From f578ca24b2a2821d151151b5d50950df327c745a Mon Sep 17 00:00:00 2001
From: Darko <dev-101@users.noreply.github.com>
Date: Thu, 4 Apr 2019 00:20:47 +0200
Subject: [PATCH 1/3] 24h wait period before next password reset email request
 / send

---
 oc-includes/osclass/UserActions.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/oc-includes/osclass/UserActions.php b/oc-includes/osclass/UserActions.php
index 6edd5f7d41..c2173f244b 100755
--- a/oc-includes/osclass/UserActions.php
+++ b/oc-includes/osclass/UserActions.php
@@ -239,8 +239,15 @@ function recover_password()
                 return 1;
             }
 
+            $date = date('Y-m-d H:i:s'); error_log($date);
+            $pass_date = $user['s_pass_date']; error_log($pass_date);
+
+            if( !empty($user['s_pass_code']) && ((strtotime($date) - strtotime($pass_date)) < 60*60*24) ) {
+                return 3;
+            }
+
             $code = osc_genRandomPassword(30);
-            $date = date('Y-m-d H:i:s');
+
             User::newInstance()->update(
                 array('s_pass_code' => $code, 's_pass_date' => $date, 's_pass_ip' => Params::getServerParam('REMOTE_ADDR')),
                 array('pk_i_id'     => $user['pk_i_id'])

From 94f2c8767c969507668a19a3ecdd3a7c31560a18 Mon Sep 17 00:00:00 2001
From: Darko <dev-101@users.noreply.github.com>
Date: Thu, 4 Apr 2019 00:22:36 +0200
Subject: [PATCH 2/3] Update login.php

---
 oc-includes/osclass/controller/login.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/oc-includes/osclass/controller/login.php b/oc-includes/osclass/controller/login.php
index 2c2abbbbcf..57305f3056 100755
--- a/oc-includes/osclass/controller/login.php
+++ b/oc-includes/osclass/controller/login.php
@@ -224,6 +224,10 @@ function doModel()
                                                      osc_add_flash_error_message( _m('The recaptcha code is wrong'));
                                                      $this->redirectTo( osc_recover_user_password_url() );
                                                      break;
+                                            case(3): // prevent multiple requests in 24 hours interval
+                                                     osc_add_flash_error_message( _m('You have already requested a password reset. Please wait 24 hours to make another one.'));
+                                                     $this->redirectTo( osc_user_login_url() );
+                                                     break;
                                         }
                 break;
                 case('forgot'):         //form to recover the password (in this case we have the form in /gui/)

From 7fb5f58c4a623fa63f93e955b372fd94955f8167 Mon Sep 17 00:00:00 2001
From: Darko <dev-101@users.noreply.github.com>
Date: Thu, 4 Apr 2019 00:49:45 +0200
Subject: [PATCH 3/3] Update UserActions.php

---
 oc-includes/osclass/UserActions.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oc-includes/osclass/UserActions.php b/oc-includes/osclass/UserActions.php
index c2173f244b..3890b62954 100755
--- a/oc-includes/osclass/UserActions.php
+++ b/oc-includes/osclass/UserActions.php
@@ -239,8 +239,8 @@ function recover_password()
                 return 1;
             }
 
-            $date = date('Y-m-d H:i:s'); error_log($date);
-            $pass_date = $user['s_pass_date']; error_log($pass_date);
+            $date = date('Y-m-d H:i:s');
+            $pass_date = $user['s_pass_date'];
 
             if( !empty($user['s_pass_code']) && ((strtotime($date) - strtotime($pass_date)) < 60*60*24) ) {
                 return 3;