wp_validate_application_password() │ WP 5.6.0

Validates the application password credentials passed via Basic Authentication.

No Hooks.

Return

Int|false. The authenticated user ID if successful, false otherwise.

Usage

wp_validate_application_password( $input_user );

$input_user(int|false) (required)

User ID if one has been determined, false otherwise.

Changelog

wp_validate_application_password() wp validate application password code ^{WP 6.5.2}

function wp_validate_application_password( $input_user ) {
	// Don't authenticate twice.
	if ( ! empty( $input_user ) ) {
		return $input_user;
	}

	if ( ! wp_is_application_passwords_available() ) {
		return $input_user;
	}

	// Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication.
	if ( ! isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) {
		return $input_user;
	}

	$authenticated = wp_authenticate_application_password( null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );

	if ( $authenticated instanceof WP_User ) {
		return $authenticated->ID;
	}

	// If it wasn't a user what got returned, just pass on what we had received originally.
	return $input_user;
}