Index: openacs-4/packages/acs-authentication/tcl/password-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/password-procs.tcl,v
diff -u -N -r1.19 -r1.20
--- openacs-4/packages/acs-authentication/tcl/password-procs.tcl	27 Oct 2014 16:39:01 -0000	1.19
+++ openacs-4/packages/acs-authentication/tcl/password-procs.tcl	7 Aug 2017 23:47:46 -0000	1.20
@@ -64,8 +64,7 @@
     with_catch errmsg { 
         set result_p [auth::password::CanChangePassword -authority_id $authority_id]
     } {
-        global errorInfo
-        ns_log Error "Error invoking CanChangePassword operation for authority_id $authority_id:\n$errorInfo"
+        ns_log Error "Error invoking CanChangePassword operation for authority_id $authority_id:\n$::errorInfo"
     }
     return $result_p
 }
@@ -109,8 +108,7 @@
     } {
         set result(password_status) failed_to_connect
         set result(password_message) $errmsg
-        global errorInfo
-        ns_log Error "Error invoking password management driver for authority_id = $user(authority_id):\n$errorInfo"
+        ns_log Error "Error invoking password management driver for authority_id = $user(authority_id):\n$::errorInfo"
     }
     
     # Check the result code and provide canned responses
@@ -124,7 +122,7 @@
             # Refresh the current user's cookies, so he doesn't get logged out, 
             # if this user was logged in before changing password
             if { [ad_conn isconnected] && $user_id == $connection_user_id } {
-                ad_user_login -account_status [ad_conn account_status] $user_id
+                auth::issue_login -account_status [ad_conn account_status] -user_id $user_id
             }
         } 
         no_account - not_supported - old_password_bad - new_password_bad - change_error - failed_to_connect {
@@ -180,7 +178,7 @@
             }
             return [array get result]
         }
-        set user_id [cc_lookup_email_user $email]
+        set user_id [party::get_by_email -email $email]
         if { $user_id eq "" } {
             set result(password_status) "failed_to_connect"
             set result(password_message) "Unknown email"
@@ -250,7 +248,7 @@
             set authority_id [auth::authority::local]
         }
     } else {
-        set user_id [cc_lookup_email_user $email]
+        set user_id [party::get_by_email -email $email]
         if { $user_id ne "" } {
             acs_user::get -user_id $user_id -array user
             set authority_id $user(authority_id)
@@ -295,8 +293,7 @@
         set result_p [auth::password::CanRetrievePassword \
                     -authority_id $authority_id]
     } {
-        global errorInfo
-        ns_log Error "Error invoking CanRetrievePassword operation for authority_id $authority_id:\n$errorInfo"
+        ns_log Error "Error invoking CanRetrievePassword operation for authority_id $authority_id:\n$::errorInfo"
         return 0
     }
     return $result_p
@@ -337,8 +334,7 @@
     } {
         set result(password_status) failed_to_connect
         set result(password_message) "Error invoking the password management driver."
-        global errorInfo
-        ns_log Error "Error invoking password management driver for authority_id = $authority_id: $errorInfo"
+        ns_log Error "Error invoking password management driver for authority_id = $authority_id: $::errorInfo"
     }
     
     # Check the result code and provide canned responses
@@ -357,8 +353,7 @@
                     # We could not inform the user of his email - we failed
                     set result(password_status) "failed_to_connect"
                     set result(password_message) [_ acs-subsite.Error_sending_mail]
-                    global errorInfo
-                    ns_log Error "We had an error sending out email with new password to username $username, authority $authority_id:\n$errorInfo"
+                    ns_log Error "We had an error sending out email with new password to username $username, authority $authority_id:\n$::errorInfo"
                 }
             } 
             if { ![info exists result(password_message)] || $result(password_message) eq "" } {
@@ -399,8 +394,7 @@
         set result_p [auth::password::CanResetPassword \
                     -authority_id $authority_id]
     } {
-        global errorInfo
-        ns_log Error "Error invoking CanResetPassword operation for authority_id $authority_id:\n$errorInfo"
+        ns_log Error "Error invoking CanResetPassword operation for authority_id $authority_id:\n$::errorInfo"
     }
     return $result_p
 }
@@ -455,11 +449,12 @@
     # Check the result code and provide canned responses
     switch $result(password_status) {
         ok {
-            if { ([info exists result(password)] && $result(password) ne "") && \
-                     (!$admin_p || [parameter::get \
-                                        -parameter EmailChangedPasswordP \
-                                        -package_id [ad_conn subsite_id] \
-                                        -default 1]) } {
+            if { [info exists result(password)] && $result(password) ne ""
+                 && (!$admin_p || [parameter::get \
+                                       -parameter EmailChangedPasswordP \
+                                       -package_id [ad_conn subsite_id] \
+                                       -default 1])
+             } {
                 # We have retrieved or reset a forgotten password that we should email to the user
                 with_catch errmsg {
                     auth::password::email_password \
@@ -472,8 +467,7 @@
                     # We could not inform the user of his email - we failed
                     set result(password_status) "failed_to_connect"
                     set result(password_message) [_ acs-subsite.Error_sending_mail]
-                    global errorInfo
-                    ns_log Error "We had an error sending out email with new password to username $username, authority $authority_id:\n$errorInfo"
+                    ns_log Error "We had an error sending out email with new password to username $username, authority $authority_id:\n$::errorInfo"
                 }
             }
             if { ![info exists result(password_message)] || $result(password_message) eq "" } {
@@ -518,7 +512,7 @@
     {-body_msg_key "acs-subsite.email_body_Forgotten_password"}
     {-from ""}
 } {
-    Send an email to ther user with given username and authority with the new password.
+    Send an email to the user with given username and authority with the new password.
 
     @param from             The email's from address. Can be in email@foo.com <Your Name> format.
                             Defaults to ad_system_owner.
@@ -536,6 +530,16 @@
 
     # Set up variables for use in message key
     set reset_password_url [export_vars -base "[ad_url]/user/password-update" {user_id {old_password $password}}]
+    set forgotten_password_url [auth::password::get_forgotten_url \
+                                    -authority_id $authority_id \
+                                    -username $user(username) \
+                                    -email $user(email)]
+    set subsite_info [security::get_register_subsite]
+    if {[dict get $subsite_info url] ne "/"} {
+        set forgotten_password_url [dict get $subsite_info url]$forgotten_password_url
+    }
+    set forgotten_password_url [security::get_qualified_url $forgotten_password_url]
+
     set system_owner [ad_system_owner]
     set system_name [ad_system_name]
     set system_url [ad_url]
@@ -770,3 +774,9 @@
 				$parameters \
 			        $authority_id]]
 }
+
+# Local variables:
+#    mode: tcl
+#    tcl-indent-level: 4
+#    indent-tabs-mode: nil
+# End: