Parsed: 126735

function wp_authenticate_username_password( $user, $username, $password ) {
  if ( $user instanceof WP_User ) {
    return $user;
  }

  if ( empty( $username ) || empty( $password ) ) {
    if ( is_wp_error( $user ) ) {
      return $user;
    }

    $error = new WP_Error();

    if ( empty( $username ) ) {
      $error->add( 'empty_username', __( '<strong>Error:</strong> The username field is empty.' ) );
    }

    if ( empty( $password ) ) {
      $error->add( 'empty_password', __( '<strong>Error:</strong> The password field is empty.' ) );
    }

    return $error;
  }

  $user = get_user_by( 'login', $username );

  if ( ! $user ) {
    return new WP_Error(
      'invalid_username',
      sprintf(
        /* translators: %s: User name. */
        __( '<strong>Error:</strong> The username <strong>%s</strong> is not registered on this site. If you are unsure of your username, try your email address instead.' ),
        $username
      )
    );
  }

  
/**
 * Filters whether the given user can be authenticated with the provided password.
 *
 * @since 2.5.0
 *
 * @param WP_User|WP_Error $user     WP_User or WP_Error object if a previous
 *                                   callback failed authentication.
 * @param string           $password Password to check against the user.
 */
  $user = apply_filters( 'wp_authenticate_user', $user, $password );
  if ( is_wp_error( $user ) ) {
    return $user;
  }

  if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
    return new WP_Error(
      'incorrect_password',
      sprintf(
        /* translators: %s: User name. */
        __( '<strong>Error:</strong> The password you entered for the username %s is incorrect.' ),
        '<strong>' . $username . '</strong>'
      ) .
      ' <a href="' . wp_lostpassword_url() . '">' .
      __( 'Lost your password?' ) .
      '</a>'
    );
  }

  return $user;
}