WordPress at a glance
Log In . Register
function is not described

wp_xmlrpc_server::login() public WP 2.8.0

Log user in.

{} It's a method of the class: wp_xmlrpc_server{}

Hooks from the method
Return

WP_User|false. WP_User object if authentication passed, false otherwise

Usage

$wp_xmlrpc_server = new wp_xmlrpc_server();
$wp_xmlrpc_server->login( $username, $password );
$username(string) (required)
User's username.
$password(string) (required)
User's password.

Changelog

Since 2.8.0 Introduced.

Code of wp_xmlrpc_server::login() WP 5.7.1

wp-includes/class-wp-xmlrpc-server.php 
<?php
public function login( $username, $password ) {
	/*
	 * Respect old get_option() filters left for back-compat when the 'enable_xmlrpc'
	 * option was deprecated in 3.5.0. Use the 'xmlrpc_enabled' hook instead.
	 */
	$enabled = apply_filters( 'pre_option_enable_xmlrpc', false );
	if ( false === $enabled ) {
		$enabled = apply_filters( 'option_enable_xmlrpc', true );
	}

	/**
	 * Filters whether XML-RPC methods requiring authentication are enabled.
	 *
	 * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
	 * enabled, rather, it only controls whether XML-RPC methods requiring authentication - such
	 * as for publishing purposes - are enabled.
	 *
	 * Further, the filter does not control whether pingbacks or other custom endpoints that don't
	 * require authentication are enabled. This behavior is expected, and due to how parity was matched
	 * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
	 *
	 * To disable XML-RPC methods that require authentication, use:
	 *
	 *     add_filter( 'xmlrpc_enabled', '__return_false' );
	 *
	 * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
	 * and {@see 'xmlrpc_element_limit'} hooks.
	 *
	 * @since 3.5.0
	 *
	 * @param bool $enabled Whether XML-RPC is enabled. Default true.
	 */
	$enabled = apply_filters( 'xmlrpc_enabled', $enabled );

	if ( ! $enabled ) {
		$this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) );
		return false;
	}

	if ( $this->auth_failed ) {
		$user = new WP_Error( 'login_prevented' );
	} else {
		$user = wp_authenticate( $username, $password );
	}

	if ( is_wp_error( $user ) ) {
		$this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) );

		// Flag that authentication has failed once on this wp_xmlrpc_server instance.
		$this->auth_failed = true;

		/**
		 * Filters the XML-RPC user login error message.
		 *
		 * @since 3.5.0
		 *
		 * @param IXR_Error $error The XML-RPC error message.
		 * @param WP_Error  $user  WP_Error object.
		 */
		$this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );
		return false;
	}

	wp_set_current_user( $user->ID );
	return $user;
}