diff --git a/yadc/bp/auth.py b/yadc/bp/auth.py
index 3376eab..8937ad1 100644
--- a/yadc/bp/auth.py
+++ b/yadc/bp/auth.py
@@ -2,7 +2,7 @@ import flask_login as fl
 from flask import Blueprint, flash, redirect, render_template, request, url_for, current_app
 
 from yadc import db
-from yadc.forms import LoginForm, RegisterForm, ResetPasswordForm
+from yadc.forms import LoginForm, RegisterForm, ResetPasswordForm, ResetPasswordPassForm
 from yadc.models import User
 from yadc.utils import nextpage, flasherrors
 
@@ -43,22 +43,24 @@ def reset_password():
     if fl.current_user.is_authenticated:
         return redirect(url_for('main.index'))
 
+    form = ResetPasswordPassForm(request.form)
+    if request.method == 'POST' and form.validate():
+        flash('Password successfully reset.') # for real
+        return redirect(url_for('.login'))
+
     form = ResetPasswordForm(request.form)
     if request.method == 'POST' and form.validate():
         user = User.query.filter_by(email=form.email.data).first()
 
         if user:
-            user.create_password('kuxaman')
-            db.session.commit()
-            #do something to reset the password
+            return render_template('auth/reset_password.html', form=ResetPasswordPassForm(request.form))
 
-        flash('Password successfully reset. Check your email.')
+        flash('Password successfully reset.') # faked
         return redirect(url_for('.login'))
 
     flasherrors(form)
     return render_template('auth/reset_password.html', form=form)
 
-
 @bp.route('/register', methods=['GET', 'POST'])
 def register():
     if fl.current_user.is_authenticated:
diff --git a/yadc/forms.py b/yadc/forms.py
index eb69ed4..43cff86 100644
--- a/yadc/forms.py
+++ b/yadc/forms.py
@@ -32,6 +32,11 @@ class ResetPasswordForm(CSRFForm):
     email = StringField('Email', validators=[DataRequired(), Email()], render_kw=dict(placeholder="Your email address"))
     submit = SubmitField('Reset password')
 
+class ResetPasswordPassForm(ResetPasswordForm):
+    password = PasswordField('Password', validators=[DataRequired()], render_kw=dict(placeholder="Password"))
+    password_again = PasswordField('Repeat password', validators=[DataRequired(), EqualTo('password')], render_kw=dict(placeholder="Repeat password"))
+    really = BooleanField('I swear this really is my account and am not trying to steal anybody elses.', validators=[DataRequired()])
+
 class RegisterForm(CSRFForm):
     username = StringField('Username', validators=[DataRequired()], render_kw=dict(placeholder="Username"))
     email = StringField('Email', validators=[DataRequired(), Email()], render_kw=dict(placeholder="Email"))
diff --git a/yadc/templates/auth/reset_password.html b/yadc/templates/auth/reset_password.html
index c916f65..c185714 100644
--- a/yadc/templates/auth/reset_password.html
+++ b/yadc/templates/auth/reset_password.html
@@ -4,10 +4,20 @@
 <div class="pageform">
     <h2>Reset password</h2>
     <form action="" method="post">
-        <p>Please insert your email address and we will send you a request for password reset.</p>
         {{ form.csrf_token }}
 
+        {% if form.__class__.__name__ != "ResetPasswordPassForm" %}
+        <p>Please insert your email address.</p>
         {{ form.email() }}
+        {% else %}
+        {{ form.email(readonly='') }}
+        <p>Now please enter your new password.</p>
+        {{ form.password() }}
+        {{ form.password_again() }}
+        <ul>
+            <li>{{ form.really() }}{{ form.really.label }}</li>
+        </ul>
+        {% endif %}
 
         {{ form.submit() }}
     </form>