# File app/controllers/password_resets_controller.rb, line 5
 5:   def create
 6:     if params[:email].blank?
 7:       flash[:notice] = "Please enter an email address"
 8:       return render(:new)
 9:     end
10:     
11:     @email = params[:email].strip
12:     @people = Person.all(:conditions => [ "email = ? and login is not null and login != ''", @email ])
13:     if @people.any?
14:       Person.deliver_password_reset_instructions!(@people)
15:       flash[:notice] = "Please check your email. We've sent you password reset instructions."
16:       redirect_to new_person_session_url(secure_redirect_options)
17:     else
18:       flash[:notice] = "Can't find anyone with this email address"
19:       render :new
20:     end
21:   end

    # File app/controllers/password_resets_controller.rb, line 23
23:   def update
24:     @person.password = params[:person][:password]
25:     @person.password_confirmation = params[:person][:password_confirmation]
26:     
27:     if @person.password.blank? || @person.password_confirmation.blank?
28:       flash[:warn] = "Please provide a new password and confirmation"
29:       @person.errors.add(:password, "can't be blank") if @person.password.blank?
30:       @person.errors.add(:password_confirmation, "can't be blank") if @person.password_confirmation.blank?
31:       return render(:edit)
32:     end
33:     
34:     if @person.save
35:       @person_session = PersonSession.create(@person)
36:       flash[:notice] = "Password changed"
37:       if @person.administrator?
38:         redirect_back_or_default admin_home_url
39:       else
40:         redirect_back_or_default "/account"
41:       end
42:     else
43:       render :edit
44:     end
45:   end