+if (isset($_GET['token'])) {
+ @list ($username, $token) = explode(':', $_GET['token']);
+ $userdir = strtolower("profile/$username");
+ if ($verify = @file_get_contents("$userdir/.token")
+ and $verify == $token) {
+ $User = [
+ 'name' => $username,
+ 'dir' => $userdir,
+ 'pass' => NULL,
+ ];
+ }
+ else {
+ print "<p class=warn>Code onjuist, geen toestemming om wachtwoord in te stellen.</p>\n";
+ return TRUE;
+ }
+}
+elseif (!$User) {
+ http_response_code(303);
+ $target = urlencode($_SERVER['REQUEST_URI']);
+ header("Location: /login?goto=$target");
+ exit;
+}
+