names', 'email_login_enabled'
+	'cdn_enabled', 'public_config_names', 'email_login_enabled', 'email_ensure_unique'
 );
 
 /**
@@ -4405,6 +4410,7 @@
 	'download_attachments_threshold',
 	'due_date_update_threshold',
 	'due_date_view_threshold',
+	'email_ensure_unique',
 	'email_login_enabled',
 	'email_padding_length',
 	'email_receive_own',

core/constant_inc.php

@@ -304,6 +304,7 @@
 define( 'ERROR_USER_BY_NAME_NOT_FOUND', 810 );
 define( 'ERROR_USER_BY_ID_NOT_FOUND', 811 );
 define( 'ERROR_USER_CURRENT_PASSWORD_MISMATCH', 812 );
+define( 'ERROR_USER_EMAIL_NOT_UNIQUE', 813 );
 
 # ERROR_AUTH_*
 define( 'ERROR_AUTH_INVALID_COOKIE', 900 );

core/user_api.php

@@ -253,6 +253,53 @@ function user_ensure_name_unique( $p_username ) {
 	}
 }
 
+/**
+ * Checks if the email address is unique.
+ *
+ * @param string $p_email The email to check.
+ * @param integer $p_user_id The user id that we are validating for or null for
+ *                           the case of a new user.
+ *
+ * @return boolean true: unique or blank, false: otherwise
+ */
+function user_is_email_unique( $p_email, $p_user_id = null ) {
+	if( is_blank( $p_email ) ) {
+		return true;
+	}
+
+	$p_email = trim( $p_email );
+
+	if ( $p_user_id === null ) {
+		$t_query = 'SELECT email FROM {user} WHERE email=' . db_param();
+		$t_result = db_query( $t_query, array( $p_email ), 1 );
+	} else {
+		$t_query = 'SELECT email FROM {user} WHERE id<>' . db_param() .
+			' AND email=' . db_param();
+		$t_result = db_query( $t_query, array( $p_user_id, $p_email ), 1 );
+	}
+
+	return !db_result( $t_result );
+}
+
+/**
+ * Check if the email is unique and trigger an ERROR if it isn't
+ *
+ * @param string $p_email The email address to check.
+ * @param integer $p_user_id The user id that we are validating for or null for
+ *                           the case of a new user.
+ *
+ * @return void
+ */
+function user_ensure_email_unique( $p_email, $p_user_id = null ) {
+	if( !config_get_global( 'email_ensure_unique' ) ) {
+		return;
+	}
+
+	if( !user_is_email_unique( $p_email, $p_user_id ) ) {
+		trigger_error( ERROR_USER_EMAIL_NOT_UNIQUE, ERROR );
+	}
+}
+
 /**
  * Check if the realname is a valid username (does not account for uniqueness)
  * Return 0 if it is invalid, The number of matches + 1
@@ -529,6 +576,7 @@ function user_create( $p_username, $p_password, $p_email = '',
 
 	user_ensure_name_valid( $p_username );
 	user_ensure_name_unique( $p_username );
+	user_ensure_email_unique( $p_email );
 	user_ensure_realname_unique( $p_username, $p_realname );
 	email_ensure_valid( $p_email );
 
@@ -597,6 +645,10 @@ function user_signup( $p_username, $p_email = null ) {
 
 	$p_email = trim( $p_email );
 
+	email_ensure_not_disposable( $p_email );
+	email_ensure_valid( $p_email );
+	user_ensure_email_unique( $p_email );
+
 	# Create random password
 	$t_password = auth_generate_random_password();
 
@@ -1565,7 +1617,15 @@ function user_set_password( $p_user_id, $p_password, $p_allow_protected = false
  * @return boolean
  */
 function user_set_email( $p_user_id, $p_email ) {
+	$p_email = trim( $p_email );
+
 	email_ensure_valid( $p_email );
+	email_ensure_not_disposable( $p_email );
+
+	$t_old_email = user_get_email( $p_user_id );
+	if( strcasecmp( $t_old_email, $p_email ) != 0 ) {
+		user_ensure_email_unique( $p_email );
+	}
 
 	return user_set_field( $p_user_id, 'email', $p_email );
 }

docbook/Admin_Guide/en-US/config/email.xml

@@ -178,6 +178,16 @@
 				</para>
 			</listitem>
 		</varlistentry>
+		<varlistentry>
+			<term>$g_email_ensure_unique</term>
+			<listitem>
+				<para>
+					When enabled, the uniqueness of email addresses will be inforced for new
+					users as well as updates to existing ones.  Note that there can be duplicate
+					emails before this option was turned ON.  Default is ON.
+				</para>
+			</listitem>
+		</varlistentry>
 		<varlistentry>
 			<term>$g_limit_email_domain</term>
 			<listitem>

lang/strings_english.txt

@@ -1617,6 +1617,7 @@ $MANTIS_ERROR[ERROR_UPLOAD_FAILURE] = 'File upload failed. File is not readable
 $MANTIS_ERROR[ERROR_FILE_TOO_BIG] = 'File upload failed. This is likely because the filesize was larger than is currently allowed by this PHP installation.';
 $MANTIS_ERROR[ERROR_GPC_VAR_NOT_FOUND] = 'A required parameter to this page (%1$s) was not found.';
 $MANTIS_ERROR[ERROR_USER_NAME_NOT_UNIQUE] = 'That username is already being used. Please go back and select another one.';
+$MANTIS_ERROR[ERROR_USER_EMAIL_NOT_UNIQUE] = 'That email is already being used. Please go back and select another one.';
 $MANTIS_ERROR[ERROR_CONFIG_OPT_NOT_FOUND] = 'Configuration option "%1$s" not found.';
 $MANTIS_ERROR[ERROR_CONFIG_OPT_CANT_BE_SET_IN_DB] = 'Configuration option "%1$s" can not be set in the database. It must be set in config_inc.php.';
 $MANTIS_ERROR[ERROR_LANG_STRING_NOT_FOUND] = 'String "%1$s" not found.';

manage_user_update.php

@@ -120,6 +120,7 @@
 	$t_email = trim( $f_email );
 	email_ensure_valid( $t_email );
 	email_ensure_not_disposable( $t_email );
+	user_ensure_email_unique( $t_email, $f_user_id );
 }
 
 $c_email = $t_email;

signup.php

@@ -82,8 +82,6 @@
 	}
 }
 
-email_ensure_not_disposable( $f_email );
-
 # notify the selected group a new user has signed-up
 if( user_signup( $f_username, $f_email ) ) {
 	email_notify_new_account( $f_username, $f_email );