Не отрабатывает проверка на незаполненность. На один запрос меньше при неверном логине.

rememberpassword.php

@@ -22,10 +22,10 @@ function mail_send($to, $from_user, $from_email, $subject = '(No subject)', $mes
 
 $login = filter_input(INPUT_POST, 'loginid', FILTER_SANITIZE_SPECIAL_CHARS);
 if ($login) {
-    $recovery = db::c()->query('SELECT 1 FROM users_recovery WHERE login = "?s"', $login)->getNumRows() ?? 0;
-    if ($recovery) {
-        $sql = db::c()->query('SELECT email FROM users WHERE login = "?s"', $login)->fetch_assoc();
-        if ($sql) {
+    $loginCheck = db::c()->query('SELECT email FROM users WHERE login = "?s"', $login)->fetch_assoc();
+    if ($loginCheck) {
+        $recovery = db::c()->query('SELECT 1 FROM users_recovery WHERE login = "?s"', $login)->getNumRows() ?? 0;
+        if (!$recovery) {
             $hash = bin2hex(random_bytes(8));
             $lasttime = date('Y-m-d', strtotime('+1days'));
             $ip = $_SERVER['REMOTE_ADDR'];
@@ -42,10 +42,10 @@ if ($login) {
                 $statusMessage = ERROR_MAIL_NOT_SENT;
             }
         } else {
-            $statusMessage = ERROR_NO_SUCH_USER;
+            $statusMessage = ERROR_TOO_MANY_TRIES;
         }
     } else {
-        $statusMessage = ERROR_TOO_MANY_TRIES;
+        $statusMessage = ERROR_NO_SUCH_USER;
     }
 }