wp_authenticate_username_password( WP_User|WP_Error|null $user, string $username, string $password )
Authenticate a user, confirming the username and password are valid.
Parameters
Return
Source
File: wp-includes/user.php
function wp_authenticate_username_password($user, $username, $password) {
if ( $user instanceof WP_User ) {
return $user;
}
if ( empty($username) || empty($password) ) {
if ( is_wp_error( $user ) )
return $user;
$error = new WP_Error();
if ( empty($username) )
$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
if ( empty($password) )
$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
return $error;
}
$user = get_user_by('login', $username);
if ( !$user ) {
return new WP_Error( 'invalid_username',
__( '<strong>ERROR</strong>: Invalid username.' ) .
' <a href="' . wp_lostpassword_url() . '">' .
__( 'Lost your password?' ) .
'</a>'
);
}
/**
* Filters whether the given user can be authenticated with the provided $password.
*
* @since WP-2.5.0
*
* @param WP_User|WP_Error $user WP_User or WP_Error object if a previous
* callback failed authentication.
* @param string $password Password to check against the user.
*/
$user = apply_filters( 'wp_authenticate_user', $user, $password );
if ( is_wp_error($user) )
return $user;
if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
return new WP_Error( 'incorrect_password',
sprintf(
/* translators: %s: user name */
__( '<strong>ERROR</strong>: The password you entered for the username %s is incorrect.' ),
'<strong>' . $username . '</strong>'
) .
' <a href="' . wp_lostpassword_url() . '">' .
__( 'Lost your password?' ) .
'</a>'
);
}
return $user;
}
Changelog
Version | Description |
---|---|
WP-2.8.0 | Introduced. |