WP_Recovery_Mode_Key_Service::validate_recovery_mode_key() WordPress Method
The WP_Recovery_Mode_Key_Service::validate_recovery_mode_key() method is used to validate the recovery mode key for a WordPress site. This key is used to allow access to the site in recovery mode, which is a special mode that is used when the site is unable to load its normal WordPress files. The key is typically generated by the WordPress site administrator and is used to provide access to the site to authorized users.
WP_Recovery_Mode_Key_Service::validate_recovery_mode_key( string $token, string $key, int $ttl ) #
Verifies if the recovery mode key is correct.
Description
Recovery mode keys can only be used once; the key will be consumed in the process.
Parameters
- $token
(string)(Required)The token used when generating the given key.
- $key
(string)(Required)The unhashed key.
- $ttl
(int)(Required)Time in seconds for the key to be valid for.
Return
(true|WP_Error) True on success, error object on failure.
Source
File: wp-includes/class-wp-recovery-mode-key-service.php
public function validate_recovery_mode_key( $token, $key, $ttl ) {
$records = $this->get_keys();
if ( ! isset( $records[ $token ] ) ) {
return new WP_Error( 'token_not_found', __( 'Recovery Mode not initialized.' ) );
}
$record = $records[ $token ];
$this->remove_key( $token );
if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) {
return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
}
if ( ! wp_check_password( $key, $record['hashed_key'] ) ) {
return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
}
if ( time() > $record['created_at'] + $ttl ) {
return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) );
}
return true;
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 5.2.0 | Introduced. |