Don't send out password if account doesn't exist, error out. We should improve error handling in this script.

git-svn-id: http://svn.automattic.com/wordpress/trunk@645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2003-12-23 21:19:30 +00:00 · 2003-12-23 21:19:30 +00:00 · 8f7d04c773
parent 546c4bdb41
commit 8f7d04c773
1 changed files with 1 additions and 0 deletions
--- a/wp-login.php
+++ b/wp-login.php
@ -208,6 +208,7 @@ case 'retrievepassword':
 	$user_email = $user_data->user_email;
 	$user_pass = $user_data->user_pass;

+	if (!$user_email) die('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username?');
 	$message  = "Login: $user_login\r\n";
 	$message .= "Password: $user_pass\r\n";