summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pages/account/43.php2
-rw-r--r--www/index.php11
2 files changed, 10 insertions, 3 deletions
diff --git a/pages/account/43.php b/pages/account/43.php
index c889ce3..4fc67a0 100644
--- a/pages/account/43.php
+++ b/pages/account/43.php
@@ -37,7 +37,7 @@ if(intval(array_key_exists('userid',$_REQUEST)?$_REQUEST['userid']:0) <= 0)
{
$_REQUEST['userid'] = 0;
- $emailsearch = $email = mysql_real_escape_string(stripslashes($_REQUEST['email']));
+ $emailsearch = $email = mysql_real_escape_string(stripslashes(trim($_REQUEST['email'])));
//Disabled to speed up the queries
//if(!strstr($email, "%"))
diff --git a/www/index.php b/www/index.php
index 8f6240d..3f76009 100644
--- a/www/index.php
+++ b/www/index.php
@@ -141,10 +141,17 @@ require_once('../includes/notary.inc.php');
{
$id = $oldid;
$oldid = 0;
- $_SESSION['_config']['errmsg'] = _("Unable to match your details with any user accounts on file");
+ $_SESSION['_config']['errmsg'] = _('Unable to match your details with any user accounts on file');
} else {
- $id = 6;
$_SESSION['lostpw']['user'] = mysql_fetch_assoc($res);
+ //check wether account is locked or deleted
+ if ($_SESSION['lostpw']['user']['locked'] == 1 || $_SESSION['lostpw']['user']['deleted'] != 0) {
+ $id = $oldid;
+ $oldid = 0;
+ $_SESSION['_config']['errmsg'] = printf(_('The account is not available, please get in contact with support(%s).'),'support@cacert.org');
+ } else {
+ $id = 6;
+ }
}
}