- fixed SQL query for password resets for admins, fixes #38

- tell the user that passwordreset is disabled also when trying to reset an admin password
2010-02-25 19:06:02 +00:00
parent 0461e4cbd9
commit adf79b3b1d
1 changed files with 8 additions and 2 deletions
--- a/index.php
+++ b/index.php
@@ -226,7 +226,7 @@ if($action == 'forgotpwd')

 		if($db->num_rows() == 0)
 		{
-			$sql = "SELECT `adminid`, `firstname`, `name`, `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "`
+			$sql = "SELECT `adminid`, `name`, `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "`
 				WHERE `loginname`='" . $db->escape($loginname) . "'
 				AND `email`='" . $db->escape($email) . "'";
 			$result = $db->query($sql);
@@ -292,7 +292,7 @@ if($action == 'forgotpwd')
 				$message = $lng['login']['usernotfound'];
 			}

-			unset($user, $adminchecked);
+			unset($user);
 		}
 		else
 		{
@@ -304,6 +304,12 @@ if($action == 'forgotpwd')
 		$message = '';
 	}

+	if($adminchecked)
+		if($settings['panel']['allow_preset_admin'] != '1')
+		{
+			$message = $lng['pwdreminder']['notallowed'];
+			unset ($adminchecked);
+		}
 	if($settings['panel']['allow_preset'] != '1')
 	{
 		$message = $lng['pwdreminder']['notallowed'];