W3cubDocs

/WordPress

WP_Recovery_Mode_Key_Service::validate_recovery_mode_key( string $token, string $key, int $ttl ): true|WP_Error

Verifies if the recovery mode key is correct.

Description

Recovery mode keys can only be used once; the key will be consumed in the process.

Parameters

$tokenstringrequired: The token used when generating the given key.
$keystringrequired: The unhashed key.
$ttlintrequired: Time in seconds for the key to be valid for.

Return

true|WP_Error True on success, error object on failure.

Source

public function validate_recovery_mode_key( $token, $key, $ttl ) {
	global $wp_hasher;

	$records = $this->get_keys();

	if ( ! isset( $records[ $token ] ) ) {
		return new WP_Error( 'token_not_found', __( 'Recovery Mode not initialized.' ) );
	}

	$record = $records[ $token ];

	$this->remove_key( $token );

	if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) {
		return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
	}

	if ( empty( $wp_hasher ) ) {
		require_once ABSPATH . WPINC . '/class-phpass.php';
		$wp_hasher = new PasswordHash( 8, true );
	}

	if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
		return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
	}

	if ( time() > $record['created_at'] + $ttl ) {
		return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );
	}

	return true;
}

View all references View on Trac View on GitHub

Changelog

Version	Description
5.2.0	Introduced.

© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_recovery_mode_key_service/validate_recovery_mode_key