diff options
author | Friendika <info@friendika.com> | 2011-06-29 00:59:21 -0700 |
---|---|---|
committer | Friendika <info@friendika.com> | 2011-06-29 00:59:21 -0700 |
commit | 2a578478167174b328352e0eafe8a4fdbe0fb68d (patch) | |
tree | 20d1a6aebdde49e95897f1455253ae20c50fda9e /mod | |
parent | 62340ba86bccf03de962c16c06e60f7c286e35e5 (diff) | |
download | volse-hubzilla-2a578478167174b328352e0eafe8a4fdbe0fb68d.tar.gz volse-hubzilla-2a578478167174b328352e0eafe8a4fdbe0fb68d.tar.bz2 volse-hubzilla-2a578478167174b328352e0eafe8a4fdbe0fb68d.zip |
don't allow blocked/unverified users to reset their password.
Diffstat (limited to 'mod')
-rw-r--r-- | mod/lostpass.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/mod/lostpass.php b/mod/lostpass.php index e0bf6eed7..3453a0db4 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -7,12 +7,16 @@ function lostpass_post(&$a) { if(! $email) goaway($a->get_baseurl()); - $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1", + $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", dbesc($email), dbesc($email) ); - if(! count($r)) + + if(! count($r)) { + notice( t('No valid account found.') . EOL); goaway($a->get_baseurl()); + } + $uid = $r[0]['uid']; $username = $r[0]['username']; |