Index: openacs-4/packages/acs-authentication/tcl/local-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/local-procs.tcl,v
diff -u -N -r1.30 -r1.31
--- openacs-4/packages/acs-authentication/tcl/local-procs.tcl	4 Jun 2006 00:45:21 -0000	1.30
+++ openacs-4/packages/acs-authentication/tcl/local-procs.tcl	19 Oct 2006 12:54:57 -0000	1.31
@@ -233,8 +233,8 @@
     Implements the CanRetrievePassword operation of the auth_password 
     service contract for the local account implementation.
 } {
-    # Nope, passwords are stored hashed, so we can't retrieve it for you
-    return 0
+    # passwords are stored hashed, so we send the hash and let the user choose a new password
+    return 1
 }
 
 ad_proc -private auth::local::password::CanResetPassword {
@@ -324,9 +324,21 @@
     Implements the RetrievePassword operation of the auth_password 
     service contract for the local account implementation.
 } {
-    set result(password_status) "not_supported"
-    set result(password_message) [_ acs-subsite.cannot_retrieve_password]
+    set result(password_status) "ok"
+    set result(password_message) [_ acs-subsite.Request_Change_Password_token_email]
 
+    db_1row get_usr_id_and_password_hash {SELECT user_id, password as password_hash FROM users WHERE username = :username}
+
+    # TODO: This email message text should go in the recipient user language, english or every language supported
+    set subject "[ad_system_name]: [_ acs-subsite.change_password_email_subject] $username"
+    set body "[_ acs-subsite.change_password_email_body_0]\n\n[export_vars -base "[ad_url]/user/password-reset" {user_id password_hash}]\n\n[_ acs-subsite.change_password_email_body_1]"
+
+    ns_sendmail \
+	$username \
+	[ad_outgoing_sender] \
+	$subject \
+	$body
+
     return [array get result]
 }
 
Index: openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml,v
diff -u -N -r1.72 -r1.73
--- openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml	5 Jun 2006 00:02:38 -0000	1.72
+++ openacs-4/packages/acs-subsite/catalog/acs-subsite.en_US.ISO-8859-1.xml	19 Oct 2006 12:54:57 -0000	1.73
@@ -61,6 +61,10 @@
   <msg key="Change_my_email_P">Change my email privacy level</msg>
   <msg key="Change_my_Password">Change my Password</msg>
   <msg key="Change_pass_email_por">Change password, email, portrait</msg>
+  <msg key="change_password_email_body_0">You have (or someone impersonating you has) requested to change your
+system password. To complete the change, visit the following link:</msg>
+  <msg key="change_password_email_body_1">If you are not the person who made this request, you don't need to take any action.</msg>
+  <msg key="change_password_email_subject">Change Password Request for</msg>
   <msg key="Check_Your_Inbox">Check Your Inbox</msg>
   <msg key="Children">Children</msg>
   <msg key="choose_assessment">Choose a custom registration questionnaire :</msg>
@@ -388,7 +392,9 @@
   <msg key="rename">rename</msg>
   <msg key="Req_membership_comm">Request membership of this community</msg>
   <msg key="Req_membership_subs">Request membership of this subsite</msg>
+  <msg key="Request_Change_Password_token_email">Request to Change Password: A token for changing your password has been emailed to you. Follow the instructions in that email to change your password</msg>
   <msg key="Request_membership">Request membership</msg>
+  <msg key="Reset_Password">Reset Password</msg>
   <msg key="return_to_application">return to application</msg>
   <msg key="Revoke_Checked">Revoke Checked</msg>
   <msg key="Role">Role</msg>
Index: openacs-4/packages/acs-subsite/www/user/password-reset.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/user/password-reset.adp,v
diff -u -N
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/acs-subsite/www/user/password-reset.adp	19 Oct 2006 12:54:57 -0000	1.1
@@ -0,0 +1,9 @@
+<master>
+  <property name="title">#acs-subsite.Reset_Password#</property>
+  <property name="context">@context;noquote@</property>
+
+<if @message@ not nil>
+  <div class="general-message">@message@</div>
+</if>
+
+<formtemplate id="reset"></formtemplate>
Index: openacs-4/packages/acs-subsite/www/user/password-reset.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/user/password-reset.tcl,v
diff -u -N
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/acs-subsite/www/user/password-reset.tcl	19 Oct 2006 12:54:57 -0000	1.1
@@ -0,0 +1,100 @@
+ad_page_contract {
+    Let's the user reset his/her password.
+
+    @cvs-id $Id: password-reset.tcl,v 1.1 2006/10/19 12:54:57 eduardop Exp $
+} {
+    {user_id {[ad_conn untrusted_user_id]}}
+    {return_url ""}
+    {password_hash ""}
+    {message ""}
+}
+
+# Redirect to HTTPS if so configured
+if { [security::RestrictLoginToSSLP] } {
+    security::require_secure_conn
+}
+
+if { ![auth::password::can_change_p -user_id $user_id] } {
+    ad_return_error "Not supported" "Changing password is not supported."
+}
+
+set admin_p [permission::permission_p -object_id $user_id -privilege admin]
+
+if { !$admin_p } {
+    permission::require_permission -party_id $user_id -object_id $user_id -privilege write
+}
+
+
+
+set page_title [_ acs-subsite.Reset_Password]
+set context [list [list [ad_pvt_home] [ad_pvt_home_name]] $page_title]
+
+set system_name [ad_system_name]
+set site_link [ad_site_home_link]
+
+
+
+acs_user::get -user_id $user_id -array user
+
+ad_form -name reset -edit_buttons [list [list [_ acs-kernel.common_update] "ok"]] -form {
+    {user_id:integer(hidden)}
+    {return_url:text(hidden),optional}
+    {password_hash:text(hidden),optional}
+    {message:text(hidden),optional}
+}
+
+ad_form -extend -name reset -form {
+    {password_1:text(password)
+        {label {[_ acs-subsite.New_Password]}}
+        {html {size 20}}
+    }
+    {password_2:text(password)
+        {label {[_ acs-subsite.Confirm]}}
+        {html {size 20}}
+    }
+} -on_request {
+
+} -validate {
+    {password_1
+        { [string equal $password_1 $password_2] }
+        { Passwords don't match }
+    }
+} -on_submit {
+
+    set password_hash_local [db_string get_password_hash {SELECT password FROM users WHERE user_id = :user_id}]
+
+    if {$password_hash_local eq $password_hash} {
+
+    array set result [auth::password::change \
+                          -user_id $user_id \
+                          -old_password "" \
+                          -new_password $password_1]
+
+    switch $result(password_status) {
+        ok {
+            # Continue
+        }
+        default {
+            form set_error reset password_1 $result(password_message)
+            break
+        }
+    }
+
+    } else {
+        form set_error reset password_1 "Invalid hash"
+	break
+    }
+
+} -after_submit {
+    if { [empty_string_p $return_url] } {
+        set return_url [ad_pvt_home]
+        set pvt_home_name [ad_pvt_home_name]
+        set continue_label [_ acs-subsite.Continue_to_your_account]
+    } else {
+        set continue_label [_ acs-subsite.Continue]
+    }
+    set message [_ acs-subsite.confirmation_password_changed]
+    set continue_url $return_url
+
+    ad_return_template /packages/acs-subsite/www/register/display-message
+}