Merge pull request #415 from 23n/patch-2

[friendica.git] / mod / lostpass.php

diff --git a/mod/lostpass.php b/mod/lostpass.php
index e0bf6eed77c2d65ac98c9bb991c4c92b8f4acb99..57e6d696537c24b3e5440d751b5e1fa6c4e6625a 100644 (file)
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -3,18 +3,23 @@
 
 function lostpass_post(&$a) {
 
-       $email = notags(trim($_POST['login-name']));
-       if(! $email)
-               goaway($a->get_baseurl());
+       $loginame = notags(trim($_POST['login-name']));
+       if(! $loginame)
+               goaway(z_root());
 
-       $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
-               dbesc($email),
-               dbesc($email)
+       $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
+               dbesc($loginame),
+               dbesc($loginame)
        );
-       if(! count($r))
-               goaway($a->get_baseurl());
+
+       if(! count($r)) {
+               notice( t('No valid account found.') . EOL);
+               goaway(z_root());
+       }
+
        $uid = $r[0]['uid'];
        $username = $r[0]['username'];
+       $email = $r[0]['email'];
 
        $new_password = autoname(12) . mt_rand(100,9999);
        $new_password_encoded = hash('whirlpool',$new_password);
@@ -42,7 +47,7 @@ function lostpass_post(&$a) {
                        . 'Content-transfer-encoding: 8bit' );
 
 
-       goaway($a->get_baseurl());
+       goaway(z_root());
 }
 
 
@@ -58,7 +63,7 @@ function lostpass_content(&$a) {
                );
                if(! count($r)) {
                        notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL);
-                       goaway($a->get_baseurl());
+                       goaway(z_root());
                        return;
                }
                $uid = $r[0]['uid'];