- fixed password-reset $adminchecked; if no user is given don't output (admins) "password reset not allowed"

2010-04-14 10:27:28 +00:00
parent f62dba4e1b
commit 8ee56d23ba
1 changed files with 81 additions and 76 deletions
--- a/index.php
+++ b/index.php
@@ -214,6 +214,7 @@ if($action == 'login')
 if($action == 'forgotpwd')
 {
 	$adminchecked = false;
+	$message = '';

 	if(isset($_POST['send'])
 	&& $_POST['send'] == 'send')
@@ -231,9 +232,19 @@ if($action == 'forgotpwd')
 				WHERE `loginname`='" . $db->escape($loginname) . "'
 				AND `email`='" . $db->escape($email) . "'";
 			$result = $db->query($sql);
+				
+			if($db->num_rows() > 0)
+			{
 				$adminchecked = true;
 			}
+			else
+			{
+				$result = null;
+			}
+		}

+		if($result !== null)
+		{
 			$user = $db->fetch_array($result);

 			if(($adminchecked && $settings['panel']['allow_preset_admin'] == '1')
@@ -306,15 +317,9 @@ if($action == 'forgotpwd')

 				unset($user);
 			}
-		else
-		{
-			$message = '';
 		}
 	}
-	else
-	{
-		$message = '';
-	}
+

 	if($adminchecked)
 	{