get_password_reset_key

Creates, stores, then returns a password reset key for user.

Description

(string|WP_Error) get_password_reset_key( (WP_User) $user ); 

Returns (string|WP_Error)

Password reset key on success. WP_Error on error.

Parameters (1)

0. $user (WP_User)
User to retrieve password reset key for.

Usage

  1. if ( !function_exists( 'get_password_reset_key' ) ) { 
  2. require_once ABSPATH . WPINC . '/user.php'; 
  3.  
  4. // User to retrieve password reset key for. 
  5. $user = null; 
  6.  
  7. // NOTICE! Understand what this does before running. 
  8. $result = get_password_reset_key($user); 
  9.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/user.php  
  1. function get_password_reset_key( $user ) { 
  2. global $wpdb, $wp_hasher; 
  3.  
  4. /** 
  5. * Fires before a new password is retrieved. 
  6. * Use the {@see 'retrieve_password'} hook instead. 
  7. * @since 1.5.0 
  8. * @deprecated 1.5.1 Misspelled. Use 'retrieve_password' hook instead. 
  9. * @param string $user_login The user login name. 
  10. */ 
  11. do_action( 'retreive_password', $user->user_login ); 
  12.  
  13. /** 
  14. * Fires before a new password is retrieved. 
  15. * @since 1.5.1 
  16. * @param string $user_login The user login name. 
  17. */ 
  18. do_action( 'retrieve_password', $user->user_login ); 
  19.  
  20. $allow = true; 
  21. if ( is_multisite() && is_user_spammy( $user ) ) { 
  22. $allow = false; 
  23.  
  24. /** 
  25. * Filters whether to allow a password to be reset. 
  26. * @since 2.7.0 
  27. * @param bool $allow Whether to allow the password to be reset. Default true. 
  28. * @param int $user_data->ID The ID of the user attempting to reset a password. 
  29. */ 
  30. $allow = apply_filters( 'allow_password_reset', $allow, $user->ID ); 
  31.  
  32. if ( ! $allow ) { 
  33. return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) ); 
  34. } elseif ( is_wp_error( $allow ) ) { 
  35. return $allow; 
  36.  
  37. // Generate something random for a password reset key. 
  38. $key = wp_generate_password( 20, false ); 
  39.  
  40. /** 
  41. * Fires when a password reset key is generated. 
  42. * @since 2.5.0 
  43. * @param string $user_login The username for the user. 
  44. * @param string $key The generated password reset key. 
  45. */ 
  46. do_action( 'retrieve_password_key', $user->user_login, $key ); 
  47.  
  48. // Now insert the key, hashed, into the DB. 
  49. if ( empty( $wp_hasher ) ) { 
  50. $wp_hasher = new PasswordHash( 8, true ); 
  51. $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); 
  52. $key_saved = $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) ); 
  53. if ( false === $key_saved ) { 
  54. return new WP_Error( 'no_password_key_update', __( 'Could not save password reset key to database.' ) ); 
  55.  
  56. return $key;