Check Password Reset Key Not Woking|Programmer puzzle solving

I am trying create passowrd reset form. Here is my function:

<?php 
$user_data = get_user_by( 'email', '[email protected]' ) );
$key = get_password_reset_key( $user_data );
$user_login = $user_data->user_login;

$message = esc_url( get_permalink( '1' ) . "?action=rp&key=$key&login=" . rawurlencode($user_login) ) . "\r\n";

wp_mail( $user_email, "Title", $message );
?>

It sends reset link to my mail, with $key and $login. It is ok.

Now i must check the reset key. Here is my code:

<?php 
$errors = new WP_Error();
$user = check_password_reset_key($_GET['key'], $_GET['login']);

if ( is_wp_error( $user ) ) {
    if ( $user->get_error_code() === 'expired_key' )
        echo "Key is expired";
    else
        echo "Key is not valid";
}
?>

But it always says Key is not valid. Where is wrong?

I am trying create passowrd reset form. Here is my function:

<?php 
$user_data = get_user_by( 'email', '[email protected]' ) );
$key = get_password_reset_key( $user_data );
$user_login = $user_data->user_login;

$message = esc_url( get_permalink( '1' ) . "?action=rp&key=$key&login=" . rawurlencode($user_login) ) . "\r\n";

wp_mail( $user_email, "Title", $message );
?>

It sends reset link to my mail, with $key and $login. It is ok.

Now i must check the reset key. Here is my code:

<?php 
$errors = new WP_Error();
$user = check_password_reset_key($_GET['key'], $_GET['login']);

if ( is_wp_error( $user ) ) {
    if ( $user->get_error_code() === 'expired_key' )
        echo "Key is expired";
    else
        echo "Key is not valid";
}
?>

But it always says Key is not valid. Where is wrong?

Share Improve this question asked Feb 25, 2018 at 22:19 wpdev 5492 gold badges13 silver badges28 bronze badges

1 In the else, try to echo the $user->get_error_message() instead of "Key is not valid", and see what it says. – Sally CJ Commented Feb 26, 2018 at 7:09
It says invalid key @Sally – wpdev Commented Feb 26, 2018 at 17:32
Try $user = check_password_reset_key($_GET['key'], rawurldecode($_GET['login'])); because you rawurlencode() the login in the email. If that doesn't work, do var_dump( $_GET['key'], $_GET['login'] ); and see if the values are valid. – Sally CJ Commented Feb 26, 2018 at 17:39
Yes. I found the problem. Php is not reads $_GET valuse. Because url is wrong. localhost/wordpress/reset-pass-page//… #038; why it add this #038; ? – wpdev Commented Feb 26, 2018 at 17:56
Because that's how esc_url() works. I.e. By default, it converts & to &. Sorry that I didn't really notice (or pay attention to) the wp_mail() part. =) – Sally CJ Commented Feb 26, 2018 at 19:32

Add a comment |

1 Answer 1

Sorted by: Reset to default 2

I fixed it. We need decode url with esc_url_raw. Here is solution.

<?php 
$user_data = get_user_by( 'email', '[email protected]' ) );
$key = get_password_reset_key( $user_data );
$user_login = $user_data->user_login;

$url = esc_url_raw( get_permalink( '1' ) . "?action=rp&key=$key&login=" . rawurlencode($user_login) ) . "\r\n";
$message = $url;

wp_mail( $user_email, "Title", $message );
?>

Programmer puzzle solving

Check Password Reset Key Not Woking

1 Answer 1

Articles related to this article

comment list (0)