Index: trunk/globals.php
===================================================================
diff -u -N -r1016 -r1020
--- trunk/globals.php	(.../globals.php)	(revision 1016)
+++ trunk/globals.php	(.../globals.php)	(revision 1020)
@@ -1635,8 +1635,39 @@
 	return defined('DEBUG_MODE') && constant('DEBUG_MODE') == 1 ? 1 : 0;	
 }
 
+/**
+ * Two strings in-case-sensitive compare.
+ * Returns >0, when string1 > string2,
+ *         <0, when string1 > string2,
+ *          0, when string1 = string2
+ *
+ * @param string $string1
+ * @param string $string2
+ * @return int
+ */
 function stricmp ($string1, $string2) {
 	return strcmp(strtolower($string1), strtolower($string2));
 }
 
+/**
+ * Generates unique code
+ *
+ * @return string
+ */
+function GenerateCode()
+{
+	list($usec, $sec) = explode(" ",microtime());
+
+	$id_part_1 = substr($usec, 4, 4);
+	$id_part_2 = mt_rand(1,9);
+	$id_part_3 = substr($sec, 6, 4);
+	$digit_one = substr($id_part_1, 0, 1);
+	if ($digit_one == 0) {
+		$digit_one = mt_rand(1,9);
+		$id_part_1 = ereg_replace("^0","",$id_part_1);
+		$id_part_1=$digit_one.$id_part_1;
+	}
+	return $id_part_1.$id_part_2.$id_part_3;
+}
+
 ?>
Index: trunk/kernel/include/portaluser.php
===================================================================
diff -u -N -r988 -r1020
--- trunk/kernel/include/portaluser.php	(.../portaluser.php)	(revision 988)
+++ trunk/kernel/include/portaluser.php	(.../portaluser.php)	(revision 1020)
@@ -841,7 +841,7 @@
 	}
 
 	function &Edit_User($UserId, $Login, $Password, $Email, $CreatedOn, $FirstName="", $LastName="",  
-                       $Status=2, $Phone="", $Street="", $City="", $State="", $Zip="", $Country="", $dob=0)
+                       $Status=2, $Phone="", $Street="", $City="", $State="", $Zip="", $Country="", $dob=0, $MinPwResetDelay=300)
 	{        
 		//echo "<font color=\"red\">Editing User: [$UserId]</font><br>";
 		
@@ -857,9 +857,9 @@
 			$IsBanned = $u->Get('IsBanned');
 			if($Status == 1) $IsBanned = 0;
 			$u->Set(array("Login", "FirstName", "LastName", "Email", "Status", 
-                          "Phone",  "Street", "City", "State", "Zip", "Country", "CreatedOn","dob","IsBanned"), 
+                          "Phone",  "Street", "City", "State", "Zip", "Country", "CreatedOn","dob","IsBanned", "MinPwResetDelay"), 
                     array($Login, $FirstName, $LastName, $Email, $Status, 
-                          $Phone, $Street, $City, $State, $Zip, $Country, $CreatedOn,$dob,$IsBanned));
+                          $Phone, $Street, $City, $State, $Zip, $Country, $CreatedOn,$dob,$IsBanned,$MinPwResetDelay));
 			if(strlen($Password))
 			  $u->Set("Password",$Password);   
 			$u->Update();
Index: trunk/themes/default/forgotpw_reset_result.tpl
===================================================================
diff -u -N -r858 -r1020
--- trunk/themes/default/forgotpw_reset_result.tpl	(.../forgotpw_reset_result.tpl)	(revision 858)
+++ trunk/themes/default/forgotpw_reset_result.tpl	(.../forgotpw_reset_result.tpl)	(revision 1020)
@@ -67,7 +67,7 @@
 									  	<td>&nbsp;</td>
 									  	<td><br />
 									  		<h2><inp:m_language _Phrase="lu_forgotpw_confirm" /></h2>
-						           	<inp:m_language _Phrase="lu_forgotpw_confirm_text" /><br /><br />
+						           			<inp:m_codevalidationresult /><br /><br />
 									  	</td>
 									  </tr>
 									  <tr>
Index: trunk/kernel/parser.php
===================================================================
diff -u -N -r1012 -r1020
--- trunk/kernel/parser.php	(.../parser.php)	(revision 1012)
+++ trunk/kernel/parser.php	(.../parser.php)	(revision 1020)
@@ -2243,25 +2243,54 @@
 
 function m_confirm_password_link($attribs = array())
 {
-	global $var_list, $var_list_update, $m_var_list_update, $objSession, $objConfig;
+	global $m_var_list_update, $objSession, $objConfig;
 	
     $template = "forgotpw_reset_result";    
-    $user = $objSession->Get("tmp_user_id").";".$objSession->Get("tmp_email");    
+//  $user = $objSession->Get("tmp_user_id").";".$objSession->Get("tmp_email");    
+	$tmp_user_id = $objSession->Get("tmp_user_id");
     
-    $query = "&user_key=".base64_encode($user)."&Action=m_resetpw";
+    $conn = &GetADODBConnection();
+    $code = md5(GenerateCode());
+    $sql = 'UPDATE '.GetTablePrefix().'PortalUser SET PwResetConfirm="'.$code.'", PwRequestTime='.mktime().' WHERE PortalUserId='.$tmp_user_id;
+
+    $query = "&user_key=".$code."&Action=m_resetpw";
     
-    $var_list["t"] = $template;	
+    $conn->Execute($sql);
     
-    if($attribs["_secure"])
+    $m_var_list_update["t"] = $template;	
+    
+    $ret = ($attribs["_secure"]?"https://":"http://").ThisDomain().$objConfig->Get("Site_Path")."index.php?env=".BuildEnv().$query;
+    
+    return $ret;
+}
+
+/**
+ * Returns result of password reset confirmation 
+ * code validation as appropriate phrase
+ *
+ * @return string
+ * @example <inp:m_codevalidationresult />
+ */
+function m_codevalidationresult($attribs=Array())
+{
+ 	$passed_key = $_GET['user_key']; 	
+ 	$conn = &GetADODBConnection();
+ 	$sql = 'SELECT PwRequestTime FROM '.GetTablePrefix().'PortalUser WHERE PwResetConfirm="'.$passed_key.'"';
+ 	$rs = $conn->Execute($sql);
+ 	$PwRequestTime = $rs->Fields['PwRequestTime'];
+ 	    
+    if (!$rs->EOF) 
     {
-    	$ret = "https://".ThisDomain().$objConfig->Get("Site_Path")."index.php?env=".BuildEnv().$query;
-    }
-    else
+    	if ($PwRequestTime + 3600 < mktime())
+    	{
+    		return m_language(Array('_phrase'=>'lu_code_expired'));
+    	}
+    	return m_language(Array('_phrase'=>'lu_forgotpw_confirm_text'));
+    } 
+    else 
     {
-    	$ret = "http://".ThisDomain().$objConfig->Get("Site_Path")."index.php?env=".BuildEnv().$query;
+    	return m_language(Array('_phrase'=>'lu_code_is_not_valid'));
     }
-    
-    return $ret;
 }
 
 /*
Index: trunk/admin/install/inportal_schema.sql
===================================================================
diff -u -N -r898 -r1020
--- trunk/admin/install/inportal_schema.sql	(.../inportal_schema.sql)	(revision 898)
+++ trunk/admin/install/inportal_schema.sql	(.../inportal_schema.sql)	(revision 1020)
@@ -391,6 +391,9 @@
   ip varchar(20) default NULL,
   IsBanned tinyint(1) NOT NULL default '0',
   PassResetTime bigint(20),
+  PwResetConfirm varchar(255),
+  PwRequestTime bigint(25),
+  MinPwResetDelay int(11) NOT NULL default '1800', 
   PRIMARY KEY  (PortalUserId),
   UNIQUE KEY Login (Login),
   UNIQUE KEY ResourceId (ResourceId),
Index: trunk/kernel/frontaction.php
===================================================================
diff -u -N -r1019 -r1020
--- trunk/kernel/frontaction.php	(.../frontaction.php)	(revision 1019)
+++ trunk/kernel/frontaction.php	(.../frontaction.php)	(revision 1020)
@@ -61,26 +61,31 @@
      		break;
      
      case "m_resetpw":
-     	$passed_arr = explode(';', base64_decode($_GET['user_key']));
-     	$found = false;
+     	$passed_key = $_GET['user_key'];
      	
-     	$u = $objUsers->GetItemByField("Email", $passed_arr[1]);
-	    if(is_object($u)) {
-	        $found = ($u->Get("PortalUserId")==$passed_arr[0] && $u->Get("Status")==1) && strlen($u->Get("Password"));     	
-	    }
+     	$u = $objUsers->GetItemByField("PwResetConfirm", $passed_key);	    
+	    $found = is_object($u);  		    
 	    
 	    if($found)
-	    {	
-	      	$newpw = makepassword();
-	      	$objSession->Set('password', $newpw); 
-	      	$u->Set("Password",$newpw);
-	      	$u->Set("PassResetTime", time());
-	      	$u->Update();
-	        $u->SendUserEventMail("USER.PSWD",$u->Get("PortalUserId"));
-	        $u->SendAdminEventMail("USER.PSWD");
-	        $u->Set("Password",md5($newpw));
-	        $u->Update();
-	     	$u->Clean();    
+	    {		      	
+	    	$exp_time = $u->Get('PwRequestTime') + 3600;
+	    	$u->Set("PwResetConfirm", '');
+	      	$u->Set("PwRequestTime", 0);
+	      	if ($exp_time > mktime()) 
+	      	{
+		    	$newpw = makepassword();
+		      	$objSession->Set('password', $newpw); 
+		      	$u->Set("Password",$newpw);
+		      	$u->Set("PassResetTime", time());
+		      	$u->Set("PwResetConfirm", '');
+		      	$u->Set("PwRequestTime", 0);
+		      	$u->Update();
+		        $u->SendUserEventMail("USER.PSWD",$u->Get("PortalUserId"));
+		        $u->SendAdminEventMail("USER.PSWD");
+		        $u->Set("Password",md5($newpw));
+		        $u->Update();
+		     	$u->Clean();
+	      	}
 	    }	    
 	    break;
      				
@@ -92,7 +97,7 @@
         {        
           $username = $_POST["username"];
           $email = $_POST["email"];
-          $found = FALSE;
+          $found = false;
           if(strlen($username))
           {
             $u = $objUsers->GetItemByField("Login",$username);
@@ -106,17 +111,26 @@
                 $found = ($u->Get("Email")==$email && $u->Get("Status")==1) && strlen($u->Get("Password"));
           }
           
-          $allow_reset = $u->Get("PassResetTime") + $pass_reset_add;
+          if(is_object($u)) 
+          {
+          	$PwResetConfirm = $u->Get('PwResetConfirm');
+          	$PwRequestTime = $u->Get('PwRequestTime');
+          	$PassResetTime = $u->Get('PassResetTime');
+          	$MinPwResetDelay = $u->Get('MinPwResetDelay');
+          	$allow_reset = (strlen($PwResetConfirm) ? 
+          					mktime() > $PwRequestTime + $MinPwResetDelay : 
+          					mktime() > $PassResetTime + $MinPwResetDelay);
+          }
           
-          if($found && $allow_reset <= time())
+          if($found && $allow_reset)
           {
           	//$newpw = makepassword();
           	//$objSession->Set('password', $newpw); 
           	$objSession->Set('tmp_user_id', $u->Get("PortalUserId"));
           	$objSession->Set('tmp_email', $u->Get("Email"));
           	//$u->Set("Password",$newpw);
           	//$u->Update();
-            $u->SendUserEventMail("USER.PSWDC",$u->Get("PortalUserId"));
+          	$u->SendUserEventMail("USER.PSWDC",$u->Get("PortalUserId"));
             //$u->SendAdminEventMail("USER.PSWDC");
             //$u->Set("Password",md5($newpw));
             //$u->Update();
@@ -135,7 +149,7 @@
                       $FormError["forgotpw"]["username"] = language("lu_ferror_unknown_username");
                   if(strlen($email))
                       $FormError["forgotpw"]["email"] = language("lu_ferror_unknown_email");
-                  if ($allow_reset > time()) {
+                  if (!$allow_reset) {
                   		$FormError["forgotpw"]["username"] = language("lu_ferror_reset_denied");
                   		//$FormError["forgotpw"] = language("lu_ferror_reset_denied");
                   }
@@ -515,7 +529,7 @@
              $objUsers->Edit_User($UserId, $_POST["username"], $password, $_POST["email"], 0, 
                                   $_POST["firstname"], $_POST["lastname"],  $status, $_POST["phone"], 
                                   $_POST["street"], $_POST["city"], $_POST["state"], $_POST["zip"], 
-                                  $_POST["country"], $dob);
+                                  $_POST["country"], $dob, $_POST['MinPwResetDelay']);
 
                $ResourceId= $u->Get("ResourceId");
                $objCustomDataList->LoadResource($ResourceId);
Index: trunk/admin/install/upgrades/inportal_upgrade_v1.0.10.sql
===================================================================
diff -u -N -r993 -r1020
--- trunk/admin/install/upgrades/inportal_upgrade_v1.0.10.sql	(.../inportal_upgrade_v1.0.10.sql)	(revision 993)
+++ trunk/admin/install/upgrades/inportal_upgrade_v1.0.10.sql	(.../inportal_upgrade_v1.0.10.sql)	(revision 1020)
@@ -15,4 +15,9 @@
 
 DELETE FROM ConfigurationAdmin WHERE VariableName = 'Smtp_SendHTML';
 
-UPDATE Modules SET Version = '1.0.10' WHERE Name = 'In-Portal';
\ No newline at end of file
+UPDATE Modules SET Version = '1.0.10' WHERE Name = 'In-Portal';
+
+ALTER TABLE PortalUser ADD PwResetConfirm VARCHAR(255);
+ALTER TABLE PortalUser ADD UNIQUE (PwResetConfirm);
+ALTER TABLE PortalUser ADD PwRequestTime BIGINT(20);
+ALTER TABLE PortalUser ADD MinPwResetDelay INT DEFAULT '1800' NOT NULL;
Index: trunk/themes/default/my_info/myinfo_form.tpl
===================================================================
diff -u -N -r13 -r1020
--- trunk/themes/default/my_info/myinfo_form.tpl	(.../myinfo_form.tpl)	(revision 13)
+++ trunk/themes/default/my_info/myinfo_form.tpl	(.../myinfo_form.tpl)	(revision 1020)
@@ -58,7 +58,7 @@
     											<td class="field-content-input"><inp:m_form_input _field="email" _Required="1" _Form="m_acctinfo" type="text" class="input" style="width:135px;" /><br /></td>
 										    </tr>
 										    <tr>
-											    <td CLASS="field-name"><inp:m_form_prompt _Form="m_acctinfo" _Field="street" _langtext="lu_pp_street" _Template="misc/form_prompt.tpl" _ErrorTemplate="formr_prompt_error"  /></td>
+											    <td CLASS="field-name"><inp:m_form_prompt _Form="m_acctinfo" _Field="street" _langtext="lu_pp_street" _Template="misc/form_prompt.tpl" _ErrorTemplate="form_prompt_error"  /></td>
 											    <td class="field-content-input"><inp:m_form_input  _field="street" _Form="m_acctinfo" type="text" class="input" style="width:135px;" /><br /></td>
 										    </tr>
 										    <tr>
@@ -74,13 +74,26 @@
                                                 <td class="field-content-input"><inp:m_form_input  _field="zip" _Form="m_acctinfo" type="text" class="input" style="width:50px;" /><br /></td>
 										    </tr>
 										    <tr>
-                                                <td CLASS="field-name">Country:</td>
+                                                <td CLASS="field-name"><inp:m_language _Phrase="lu_country"/>:</td>
                                                 <td class="field-content-input">
 													<SELECT name="country" class="input" style="width:135px;">
                                                 		<inp:lang_include _Language="english" _Template="my_info/english_countries.tpl" />                                                
 	                                                </SELECT>                                                                                               		 
-                                                </td>
+                                                </td>                                            
+                                           
 										    </tr>
+										    <tr>
+                                                <td CLASS="field-name"><inp:m_language _Phrase="lu_min_pw_reset_interval"/>:</td>
+                                                <td class="field-content-input">
+                                                <SELECT name="MinPwResetDelay" class="input" style="width:135px;">
+                                                	<inp:m_form_option _Field="MinPwResetDelay" _Form="m_acctinfo"  _value="300" _PlainText="5" />
+                                                	<inp:m_form_option _Field="MinPwResetDelay" _Form="m_acctinfo"  _value="600" _PlainText="10" />
+                                                	<inp:m_form_option _Field="MinPwResetDelay" _Form="m_acctinfo"  _value="900" _PlainText="15" />
+                                                	<inp:m_form_option _Field="MinPwResetDelay" _Form="m_acctinfo"  _value="1800" _PlainText="30" />
+                                                	<inp:m_form_option _Field="MinPwResetDelay" _Form="m_acctinfo"  _value="3600" _PlainText="60" />
+                                                </SELECT>
+                                                </td>
+                                            </tr>
 										<tr>
 											<td colspan="2"><img src="img/s.gif" width="1" height="20" alt="" /><br /></td>
 										</tr>
