--- user.pages.inc.orig	2010-05-11 06:00:01.000000000 +0100
+++ user.pages.inc	2010-05-11 06:12:42.000000000 +0100
@@ -35,8 +35,9 @@ function user_pass() {
     '#size' => 60,
     '#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH),
     '#required' => TRUE,
+    '#description' => t('Please enter either your username or the e-mail address you registered with @s.', array('@s' => variable_get('site_name', 'Drupal'))),
   );
-  $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password'));
+  $form['submit'] = array('#type' => 'submit', '#value' => t('Request password reset'));
 
   return $form;
 }
@@ -71,21 +72,20 @@ function user_pass_submit($form, &$form_
   // Mail one time login URL and instructions using current language.
   _user_mail_notify('password_reset', $account, $language);
   watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail));
-  drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
+  drupal_set_message(t('A one-time login link and further instructions have been sent to your e-mail address.'));
 
-  $form_state['redirect'] = 'user';
   return;
 }
 
 /**
- * Menu callback; process one time login link and redirects to the user page on success.
+ * Form builder; process one-time login link and require a new password.
  */
 function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) {
   global $user;
 
   // Check if the user is already logged in. The back button is often the culprit here.
   if ($user->uid) {
-    drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.'));
+    drupal_set_message(t('You have already used this one-time login link, therefore you need to login with your password. In this case this is not necessary because you are already logged in.'));
     drupal_goto();
   }
   else {
@@ -102,11 +102,12 @@ function user_pass_reset(&$form_state, $
 
       // No time out for first time login.
       if ($account->login && $current - $timestamp > $timeout) {
-        drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
+        drupal_set_message(t('You have tried to use a one-time login link which has expired. Please request a new one using the form below.'));
         drupal_goto('user/password');
       }
       else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
         // First stage is a confirmation form, then login
+/*
         if ($action == 'login') {
           watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
           // Set the new user.
@@ -124,9 +125,24 @@ function user_pass_reset(&$form_state, $
           $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login");
           return $form;
         }
+*/
+        // Require the user to enter a new password before logging in.
+        _user_password_dynamic_validation();
+        $form['message'] = array('#markup' => '<p>' . t('This is a one-time login for %user_name and will expire on %expiration_date.', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout))) . '</p>');
+        $form['help'] = array('#markup' => '<p>' . t('Please enter a new password and click on the button to login.') . '</p>');
+        $form['pass'] = array('#type' => 'password_confirm',
+          '#description' => t('Please enter the new password in both fields.'),
+          '#required' => TRUE,
+          '#size' => 25,
+        );
+        $form['uid'] = array('#type' => 'hidden', '#value' => $account->uid);
+        $form['submit'] = array('#type' => 'submit', '#value' => t('Log in'));
+        $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login");
+        return $form;
+
       }
       else {
-        drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.'));
+        drupal_set_message(t('You have tried to use a one-time login link which has already used. Please request a new one using the form below.'));
         drupal_goto('user/password');
       }
     }
@@ -138,6 +154,31 @@ function user_pass_reset(&$form_state, $
   }
 }
 
+function user_pass_reset_submit($form, &$form_state) {
+  global $user;
+  
+  // Prepare saving new password.
+  $account = new stdClass();
+  $account->uid = $form_state['values']['uid'];
+  $edit = array('pass' => $form_state['values']['pass']);
+
+  // Save new password.
+  if ($user = user_save($account, $edit)) {
+    // Saving succeeded. Now authenticate user and password.
+    user_authenticate_finalize($edit);
+    watchdog('user', t('User %name used one-time login link at time %timestamp.', array('%name' => $user->name, '%timestamp' => $user->login)));
+    drupal_set_message(t('You have been successfully logged in using your one-time login link. ' .
+      'From now on you can log in with your username %user_name and the new password you just entered.', array('%user_name' => $user->name)));
+    drupal_goto('user/'. $user->uid);
+  }
+  else {
+    // Saving failed.
+    drupal_goto();
+  }
+}
+  
+
+
 /**
  * Menu callback; logs the current user out, and redirects to the home page.
  */