WC_Form_Handler::redirect_reset_password_link()
Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
Method of the class: WC_Form_Handler{}
No Hooks.
Return
null. Nothing.
Usage
$result = WC_Form_Handler::redirect_reset_password_link();
WC_Form_Handler::redirect_reset_password_link() WC Form Handler::redirect reset password link code WC 7.7.0
public static function redirect_reset_password_link() {
if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
// If available, get $user_id from query string parameter for fallback purposes.
if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$user = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$user_id = $user ? $user->ID : 0;
} else {
$user_id = absint( $_GET['id'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
}
// If the reset token is not for the current user, ignore the reset request (don't redirect).
$logged_in_user_id = get_current_user_id();
if ( $logged_in_user_id && $logged_in_user_id !== $user_id ) {
wc_add_notice( __( 'This password reset key is for a different user account. Please log out and try again.', 'woocommerce' ), 'error' );
return;
}
$action = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : '';
$value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore
WC_Shortcode_My_Account::set_reset_password_cookie( $value );
wp_safe_redirect(
add_query_arg(
array(
'show-reset-form' => 'true',
'action' => $action,
),
wc_lostpassword_url()
)
);
exit;
}
}