diff --git a/api.js b/api.js
index f1c5437c..8e89c6c1 100644
--- a/api.js
+++ b/api.js
@@ -14,6 +14,7 @@ var Server = require("./server.js");
 var Logger = require("./logger.js");
 var apilog = new Logger.Logger("api.log");
 var Database = require("./database.js");
+var Config = require("./config.js");
 var fs = require("fs");
 
 var plainHandlers = {
@@ -250,9 +251,51 @@ function handlePasswordReset(params, req, res) {
         return;
     }
 
+    if(!Config.MAIL) {
+        sendJSON(res, {
+            success: false,
+            error: "This server does not have email enabled.  Contact an administrator"
+        });
+        return;
+    }
+    var msg = [
+        "A password reset request was issued for your account `",
+        name,
+        "` on ",
+        Config.DOMAIN,
+        ".  This request is valid for 24 hours.  ",
+        "If you did not initiate this, there is no need to take action.  ",
+        "To reset your password, copy and paste the following link into ",
+        "your browser: ",
+        Config.DOMAIN,
+        "/reset.html?",
+        hash
+    ].join("");
 
-    sendJSON(res, {
-        success: true
+    var mail = {
+        from: "CyTube Services <" + Config.MAIL_FROM + ">",
+        to: email,
+        subject: "Password reset request",
+        text: msg
+    };
+
+    Config.MAIL.sendMail(mail, function(err, response) {
+        if(err) {
+            Logger.errlog.log("Mail fail: " + err);
+            sendJSON(res, {
+                success: false,
+                error: "Email failed.  Contact an admin if this persists."
+            });
+        }
+        else {
+            sendJSON(res, {
+                success: true
+            });
+
+            if(Config.DEBUG) {
+                Logger.syslog.log(response);
+            }
+        }
     });
 }
 
diff --git a/config.js b/config.js
index f0483af2..afe81827 100644
--- a/config.js
+++ b/config.js
@@ -17,3 +17,21 @@ exports.IO_PORT = 1337; // Socket.IO port, DO NOT USE PORT 80.
 exports.WEBSERVER_PORT = 8080; // Webserver port.  Binding port 80 requires root permissions
 exports.MAX_PER_IP = 10;
 exports.GUEST_LOGIN_DELAY = 60; // Seconds
+
+var nodemailer = require("nodemailer");
+exports.MAIL = false;
+/* Example for setting up email:
+exports.MAIL = nodemailer.createTransport("SMTP", {
+    service: "Gmail",
+    auth: {
+        user: "some.user@gmail.com",
+        pass: "supersecretpassword"
+    }
+});
+
+See https://github.com/andris9/Nodemailer
+*/
+exports.MAIL_FROM = "some.user@gmail.com";
+// Domain for password reset link
+// Email sent goes to exports.DOMAIN/reset.html?resethash
+exports.DOMAIN = "http://localhost";
diff --git a/database.js b/database.js
index 0929ae16..ef8456fe 100644
--- a/database.js
+++ b/database.js
@@ -655,8 +655,8 @@ function generatePasswordReset(ip, name, email) {
             "`ip`, `name`, `hash`, `email`, `expire`",
          ") VALUES (",
             "?, ?, ?, ?, ?",
-         ") ON DUPLICATE KEY UPDATE `expire`=?"].join(""),
-        [ip, name, hash, email, exp, exp]
+         ") ON DUPLICATE KEY UPDATE `hash`=?,`expire`=?"].join(""),
+        [ip, name, hash, email, exp, hash, exp]
     );
 
     results = db.querySync(query);
diff --git a/package.json b/package.json
index 2cb42d54..7a0d6dec 100644
--- a/package.json
+++ b/package.json
@@ -11,6 +11,7 @@
         "express": ">=3.2",
         "mysql-libmysqlclient": "*",
         "node_hash": "*",
-        "bcrypt": "*"
+        "bcrypt": "*",
+        "nodemailer": "*"
     }
 }
diff --git a/server.js b/server.js
index c43a7e22..1676ad3a 100644
--- a/server.js
+++ b/server.js
@@ -9,7 +9,7 @@ The above copyright notice and this permission notice shall be included in all c
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */
 
-const VERSION = "1.9.2";
+const VERSION = "1.9.3";
 
 var fs = require("fs");
 var Logger = require("./logger.js");
diff --git a/www/assets/js/account.js b/www/assets/js/account.js
index 74f55385..816e2036 100644
--- a/www/assets/js/account.js
+++ b/www/assets/js/account.js
@@ -267,6 +267,7 @@ $("#cebtn").click(function() {
 });
 
 $("#rpbtn").click(function() {
+    $("#rpbtn").text("Sending...");
     $("#pwresetpane").find(".alert-error").remove();
     $("#pwresetpane").find(".alert-success").remove();
     var name = $("#rpusername").val();
@@ -278,6 +279,7 @@ $("#rpbtn").click(function() {
         "email=" + email
     ].join("&") + "&callback=?";
     $.getJSON(url, function(data) {
+        $("#rpbtn").text("Send Reset");
         if(data.success) {
             $("<div/>").addClass("alert alert-success")
                 .text("Password reset link issued.  Check your email.")