wp_xmlrpc_server::login
Logs user in.
Method of the class: wp_xmlrpc_server{}
Hooks from the method
Returns
WP_User|false. WP_User object if authentication passed, false otherwise.
Usage
$wp_xmlrpc_server = new wp_xmlrpc_server(); $wp_xmlrpc_server->login( $username, $password );
- $username(string) (required)
- User's username.
- $password(string) (required)
User's password.
It has the attribute
#[\SensitiveParameter], which hides the value of the parameter from logs. It is used to protect sensitive data (for example, passwords). Documentation.
Changelog
| Since 2.8.0 | Introduced. |
wp_xmlrpc_server::login() wp xmlrpc server::login code WP 6.8.3
public function login(
$username,
#[\SensitiveParameter]
$password
) {
if ( ! $this->is_enabled ) {
$this->error = new IXR_Error( 405, sprintf( __( 'XML-RPC services are disabled on this site.' ) ) );
return false;
}
if ( $this->auth_failed ) {
$user = new WP_Error( 'login_prevented' );
} else {
$user = wp_authenticate( $username, $password );
}
if ( is_wp_error( $user ) ) {
$this->error = new IXR_Error( 403, __( 'Incorrect username or password.' ) );
// Flag that authentication has failed once on this wp_xmlrpc_server instance.
$this->auth_failed = true;
/**
* Filters the XML-RPC user login error message.
*
* @since 3.5.0
*
* @param IXR_Error $error The XML-RPC error message.
* @param WP_Error $user WP_Error object.
*/
$this->error = apply_filters( 'xmlrpc_login_error', $this->error, $user );
return false;
}
wp_set_current_user( $user->ID );
return $user;
}