This patch changes the password reset function to a two-stage process.
After requesting a new password a confirmation email is sent first, only
if the link contained in this mail is used the password is changed for real.

This makes sure malicious people can't reset passwords for other users.

darcs-hash:20060714110548-7ad00-c1e23fd51cc2d2f16473914421ebe0f9c3b2ba8c.gz