Proper now if a consumer requests a reset password hyperlink (hyperlink A), then requests one other reset password hyperlink (hyperlink B), hyperlink A not works – WordPress considers the hyperlink invalid/expired.
Is there a approach in WordPress to permit all reset password hyperlinks inside the previous 24 hours to be legitimate and accepted?
I have been delving into the WordPress code and I can see one technique to obtain this however its not a really good resolution. I will present it beneath however does anybody have a nicer/cleaner resolution they’re conscious of?
Answer (in psuedo code):
- Hook
login_form_lostpassword
- Get consumer by their e mail
- If this customers
user_activation_key
isn’t empty and the final time they requested a reset password hyperlink is lower than 24 hours in the past:
- Resend the *e mail message that was despatched earlier than (that accommodates the identical reset password hyperlink as earlier than)
- Else:
- Enable default behaviour to take over (generate a brand new reset password hyperlink and ship an e mail containing the reset password hyperlink).
*The icky-ness of the above resolution is that I have to retailer the e-mail physique for each reset password e mail despatched out (so I can retrieve it and resend it once more if the consumer requests inside 24 hours).