From 6a693ea25e336ce98e3561f4443233dbc3308cad Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Tue, 10 Dec 2013 16:14:44 +0100
Subject: [PATCH] [FIX] Account Lockouts on Edit Account page

Fixes #939 once merged.
---
 public/include/pages/account/edit.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php
index 547032b5..b1755a40 100644
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@@ -5,7 +5,7 @@ if (!defined('SECURITY'))
   die('Hacking attempt');
 
 if ($user->isAuthenticated()) {
-  if ( ! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']) && @$_POST['do']) {
+  if ( @$_POST['do'] && (! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']))) {
     $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN. ' . ($config['maxfailed']['pin'] - $user->getUserPinFailed($_SESSION['USERDATA']['id'])) . ' attempts remaining.', 'TYPE' => 'errormsg');
   } else {
     switch (@$_POST['do']) {