Code review comment for lp:~nurlan0000/psiphon/sprint3-576643

Looks ok except this 403 should be 404:

reset_password.php

if (!$proxy_record || $proxy_record['login_url'] != $_GET[lu])
{
    include($_SERVER[DOCUMENT_ROOT]."/http-errors/403.php");
...

The idea is to *always* return 404 any time invalid input/incorrect secret value is provided to a page outside of an authenticated session. This is to defend against an adversary scanning arbitrary web hosts for Psiphon proxies that respond to HTTP requests with some fingerprint-able response.