Implement LostPasswordConfirmationHashInvalid exception

application/MantisBT/Exception/Authentication/LostPasswordConfirmationHashInvalid.php

@@ -0,0 +1,13 @@
+<?php
+namespace MantisBT\Exception\Authentication;
+use MantisBT\Exception\ExceptionAbstract;
+
+require_api('lang_api.php');
+
+class LostPasswordConfirmationHashInvalid extends ExceptionAbstract {
+	public function __construct() {
+		$errorMessage = lang_get(ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, null, false);
+		parent::__construct(ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, $errorMessage, null);
+		$this->responseCode = 403;
+	}
+}

public/verify.php

@@ -30,6 +30,7 @@
  * @uses user_api.php
  */
 
+use MantisBT\Exception\Authentication\LostPasswordConfirmationHashInvalid;
 use MantisBT\Exception\Authentication\LostPasswordDisabled;
 
 # don't auto-login when trying to verify new user
@@ -67,7 +68,7 @@
 $t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
 
 if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
-	trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
+	throw new LostPasswordConfirmationHashInvalid();
 }
 
 # set a temporary cookie so the login information is passed between pages.