diff --git a/Web/Presenters/AuthPresenter.php b/Web/Presenters/AuthPresenter.php
index bbb45d28..2f178900 100644
--- a/Web/Presenters/AuthPresenter.php
+++ b/Web/Presenters/AuthPresenter.php
@@ -207,6 +207,9 @@ final class AuthPresenter extends OpenVKPresenter
function renderFinishRestoringPassword(): void
{
+ if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
+ $this->notFound();
+
$request = $this->restores->getByToken(str_replace(" ", "+", $this->queryParam("key")));
if(!$request || !$request->isStillValid()) {
$this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment"));
@@ -241,6 +244,9 @@ final class AuthPresenter extends OpenVKPresenter
function renderRestore(): void
{
+ if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
+ $this->notFound();
+
if(!is_null($this->user))
$this->redirect($this->user->identity->getURL());
diff --git a/Web/Presenters/templates/@layout.xml b/Web/Presenters/templates/@layout.xml
index f211c2c1..cd6e4891 100644
--- a/Web/Presenters/templates/@layout.xml
+++ b/Web/Presenters/templates/@layout.xml
@@ -220,7 +220,7 @@
- {_forgot_password}
+ {if !OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring']}{_forgot_password}{/if}
{/ifset}
diff --git a/openvk-example.yml b/openvk-example.yml
index c0428283..ad878af0 100644
--- a/openvk-example.yml
+++ b/openvk-example.yml
@@ -28,6 +28,7 @@ openvk:
forcePhoneVerification: false
forceEmailVerification: false
forceStrongPassword: false
+ disablePasswordRestoring: true # turn this off if you have configured e-mail sending correctly
enableSu: true
rateLimits:
actions: 5