WP_Recovery_Mode_Key_Service::validate_recovery_mode_key() │ public │ WP 5.2.0

Verifies if the recovery mode key is correct.

Recovery mode keys can only be used once; the key will be consumed in the process.

Метод класса: WP_Recovery_Mode_Key_Service{}

Хуков нет.

Возвращает

true|WP_Error. True on success, error object on failure.

Использование

$WP_Recovery_Mode_Key_Service = new WP_Recovery_Mode_Key_Service();
$WP_Recovery_Mode_Key_Service->validate_recovery_mode_key( $token, $key, $ttl );

$token(строка) (обязательный): The token used when generating the given key.
$key(строка) (обязательный): The unhashed key.
$ttl(int) (обязательный): Time in seconds for the key to be valid for.

Заметки

Global. PasswordHash. $wp_hasher Portable PHP password hashing framework instance.

Список изменений

С версии 5.2.0

Введена.

Код `WP_Recovery_Mode_Key_Service::validate_recovery_mode_key() WP Recovery Mode Key Service::validate recovery mode key` ^{WP 6.5.2}

wp-includes/class-wp-recovery-mode-key-service.php

public function validate_recovery_mode_key( $token, $key, $ttl ) {
	global $wp_hasher;

	$records = $this->get_keys();

	if ( ! isset( $records[ $token ] ) ) {
		return new WP_Error( 'token_not_found', __( 'Recovery Mode not initialized.' ) );
	}

	$record = $records[ $token ];

	$this->remove_key( $token );

	if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) {
		return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
	}

	if ( empty( $wp_hasher ) ) {
		require_once ABSPATH . WPINC . '/class-phpass.php';
		$wp_hasher = new PasswordHash( 8, true );
	}

	if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
		return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
	}

	if ( time() > $record['created_at'] + $ttl ) {
		return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );
	}

	return true;
}