From adf79b3b1d627b65a309110deccf81eb1bbaf91a Mon Sep 17 00:00:00 2001
From: "Robert Foerster (Dessa)" <dessa@froxlor.org>
Date: Thu, 25 Feb 2010 19:06:02 +0000
Subject: [PATCH] - fixed SQL query for password resets for admins, fixes #38 -
 tell the user that passwordreset is disabled also when trying to reset an
 admin password

---
 index.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index faee0337..b57885c7 100644
--- a/index.php
+++ b/index.php
@@ -226,7 +226,7 @@ if($action == 'forgotpwd')
 
 		if($db->num_rows() == 0)
 		{
-			$sql = "SELECT `adminid`, `firstname`, `name`, `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "`
+			$sql = "SELECT `adminid`, `name`, `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "`
 				WHERE `loginname`='" . $db->escape($loginname) . "'
 				AND `email`='" . $db->escape($email) . "'";
 			$result = $db->query($sql);
@@ -292,7 +292,7 @@ if($action == 'forgotpwd')
 				$message = $lng['login']['usernotfound'];
 			}
 
-			unset($user, $adminchecked);
+			unset($user);
 		}
 		else
 		{
@@ -304,6 +304,12 @@ if($action == 'forgotpwd')
 		$message = '';
 	}
 
+	if($adminchecked)
+		if($settings['panel']['allow_preset_admin'] != '1')
+		{
+			$message = $lng['pwdreminder']['notallowed'];
+			unset ($adminchecked);
+		}
 	if($settings['panel']['allow_preset'] != '1')
 	{
 		$message = $lng['pwdreminder']['notallowed'];