2 files changed, 7 insertions, 2 deletions

diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index f5190974..38fa66be 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -52,7 +52,7 @@ class Password_Controller extends Controller {
     $user_name = $form->reset->inputs["name"]->value;
     $user = user::lookup_by_name($user_name);
     if ($user && !empty($user->email)) {
-      $user->hash = md5(rand());
+      $user->hash = md5(uniqid(mt_rand(), true));
       $user->save();
       $message = new View("reset_password.html");
       $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index cd7d271f..a5fdd994 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -30,7 +30,8 @@ class Users_Controller extends Controller {
       $user->full_name = $form->edit_user->full_name->value;
       $user->url = $form->edit_user->url->value;
 
-      if ($user->locale !=  $form->edit_user->locale->value) {
+      if (count(locales::installed()) > 1 &&
+          $user->locale != $form->edit_user->locale->value) {
         $user->locale = $form->edit_user->locale->value;
         $flush_locale_cookie = true;
       }
@@ -221,6 +222,10 @@ class Users_Controller extends Controller {
   /** @todo combine with Admin_Users_Controller::_add_locale_dropdown */
   private function _add_locale_dropdown(&$form, $user=null) {
     $locales = locales::installed();
+    if (count($locales) <= 1) {
+      return;
+    }
+
     foreach ($locales as $locale => $display_name) {
       $locales[$locale] = SafeString::of_safe_html($display_name);
     }