wp_validate_user_request_key

The timeline below displays how wordpress function wp_validate_user_request_key has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.5

/**
 * Validates a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return true|WP_Error True on success, WP_Error on failure.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request($request_id);
    $saved_key = $request->confirm_key;
    $key_request_time = $request->modified_timestamp;
    if (!$request || !$saved_key || !$key_request_time) {
        return new WP_Error('invalid_request', __('Invalid personal data request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return new WP_Error('expired_request', __('This personal data request has expired.'));
    }
    if (empty($key)) {
        return new WP_Error('missing_key', __('The confirmation key is missing from this personal data request.'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('The confirmation key is invalid for this personal data request.'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation key has expired for this personal data request.'));
    }
    return true;
}

WordPress Version: 6.1

/**
 * Validates a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return true|WP_Error True on success, WP_Error on failure.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request($request_id);
    $saved_key = $request->confirm_key;
    $key_request_time = $request->modified_timestamp;
    if (!$request || !$saved_key || !$key_request_time) {
        return new WP_Error('invalid_request', __('Invalid personal data request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return new WP_Error('expired_request', __('This personal data request has expired.'));
    }
    if (empty($key)) {
        return new WP_Error('missing_key', __('The confirmation key is missing from this personal data request.'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('The confirmation key is invalid for this personal data request.'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation key has expired for this personal data request.'));
    }
    return true;
}

WordPress Version: 5.7

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return true|WP_Error True on success, WP_Error on failure.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request($request_id);
    $saved_key = $request->confirm_key;
    $key_request_time = $request->modified_timestamp;
    if (!$request || !$saved_key || !$key_request_time) {
        return new WP_Error('invalid_request', __('Invalid personal data request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return new WP_Error('expired_request', __('This personal data request has expired.'));
    }
    if (empty($key)) {
        return new WP_Error('missing_key', __('The confirmation key is missing from this personal data request.'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('The confirmation key is invalid for this personal data request.'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation key has expired for this personal data request.'));
    }
    return true;
}

WordPress Version: 5.6

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return bool|WP_Error True on success, WP_Error on failure.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request($request_id);
    $saved_key = $request->confirm_key;
    $key_request_time = $request->modified_timestamp;
    if (!$request || !$saved_key || !$key_request_time) {
        return new WP_Error('invalid_request', __('Invalid user privacy request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return new WP_Error('expired_request', __('This user privacy request has expired.'));
    }
    if (empty($key)) {
        return new WP_Error('missing_key', __('This user privacy request is missing the confirmation key.'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('This user privacy request confirmation key is invalid.'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('This user privacy request confirmation key has expired.'));
    }
    return true;
}

WordPress Version: 5.4

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return bool|WP_Error True on success, WP_Error on failure.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request($request_id);
    if (!$request) {
        return new WP_Error('invalid_request', __('Invalid request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return new WP_Error('expired_link', __('This link has expired.'));
    }
    if (empty($key)) {
        return new WP_Error('missing_key', __('Missing confirm key.'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    $key_request_time = $request->modified_timestamp;
    $saved_key = $request->confirm_key;
    if (!$saved_key) {
        return new WP_Error('invalid_key', __('Invalid key.'));
    }
    if (!$key_request_time) {
        return new WP_Error('invalid_key', __('Invalid action.'));
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('Invalid key.'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation email has expired.'));
    }
    return true;
}

WordPress Version: 5.2

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return bool|WP_Error WP_Error on failure, true on success.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request_data($request_id);
    if (!$request) {
        return new WP_Error('invalid_request', __('Invalid request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return new WP_Error('expired_link', __('This link has expired.'));
    }
    if (empty($key)) {
        return new WP_Error('missing_key', __('Missing confirm key.'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    $key_request_time = $request->modified_timestamp;
    $saved_key = $request->confirm_key;
    if (!$saved_key) {
        return new WP_Error('invalid_key', __('Invalid key.'));
    }
    if (!$key_request_time) {
        return new WP_Error('invalid_key', __('Invalid action.'));
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('Invalid key.'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation email has expired.'));
    }
    return true;
}

WordPress Version: 5.1

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return bool|WP_Error WP_Error on failure, true on success.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request_data($request_id);
    if (!$request) {
        return new WP_Error('invalid_request', __('Invalid request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return new WP_Error('expired_link', __('This link has expired.'));
    }
    if (empty($key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    $key_request_time = $request->modified_timestamp;
    $saved_key = $request->confirm_key;
    if (!$saved_key) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$key_request_time) {
        return new WP_Error('invalid_key', __('Invalid action'));
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation email has expired.'));
    }
    return true;
}

WordPress Version: 9.7

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return bool|WP_Error WP_Error on failure, true on success.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request_data($request_id);
    if (!$request) {
        return new WP_Error('user_request_error', __('Invalid request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return __('This link has expired.');
    }
    if (empty($key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    $key_request_time = $request->modified_timestamp;
    $saved_key = $request->confirm_key;
    if (!$saved_key) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$key_request_time) {
        return new WP_Error('invalid_key', __('Invalid action'));
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation email has expired.'));
    }
    return true;
}

WordPress Version: 9.6

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return bool|WP_Error WP_Error on failure, true on success.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request_data($request_id);
    if (!$request) {
        return new WP_Error('user_request_error', __('Invalid request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return __('This link has expired.');
    }
    if (empty($key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    $key_request_time = $request->modified_timestamp;
    $saved_key = $request->confirm_key;
    if (!$saved_key) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$key_request_time) {
        return new WP_Error('invalid_key', __('Invalid action'));
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        $return = new WP_Error('expired_key', __('The confirmation email has expired.'));
    }
    return true;
}

WordPress Version: .10

/**
 * Validate a user request by comparing the key with the request's key.
 *
 * @since 4.9.6
 *
 * @param string $request_id ID of the request being confirmed.
 * @param string $key        Provided key to validate.
 * @return bool|WP_Error WP_Error on failure, true on success.
 */
function wp_validate_user_request_key($request_id, $key)
{
    global $wp_hasher;
    $request_id = absint($request_id);
    $request = wp_get_user_request_data($request_id);
    if (!$request) {
        return new WP_Error('user_request_error', __('Invalid request.'));
    }
    if (!in_array($request->status, array('request-pending', 'request-failed'), true)) {
        return __('This link has expired.');
    }
    if (empty($key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (empty($wp_hasher)) {
        require_once ABSPATH . WPINC . '/class-phpass.php';
        $wp_hasher = new PasswordHash(8, true);
    }
    $key_request_time = $request->modified_timestamp;
    $saved_key = $request->confirm_key;
    if (!$saved_key) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$key_request_time) {
        return new WP_Error('invalid_key', __('Invalid action'));
    }
    /**
     * Filters the expiration time of confirm keys.
     *
     * @since 4.9.6
     *
     * @param int $expiration The expiration time in seconds.
     */
    $expiration_duration = (int) apply_filters('user_request_key_expiration', DAY_IN_SECONDS);
    $expiration_time = $key_request_time + $expiration_duration;
    if (!$wp_hasher->CheckPassword($key, $saved_key)) {
        return new WP_Error('invalid_key', __('Invalid key'));
    }
    if (!$expiration_time || time() > $expiration_time) {
        return new WP_Error('expired_key', __('The confirmation email has expired.'));
    }
    return true;
}