+
+ $user = User::staticGet($confirm->user_id);
+
+ if (!$user) {
+ $this->server_error(_('Recovery code for unknown user.'));
+ return;
+ }
+
+ $touched = strtotime($confirm->modified);
+
+ # Burn this code
+
+ $result = $confirm->delete();
+
+ if (!$result) {
+ common_log_db_error($confirm, 'DELETE', __FILE__);
+ common_server_error(_('Error with confirmation code.'));
+ return;
+ }
+
+ # These should be reaped, but for now we just check mod time
+ # Note: it's still deleted; let's avoid a second attempt!
+
+ if ((time() - $touched) > MAX_RECOVERY_TIME) {
+ $this->client_error(_('This confirmation code is too old. ' .
+ 'Please start again.'));
+ return;
+ }
+
+ # Success!
+
+ $this->set_temp_user($user);
+ $this->show_password_form();