don't allow blocked/unverified users to reset their password.

author Friendika <info@friendika.com>

Wed, 29 Jun 2011 07:59:21 +0000 (00:59 -0700)

committer Friendika <info@friendika.com>

Wed, 29 Jun 2011 07:59:21 +0000 (00:59 -0700)
author Friendika <info@friendika.com>
Wed, 29 Jun 2011 07:59:21 +0000 (00:59 -0700)
committer Friendika <info@friendika.com>
Wed, 29 Jun 2011 07:59:21 +0000 (00:59 -0700)
diff --git a/mod/lostpass.php b/mod/lostpass.php

index e0bf6eed77c2d65ac98c9bb991c4c92b8f4acb99..3453a0db4334a8d06957473a20ed82adf8da8aa8 100644 (file)
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -7,12 +7,16 @@ function lostpass_post(&$a) {
         if(! $email)
                 goaway($a->get_baseurl());
  
-       $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
+       $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
                 dbesc($email),
                 dbesc($email)
         );
-       if(! count($r))
+
+       if(! count($r)) {
+               notice( t('No valid account found.') . EOL);
                 goaway($a->get_baseurl());
+       }
+
         $uid = $r[0]['uid'];
         $username = $r[0]['username'];
author	Friendika <info@friendika.com>
	Wed, 29 Jun 2011 07:59:21 +0000 (00:59 -0700)
committer	Friendika <info@friendika.com>
	Wed, 29 Jun 2011 07:59:21 +0000 (00:59 -0700)