diff --git a/interface/web/login/lib/lang/ar.lng b/interface/web/login/lib/lang/ar.lng
index 4268f8696cf0bddfb45f5bb01f49171eaf6812c2..79ff8def0bfad10129e96da146ec9a7629d29b32 100644
--- a/interface/web/login/lib/lang/ar.lng
+++ b/interface/web/login/lib/lang/ar.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/bg.lng b/interface/web/login/lib/lang/bg.lng
index 6d6f92c87371215a299b51eb15ed9aa3bed719a5..18f46d6df8f5be5e44473db554981d8c28b95807 100644
--- a/interface/web/login/lib/lang/bg.lng
+++ b/interface/web/login/lib/lang/bg.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/br.lng b/interface/web/login/lib/lang/br.lng
index e8df8f25dce2c777d8d2f64242a909eade9fbca9..1f5b41c369389027fae7cb32be3a66c392895a39 100644
--- a/interface/web/login/lib/lang/br.lng
+++ b/interface/web/login/lib/lang/br.lng
@@ -40,3 +40,4 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
diff --git a/interface/web/login/lib/lang/ca.lng b/interface/web/login/lib/lang/ca.lng
index 0895c1df492e48bef35305d5f1bb608067669b91..f4aa11776a941d8b506392f45007d051efa6700f 100644
--- a/interface/web/login/lib/lang/ca.lng
+++ b/interface/web/login/lib/lang/ca.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/cz.lng b/interface/web/login/lib/lang/cz.lng
index 8089dcc5fc79cee78c588374c26431c5136d70f4..a57ff3f7044885f0acae16a68495376c7e63e0bf 100644
--- a/interface/web/login/lib/lang/cz.lng
+++ b/interface/web/login/lib/lang/cz.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/de.lng b/interface/web/login/lib/lang/de.lng
index 6c8472fe7602b3368701a8b38bbfe7823901d22c..dcb94af7168cafcdd4af58137fd246fe8933bb1f 100644
--- a/interface/web/login/lib/lang/de.lng
+++ b/interface/web/login/lib/lang/de.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/dk.lng b/interface/web/login/lib/lang/dk.lng
index b971e10bd6a514b12714dfed6a8f88babbc84160..37d41ddea1581710d1a24d512d35803ab79e27cc 100644
--- a/interface/web/login/lib/lang/dk.lng
+++ b/interface/web/login/lib/lang/dk.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/el.lng b/interface/web/login/lib/lang/el.lng
index 578b342c5e26bbae3cb12ff42fe5910e1d7205ff..64a03b36f63e3bc1ec1856d7ac6aa87ce6397788 100644
--- a/interface/web/login/lib/lang/el.lng
+++ b/interface/web/login/lib/lang/el.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/en.lng b/interface/web/login/lib/lang/en.lng
index 405e320500dba4b3a7e366db25d46fc027b8bcd4..8dd94c6294f3c996fac2b331b7431323b0d7d1c3 100644
--- a/interface/web/login/lib/lang/en.lng
+++ b/interface/web/login/lib/lang/en.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/es.lng b/interface/web/login/lib/lang/es.lng
index a6da15296e76f729c7232f1daf80cd6cd413c017..dd8bd12bc4910604569c1d6576d2bf4aa54234ea 100644
--- a/interface/web/login/lib/lang/es.lng
+++ b/interface/web/login/lib/lang/es.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/fi.lng b/interface/web/login/lib/lang/fi.lng
index 496383401b426e00ea6289aa20b8828ff4e2eb7d..9bbcbdddabdd7cf09d666de995cf91194d15abe0 100644
--- a/interface/web/login/lib/lang/fi.lng
+++ b/interface/web/login/lib/lang/fi.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/fr.lng b/interface/web/login/lib/lang/fr.lng
index e8104aacaaa738ecde30f0292e8f1b86a235c452..dfc04fd184601ab61b2bf3abe8648b5819bd07ea 100644
--- a/interface/web/login/lib/lang/fr.lng
+++ b/interface/web/login/lib/lang/fr.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/hr.lng b/interface/web/login/lib/lang/hr.lng
index ae20203acdd490204d22a1f467523623fcc7852e..1980c4292dcda9cbe5eef922e48e1c540b1e29d3 100644
--- a/interface/web/login/lib/lang/hr.lng
+++ b/interface/web/login/lib/lang/hr.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/hu.lng b/interface/web/login/lib/lang/hu.lng
index f8ad853a4888c3401ff9c1e7249ec834cd20a3ef..99e2ca769bcc07b6de8534090e36af5feac6003b 100644
--- a/interface/web/login/lib/lang/hu.lng
+++ b/interface/web/login/lib/lang/hu.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/id.lng b/interface/web/login/lib/lang/id.lng
index fb0ba69e37b12c79a359d79ac737e37372dd54a6..615357f654f6b47fe4dc61eda6c32c2c0f88d1db 100644
--- a/interface/web/login/lib/lang/id.lng
+++ b/interface/web/login/lib/lang/id.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/it.lng b/interface/web/login/lib/lang/it.lng
index 4ea0a12f4b215aa13507d990a62638fc08187647..df498e978acc76c0f12db9149b0ab5891925a867 100644
--- a/interface/web/login/lib/lang/it.lng
+++ b/interface/web/login/lib/lang/it.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/ja.lng b/interface/web/login/lib/lang/ja.lng
index 8ec65a03e355b74b55d97902cd4a287ebd43e6fe..bff26e9d83826f74edf744190f3a2737c0a72885 100644
--- a/interface/web/login/lib/lang/ja.lng
+++ b/interface/web/login/lib/lang/ja.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/nl.lng b/interface/web/login/lib/lang/nl.lng
index b946fd7dad839b9eda23b41bfe9edfb637294485..453aae6fac9bdc7ef6646a2fcd9e6db23c2f67f7 100644
--- a/interface/web/login/lib/lang/nl.lng
+++ b/interface/web/login/lib/lang/nl.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authenticatie';
 $wb['otp_code_email_template_txt'] = 'Uw eenmalige login code is %s' . PHP_EOL . 'Deze code is geldig voor 10 minuten.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Aanvragen nieuwe code';
 $wb['otp_code_email_sent_failed_txt'] = 'Verzenden van email naar %s is mislukt.';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/pl.lng b/interface/web/login/lib/lang/pl.lng
index 2a037016f775bca290ee6d26b849c5d45eb3dcf9..f6937205425592ecc92a2903e5ca38fffc674404 100644
--- a/interface/web/login/lib/lang/pl.lng
+++ b/interface/web/login/lib/lang/pl.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/pt.lng b/interface/web/login/lib/lang/pt.lng
index b7eb8a26632559743a6217c6b86340e06c59c4d6..fd453844ea22bee3cf366331f3135564623bbc38 100644
--- a/interface/web/login/lib/lang/pt.lng
+++ b/interface/web/login/lib/lang/pt.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/ro.lng b/interface/web/login/lib/lang/ro.lng
index 21ba4da975d9150a356ebdd10ac3ef717a504064..94950d6c069ab7652e9f75d7529d0d0bfa74cb33 100644
--- a/interface/web/login/lib/lang/ro.lng
+++ b/interface/web/login/lib/lang/ro.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/ru.lng b/interface/web/login/lib/lang/ru.lng
index e79ac35f10a5e237a54af412e17f76c6daa5ca39..999723c2d6b378f775a7435d19fb2f1a7616f4a8 100644
--- a/interface/web/login/lib/lang/ru.lng
+++ b/interface/web/login/lib/lang/ru.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/se.lng b/interface/web/login/lib/lang/se.lng
index 04d81344e26f680a2b1373dfff683499baa5184d..db0aeba05ecba8c39d72a3858dd2981a5a0489e7 100644
--- a/interface/web/login/lib/lang/se.lng
+++ b/interface/web/login/lib/lang/se.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/sk.lng b/interface/web/login/lib/lang/sk.lng
index 28033ff210774f0598f59dec7fb0cebf25ad546a..20ed8f74a79446c9e33e8f834276685dabbd3e09 100644
--- a/interface/web/login/lib/lang/sk.lng
+++ b/interface/web/login/lib/lang/sk.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/lib/lang/tr.lng b/interface/web/login/lib/lang/tr.lng
index 47be8107b64649d44f42124388140a0a0f465ef6..f30f1fb35440cb52be0ab93803ccd10239acb32e 100644
--- a/interface/web/login/lib/lang/tr.lng
+++ b/interface/web/login/lib/lang/tr.lng
@@ -40,4 +40,5 @@ $wb['otp_code_email_subject_txt'] = 'ISPConfig Login authentication';
 $wb['otp_code_email_template_txt'] = 'Your One time login code is %s' . PHP_EOL . 'This code is valid for 10 minutes.' . PHP_EOL;
 $wb['otp_code_resend_txt'] = 'Request new code';
 $wb['otp_code_email_sent_failed_txt'] = 'Failed sending an email to %s';
+$wb['otp_code_email_sent_wait_txt'] = 'Please wait, re-sending the code is only possible after %s seconds.';
 ?>
diff --git a/interface/web/login/otp.php b/interface/web/login/otp.php
index 8cd92b5e5100ad5e9ef138b378bd988ed4646d95..8b80691da6f20a626c518db9a89d12c8cc335d9e 100644
--- a/interface/web/login/otp.php
+++ b/interface/web/login/otp.php
@@ -127,57 +127,65 @@ if($_SESSION['otp']['type'] == 'email') {
 	}
 
 	// Send code via email.
-	if(!isset($_SESSION['otp']['sent']) || $_GET['action'] == 'resend') {
-		// Generate new code
-		$new_otp_code = random_int(100000, 999999);
-		$_SESSION['otp']['code_hash'] = password_hash($new_otp_code, PASSWORD_DEFAULT);
-		//$_SESSION['otp']['code_debug'] = $new_otp_code; # for DEBUG only.
-		$_SESSION['otp']['starttime'] = time();
-
-		// Ensure that code is not sent too often
-		if(isset($_SESSION['otp']['sent']) && $_SESSION['otp']['sent'] > $max_code_resend) {
-			$app->error('Code resend limit reached', 'index.php');
-		}
-
-		$app->uses('functions');
-		$app->uses('getconf');
-		$server_config_array = $app->getconf->get_global_config();
+	if (!isset($_SESSION['otp']['sent']) || $_GET['action'] == 'resend') {
 
-		$app->uses('getconf,ispcmail');
-		$mail_config = $server_config_array['mail'];
-		if($mail_config['smtp_enabled'] == 'y') {
-			$mail_config['use_smtp'] = true;
-			$app->ispcmail->setOptions($mail_config);
-		}
-
-		$clientuser = $app->db->queryOneRecord('SELECT email FROM sys_user u LEFT JOIN client c ON (u.client_id=c.client_id) WHERE u.userid = ?', $_SESSION['s_pending']['user']['userid']);
-		if (!empty($clientuser['email'])) {
-		  $email_to = $clientuser['email'];
+		$mail_otp_code_retry_timeout = 30;
+		if (isset($_SESSION['otp']['starttime']) && $_SESSION['otp']['starttime'] > time() - $mail_otp_code_retry_timeout) {
+			$token_sent_message = sprintf($wb['otp_code_email_sent_wait_txt'], $mail_otp_code_retry_timeout);
 		}
 		else {
-		  // Admin users are not related to a client, thus use the globally configured email address.
-		  $email_to = $mail_config['admin_mail'];
-		}
 
-		$app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']);
-		$app->ispcmail->setSubject($wb['otp_code_email_subject_txt']);
-		$app->ispcmail->setMailText(sprintf($wb['otp_code_email_template_txt'], $new_otp_code));
-		$send_result = $app->ispcmail->send($email_to);
-		$app->ispcmail->finish();
+			// Generate new code
+			$new_otp_code = random_int(100000, 999999);
+			$_SESSION['otp']['code_hash'] = password_hash($new_otp_code, PASSWORD_DEFAULT);
+			//$_SESSION['otp']['code_debug'] = $new_otp_code; # for DEBUG only.
+			$_SESSION['otp']['starttime'] = time();
 
-		if ($send_result) {
+			// Ensure that code is not sent too often
+			if(isset($_SESSION['otp']['sent']) && $_SESSION['otp']['sent'] > $max_code_resend) {
+				$app->error('Code resend limit reached', 'index.php');
+			}
+
+			$app->uses('functions');
+			$app->uses('getconf');
+			$server_config_array = $app->getconf->get_global_config();
 
-			// Increase sent counter.
-			if(!isset($_SESSION['otp']['sent'])) {
-				$_SESSION['otp']['sent'] = 1;
-			} else {
-				$_SESSION['otp']['sent']++;
+			$app->uses('getconf,ispcmail');
+			$mail_config = $server_config_array['mail'];
+			if($mail_config['smtp_enabled'] == 'y') {
+				$mail_config['use_smtp'] = true;
+				$app->ispcmail->setOptions($mail_config);
 			}
 
-			$token_sent_message = $wb['otp_code_email_sent_txt'] . ' ' . $email_to;
-		}
-		else {
-			$token_sent_message = sprintf($wb['otp_code_email_sent_failed_txt'], $email_to);
+			$clientuser = $app->db->queryOneRecord('SELECT email FROM sys_user u LEFT JOIN client c ON (u.client_id=c.client_id) WHERE u.userid = ?', $_SESSION['s_pending']['user']['userid']);
+			if (!empty($clientuser['email'])) {
+				$email_to = $clientuser['email'];
+			}
+			else {
+				// Admin users are not related to a client, thus use the globally configured email address.
+				$email_to = $mail_config['admin_mail'];
+			}
+
+			$app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']);
+			$app->ispcmail->setSubject($wb['otp_code_email_subject_txt']);
+			$app->ispcmail->setMailText(sprintf($wb['otp_code_email_template_txt'], $new_otp_code));
+			$send_result = $app->ispcmail->send($email_to);
+			$app->ispcmail->finish();
+
+			if ($send_result) {
+
+				// Increase sent counter.
+				if(!isset($_SESSION['otp']['sent'])) {
+					$_SESSION['otp']['sent'] = 1;
+				} else {
+					$_SESSION['otp']['sent']++;
+				}
+
+				$token_sent_message = $wb['otp_code_email_sent_txt'] . ' ' . $email_to;
+			}
+			else {
+				$token_sent_message = sprintf($wb['otp_code_email_sent_failed_txt'], $email_to);
+			}
 		}
 	}