From 0473d59c395a219caf891ce29ed93ec08d13d47f Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Tue, 26 Sep 2017 22:24:46 +0200
Subject: [PATCH] Show that users are to reconfirm their password for reset
 control

---
 README.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index b0c857e..fb7c87b 100644
--- a/README.md
+++ b/README.md
@@ -705,13 +705,21 @@ You may provide security-conscious (and experienced) users with the possibility
 
 ```php
 try {
-    $auth->setPasswordResetEnabled($_POST['enabled'] == 1);
+    if ($auth->reconfirmPassword($_POST['password'])) {
+        $auth->setPasswordResetEnabled($_POST['enabled'] == 1);
 
-    // the settings have been changed
+        // the settings have been changed
+    }
+    else {
+        // we can't say if the user is who they claim to be
+    }
 }
 catch (\Delight\Auth\NotLoggedInException $e) {
     // the user is not signed in
 }
+catch (\Delight\Auth\TooManyRequestsException $e) {
+    // too many requests
+}
 ```
 
 In order to check the current value of this setting, use the return value from