Changeset 25696 for trunk/src/wp-includes/user.php
- Timestamp:
- 10/06/2013 11:28:42 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/user.php
r25615 r25696 1588 1588 * Retrieves a user row based on password reset key and login 1589 1589 * 1590 * A key is considered 'expired' if it exactly matches the value of the 1591 * user_activation_key field, rather than being matched after going through the 1592 * hashing process. This field is now hashed; old values are no longer accepted 1593 * but have a different WP_Error code so good user feedback can be provided. 1594 * 1590 1595 * @uses $wpdb WordPress Database object 1591 1596 * 1592 * @param string $key Hash to validate sending user's password 1593 * @param string $login The user login 1594 * @return object|WP_Error User's database row on success, error object for invalid keys 1595 */ 1596 function check_password_reset_key( $key, $login ) { 1597 global $wpdb; 1598 1599 $key = preg_replace( '/[^a-z0-9]/i', '', $key ); 1600 1601 if ( empty( $key ) || ! is_string( $key ) ) 1602 return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); 1603 1604 if ( empty( $login ) || ! is_string( $login ) ) 1605 return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); 1606 1607 $user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login ) ); 1608 1609 if ( empty( $user ) ) 1610 return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); 1611 1612 return $user; 1597 * @param string $key Hash to validate sending user's password. 1598 * @param string $login The user login. 1599 * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys. 1600 */ 1601 function check_password_reset_key($key, $login) { 1602 global $wpdb, $wp_hasher; 1603 1604 $key = preg_replace('/[^a-z0-9]/i', '', $key); 1605 1606 if ( empty( $key ) || !is_string( $key ) ) 1607 return new WP_Error('invalid_key', __('Invalid key')); 1608 1609 if ( empty($login) || !is_string($login) ) 1610 return new WP_Error('invalid_key', __('Invalid key')); 1611 1612 $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) ); 1613 if ( ! $row ) 1614 return new WP_Error('invalid_key', __('Invalid key')); 1615 1616 if ( empty( $wp_hasher ) ) { 1617 require_once ABSPATH . 'wp-includes/class-phpass.php'; 1618 $wp_hasher = new PasswordHash( 8, true ); 1619 } 1620 1621 if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) ) 1622 return get_userdata( $row->ID ); 1623 1624 if ( $key === $row->user_activation_key ) { 1625 $return = new WP_Error( 'expired_key', __( 'Invalid key' ) ); 1626 $user_id = $row->ID; 1627 1628 /** 1629 * Filter the return value of check_password_reset_key() when an 1630 * old-style key is used (plain-text key was stored in the database). 1631 * 1632 * @since 3.7.0 1633 * 1634 * @param WP_Error $return A WP_Error object denoting an expired key. 1635 * Return a WP_User object to validate the key. 1636 * @param int $user_id The matched user ID. 1637 */ 1638 return apply_filters( 'password_reset_key_expired', $return, $user_id ); 1639 } 1640 1641 return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); 1613 1642 } 1614 1643
Note: See TracChangeset
for help on using the changeset viewer.