get_password_reset_key

Creates, stores, then returns a password reset key for user.

Description

(string|WP_Error) get_password_reset_key( (WP_User) $user ); 

Returns (string|WP_Error)

Password reset key on success. WP_Error on error.

Parameters (1)

0. $user (WP_User)
User to retrieve password reset key for.

Usage

  1. if ( !function_exists( 'get_password_reset_key' ) ) { 
  2.     require_once ABSPATH . WPINC . '/user.php'; 
  4.   
  5. // User to retrieve password reset key for. 
  6. $user = null; 
  7.   
  8. // NOTICE! Understand what this does before running. 
  9. $result = get_password_reset_key($user); 
  10.     

Defined (1)

The function is defined in the following location(s).

/wp-includes/user.php  
  1. function get_password_reset_key( $user ) { 
  2.     global $wpdb, $wp_hasher; 
  3.  
  4.     /** 
  5.      * Fires before a new password is retrieved. 
  7.      * Use the {@see 'retrieve_password'} hook instead. 
  9.      * @since 1.5.0 
  10.      * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead. 
  12.      * @param string $user_login The user login name. 
  13.      */ 
  14.     do_action( 'retreive_password', $user->user_login ); 
  15.  
  16.     /** 
  17.      * Fires before a new password is retrieved. 
  19.      * @since 1.5.1 
  21.      * @param string $user_login The user login name. 
  22.      */ 
  23.     do_action( 'retrieve_password', $user->user_login ); 
  24.  
  25.     $allow = true; 
  26.     if ( is_multisite() && is_user_spammy( $user ) ) { 
  27.         $allow = false; 
  29.  
  30.     /** 
  31.      * Filters whether to allow a password to be reset. 
  33.      * @since 2.7.0 
  35.      * @param bool $allow         Whether to allow the password to be reset. Default true. 
  36.      * @param int  $user_data->ID The ID of the user attempting to reset a password. 
  37.      */ 
  38.     $allow = apply_filters( 'allow_password_reset', $allow, $user->ID ); 
  39.  
  40.     if ( ! $allow ) { 
  41.         return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) ); 
  42.     } elseif ( is_wp_error( $allow ) ) { 
  43.         return $allow; 
  45.  
  46.     // Generate something random for a password reset key. 
  47.     $key = wp_generate_password( 20, false ); 
  48.  
  49.     /** 
  50.      * Fires when a password reset key is generated. 
  52.      * @since 2.5.0 
  54.      * @param string $user_login The username for the user. 
  55.      * @param string $key        The generated password reset key. 
  56.      */ 
  57.     do_action( 'retrieve_password_key', $user->user_login, $key ); 
  58.  
  59.     // Now insert the key, hashed, into the DB. 
  60.     if ( empty( $wp_hasher ) ) { 
  61.         $wp_hasher = new PasswordHash( 8, true ); 
  63.     $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); 
  64.     $key_saved = $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) ); 
  65.     if ( false === $key_saved ) { 
  66.         return new WP_Error( 'no_password_key_update', __( 'Could not save password reset key to database.' ) ); 
  68.  
  69.     return $key;