clamhost Posted March 10, 2014 Report Share Posted March 10, 2014 When ever a client uses the password reset function. and requests multiple password resets. and does not use the Link it sends via email. every link continues to work. the old ones should be set as expired. I guess this could also be a Security Risk. Link to comment Share on other sites More sharing options...
Cody Posted March 10, 2014 Report Share Posted March 10, 2014 Links expire automatically after a predetermined amount of time. See configuration setting: Blesta.reset_password_ttl. Feel free to submit your idea as a feature request. Closed as not a bug. Link to comment Share on other sites More sharing options...
Recommended Posts