X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Flostpass.php;h=b71398fa4b5b79e7c13619750ec3a6d66e984117;hb=df7702709b07560af1d469f0835586af317f39b0;hp=e0bf6eed77c2d65ac98c9bb991c4c92b8f4acb99;hpb=e1107b55c6715d131ca808890ce51c6301e56ccc;p=friendica.git

diff --git a/mod/lostpass.php b/mod/lostpass.php
index e0bf6eed77..b71398fa4b 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -5,14 +5,18 @@ function lostpass_post(&$a) {
 
 	$email = notags(trim($_POST['login-name']));
 	if(! $email)
-		goaway($a->get_baseurl());
+		goaway(z_root());
 
-	$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
+	$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
 		dbesc($email),
 		dbesc($email)
 	);
-	if(! count($r))
-		goaway($a->get_baseurl());
+
+	if(! count($r)) {
+		notice( t('No valid account found.') . EOL);
+		goaway(z_root());
+	}
+
 	$uid = $r[0]['uid'];
 	$username = $r[0]['username'];
 
@@ -42,7 +46,7 @@ function lostpass_post(&$a) {
 			. 'Content-transfer-encoding: 8bit' );
 
 
-	goaway($a->get_baseurl());
+	goaway(z_root());
 }
 
 
@@ -58,7 +62,7 @@ function lostpass_content(&$a) {
 		);
 		if(! count($r)) {
 			notice( t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.") . EOL);
-			goaway($a->get_baseurl());
+			goaway(z_root());
 			return;
 		}
 		$uid = $r[0]['uid'];