通过将密钥与请求的密钥进行比较来验证用户请求。

原型

wp_validate_user_request_key( string $request_id, string $key )

参数

$request_id (string) (Required) 正在确认的请求的ID。

$key (string) (Required) 提供验证密钥。

返回值

(bool|WP_Error)  

源文件

路径:wp-includes/user.php

<?php
...
function wp_validate_user_request_key( $request_id, $key ) {
	global $wp_hasher;
	$request_id = absint( $request_id );
	$request    = wp_get_user_request_data( $request_id );
	if ( ! $request ) {
		return new WP_Error( 'user_request_error', __( 'Invalid request.' ) );
	}
	if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) {
		return __( 'This link has expired.' );
	}
	if ( empty( $key ) ) {
		return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
	}
	if ( empty( $wp_hasher ) ) {
		require_once ABSPATH . WPINC . '/class-phpass.php';
		$wp_hasher = new PasswordHash( 8, true );
	}
	$key_request_time = $request->modified_timestamp;
	$saved_key        = $request->confirm_key;
	if ( ! $saved_key ) {
		return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
	}
	if ( ! $key_request_time ) {
		return new WP_Error( 'invalid_key', __( 'Invalid action' ) );
	}
	/**
	 * Filters the expiration time of confirm keys.
	 *
	 * @since 4.9.6
	 *
	 * @param int $expiration The expiration time in seconds.
	 */
	$expiration_duration = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );
	$expiration_time     = $key_request_time + $expiration_duration;
	if ( ! $wp_hasher->CheckPassword( $key, $saved_key ) ) {
		return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
	}
	if ( ! $expiration_time || time() > $expiration_time ) {
		return new WP_Error( 'expired_key', __( 'The confirmation email has expired.' ) );
	}
	return true;
}
...
?>

其他

英文文档:https://developer.wordpress.org/reference/functions/wp_validate_user_request_key/