$string['forcetheme'] = 'Force theme';
$string['forgotaccount'] = 'Lost password?';
$string['forgotten'] = 'Forgotten your username or password?';
+$string['forgotteninvalidurl'] = 'Invalid password reset URL';
$string['format'] = 'Format';
$string['formathtml'] = 'HTML format';
$string['formatlams'] = 'LAMS course format';
$txt->username = get_string('username');
$txt->usernameemailmatch = get_string('usernameemailmatch');
$txt->usernamenotfound = get_string('usernamenotfound');
+$txt->invalidurl = get_string('forgotteninvalidurl');
$sesskey = sesskey();
$errors = array();
$user = get_complete_user_data('username',$param->s);
// make sure that url relates to a valid user
- if (!empty($user)) {
+ if (!empty($user) and $user->secret == $param->p) {
// check this isn't guest user
if (isguest( $user->id )) {
error('You cannot change the guest password');
$a->email = $user->email;
$a->link = $changepasswordurl;
$txt->emailpasswordsent = get_string( 'emailpasswordsent', '', $a );
+ } else {
+ $errors[] = $txt->invalidurl;
}
}