From 0562d248b5fcf2ceeba5bd547d046662b6963450 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Fri, 2 Dec 2022 13:24:27 +0100
Subject: [PATCH] use same error message for invalid user and disabled password
 reset to not give away if a user exists

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 index.php           | 2 +-
 lng/english.lng.php | 2 +-
 lng/german.lng.php  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/index.php b/index.php
index 7434bade..6e2caa5b 100644
--- a/index.php
+++ b/index.php
@@ -579,7 +579,7 @@ if ($action == 'forgotpwd') {
 					unset($user);
 				}
 			} else {
-				$message = $lng['login']['usernotfound'];
+				$message = $lng['pwdreminder']['notallowed'];
 			}
 		}
 	}
diff --git a/lng/english.lng.php b/lng/english.lng.php
index f79249e8..6db57e54 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -761,7 +761,7 @@ $lng['pwdreminder']['success'] = 'Password reset successfully requested. Please
 // ADDED IN 1.2.19-svn18
 
 $lng['serversettings']['allow_password_reset']['title'] = 'Allow password reset by customers';
-$lng['pwdreminder']['notallowed'] = 'Password reset is disabled';
+$lng['pwdreminder']['notallowed'] = 'Unknown user or password reset is disabled';
 
 // ADDED IN 1.2.19-svn21
 
diff --git a/lng/german.lng.php b/lng/german.lng.php
index e094bf59..ff2a6628 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -754,7 +754,7 @@ $lng['pwdreminder']['success'] = 'Das Zurücksetzen des Passworts wurde erfolgre
 // ADDED IN 1.2.19-svn18
 
 $lng['serversettings']['allow_password_reset']['title'] = 'Erlaube das Zurücksetzen des Kundenpassworts.';
-$lng['pwdreminder']['notallowed'] = 'Das Zurücksetzen des Passworts ist deaktiviert.';
+$lng['pwdreminder']['notallowed'] = 'Unbekannter Benutzer oder Zurücksetzen des Passworts ist deaktiviert.';
 
 // ADDED IN 1.2.19-svn21