the standard login form in b2evo has a link to request a new password be sent. This is the code for that link:
<a href="<?php echo $htsrv_url ?>/login.php?action=lostpassword&redirect_to=<?php echo urlencode( $redirect_to ) ?>">
the code in the login.php page seems to have two cases:
case 'lostpassword':
/*
* Lost password:
*/
case 'retrievepassword':
/*
* Retrieve lost password:
*/
this seems to infer that not only is there a method to request a new password (which appears to be the default setup) BUT also a way to retrieve a password. QUESTION: is this the case and if so is it a matter of altering the link code above?