def resetUserPasswordPost(handler, username, key, p_newPassword, p_newPassword2):
handler.title('Reset password')
user = User.load(username = username)
if not user:
ErrorBox.die('User', "No user named <b>%s</b>" % stripTags(username))
if user != handler.session['user'] and (not user.resetkey or user.resetkey != key):
ErrorBox.die('Key', "Incorrect reset key")
if p_newPassword != p_newPassword2:
ErrorBox.die('Password', "New password mismatch")
user.password = User.crypt(user.username, p_newPassword)
user.hotpKey = ''
user.resetkey = None
user.save()
print SuccessBox('Password changed', "Your password has been reset; you can <a href=\"/login\">login</a> now")
Event.passwordReset(handler, user)
