1 files changed, 12 insertions, 22 deletions

diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
index 400ce86ae..f1d4fa43c 100644
--- a/actions/user/requestnewpassword.php
+++ b/actions/user/requestnewpassword.php
@@ -2,36 +2,26 @@
 /**
  * Action to request a new password.
  *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * @package Elgg.Core
+ * @subpackage User.Account
  */
 
-global $CONFIG;
-
 $username = get_input('username');
 
-$access_status = access_get_show_hidden_status();
-access_show_hidden_entities(true);
+// allow email addresses
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
+	$username = $users[0]->username;
+}
+
 $user = get_user_by_username($username);
 if ($user) {
-	if ($user->validated) {
-		if (send_new_password_request($user->guid)) {
-			system_message(elgg_echo('user:password:resetreq:success'));
-		} else {
-			register_error(elgg_echo('user:password:resetreq:fail'));
-		}
-	} else if (!trigger_plugin_hook('unvalidated_requestnewpassword','user',array('entity'=>$user))) {
-		// if plugins have not registered an action, the default action is to
-		// trigger the validation event again and assume that the validation
-		// event will display an appropriate message
-		trigger_elgg_event('validate', 'user', $user);
+	if (send_new_password_request($user->guid)) {
+		system_message(elgg_echo('user:password:resetreq:success'));
+	} else {
+		register_error(elgg_echo('user:password:resetreq:fail'));
 	}
 } else {
-	register_error(sprintf(elgg_echo('user:username:notfound'), $username));
+	register_error(elgg_echo('user:username:notfound', array($username)));
 }
 
-access_show_hidden_entities($access_status);
 forward();
-exit;