1st change of password should ignore time limits

When a user registers for an account, they are sent an email with a temporary password. When logging into the site the user is not allowed to change their email as they have not allowed the allotted time to pass since their last password change. since their account was just created they have to wait. my default time is 24 hours. even if i set it to 6 hours, i would not want to pay attention to a site that i had to wait to change my password untill 6 hours later. Most people would forget. I'm thinking that the first time the user changes their password that the change should be allowed to take place.

One way to accomplish this is to compare the time to the amount of time the user has had the account. if the time is less than the amount of time it has been since the user has created the account then they would be able to do it. so if the time before you can change is 24 hours, and they made an account 30 minutes ago then they would be able to change it. This would also mean that the user could change their password as many times as possible before the time reaches account life time. To counter this you could make a simple variable to add to the user table on the status if the password has ever been changed. 0 is no, 1 is yes. if 0 they can change their pass as long as it follows the above rules. once the password is changed it sets the value to '1'. When the module looks to see the value is a '1' it looks and compares to the amount of time to change the password as normal.

So value of '0' uses the above rules to bypass the time using the users account life time
and a value of '1' checks for time normally.