aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-06-29 00:59:21 -0700
committerFriendika <info@friendika.com>2011-06-29 00:59:21 -0700
commit2a578478167174b328352e0eafe8a4fdbe0fb68d (patch)
tree20d1a6aebdde49e95897f1455253ae20c50fda9e /mod
parent62340ba86bccf03de962c16c06e60f7c286e35e5 (diff)
downloadvolse-hubzilla-2a578478167174b328352e0eafe8a4fdbe0fb68d.tar.gz
volse-hubzilla-2a578478167174b328352e0eafe8a4fdbe0fb68d.tar.bz2
volse-hubzilla-2a578478167174b328352e0eafe8a4fdbe0fb68d.zip
don't allow blocked/unverified users to reset their password.
Diffstat (limited to 'mod')
-rw-r--r--mod/lostpass.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/mod/lostpass.php b/mod/lostpass.php
index e0bf6eed7..3453a0db4 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -7,12 +7,16 @@ function lostpass_post(&$a) {
if(! $email)
goaway($a->get_baseurl());
- $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
+ $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
dbesc($email),
dbesc($email)
);
- if(! count($r))
+
+ if(! count($r)) {
+ notice( t('No valid account found.') . EOL);
goaway($a->get_baseurl());
+ }
+
$uid = $r[0]['uid'];
$username = $r[0]['username'];