Security: Make password reset links expire after 60 minutes (#7715)

* Security: Make password reset links expire after 60 minutes

* Update app_languages.php

* Update app_defaults.php

* Update login.php

core/user_settings/app_languages.php

@@ -352,6 +352,33 @@ $text['message-password_reset']['zh-cn'] = "重设密码";
 $text['message-password_reset']['ja-jp'] = "パスワードリセット";
 $text['message-password_reset']['ko-kr'] = "비밀번호 재설정";
 
+$text['message-password_reset_link_invalid']['en-us'] = "Password Reset Link is Invalid";
+$text['message-password_reset_link_invalid']['en-gb'] = "Password Reset Link is Invalid";
+$text['message-password_reset_link_invalid']['ar-eg'] = "رابط إعادة تعيين كلمة السر غير صالحة";
+$text['message-password_reset_link_invalid']['de-at'] = "Passwort-Rücksetzungslink ist ungültig";
+$text['message-password_reset_link_invalid']['de-ch'] = "Passwort-Rücksetzungslink ist ungültig";
+$text['message-password_reset_link_invalid']['de-de'] = "Passwort-Rücksetzungslink ist ungültig";
+$text['message-password_reset_link_invalid']['el-gr'] = "Η σύνδεση επαναφοράς κωδικού είναι άκυρη";
+$text['message-password_reset_link_invalid']['es-cl'] = "El enlace de restablecimiento de contraseña no es válido";
+$text['message-password_reset_link_invalid']['es-mx'] = "El enlace de restablecimiento de contraseña no es válido";
+$text['message-password_reset_link_invalid']['fr-ca'] = "Le lien de réinitialisation du mot de passe n'est pas valide";
+$text['message-password_reset_link_invalid']['fr-fr'] = "Le lien de réinitialisation du mot de passe n'est pas valide";
+$text['message-password_reset_link_invalid']['he-il'] = "הקישור לאיפוס הסיסמה אינו תקין";
+$text['message-password_reset_link_invalid']['it-it'] = "Il collegamento per il reset della password non è valido";
+$text['message-password_reset_link_invalid']['ka-ge'] = "პაროლის ჩამოყრის ბმული  недействителен";
+$text['message-password_reset_link_invalid']['nl-nl'] = "Het wachtwoordherstelkoppeling is ongeldig";
+$text['message-password_reset_link_invalid']['pl-pl'] = "Link do resetowania hasła jest nieprawidłowy";
+$text['message-password_reset_link_invalid']['pt-br'] = "O link de redefinição de senha não é válido";
+$text['message-password_reset_link_invalid']['pt-pt'] = "A ligação de redefinição de password não é válida";
+$text['message-password_reset_link_invalid']['ro-ro'] = "Link-ul pentru resetarea parolei nu este valid";
+$text['message-password_reset_link_invalid']['ru-ru'] = "Ссылка для сброса пароля недействительна";
+$text['message-password_reset_link_invalid']['sv-se'] = "Länken för återställning av lösenord är ogiltig";
+$text['message-password_reset_link_invalid']['tr-tr'] = "Parola sıfırlama bağlantısı geçerli değil";
+$text['message-password_reset_link_invalid']['uk-ua'] = "Посилання для скидання пароля недійсне";
+$text['message-password_reset_link_invalid']['zh-cn'] = "密码重置链接无效";
+$text['message-password_reset_link_invalid']['ja-jp'] = "パスワードリセットリンクが無効です";
+$text['message-password_reset_link_invalid']['ko-kr'] = "비밀번호 재설정 링크가 유효하지 않습니다";
+
 $text['message-password_requirements']['en-us'] = "Password Requirements";
 $text['message-password_requirements']['en-gb'] = "Password Requirements";
 $text['message-password_requirements']['ar-eg'] = "متطلبات كلمة السر";

core/users/app_defaults.php

@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2025
+	Portions created by the Initial Developer are Copyright (C) 2008-2026
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -137,7 +137,7 @@ if ($domains_processed == 1) {
 				$array['email_templates'][$x]['template_body'] .= "<body>\n";
 				$array['email_templates'][$x]['template_body'] .= "<center><a href='https://\${domain}'><img src='\${logo_full}' style='width: 200px; height: auto; border: none;'></a></center><br />\n";
 				$array['email_templates'][$x]['template_body'] .= "A password reset was just requested for the FusionPBX user account associated with this email address.<br /><br />\n";
-				$array['email_templates'][$x]['template_body'] .= "<b>If you submitted this request</b>, click the button below to begin the password reset process for your user account.<br /><br />";
+				$array['email_templates'][$x]['template_body'] .= "<b>If you submitted this request</b>, click the button below to begin the password reset process for your user account. This link expires in 60 minutes.<br /><br />";
 				$array['email_templates'][$x]['template_body'] .= "\${reset_button}<br /><br />\n";
 				$array['email_templates'][$x]['template_body'] .= "If you did not initiate this action, however, please ignore this message and your password will remain unchanged.\n";
 				$array['email_templates'][$x]['template_body'] .= "If you have questions or concerns regarding this email, please contact your system administrator.";
@@ -180,5 +180,3 @@ if ($domains_processed == 1) {
 		}
 
 }
-
-?>