Allow all reset password links within the past 24 hours to be valid and accepted
Right now if a user requests a reset password link (link A), then requests another reset password link (link B), link A no longer works – WordPress considers the link invalid/expired.
Is there a way in WordPress to allow all reset password links within the past 24 hours to be valid and accepted?
I’ve been delving into the WordPress code and I can see one way to achieve this but its not a very nice solution. I’ll show it below but does anyone have a nicer/cleaner solution they are aware of?
Solution (in psuedo code):
- Get user by their email
- If this users
user_activation_keyis not empty and the last time they requested a reset password link is less than 24 hours ago:
- Resend the *email message that was sent before (that contains the same reset password link as before)
- Allow default behaviour to take over (generate a new reset password link and send an email containing the reset password link).
*The icky-ness of the above solution is that I need to store the email body for every reset password email sent out (so I can retrieve it and resend it again if the user requests within 24 hours).