Index: branches/5.2.x/core/units/users/users_tag_processor.php
===================================================================
diff -u -N -r14244 -r14469
--- branches/5.2.x/core/units/users/users_tag_processor.php	(.../users_tag_processor.php)	(revision 14244)
+++ branches/5.2.x/core/units/users/users_tag_processor.php	(.../users_tag_processor.php)	(revision 14469)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: users_tag_processor.php 14244 2011-03-16 20:53:41Z alex $
+* @version	$Id: users_tag_processor.php 14469 2011-07-12 13:08:03Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -104,7 +104,7 @@
 	     	$user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
 			/* @var $user_current_object UsersItem */
 
-			$code_type = array_key_exists('code_type', $params) ? $params['code_type'] : 'forgot_password';
+			$code_type = isset($params['code_type']) ? $params['code_type'] : 'forgot_password';
 
 			$error_messages = Array (
 				'forgot_password' => Array (
@@ -120,14 +120,21 @@
 
 			if ($code_type == 'custom') {
 				// custom error messages are given directly in tag
-				$error_messages['custom'] = Array (
+				$error_messages[$code_type] = Array (
 					'code_is_not_valid' => $params['error_invalid'],
 					'code_expired' => $params['error_expired'],
 				);
 			}
 
+			$expiration_timeouts = Array (
+				'forgot_password' => 'config:Users_AllowReset',
+				'activation' => 'config:UserEmailActivationTimeout',
+				'custom' => '',
+			);
+
 		    if (!$passed_key) {
 		    	$user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', $error_messages[$code_type]['code_is_not_valid']);
+
 				return false;
 		    }
 
@@ -136,20 +143,27 @@
 
 		    $user_object->Load($passed_key, 'PwResetConfirm');
 
-		    if ($user_object->isLoaded()) {
-		    	$expiration_time = $user_object->GetDBField('PwRequestTime') + 3600;
-		      	if ($expiration_time > adodb_mktime()) {
-					return true;
-		      	} else {
-		      		$user_current_object->SetError('PwResetConfirm', 'code_expired', $error_messages[$code_type]['code_expired']);
-		      		return false;
-		      	}
-		    }
-		    else {
+		    if ( !$user_object->isLoaded() ) {
 		    	$user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', $error_messages[$code_type]['code_is_not_valid']);
+
 		    	return false;
 		    }
+		    else {
+		    	$expiration_timeout = isset($params['expiration_timeout']) ? $params['expiration_timeout'] : $expiration_timeouts[$code_type];
 
+		    	if ( preg_match('/^config:(.*)$/', $expiration_timeout, $regs) ) {
+		    		$expiration_timeout = $this->Application->ConfigValue( $regs[1] );
+		    	}
+
+		    	if ( $expiration_timeout ) {
+			      	if ( $user_object->GetDBField('PwRequestTime') < strtotime('-' . $expiration_timeout . ' minutes') ) {
+						$user_current_object->SetError('PwResetConfirm', 'code_expired', $error_messages[$code_type]['code_expired']);
+
+			      		return false;
+			      	}
+		    	}
+		    }
+
 			return true;
 		}