check_password_reset_key could use get_user_by instead of direct query

[thomaslhotta]

Hi

Just noticed, that check_password_reset_key is one of only a few functions making a direct query to the users table. Wouldn't it be more consistent to use the get_user_by function here. I came across this because I am replacing the
get_user_by function with my own. Not being able to hook into the user retrieval in check_password_reset_key forces me to take a rather hackish approach by using the 'query' filter.

I cannot see any advantages of making a direct query aside from bypassing the object cache. Maybe there is a security concern that I am not aware of?

[subrataemfluence]

To my understanding, direct database queries are mainly used when we intend to pull values from one or more columns in a table which are indexed in order to gain more speed. In wp_users table the indexed columns are:

ID, user_login, user_nicename and user_email.

Since check_password_reset_key function deals with user_login column, probably that's the reason a direct database query is used.