llms_parse_password_reset_cookie()

Parses the password reset cookie.


Description Description

This is the cookie set when a user uses the password reset link found in a reset password email. The query string vars in the link (user login and reset key) are parsed and stored in this cookie.


Top ↑

Return Return

(array|WP_Error) On success, returns an associative array containing the keys "key" and "login", on error returns a WP_Error.


Top ↑

Source Source

File: includes/functions/llms.functions.person.php

function llms_parse_password_reset_cookie() {

	if ( ! isset( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ) ) {
		return new WP_Error( 'llms_password_reset_no_cookie', __( 'The password reset key could not be found. Please reset your password again if needed.', 'lifterlms' ) );
	}

	$parsed = array_map( 'sanitize_text_field', explode( ':', wp_unslash( $_COOKIE[ 'wp-resetpass-' . COOKIEHASH ] ), 2 ) );  // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	if ( 2 !== count( $parsed ) ) {
		return new WP_Error( 'llms_password_reset_invalid_cookie', __( 'The password reset key is in an invalid format. Please reset your password again if needed.', 'lifterlms' ) );
	}

	$uid = $parsed[0];
	$key = $parsed[1];

	$user  = get_user_by( 'ID', $uid );
	$login = $user ? $user->user_login : '';
	$user  = check_password_reset_key( $key, $login );

	if ( is_wp_error( $user ) ) {
		// Error code is either "llms_password_reset_invalid_key" or "llms_password_reset_expired_key".
		return new WP_Error( sprintf( 'llms_password_reset_%s', $user->get_error_code() ), __( 'This password reset key is invalid or has already been used. Please reset your password again if needed.', 'lifterlms' ) );
	}

	// Success.
	return compact( 'key', 'login' );

}


Top ↑

Changelog Changelog

Changelog
Version Description
5.1.2 Fixed typos in error messages.
5.0.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.