--- html.orig/lostpwd.php	2007-12-19 01:26:31.000000000 +0100
+++ html/lostpwd.php	2008-04-25 14:38:34.000000000 +0200
@@ -101,10 +101,10 @@
   			  $confixx_user = 'confixx';  
   			$from = $confixx_user.'@'.$hostname;	
   			$mailtext = "From: \"Confixx on $hostname\" <$from>".
-  			"\n\n".ltext('lost_pwd_mail', array($_POST['username'], $newpw))."\n\n";
+  			"\n\n".ltext('lost_pwd_mail', array($account_info['login'], $newpw))."\n\n";
   			if(@mail($email, ltext('lost_pwd_mail_subj'), "",$mailtext,"-f$from")) {
   			  db_query("INSERT INTO pwdreminder (user, password, usertype, server_id)".
-  			           " VALUES ('" . $_POST['username'] . "', '$newpw', '$type', '$ServerID')");
+  			           " VALUES ('" . $account_info['login'] . "', '$newpw', '$type', '$ServerID')");
   			  $_SESSION['_error'] = 'lost_pwd_sent';
 					$_SESSION['_error_args'] = null;
   			}
--- html.orig/include/login.inc.php	2007-12-19 01:26:32.000000000 +0100
+++ html/include/login.inc.php	2008-04-17 13:26:00.000000000 +0200
@@ -29,7 +29,8 @@
 		break;
 
 	case USERTYPE_USER:
-		db_query("UPDATE kunden SET longpw='$pwd' WHERE kunde='" . addslashes($user) . "'  AND server_id='$lcServerID'");
+		db_query("UPDATE kunden SET longpw='$pwd', pw=1 WHERE kunde='" . addslashes($user) . "'  AND server_id='$lcServerID'");
+		db_query("UPDATE allgemein SET newpwd=1 WHERE server_id='$lcServerID'");
 		break;	
 	}