wp_validate_user_request_key( string $request_id, string $key )

Validate a user request by comparing the key with the request’s key.


Description Description


Parameters Parameters

$request_id

(string) (Required) ID of the request being confirmed.

$key

(string) (Required) Provided key to validate.


Top ↑

Return Return

(bool|WP_Error) WP_Error on failure, true on success.


Top ↑

Source Source

File: wp-includes/user.php

3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
function wp_validate_user_request_key( $request_id, $key ) {
    global $wp_hasher;
 
    $request_id = absint( $request_id );
    $request    = wp_get_user_request_data( $request_id );
 
    if ( ! $request ) {
        return new WP_Error( 'invalid_request', __( 'Invalid request.' ) );
    }
 
    if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) {
        return new WP_Error( 'expired_link', __( 'This link has expired.' ) );
    }
 
    if ( empty( $key ) ) {
        return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    }
 
    if ( empty( $wp_hasher ) ) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash( 8, true );
    }
 
    $key_request_time = $request->modified_timestamp;
    $saved_key        = $request->confirm_key;
 
    if ( ! $saved_key ) {
        return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    }
 
    if ( ! $key_request_time ) {
        return new WP_Error( 'invalid_key', __( 'Invalid action' ) );
    }
 
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );
    $expiration_time     = $key_request_time + $expiration_duration;
 
    if ( ! $wp_hasher->CheckPassword( $key, $saved_key ) ) {
        return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    }
 
    if ( ! $expiration_time || time() > $expiration_time ) {
        return new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
    }
 
    return true;
}

Top ↑

Changelog Changelog

Changelog
Version Description
4.9.6 Introduced.


Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.