wp_authenticate_username_password() – Authenticates a user, confirming the username and password are valid.

You appear to be a bot. Output may be restricted

Description

Authenticates a user, confirming the username and password are valid.

Usage

$WP_User|WP_Error = wp_authenticate_username_password( $user, $username, $password );

Parameters

$user
( WP_User|WP_Error|null ) required – WP_User or WP_Error object from a previous callback. Default null.
$username
( string ) required – Username for authentication.
$password
( string ) required – Password for authentication.

Returns

WP_User|WP_Error WP_User on success, WP_Error on failure.

Source

File name: wordpress/wp-includes/user.php


Lines:

1 to 68 of 68
function wp_authenticate_username_password( $user, $username, $password ) {
  if ( $user instanceof WP_User ) {
    return $user;
  }

  if ( empty( $username ) || empty( $password ) ) {
    if ( is_wp_error( $user ) ) {
      return $user;
    }

    $error = new WP_Error();

    if ( empty( $username ) ) {
      $error->add( 'empty_username', __( '<strong>Error</strong>: The username field is empty.' ) );
    }

    if ( empty( $password ) ) {
      $error->add( 'empty_password', __( '<strong>Error</strong>: The password field is empty.' ) );
    }

    return $error;
  }

  $user = get_user_by( 'login', $username );

  if ( ! $user ) {
    return new WP_Error(
      'invalid_username',
      sprintf(
        /* translators: %s: User name. */
        __( '<strong>Error</strong>: The username <strong>%s</strong> is not registered on this site. If you are unsure of your username, try your email address instead.' ),
        $username
      )
    );
  }

  
/**
 * Filters whether the given user can be authenticated with the provided password.
 *
 * @since 2.5.0
 *
 * @param WP_User|WP_Error $user     WP_User or WP_Error object if a previous
 *                                   callback failed authentication.
 * @param string           $password Password to check against the user.
 */
  $user = apply_filters( 'wp_authenticate_user', $user, $password );
  if ( is_wp_error( $user ) ) {
    return $user;
  }

  if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
    return new WP_Error(
      'incorrect_password',
      sprintf(
        /* translators: %s: User name. */
        __( '<strong>Error</strong>: The password you entered for the username %s is incorrect.' ),
        '<strong>' . $username . '</strong>'
      ) .
      ' <a href="' . wp_lostpassword_url() . '">' .
      __( 'Lost your password?' ) .
      '</a>'
    );
  }

  return $user;
}
 

 View on GitHub View on Trac