Index: trunk/kernel/parser.php
===================================================================
diff -u -r1012 -r1020
--- trunk/kernel/parser.php	(.../parser.php)	(revision 1012)
+++ trunk/kernel/parser.php	(.../parser.php)	(revision 1020)
@@ -2243,25 +2243,54 @@
 
 function m_confirm_password_link($attribs = array())
 {
-	global $var_list, $var_list_update, $m_var_list_update, $objSession, $objConfig;
+	global $m_var_list_update, $objSession, $objConfig;
 	
     $template = "forgotpw_reset_result";    
-    $user = $objSession->Get("tmp_user_id").";".$objSession->Get("tmp_email");    
+//  $user = $objSession->Get("tmp_user_id").";".$objSession->Get("tmp_email");    
+	$tmp_user_id = $objSession->Get("tmp_user_id");
     
-    $query = "&user_key=".base64_encode($user)."&Action=m_resetpw";
+    $conn = &GetADODBConnection();
+    $code = md5(GenerateCode());
+    $sql = 'UPDATE '.GetTablePrefix().'PortalUser SET PwResetConfirm="'.$code.'", PwRequestTime='.mktime().' WHERE PortalUserId='.$tmp_user_id;
+
+    $query = "&user_key=".$code."&Action=m_resetpw";
     
-    $var_list["t"] = $template;	
+    $conn->Execute($sql);
     
-    if($attribs["_secure"])
+    $m_var_list_update["t"] = $template;	
+    
+    $ret = ($attribs["_secure"]?"https://":"http://").ThisDomain().$objConfig->Get("Site_Path")."index.php?env=".BuildEnv().$query;
+    
+    return $ret;
+}
+
+/**
+ * Returns result of password reset confirmation 
+ * code validation as appropriate phrase
+ *
+ * @return string
+ * @example <inp:m_codevalidationresult />
+ */
+function m_codevalidationresult($attribs=Array())
+{
+ 	$passed_key = $_GET['user_key']; 	
+ 	$conn = &GetADODBConnection();
+ 	$sql = 'SELECT PwRequestTime FROM '.GetTablePrefix().'PortalUser WHERE PwResetConfirm="'.$passed_key.'"';
+ 	$rs = $conn->Execute($sql);
+ 	$PwRequestTime = $rs->Fields['PwRequestTime'];
+ 	    
+    if (!$rs->EOF) 
     {
-    	$ret = "https://".ThisDomain().$objConfig->Get("Site_Path")."index.php?env=".BuildEnv().$query;
-    }
-    else
+    	if ($PwRequestTime + 3600 < mktime())
+    	{
+    		return m_language(Array('_phrase'=>'lu_code_expired'));
+    	}
+    	return m_language(Array('_phrase'=>'lu_forgotpw_confirm_text'));
+    } 
+    else 
     {
-    	$ret = "http://".ThisDomain().$objConfig->Get("Site_Path")."index.php?env=".BuildEnv().$query;
+    	return m_language(Array('_phrase'=>'lu_code_is_not_valid'));
     }
-    
-    return $ret;
 }
 
 /*