get_password_reset_key() – Creates, stores, then returns a password reset key for user.

You appear to be a bot. Output may be restricted

Description

Creates, stores, then returns a password reset key for user.

Usage

$string|WP_Error = get_password_reset_key( $user );

Parameters

$user
( WP_User ) required – User to retrieve password reset key for.

Returns

string|WP_Error Password reset key on success. WP_Error on error.

Source

File name: wordpress/wp-includes/user.php
Lines:

1 to 83 of 83
function get_password_reset_key( $user ) {
  global $wp_hasher;

  if ( ! ( $user instanceof WP_User ) ) {
    return new WP_Error( 'invalidcombo', __( '<strong>Error</strong>: There is no account with that username or email address.' ) );
  }

  
/**
 * Fires before a new password is retrieved.
 *
 * Use the {@see 'retrieve_password'} hook instead.
 *
 * @since 1.5.0
 * @deprecated 1.5.1 Misspelled. Use {@see 'retrieve_password'} hook instead.
 *
 * @param string $user_login The user login name.
 */
  do_action_deprecated( 'retreive_password', array( $user->user_login ), '1.5.1', 'retrieve_password' );

  
/**
 * Fires before a new password is retrieved.
 *
 * @since 1.5.1
 *
 * @param string $user_login The user login name.
 */
  do_action( 'retrieve_password', $user->user_login );

  $allow = true;
  if ( is_multisite() && is_user_spammy( $user ) ) {
    $allow = false;
  }

  
/**
 * Filters whether to allow a password to be reset.
 *
 * @since 2.7.0
 *
 * @param bool $allow   Whether to allow the password to be reset. Default true.
 * @param int  $user_id The ID of the user attempting to reset a password.
 */
  $allow = apply_filters( 'allow_password_reset', $allow, $user->ID );

  if ( ! $allow ) {
    return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) );
  } elseif ( is_wp_error( $allow ) ) {
    return $allow;
  }

  // Generate something random for a password reset key.
  $key = wp_generate_password( 20, false );

  
/**
 * Fires when a password reset key is generated.
 *
 * @since 2.5.0
 *
 * @param string $user_login The username for the user.
 * @param string $key        The generated password reset key.
 */
  do_action( 'retrieve_password_key', $user->user_login, $key );

  // Now insert the key, hashed, into the DB.
  if ( empty( $wp_hasher ) ) {
    require_once ABSPATH . WPINC . '/class-phpass.php';
    $wp_hasher = new PasswordHash( 8, true );
  }

  $hashed = time() . ':' . $wp_hasher->HashPassword( $key );

  $key_saved = wp_update_user(
    array(
      'ID'                  => $user->ID,
      'user_activation_key' => $hashed,
    )
  );

  if ( is_wp_error( $key_saved ) ) {
    return $key_saved;
  }

  return $key;
}
 

 View on GitHub View on Trac