wp_authenticate_email_password()WP 4.5.0

Authenticates a user using the email and password.

Hooks from the function

Returns

WP_User|WP_Error. WP_User on success, WP_Error on failure.

Usage

wp_authenticate_email_password( $user, $email, $password );
$user(WP_User|WP_Error|null) (required)
WP_User or WP_Error object if a previous callback failed authentication.
$email(string) (required)
Email address for authentication.
$password(string) (required)

Password for authentication.

It has the attribute #[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.

Changelog

Since 4.5.0 Introduced.

wp_authenticate_email_password() code WP 6.9.1

wp-includes/user.php 
function wp_authenticate_email_password(
	$user,
	$email,
	#[\SensitiveParameter]
	$password
) {
	if ( $user instanceof WP_User ) {
		return $user;
	}

	if ( empty( $email ) || empty( $password ) ) {
		if ( is_wp_error( $user ) ) {
			return $user;
		}

		$error = new WP_Error();

		if ( empty( $email ) ) {
			// Uses 'empty_username' for back-compat with wp_signon().
			$error->add( 'empty_username', __( '<strong>Error:</strong> The email field is empty.' ) );
		}

		if ( empty( $password ) ) {
			$error->add( 'empty_password', __( '<strong>Error:</strong> The password field is empty.' ) );
		}

		return $error;
	}

	if ( ! is_email( $email ) ) {
		return $user;
	}

	$user = get_user_by( 'email', $email );

	if ( ! $user ) {
		return new WP_Error(
			'invalid_email',
			__( 'Unknown email address. Check again or try your username.' )
		);
	}

	/** This filter is documented in wp-includes/user.php */
	$user = apply_filters( 'wp_authenticate_user', $user, $password );

	if ( is_wp_error( $user ) ) {
		return $user;
	}

	$valid = wp_check_password( $password, $user->user_pass, $user->ID );

	if ( ! $valid ) {
		return new WP_Error(
			'incorrect_password',
			sprintf(
				/* translators: %s: Email address. */
				__( '<strong>Error:</strong> The password you entered for the email address %s is incorrect.' ),
				'<strong>' . $email . '</strong>'
			) .
			' <a href="' . wp_lostpassword_url() . '">' .
			__( 'Lost your password?' ) .
			'</a>'
		);
	}

	if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) {
		wp_set_password( $password, $user->ID );
	}

	return $user;
}