wp_authenticate_username_password( WP_User|WP_Error|null $user, string $username, string $password )

Authenticate a user, confirming the username and password are valid.


Description Description


Parameters Parameters

$user

(WP_User|WP_Error|null) (Required) WP_User or WP_Error object from a previous callback. Default null.

$username

(string) (Required) Username for authentication.

$password

(string) (Required) Password for authentication.


Top ↑

Return Return

(WP_User|WP_Error) WP_User on success, WP_Error on failure.


Top ↑

Source Source

File: wp-includes/user.php

128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
function wp_authenticate_username_password( $user, $username, $password ) {
    if ( $user instanceof WP_User ) {
        return $user;
    }
 
    if ( empty( $username ) || empty( $password ) ) {
        if ( is_wp_error( $user ) ) {
            return $user;
        }
 
        $error = new WP_Error();
 
        if ( empty( $username ) ) {
            $error->add( 'empty_username', __( '<strong>ERROR</strong>: The username field is empty.' ) );
        }
 
        if ( empty( $password ) ) {
            $error->add( 'empty_password', __( '<strong>ERROR</strong>: The password field is empty.' ) );
        }
 
        return $error;
    }
 
    $user = get_user_by( 'login', $username );
 
    if ( ! $user ) {
        return new WP_Error(
            'invalid_username',
            __( '<strong>ERROR</strong>: Invalid username.' ) .
            ' <a href="' . wp_lostpassword_url() . '">' .
            __( 'Lost your password?' ) .
            '</a>'
        );
    }
 
    /**
     * Filters whether the given user can be authenticated with the provided $password.
     *
     * @since 2.5.0
     *
     * @param WP_User|WP_Error $user     WP_User or WP_Error object if a previous
     *                                   callback failed authentication.
     * @param string           $password Password to check against the user.
     */
    $user = apply_filters( 'wp_authenticate_user', $user, $password );
    if ( is_wp_error( $user ) ) {
        return $user;
    }
 
    if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
        return new WP_Error(
            'incorrect_password',
            sprintf(
                /* translators: %s: user name */
                __( '<strong>ERROR</strong>: The password you entered for the username %s is incorrect.' ),
                '<strong>' . $username . '</strong>'
            ) .
            ' <a href="' . wp_lostpassword_url() . '">' .
            __( 'Lost your password?' ) .
            '</a>'
        );
    }
 
    return $user;
}

Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.


Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.