Merge pull request #940 from TheSerapher/issue-939

[FIX] Account Lockouts on Edit Account page
2013-12-10 07:18:51 -08:00 · 2013-12-10 07:18:51 -08:00 · 724f2d633e
commit 724f2d633e
parent e3426ebd05 6a693ea25e
1 changed files with 1 additions and 1 deletions
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@ -5,7 +5,7 @@ if (!defined('SECURITY'))
  die('Hacking attempt');

 if ($user->isAuthenticated()) {
-  if ( ! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']) && @$_POST['do']) {
+  if ( @$_POST['do'] && (! $user->checkPin($_SESSION['USERDATA']['id'], @$_POST['authPin']))) {
    $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN. ' . ($config['maxfailed']['pin'] - $user->getUserPinFailed($_SESSION['USERDATA']['id'])) . ' attempts remaining.', 'TYPE' => 'errormsg');
  } else {
    switch (@$_POST['do']) {