wp_authenticate_username_password()
Authenticates a user, confirming the username and password are valid.
Hooks from the function
Returns
WP_User|WP_Error. WP_User on success, WP_Error on failure.
Usage
wp_authenticate_username_password( $user, $username, $password );
- $user(WP_User|WP_Error|null) (required)
- WP_User or WP_Error object from a previous callback.
Default:null - $username(string) (required)
- Username for authentication.
- $password(string) (required)
Password for authentication.
It has the attribute #[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.
Changelog
| Since 2.8.0 | Introduced. |
wp_authenticate_username_password() wp authenticate username password code WP 7.0
function wp_authenticate_username_password(
$user,
$username,
#[\SensitiveParameter]
$password
) {
if ( $user instanceof WP_User ) {
return $user;
}
if ( empty( $username ) || empty( $password ) ) {
if ( is_wp_error( $user ) ) {
return $user;
}
$error = new WP_Error();
if ( empty( $username ) ) {
$error->add( 'empty_username', __( '<strong>Error:</strong> The username field is empty.' ) );
}
if ( empty( $password ) ) {
$error->add( 'empty_password', __( '<strong>Error:</strong> The password field is empty.' ) );
}
return $error;
}
$user = get_user_by( 'login', $username );
if ( ! $user ) {
return new WP_Error(
'invalid_username',
sprintf(
/* translators: %s: User name. */
__( '<strong>Error:</strong> The username <strong>%s</strong> is not registered on this site. If you are unsure of your username, try your email address instead.' ),
$username
)
);
}
/**
* Filters whether the given user can be authenticated with the provided password.
*
* @since 2.5.0
*
* @param WP_User|WP_Error $user WP_User or WP_Error object if a previous
* callback failed authentication.
* @param string $password Password to check against the user.
*/
$user = apply_filters( 'wp_authenticate_user', $user, $password );
if ( is_wp_error( $user ) ) {
return $user;
}
$valid = wp_check_password( $password, $user->user_pass, $user->ID );
if ( ! $valid ) {
return new WP_Error(
'incorrect_password',
sprintf(
/* translators: %s: User name. */
__( '<strong>Error:</strong> The password you entered for the username %s is incorrect.' ),
'<strong>' . $username . '</strong>'
) .
' <a href="' . wp_lostpassword_url() . '">' .
__( 'Lost your password?' ) .
'</a>'
);
}
if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) {
wp_set_password( $password, $user->ID );
}
return $user;
}