I am trying create passowrd reset form. Here is my function:
<?php
$user_data = get_user_by( 'email', 'admin@mysite.com' ) );
$key = get_password_reset_key( $user_data );
$user_login = $user_data->user_login;
$message = esc_url( get_permalink( '1' ) . "?action=rp&key=$key&login=" . rawurlencode($user_login) ) . "\r\n";
wp_mail( $user_email, "Title", $message );
?>
It sends reset link to my mail, with $key and $login. It is ok.
Now i must check the reset key. Here is my code:
<?php
$errors = new WP_Error();
$user = check_password_reset_key($_GET['key'], $_GET['login']);
if ( is_wp_error( $user ) ) {
if ( $user->get_error_code() === 'expired_key' )
echo "Key is expired";
else
echo "Key is not valid";
}
?>
But it always says Key is not valid. Where is wrong?
1 Answer
I fixed it. We need decode url with esc_url_raw. Here is solution.
<?php
$user_data = get_user_by( 'email', 'admin@mysite.com' ) );
$key = get_password_reset_key( $user_data );
$user_login = $user_data->user_login;
$url = esc_url_raw( get_permalink( '1' ) . "?action=rp&key=$key&login=" . rawurlencode($user_login) ) . "\r\n";
$message = $url;
wp_mail( $user_email, "Title", $message );
?>