From 237124c814fc5389073db3b9f4a2dd134424ebc2 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 5 Dec 2003 08:20:28 +0000
Subject: [PATCH] - Fixed bug #4416: added status checks to user_pass() to
 prevent mailing   new passwords to blocked user accounts.

---
 modules/user.module      | 12 +++++++-----
 modules/user/user.module | 12 +++++++-----
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/modules/user.module b/modules/user.module
index 2c2d23537be..071c10ee9b0 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -561,7 +561,8 @@ function user_login($edit = array(), $msg = "") {
     }
 
     /*
-    ** When possible, determine corresponding external auth source. Invoke source, and login user if successful:
+    ** When possible, determine corresponding external auth source. Invoke 
+    ** source, and login user if successful:
     */
 
     if (!$user->uid && $server && $result = user_get_authmaps("$name@$server")) {
@@ -574,8 +575,9 @@ function user_login($edit = array(), $msg = "") {
       }
     }
 
-     /*
-    ** Try each external authentication source in series. Register user if successful.
+    /*
+    ** Try each external authentication source in series. Register user if 
+    ** successful.
     */
 
     else if (!$user->uid && $server) {
@@ -698,11 +700,11 @@ function user_pass($edit = array()) {
   global $base_url;
 
   if ($edit["name"]) {
-    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE name = '%s'", $edit["name"]));
+    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND name = '%s'", $edit["name"]));
     if (!$account) $error = t("Sorry. The username <i>%s</i> is not recognized.", array("%s" => $edit["name"]));
   }
   else if ($edit["mail"]) {
-    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE mail = '%s'", $edit["mail"]));
+    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND mail = '%s'", $edit["mail"]));
     if (!$account) $error = t("Sorry. The e-mail address <i>%s</i> is not recognized.", array("%s" => $edit["mail"]));
   }
   if ($account) {
diff --git a/modules/user/user.module b/modules/user/user.module
index 2c2d23537be..071c10ee9b0 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -561,7 +561,8 @@ function user_login($edit = array(), $msg = "") {
     }
 
     /*
-    ** When possible, determine corresponding external auth source. Invoke source, and login user if successful:
+    ** When possible, determine corresponding external auth source. Invoke 
+    ** source, and login user if successful:
     */
 
     if (!$user->uid && $server && $result = user_get_authmaps("$name@$server")) {
@@ -574,8 +575,9 @@ function user_login($edit = array(), $msg = "") {
       }
     }
 
-     /*
-    ** Try each external authentication source in series. Register user if successful.
+    /*
+    ** Try each external authentication source in series. Register user if 
+    ** successful.
     */
 
     else if (!$user->uid && $server) {
@@ -698,11 +700,11 @@ function user_pass($edit = array()) {
   global $base_url;
 
   if ($edit["name"]) {
-    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE name = '%s'", $edit["name"]));
+    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND name = '%s'", $edit["name"]));
     if (!$account) $error = t("Sorry. The username <i>%s</i> is not recognized.", array("%s" => $edit["name"]));
   }
   else if ($edit["mail"]) {
-    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE mail = '%s'", $edit["mail"]));
+    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM {users} WHERE status = 1 AND mail = '%s'", $edit["mail"]));
     if (!$account) $error = t("Sorry. The e-mail address <i>%s</i> is not recognized.", array("%s" => $edit["mail"]));
   }
   if ($account) {