diff --git a/lib/database.js b/lib/database.js
index 0015457f..c41818b4 100644
--- a/lib/database.js
+++ b/lib/database.js
@@ -148,7 +148,7 @@ module.exports.initGlobalTables = function () {
             return;
         }
 
-        // TODO select/update appropriate values
+        require("./dbupdate").checkVersion();
     });
 };
 
@@ -268,6 +268,10 @@ module.exports.addPasswordReset = function (data, cb) {
                          [ip, name, email, hash, expire, ip, hash, email, expire], cb);
 };
 
+module.exports.deletePasswordReset = function (hash) {
+    module.exports.query("DELETE FROM `password_reset` WHERE hash=?", [hash]);
+};
+
 /*
 module.exports.genPasswordReset = function (ip, name, email, callback) {
     if(typeof callback !== "function")
diff --git a/lib/dbupdate.js b/lib/dbupdate.js
new file mode 100644
index 00000000..310c4a44
--- /dev/null
+++ b/lib/dbupdate.js
@@ -0,0 +1,36 @@
+var db = require("./database");
+var Logger = require("./logger");
+
+const DB_VERSION = 1;
+
+module.exports.checkVersion = function () {
+    db.query("SELECT `key`,`value` FROM `meta` WHERE `key`=?", ["db_version"], function (err, rows) {
+        if (err) {
+            return;
+        }
+
+        if (rows.length === 0) {
+            Logger.errlog.log("[Warning] db_version key missing from database.  Setting " +
+                              "db_version=" + DB_VERSION);
+            db.query("INSERT INTO `meta` (`key`, `value`) VALUES ('db_version', ?)",
+                     [DB_VERSION],
+                     function (err) {
+            });
+        } else {
+            var v = parseInt(rows[0].value);
+            var next = function () {
+                if (v < DB_VERSION) {
+                    update(v++, next);
+                } else {
+                    db.query("UPDATE `meta` SET `value`=? WHERE `key`='db_version'",
+                             [DB_VERSION]);
+                }
+            };
+            update(v++, next);
+        }
+    });
+};
+
+function update(version, cb) {
+    setImmediate(cb);
+}
diff --git a/lib/web/account.js b/lib/web/account.js
index 8b41c6af..e6c29802 100644
--- a/lib/web/account.js
+++ b/lib/web/account.js
@@ -609,7 +609,30 @@ function handlePasswordRecover(req, res) {
             return;
         }
 
-        // TODO actual reset
+        var newpw = "";
+        const avail = "abcdefgihkmnpqrstuvwxyz0123456789";
+        for (var i = 0; i < 10; i++) {
+            newpw += avail[Math.floor(Math.random() * avail.length)];
+        }
+        db.users.setPassword(row.name, newpw, function (err) {
+            if (err) {
+                sendJade(req, "account-passwordrecover", {
+                    recovered: false,
+                    recoverErr: "Database error.  Please contact an administrator if " +
+                                "this persists.",
+                    loginName: false
+                });
+                return;
+            }
+
+            db.deletePasswordReset(hash);
+
+            sendJade(req, "account-passwordrecover", {
+                recovered: true,
+                recoverPw: newpw,
+                loginName: false
+            });
+        });
     });
 }