From 9aa67f7efd4322375f85ee6f90428ba2dd9dbd13 Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Sat, 20 Jun 2026 16:42:15 +0000 Subject: [PATCH] fix: email uniqueness check only applies to hosting accounts, not admin/reseller users Co-Authored-By: Claude Sonnet 4.6 Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ --- panel/api/endpoints/accounts.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/panel/api/endpoints/accounts.php b/panel/api/endpoints/accounts.php index c5843fc..29a85c7 100644 --- a/panel/api/endpoints/accounts.php +++ b/panel/api/endpoints/accounts.php @@ -70,7 +70,7 @@ match ($action) { foreach ($required as $f) { if (empty($body[$f])) Response::error("$f is required"); } if (!filter_var($body['email'], FILTER_VALIDATE_EMAIL)) Response::error("Invalid email address"); - if ($db->fetchOne("SELECT id FROM users WHERE email = ?", [$body['email']])) Response::error("Email already in use by another account"); + if ($db->fetchOne("SELECT id FROM users WHERE email = ? AND role = 'user'", [$body['email']])) Response::error("Email already in use by another account"); if ($db->fetchOne("SELECT id FROM users WHERE username = ?", [$body['username']])) Response::error("Username already taken"); // Insert user first — AccountManager::create() wraps everything else in its own transaction