From ae6b31647ba6b1d256e1c8ba7c3d78d679526655 Mon Sep 17 00:00:00 2001
From: Alan Knowles <alan@roojs.com>
Date: Fri, 7 Dec 2018 10:39:30 +0800
Subject: [PATCH] Pman/Login.php

---
 Pman/Login.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/Pman/Login.php b/Pman/Login.php
index 3c252f7..ed06d38 100644
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -271,6 +271,19 @@ class Pman_Login extends Pman
 	    $this->resetPassword($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key'], $_REQUEST['password1'] );
 	}
 	
+	
+	if (!empty($_REQUEST['_verifyCheckSum'])) {
+	    if (empty($_REQUEST['id']) || 
+		empty($_REQUEST['ts']) ||
+		empty($_REQUEST['key'])
+		 
+	    ) {
+		$this->jerr("Invalid request to reset password");
+	    }
+	    
+	    $this->verifyCheckSum($_REQUEST['id'], $_REQUEST['ts'], $_REQUEST['key']);
+	}
+	
 	// this is 'classic' change password...
         if (!empty($_REQUEST['changePassword'])) {
             return $this->changePassword($_REQUEST);
-- 
2.39.2