diff --git a/pluginHandler.js b/pluginHandler.js
index 89245d15..19f20172 100644
--- a/pluginHandler.js
+++ b/pluginHandler.js
@@ -516,7 +516,7 @@ module.exports.pluginHandler = function (parent) {
     };
 
     obj.handleAdminReq = function (req, res, user, serv) {
-        if (obj.common.isAlphaNumeric(req.query.pin) !== true) { res.sendStatus(401); return; }
+        if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; }
         var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
         if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; }
         serv.app.set('views', path);
@@ -528,7 +528,7 @@ module.exports.pluginHandler = function (parent) {
     }
 
     obj.handleAdminPostReq = function (req, res, user, serv) {
-        if (obj.common.isAlphaNumeric(req.query.pin) !== true) { res.sendStatus(401); return; }
+        if ((req.query.pin == null) || (obj.common.isAlphaNumeric(req.query.pin) !== true)) { res.sendStatus(401); return; }
         var path = obj.path.join(obj.pluginPath, req.query.pin, 'views');
         if (obj.common.IsFilenameValid(path) !== true) { res.sendStatus(401); return; }
         serv.app.set('views', path);
diff --git a/views/login-mobile.handlebars b/views/login-mobile.handlebars
index eb17394f..7aad7e5f 100644
--- a/views/login-mobile.handlebars
+++ b/views/login-mobile.handlebars
@@ -327,7 +327,7 @@
 
         // Display the right server message
         var messageid = parseInt('{{{messageid}}}');
-        var okmessages = ['', "Hold on, reset mail sent.", "Email sent.", "Email verification required, check your mailbox and click the confirmation link.", "SMS sent."];
+        var okmessages = ['', "If valid, reset mail sent.", "Email sent.", "Email verification required, check your mailbox and click the confirmation link.", "SMS sent."];
         var failmessages = ["Unable to create account.", "Account limit reached.", "Existing account with this email address.", "Invalid account creation token.", "Username already exists.", "Password rejected, use a different one.", "Invalid email.", "Account not found.", "Invalid token, try again.", "Unable to sent email.", "Account locked.", "Access denied.", "Login failed, check username and password.", "Password change requested.", "IP address blocked, try again later."];
         if (messageid > 0) {
             var msg = '';
diff --git a/views/login.handlebars b/views/login.handlebars
index 8d66a0f4..16ca7e3d 100644
--- a/views/login.handlebars
+++ b/views/login.handlebars
@@ -320,7 +320,7 @@
             // Display the right server message
             var i;
             var messageid = parseInt('{{{messageid}}}');
-            var okmessages = ['', "Hold on, reset mail sent.", "Email sent.", "Email verification required, check your mailbox and click the confirmation link.", "SMS sent."];
+            var okmessages = ['', "If valid, reset mail sent.", "Email sent.", "Email verification required, check your mailbox and click the confirmation link.", "SMS sent."];
             var failmessages = ["Unable to create account.", "Account limit reached.", "Existing account with this email address.", "Invalid account creation token.", "Username already exists.", "Password rejected, use a different one.", "Invalid email.", "Account not found.", "Invalid token, try again.", "Unable to sent email.", "Account locked.", "Access denied.", "Login failed, check username and password.", "Password change requested.", "IP address blocked, try again later."];
             if (messageid > 0) {
                 var msg = '';
diff --git a/webserver.js b/webserver.js
index 17184596..c4cb7ac7 100644
--- a/webserver.js
+++ b/webserver.js
@@ -1357,7 +1357,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 if ((err != null) || (docs.length == 0)) {
                     parent.debug('web', 'handleResetAccountRequest: Account not found');
                     req.session.loginmode = '3';
-                    req.session.messageid = 107; // Account not found.
+                    req.session.messageid = 1; // If valid, reset mail sent. Instead of "Account not found" (107), we send this hold on message so users can't know if this account exists or not.
                     if (direct === true) { handleRootRequestEx(req, res, domain); } else { res.redirect(domain.url + getQueryPortion(req)); }
                 } else {
                     // If many accounts have the same validated e-mail, we are going to use the first one for display, but sent a reset email for all accounts.
@@ -1388,7 +1388,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                                         if (i == 0) {
                                             parent.debug('web', 'handleResetAccountRequest: Hold on, reset mail sent.');
                                             req.session.loginmode = '1';
-                                            req.session.messageid = 1; // Hold on, reset mail sent.
+                                            req.session.messageid = 1; // If valid, reset mail sent.
                                             if (direct === true) { handleRootRequestEx(req, res, domain); } else { res.redirect(domain.url + getQueryPortion(req)); }
                                         }
                                     } else {
@@ -1408,7 +1408,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                                 if (i == 0) {
                                     parent.debug('web', 'handleResetAccountRequest: Hold on, reset mail sent.');
                                     req.session.loginmode = '1';
-                                    req.session.messageid = 1; // Hold on, reset mail sent.
+                                    req.session.messageid = 1; // If valid, reset mail sent.
                                     if (direct === true) { handleRootRequestEx(req, res, domain); } else { res.redirect(domain.url + getQueryPortion(req)); }
                                 }
                             } else {
@@ -2828,7 +2828,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
         if (domain == null) return;
 
         // Check the query
-        if ((req.query.file == null) || (obj.common.IsFilenameValid(req.query.file) !== true)) { res.sendStatus(401); return; }
+        if ((domain.sessionrecording == null) || (req.query.file == null) || (obj.common.IsFilenameValid(req.query.file) !== true)) { res.sendStatus(401); return; }
 
         // Get the recording path
         var recordingsPath = null;
@@ -2923,7 +2923,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
         } catch (ex) {
             res.set({ 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=\"file.bin\"' });
         }
-        try { res.sendFile(file.fullpath); } catch (e) { res.sendStatus(404); }
+        obj.fs.exists(file.fullpath, function (exists) { if (exists == true) { res.sendFile(file.fullpath); } else { res.sendStatus(404); } });
     }
 
     // Upload a MeshCore.js file to the server