diff --git a/src/php/api/Db.php b/src/php/api/Db.php
index f29dd9d..1f9696a 100644
--- a/src/php/api/Db.php
+++ b/src/php/api/Db.php
@@ -1,5 +1,5 @@
 <?php
-require_once('./config.php');
+require_once(realpath(dirname(__FILE__) . '/./config.php'));
 
 class Db {
   private $dbh;
diff --git a/src/php/api/Dictionary.php b/src/php/api/Dictionary.php
index 9e8e6c4..a6b923f 100644
--- a/src/php/api/Dictionary.php
+++ b/src/php/api/Dictionary.php
@@ -1,6 +1,6 @@
 <?php
-require_once('./Db.php');
-require_once('./Token.php');
+require_once(realpath(dirname(__FILE__) . '/./Db.php'));
+require_once(realpath(dirname(__FILE__) . '/./Token.php'));
 
 class Dictionary {
   private $db;
diff --git a/src/php/api/Token.php b/src/php/api/Token.php
index a3890a7..3c26d96 100644
--- a/src/php/api/Token.php
+++ b/src/php/api/Token.php
@@ -1,5 +1,5 @@
 <?php
-require_once('../vendor/autoload.php');
+require_once(realpath(dirname(__FILE__) . '/../vendor/autoload.php'));
 
 use \Firebase\JWT\JWT;
 use \Hashids\Hashids;
diff --git a/src/php/api/User.php b/src/php/api/User.php
index 613b6e6..0f5857e 100644
--- a/src/php/api/User.php
+++ b/src/php/api/User.php
@@ -1,7 +1,7 @@
 <?php
-require_once('./Db.php');
-require_once('./Token.php');
-require_once('./Dictionary.php');
+require_once(realpath(dirname(__FILE__) . '/./Db.php'));
+require_once(realpath(dirname(__FILE__) . '/./Token.php'));
+require_once(realpath(dirname(__FILE__) . '/./Dictionary.php'));
 
 class User {
   private $db;
diff --git a/src/php/api/index.php b/src/php/api/index.php
index 1d05666..f58d8b0 100644
--- a/src/php/api/index.php
+++ b/src/php/api/index.php
@@ -1,6 +1,6 @@
 <?php
-require_once('./Response.php');
-require_once('./User.php');
+require_once(realpath(dirname(__FILE__) . '/./Response.php'));
+require_once(realpath(dirname(__FILE__) . '/./User.php'));
 
 $inputJSON = file_get_contents('php://input');
 $inputJSON = strip_tags($inputJSON);
@@ -444,6 +444,32 @@ switch ($action) {
       'error' => true,
     ), 400);
   }
+  case 'password-reset': {
+    if (isset($request['code']) && isset($request['password'])) {
+      $user = new User();
+      $password_reset = $user->setPasswordReset($request['email']);
+      if ($password_reset === true) {
+        return Response::json(array(
+          'data' => $password_reset,
+          'error' => false,
+        ), 200);
+      }
+      if (isset($password_reset['error'])) {
+        return Response::json(array(
+          'data' => $password_reset['error'],
+          'error' => true,
+        ), 500);
+      }
+      return Response::json(array(
+        'data' => 'Could not send password reset key: email not found',
+        'error' => true,
+      ), 401);
+    }
+    return Response::json(array(
+      'data' => 'Could not send password reset key: required data missing',
+      'error' => true,
+    ), 400);
+  }
 
   default: {
     return Response::html('Hi!');