X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Flostpass.php;h=57e6d696537c24b3e5440d751b5e1fa6c4e6625a;hb=ec1580b82dfeb7703d6376f8724a7dbf410eaf19;hp=e0bf6eed77c2d65ac98c9bb991c4c92b8f4acb99;hpb=19ccd658ebcf13a7cc208a3e460e44d152dda32f;p=friendica.git

diff --git a/mod/lostpass.php b/mod/lostpass.php
index e0bf6eed77..57e6d69653 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -3,18 +3,23 @@
 
 function lostpass_post(&$a) {
 
-	$email = notags(trim($_POST['login-name']));
-	if(! $email)
-		goaway($a->get_baseurl());
+	$loginame = notags(trim($_POST['login-name']));
+	if(! $loginame)
+		goaway(z_root());
 
-	$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
-		dbesc($email),
-		dbesc($email)
+	$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
+		dbesc($loginame),
+		dbesc($loginame)
 	);
-	if(! count($r))
-		goaway($a->get_baseurl());
+
+	if(! count($r)) {
+		notice( t('No valid account found.') . EOL);
+		goaway(z_root());
+	}
+
 	$uid = $r[0]['uid'];
 	$username = $r[0]['username'];
+	$email = $r[0]['email'];
 
 	$new_password = autoname(12) . mt_rand(100,9999);
 	$new_password_encoded = hash('whirlpool',$new_password);
@@ -42,7 +47,7 @@ function lostpass_post(&$a) {
 			. 'Content-transfer-encoding: 8bit' );
 
 
-	goaway($a->get_baseurl());
+	goaway(z_root());
 }
 
 
@@ -58,7 +63,7 @@ function lostpass_content(&$a) {
 		);
 		if(! count($r)) {
 			notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL);
-			goaway($a->get_baseurl());
+			goaway(z_root());
 			return;
 		}
 		$uid = $r[0]['uid'];