WP_Recovery_Mode_Key_Service::validate_recovery_mode_key( string $token, string $key, int $ttl )
Verifies if the recovery mode key is correct.
Description Description
Recovery mode keys can only be used once; the key will be consumed in the process.
Parameters Parameters
- $token
-
(string) (Required) The token used when generating the given key.
- $key
-
(string) (Required) The unhashed key.
- $ttl
-
(int) (Required) Time in seconds for the key to be valid for.
Return Return
(true|WP_Error) True on success, error object on failure.
Source Source
File: wp-includes/class-wp-recovery-mode-key-service.php
public function validate_recovery_mode_key( $token, $key, $ttl ) { $records = $this->get_keys(); if ( ! isset( $records[ $token ] ) ) { return new WP_Error( 'token_not_found', __( 'Recovery Mode not initialized.' ) ); } $record = $records[ $token ]; $this->remove_key( $token ); if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) { return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) ); } if ( ! wp_check_password( $key, $record['hashed_key'] ) ) { return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) ); } if ( time() > $record['created_at'] + $ttl ) { return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) ); } return true; }
Expand full source code Collapse full source code View on Trac
Changelog Changelog
Version | Description |
---|---|
5.2.0 | Introduced. |