retrieve_password() – Handles sending a password retrieval email to a user.

You appear to be a bot. Output may be restricted

Description

Handles sending a password retrieval email to a user.

Usage

$true|WP_Error = retrieve_password( $user_login );

Parameters

$user_login
( string ) optional – Optional. Username to send a password retrieval email for. Defaults to $_POST['user_login'] if not set.

Returns

true|WP_Error True when finished, WP_Error object on error.

Source

File name: wordpress/wp-includes/user.php


Lines:

1 to 100 of 233
function retrieve_password( $user_login = null ) {
  $errors    = new WP_Error();
  $user_data = false;

  // Use the passed $user_login if available, otherwise use $_POST['user_login'].
  if ( ! $user_login && ! empty( $_POST['user_login'] ) ) {
    $user_login = $_POST['user_login'];
  }

  if ( empty( $user_login ) ) {
    $errors->add( 'empty_username', __( '<strong>Error</strong>: Please enter a username or email address.' ) );
  } elseif ( strpos( $user_login, '@' ) ) {
    $user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) );
    if ( empty( $user_data ) ) {
      $errors->add( 'invalid_email', __( '<strong>Error</strong>: There is no account with that username or email address.' ) );
    }
  } else {
    $user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) );
  }

  
/**
 * Filters the user data during a password reset request.
 *
 * Allows, for example, custom validation using data other than username or email address.
 *
 * @since 5.7.0
 *
 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist.
 * @param WP_Error      $errors    A WP_Error object containing any errors generated
 *                                 by using invalid credentials.
 */
  $user_data = apply_filters( 'lostpassword_user_data', $user_data, $errors );

  
/**
 * Fires before errors are returned from a password reset request.
 *
 * @since 2.1.0
 * @since 4.4.0 Added the `$errors` parameter.
 * @since 5.4.0 Added the `$user_data` parameter.
 *
 * @param WP_Error      $errors    A WP_Error object containing any errors generated
 *                                 by using invalid credentials.
 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist.
 */
  do_action( 'lostpassword_post', $errors, $user_data );

  
/**
 * Filters the errors encountered on a password reset request.
 *
 * The filtered WP_Error object may, for example, contain errors for an invalid
 * username or email address. A WP_Error object should always be returned,
 * but may or may not contain errors.
 *
 * If any errors are present in $errors, this will abort the password reset request.
 *
 * @since 5.5.0
 *
 * @param WP_Error      $errors    A WP_Error object containing any errors generated
 *                                 by using invalid credentials.
 * @param WP_User|false $user_data WP_User object if found, false if the user does not exist.
 */
  $errors = apply_filters( 'lostpassword_errors', $errors, $user_data );

  if ( $errors->has_errors() ) {
    return $errors;
  }

  if ( ! $user_data ) {
    $errors->add( 'invalidcombo', __( '<strong>Error</strong>: There is no account with that username or email address.' ) );
    return $errors;
  }

  
/**
 * Filters whether to send the retrieve password email.
 *
 * Return false to disable sending the email.
 *
 * @since 6.0.0
 *
 * @param bool    $send       Whether to send the email.
 * @param string  $user_login The username for the user.
 * @param WP_User $user_data  WP_User object.
 */
  if ( ! apply_filters( 'send_retrieve_password_email', true, $user_login, $user_data ) ) {
    return true;
  }

  // Redefining user_login ensures we return the right case in the email.
  $user_login = $user_data->user_login;
  $user_email = $user_data->user_email;
  $key        = get_password_reset_key( $user_data );

  if ( is_wp_error( $key ) ) {
    return $key;
  }

  // Localize password reset message content for user.

 View on GitHub View on Trac