+ if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
+ list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
+ $user = check_password_reset_key( $rp_key, $rp_login );
+ if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
+ $user = false;
+ }
+ } else {
+ $user = false;
+ }
+
+ if ( ! $user || is_wp_error( $user ) ) {
+ setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
+ if ( $user && $user->get_error_code() === 'expired_key' )