- fixed SQL query for password resets for admins, fixes #38
- tell the user that passwordreset is disabled also when trying to reset an admin password
This commit is contained in:
Robert Foerster (Dessa)
10
index.php
10
index.php
@@ -226,7 +226,7 @@ if($action == 'forgotpwd')
|
|||||||
|
|
||||||
if($db->num_rows() == 0)
|
if($db->num_rows() == 0)
|
||||||
{
|
{
|
||||||
$sql = "SELECT `adminid`, `firstname`, `name`, `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "`
|
$sql = "SELECT `adminid`, `name`, `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "`
|
||||||
WHERE `loginname`='" . $db->escape($loginname) . "'
|
WHERE `loginname`='" . $db->escape($loginname) . "'
|
||||||
AND `email`='" . $db->escape($email) . "'";
|
AND `email`='" . $db->escape($email) . "'";
|
||||||
$result = $db->query($sql);
|
$result = $db->query($sql);
|
||||||
@@ -292,7 +292,7 @@ if($action == 'forgotpwd')
|
|||||||
$message = $lng['login']['usernotfound'];
|
$message = $lng['login']['usernotfound'];
|
||||||
}
|
}
|
||||||
|
|
||||||
unset($user, $adminchecked);
|
unset($user);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@@ -304,6 +304,12 @@ if($action == 'forgotpwd')
|
|||||||
$message = '';
|
$message = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if($adminchecked)
|
||||||
|
if($settings['panel']['allow_preset_admin'] != '1')
|
||||||
|
{
|
||||||
|
$message = $lng['pwdreminder']['notallowed'];
|
||||||
|
unset ($adminchecked);
|
||||||
|
}
|
||||||
if($settings['panel']['allow_preset'] != '1')
|
if($settings['panel']['allow_preset'] != '1')
|
||||||
{
|
{
|
||||||
$message = $lng['pwdreminder']['notallowed'];
|
$message = $lng['pwdreminder']['notallowed'];
|
||||||
|
|||||||
Reference in New Issue
Block a user