• LifterLMS
  • Knowledge Base
  • Academy
  • Blog
  • Podcast
  • Contributors
  • My Account

LifterLMS LifterLMS

  • Code Reference
  • REST API
  • LLMS-CLI
  • Changelog Subscribe

Code Reference

Skip to content
Filter by type:
Search
Browse: Home / Code Reference / Classes / LLMS_Controller_Account / LLMS_Controller_Account::reset_password_handler()

Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

LLMS_Controller_Account::reset_password_handler()

Handle the submission of the password reset form.

Contents

  • Return
  • Source
  • Related
    • Uses
    • Used By
  • Changelog
  • User Contributed Notes

Return #Return

(null|WP_Error|true) Returns null when the nonce can't be verified, on failure a WP_Error object, and true on success.


Top ↑

Source #Source

File: includes/forms/controllers/class.llms.controller.account.php

	private function reset_password_handler() {

		// Invalid nonce or the form wasn't submitted.
		if ( ! llms_verify_nonce( '_reset_password_nonce', 'llms_reset_password' ) ) {
			return null;
		}

		/**
		 * Fire an action before the user password reset form is handled.
		 *
		 * @since 5.0.0
		 */
		do_action( 'llms_before_user_reset_password_submit' );

		/**
		 * Add custom validations to the password reset form.
		 *
		 * @since 5.0.0
		 *
		 * @param WP_Error|true $valid Whether or not the submitted data is valid. Return `true` for valid data or a `WP_Error` when invalid.
		 */
		$valid = apply_filters( 'llms_validate_password_reset_form', $this->validate_password_reset( wp_unslash( $_POST ) ) );
		if ( is_wp_error( $valid ) ) {
			return $valid;
		}

		$login = llms_filter_input_sanitize_string( INPUT_POST, 'llms_reset_login' );
		$key   = llms_filter_input_sanitize_string( INPUT_POST, 'llms_reset_key' );
		$user  = check_password_reset_key( $key, $login );

		if ( is_wp_error( $user ) ) {
			// Error code is either "llms_password_reset_invalid_key" or "llms_password_reset_expired_key".
			return new WP_Error( sprintf( 'llms_password_reset_%s', $user->get_error_code() ), __( 'This password reset key is invalid or has already been used. Please reset your password again if needed.', 'lifterlms' ) );
		}

		reset_password( $user, addslashes( llms_filter_input( INPUT_POST, 'password' ) ) );

		/**
		 * Send the WP Core admin notification when a user's password is changed via the password reset form.
		 *
		 * @since 3.37.17
		 *
		 * @param bool    $notify_admin If `true`, the admin will be notified.
		 * @param WP_User $user         User object.
		 */
		$notify_admin = apply_filters( 'llms_password_reset_send_admin_notification', true, $user );
		if ( $notify_admin ) {
			wp_password_change_notification( $user );
		}

		/**
		 * Fire an action the the user's password is reset.
		 *
		 * @since 5.0.0
		 *
		 * @param WP_User $user User object.
		 */
		do_action( 'llms_user_password_reset', $user );

		return true;

	}

Expand full source code Collapse full source code View on GitHub


Top ↑

Related #Related

Uses #Uses

Uses
Uses Description
includes/llms.functions.core.php: llms_filter_input_sanitize_string()

Function used to sanitize user input in a manner similar to the (deprecated) FILTER_SANITIZE_STRING.

includes/forms/controllers/class.llms.controller.account.php: LLMS_Controller_Account::validate_password_reset()

Validates the password reset form.

includes/forms/controllers/class.llms.controller.account.php: llms_before_user_reset_password_submit

Fire an action before the user password reset form is handled.

includes/forms/controllers/class.llms.controller.account.php: llms_validate_password_reset_form

Add custom validations to the password reset form.

includes/forms/controllers/class.llms.controller.account.php: llms_user_password_reset

Fire an action the the user’s password is reset.

includes/forms/controllers/class.llms.controller.account.php: llms_password_reset_send_admin_notification

Send the WP Core admin notification when a user’s password is changed via the password reset form.

includes/llms.functions.core.php: llms_verify_nonce()

Verify nonce with additional checks to confirm request method

includes/functions/llms-functions-wrappers.php: llms_filter_input()

Gets a specific external variable by name and optionally filters it

Show 3 more uses Hide more uses

Top ↑

Used By #Used By

Used By
Used By Description
includes/forms/controllers/class.llms.controller.account.php: LLMS_Controller_Account::reset_password()

Handle form submission of the Reset Password form


Top ↑

Changelog #Changelog

Changelog
Version Description
5.9.0 Stop using deprecated FILTER_SANITIZE_STRING.
5.0.0 Introduced.

Top ↑

User Contributed Notes #User Contributed Notes

You must log in before being able to contribute a note or feedback.

© 2014 - 2025 LifterLMS · Privacy Policy · Terms and Conditions

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.