# File app/controllers/people_controller.rb, line 62
  def rec_pass_chg
    if session[:recovered_at].nil? 
      redirect_to :action => 'logout'
      flash[:error] << _('Invalid attempt to change password')
      return false
    end

    if session[:recovered_at] + 10.minutes < Time.now
      redirect_to :action => 'login'
      flash[:error] << _('Timeout waiting for your new password - You can ' +
                         'request for a new password recovery if needed.')
      return false
    end

    if !params[:new] or params[:new].empty? or
        params[:new] != params[:confirm]
      flash[:error] << _('New password does not match confirmation')
      render :action => recover
      return false
    end

    @user.passwd = params[:new]
    @user.save!
    flash[:notice] << _('Your password was successfully changed')
    redirect_to :action => 'account'
  end