llms_parse_password_reset_cookie()
Parses the password reset cookie.
Description Description
This is the cookie set when a user uses the password reset link found in a reset password email. The query string vars in the link (user login and reset key) are parsed and stored in this cookie.
Return Return
(array|WP_Error) On success, returns an associative array containing the keys "key" and "login", on error returns a WP_Error.
Source Source
File: includes/functions/llms.functions.person.php
function llms_parse_password_reset_cookie() {
if ( ! isset( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ) ) {
return new WP_Error( 'llms_password_reset_no_cookie', __( 'The password reset key could not be found. Please reset your password again if needed.', 'lifterlms' ) );
}
$parsed = array_map( 'sanitize_text_field', explode( ':', wp_unslash( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ), 2 ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
if ( 2 !== count( $parsed ) ) {
return new WP_Error( 'llms_password_reset_invalid_cookie', __( 'The password reset key is in an invalid format. Please reset your password again if needed.', 'lifterlms' ) );
}
$uid = $parsed[0];
$key = $parsed[1];
$user = get_user_by( 'ID', $uid );
$login = $user ? $user->user_login : '';
$user = check_password_reset_key( $key, $login );
if ( is_wp_error( $user ) ) {
// Error code is either "llms_password_reset_invalid_key" or "llms_password_reset_expired_key".
return new WP_Error( sprintf( 'llms_password_reset_%s', $user->get_error_code() ), __( 'This password reset key is invalid or has already been used. Please reset your password again if needed.', 'lifterlms' ) );
}
// Success.
return compact( 'key', 'login' );
}
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
| Version | Description |
|---|---|
| 5.1.2 | Fixed typos in error messages. |
| 5.0.0 | Introduced. |