• LifterLMS
  • Knowledge Base
  • Academy
  • Blog
  • Podcast
  • Contributors
  • My Account

LifterLMS LifterLMS

  • Code Reference
  • REST API
  • LLMS-CLI
  • Changelog Subscribe

Code Reference

Skip to content
Filter by type:
Search
Browse: Home / Code Reference / Classes / LLMS_Controller_Account / LLMS_Controller_Account::reset_password_handler()

Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

LLMS_Controller_Account::reset_password_handler()

Handle the submission of the password reset form.

Contents

  • Return
  • Source
  • Changelog
  • User Contributed Notes

Return #Return

(null|WP_Error|true) Returns null when the nonce can't be verified, on failure a WP_Error object, and true on success.


Top ↑

Source #Source

File: includes/forms/controllers/class.llms.controller.account.php

	 *
	 * @return null|WP_Error|true Returns `null` when the nonce can't be verified, on failure a `WP_Error` object, and `true` on success.
	 */
	private function reset_password_handler() {

		// Invalid nonce or the form wasn't submitted.
		if ( ! isset( $_REQUEST['_reset_password_nonce'] ) ) {
			return null;
		}
		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_reset_password_nonce'] ) ), 'llms_reset_password' ) ) {
			return null;
		}

		/**
		 * Fire an action before the user password reset form is handled.
		 *
		 * @since 5.0.0
		 */
		do_action( 'llms_before_user_reset_password_submit' );

		/**
		 * Add custom validations to the password reset form.
		 *
		 * @since 5.0.0
		 *
		 * @param WP_Error|true $valid Whether or not the submitted data is valid. Return `true` for valid data or a `WP_Error` when invalid.
		 */
		$valid = apply_filters( 'llms_validate_password_reset_form', $this->validate_password_reset( wp_unslash( $_POST ) ) );
		if ( is_wp_error( $valid ) ) {
			return $valid;
		}

		$login = llms_filter_input_sanitize_string( INPUT_POST, 'llms_reset_login' );
		$key   = llms_filter_input_sanitize_string( INPUT_POST, 'llms_reset_key' );
		$user  = check_password_reset_key( $key, $login );

		if ( is_wp_error( $user ) ) {
			// Error code is either "llms_password_reset_invalid_key" or "llms_password_reset_expired_key".
			return new WP_Error( sprintf( 'llms_password_reset_%s', $user->get_error_code() ), __( 'This password reset key is invalid or has already been used. Please reset your password again if needed.', 'lifterlms' ) );
		}

		reset_password( $user, addslashes( llms_filter_input( INPUT_POST, 'password' ) ) );

		/**
		 * Send the WP Core admin notification when a user's password is changed via the password reset form.
		 *
		 * @since 3.37.17
		 *
		 * @param bool    $notify_admin If `true`, the admin will be notified.
		 * @param WP_User $user         User object.
		 */
		$notify_admin = apply_filters( 'llms_password_reset_send_admin_notification', true, $user );
		if ( $notify_admin ) {
			wp_password_change_notification( $user );
		}

		/**
		 * Fire an action the the user's password is reset.
		 *
		 * @since 5.0.0
		 *
		 * @param WP_User $user User object.

Expand full source code Collapse full source code View on GitHub


Top ↑

Changelog #Changelog

Changelog
Version Description
5.9.0 Stop using deprecated FILTER_SANITIZE_STRING.
5.0.0 Introduced.

Top ↑

User Contributed Notes #User Contributed Notes

You must log in before being able to contribute a note or feedback.

© 2014 - 2026 LifterLMS · Privacy Policy · Terms and Conditions

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.