A WordPress-centric search engine for devs and theme authors



wp_check_account_verification_key ›

Since5.0.0
Deprecatedn/a
wp_check_account_verification_key ( $key, $uid, $action_name )
Parameters: (3)
  • (string) $key Key to confirm.
    Required: Yes
  • (string) $uid Email hash or user ID.
    Required: Yes
  • (string) $action_name Name of the action this key is being generated for.
    Required: Yes
Returns:
  • (array|WP_Error) WP_Error on failure, action name and user email address on success.
Defined at:
Codex:

Checks if a key is valid and handles the action based on this.



Source

function wp_check_account_verification_key( $key, $uid, $action_name ) {
	global $wp_hasher;

	if ( empty( $action_name ) || empty( $key ) || empty( $uid ) ) {
		return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
	}

	$user = false;

	if ( is_numeric( $uid ) ) {
		$user = get_user_by( 'id', absint( $uid ) );
	}

	// We could be dealing with a registered user account, or a visitor.
	$is_registered_user = ( $user && ! is_wp_error( $user ) );
	$key_request_time   = '';
	$saved_key          = '';
	$email              = '';

	if ( empty( $wp_hasher ) ) {
		require_once ABSPATH . WPINC . '/class-phpass.php';
		$wp_hasher = new PasswordHash( 8, true );
	}

	// Get the saved key from the database.
	if ( $is_registered_user ) {
		$raw_data = get_user_meta( $user->ID, '_verify_action_' . $action_name, true );
		$email    = $user->user_email;

		if ( false !== strpos( $raw_data, ':' ) ) {
			list( $key_request_time, $saved_key ) = explode( ':', $raw_data, 2 );
		}
	} else {
		$raw_data = get_site_option( '_verify_action_' . $action_name . '_' . $uid, '' );

		if ( false !== strpos( $raw_data, ':' ) ) {
			list( $key_request_time, $saved_key, $email ) = explode( ':', $raw_data, 3 );
		}
	}

	$data             = json_decode( $raw_data, true );
	$key_request_time = (int) isset( $data['time'] ) ? $data['time'] : 0;
	$saved_key        = isset( $data['hash'] ) ? $data['hash'] : '';
	$email            = sanitize_email( isset( $data['email'] ) ? $data['email'] : '' );
	$request_data     = isset( $data['request_data'] ) ? $data['request_data'] : array();

	if ( ! $saved_key ) {
		return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
	}

	if ( ! $key_request_time || ! $email ) {
		return new WP_Error( 'invalid_key', __( 'Invalid action' ) );
	}

	/**
	 * Filters the expiration time of confirm keys.
	 *
	 * @since 5.0.0
	 *
	 * @param int $expiration The expiration time in seconds.
	 */
	$expiration_duration = apply_filters( 'account_verification_expiration', DAY_IN_SECONDS );
	$expiration_time     = $key_request_time + $expiration_duration;

	if ( ! $wp_hasher->CheckPassword( $key, $saved_key ) ) {
		return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
	}

	if ( $expiration_time && time() < $expiration_time ) {
		$return = array(
			'action'       => $action_name,
			'email'        => $email,
			'request_data' => $request_data,
		);
	} else {
		$return = new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
	}

	// Clean up stored keys.
	if ( $is_registered_user ) {
		delete_user_meta( $user->ID, '_verify_action_' . $action_name );
	} else {
		delete_site_option( '_verify_action_' . $action_name . '_' . $uid );
	}

	return $return;
}