Registered E-Mails can be checked

[WebFreak001]

userman/source/userman/web.d

Line 393 in 47bc915

// ignore errors, so that registered e-mails cannot be determined

it says here the it's supposed to ignore errors but if you access /reset_password?email=somemail&code=invalid_code and attempt to change the password the error is different between

There is no user account for the specified email address.

and

Error: Invalid request code, please request a new one.

It should always only show the second one.

Probably low priority but the comment there that it shouldn't be able to be determined, I think you might still be able to find out because the throw/catch takes more time so you will see a ms or more more on average, it should simulate some micro sleep.