aboutsummaryrefslogtreecommitdiff
path: root/pages/account
diff options
context:
space:
mode:
Diffstat (limited to 'pages/account')
-rw-r--r--pages/account/forgotten_password.php2
-rw-r--r--pages/account/reset_password.php35
2 files changed, 35 insertions, 2 deletions
diff --git a/pages/account/forgotten_password.php b/pages/account/forgotten_password.php
index 93d786e22..7679eaa55 100644
--- a/pages/account/forgotten_password.php
+++ b/pages/account/forgotten_password.php
@@ -6,8 +6,6 @@
* @subpackage Registration
*/
-require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
-
if (elgg_is_logged_in()) {
forward();
}
diff --git a/pages/account/reset_password.php b/pages/account/reset_password.php
new file mode 100644
index 000000000..019ec3add
--- /dev/null
+++ b/pages/account/reset_password.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Page for resetting a forgotten password
+ *
+ * @package Elgg.Core
+ * @subpackage Registration
+ */
+
+if (elgg_is_logged_in()) {
+ forward();
+}
+
+$user_guid = get_input('u');
+$code = get_input('c');
+
+$user = get_entity($user_guid);
+
+// don't check code here to avoid automated attacks
+if (!$user instanceof ElggUser) {
+ register_error(elgg_echo('user:passwordreset:unknown_user'));
+ forward();
+}
+
+$params = array(
+ 'guid' => $user_guid,
+ 'code' => $code,
+);
+$form = elgg_view_form('user/passwordreset', array(), $params);
+
+$title = elgg_echo('resetpassword');
+$content = elgg_view_title(elgg_echo('resetpassword')) . $form;
+
+$body = elgg_view_layout('one_column', array('content' => $content));
+
+echo elgg_view_page($title, $body);