mirror of
https://github.com/myronblair/novacpx
synced 2026-06-30 17:50:41 -05:00
fix: email uniqueness check only applies to hosting accounts, not admin/reseller users
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
This commit is contained in:
@@ -70,7 +70,7 @@ match ($action) {
|
|||||||
foreach ($required as $f) { if (empty($body[$f])) Response::error("$f is required"); }
|
foreach ($required as $f) { if (empty($body[$f])) Response::error("$f is required"); }
|
||||||
|
|
||||||
if (!filter_var($body['email'], FILTER_VALIDATE_EMAIL)) Response::error("Invalid email address");
|
if (!filter_var($body['email'], FILTER_VALIDATE_EMAIL)) Response::error("Invalid email address");
|
||||||
if ($db->fetchOne("SELECT id FROM users WHERE email = ?", [$body['email']])) Response::error("Email already in use by another account");
|
if ($db->fetchOne("SELECT id FROM users WHERE email = ? AND role = 'user'", [$body['email']])) Response::error("Email already in use by another account");
|
||||||
if ($db->fetchOne("SELECT id FROM users WHERE username = ?", [$body['username']])) Response::error("Username already taken");
|
if ($db->fetchOne("SELECT id FROM users WHERE username = ?", [$body['username']])) Response::error("Username already taken");
|
||||||
|
|
||||||
// Insert user first — AccountManager::create() wraps everything else in its own transaction
|
// Insert user first — AccountManager::create() wraps everything else in its own transaction
|
||||||
|
|||||||
Reference in New Issue
Block a user