http://bugzilla.wikipedia.org/show_bug.cgi?id=2259 asks to reenter two lines in User.php.
Users logging in with the temporary password can have their e-mail address confirmed
implicitly, because they could have received the temp.passwd only via the stored e-mail
address.