wp_validate_user_request_key( string $request_id, string $key )
Validate a user request by comparing the key with the request’s key.
Parameters
- $request_id
-
(Required) ID of the request being confirmed.
- $key
-
(Required) Provided key to validate.
Return
Source
File: wp-includes/user.php
function wp_validate_user_request_key( $request_id, $key ) {
global $wp_hasher;
$request_id = absint( $request_id );
$request = wp_get_user_request_data( $request_id );
if ( ! $request ) {
return new WP_Error( 'user_request_error', __( 'Invalid request.' ) );
}
if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) {
return __( 'This link has expired.' );
}
if ( empty( $key ) ) {
return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
}
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$key_request_time = $request->modified_timestamp;
$saved_key = $request->confirm_key;
if ( ! $saved_key ) {
return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
}
if ( ! $key_request_time ) {
return new WP_Error( 'invalid_key', __( 'Invalid action' ) );
}
/**
* Filters the expiration time of confirm keys.
*
* @since WP-4.9.6
*
* @param int $expiration The expiration time in seconds.
*/
$expiration_duration = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );
$expiration_time = $key_request_time + $expiration_duration;
if ( ! $wp_hasher->CheckPassword( $key, $saved_key ) ) {
return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
}
if ( ! $expiration_time || time() > $expiration_time ) {
return new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
}
return true;
}
Changelog
Version | Description |
---|---|
WP-4.9.6 | Introduced. |