After reviewing a reset password link, I realised that two variables were being passed via $_GET: key and login. I’ve added the below code to the beginning of my redirect_user() function:
if(isset($_GET['key']) && isset($_GET['login']))
{
return ;
}
It didn’t fix the issue and i was still being redirected to the login page whenever I click on the reset password link, however when I made the following edit:
if(!isset($_GET['key']) && !isset($_GET['login']))
{
return ;
}
It works as intended but I’m confused why.