Index: wp-login.php
===================================================================
--- wp-login.php	(revision 4006)
+++ wp-login.php	(working copy)
@@ -51,7 +51,7 @@
 	window.onload = focusit;
 	</script>
 	<style type="text/css">
-	#user_login, #email, #submit {
+	#user_login, #new_pass, #email, #submit {
 		font-size: 1.7em;
 	}
 	</style>
@@ -59,7 +59,7 @@
 <body>
 <div id="login">
 <h1><a href="http://wordpress.org/">WordPress</a></h1>
-<p><?php _e('Please enter your information here. We will send you a new password.') ?></p>
+<p><?php _e('Please enter your information here. We will send you a link to activate your new password.') ?></p>
 <?php
 if ($error)
 	echo "<div id='login_error'>$error</div>";
@@ -70,10 +70,13 @@
 <input type="hidden" name="action" value="retrievepassword" />
 <label><?php _e('Username:') ?><br />
 <input type="text" name="user_login" id="user_login" value="" size="20" tabindex="1" /></label></p>
+<p><label><?php _e('New Password:') ?><br />
+<input type="password" name="new_pass" id="new_pass" value="" size="20" tabindex="2" /></label><br />
+</p>
 <p><label><?php _e('E-mail:') ?><br />
-<input type="text" name="email" id="email" value="" size="25" tabindex="2" /></label><br />
+<input type="text" name="email" id="email" value="" size="25" tabindex="3" /></label><br />
 </p>
-<p class="submit"><input type="submit" name="submit" id="submit" value="<?php _e('Retrieve Password'); ?> &raquo;" tabindex="3" /></p>
+<p class="submit"><input type="submit" name="submit" id="submit" value="<?php _e('Retrieve Password'); ?> &raquo;" tabindex="4" /></p>
 </form>
 <ul>
 	<li><a href="<?php bloginfo('home'); ?>/" title="<?php _e('Are you lost?') ?>">&laquo; <?php _e('Back to blog') ?></a></li>
@@ -89,6 +92,7 @@
 break;
 
 case 'retrievepassword':
+    $new_pass = $_POST['new_pass'];
 	$user_data = get_userdatabylogin($_POST['user_login']);
 	// redefining user_login ensures we return the right case in the email
 	$user_login = $user_data->user_login;
@@ -107,8 +111,8 @@
 	$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
 	$message .= get_option('siteurl') . "\r\n\r\n";
 	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
-	$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
-	$message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&key=$key\r\n";
+	$message .= __('To set your new password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
+	$message .= get_settings('siteurl') . "/wp-login.php?action=resetpass&new_pass=$new_pass&key=$key\r\n";
 
 	$m = wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_settings('blogname')), $message);
 
@@ -117,8 +121,7 @@
          echo  __('Possible reason: your host may have disabled the mail() function...') . "</p>";
 		die();
 	} else {
-		echo '<p>' .  sprintf(__("The e-mail was sent successfully to %s's e-mail address."), $user_login) . '<br />';
-		echo  "<a href='wp-login.php' title='" . __('Check your e-mail first, of course') . "'>" . __('Click here to login!') . '</a></p>';
+		echo '<p>' .  sprintf(__("The e-mail was sent successfully to %s's e-mail address to active new password."), $user_login) . '<br />';
 		die();
 	}
 
@@ -135,29 +138,19 @@
 		die( __('Sorry, that key does not appear to be valid.') );
 
 	do_action('password_reset');
-
-	$new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
+	
+	$new_pass = stripslashes($_GET['new_pass']);
  	$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'");
 	wp_cache_delete($user->ID, 'users');
 	wp_cache_delete($user->user_login, 'userlogins');	
-	$message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
-	$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
-	$message .= get_settings('siteurl') . "/wp-login.php\r\n";
-
-	$m = wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_settings('blogname')), $message);
-
-	if ($m == false) {
-		echo '<p>' . __('The e-mail could not be sent.') . "<br />\n";
-		echo  __('Possible reason: your host may have disabled the mail() function...') . '</p>';
-		die();
-	} else {
-		echo '<p>' .  sprintf(__('Your new password is in the mail.'), $user_login) . '<br />';
-        echo  "<a href='wp-login.php' title='" . __('Check your e-mail first, of course') . "'>" . __('Click here to login!') . '</a></p>';
+	
+		echo '<p>' .  sprintf(__('Your new password is %s'), $new_pass) . '<br />';
+        echo  "<a href='wp-login.php' title='Login'>" . __('Click here to login!') . '</a></p>';
 		// send a copy of password change notification to the admin
 		$message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
 		wp_mail(get_settings('admin_email'), sprintf(__('[%s] Password Lost/Change'), get_settings('blogname')), $message);
 		die();
-	}
+	
 break;
 
 case 'login' : 
