wp_signon( array $credentials = array(), string|bool $secure_cookie = '' )
Authenticates and logs a user in with ‘remember’ capability.
Description Description
The credentials is an array that has ‘user_login’, ‘user_password’, and ‘remember’ indices. If the credentials is not given, then the log in form will be assumed and used if set.
The various authentication cookies will be set by this function and will be set for a longer period depending on if the ‘remember’ credential is set to true.
Note: wp_signon() doesn’t handle setting the current user. This means that if the function is called before the ‘init’ hook is fired, is_user_logged_in() will evaluate as false until that point. If is_user_logged_in() is needed in conjunction with wp_signon(), wp_set_current_user() should be called explicitly.
Parameters Parameters
- $credentials
-
(array) (Optional) User info in order to sign on.
Default value: array()
- $secure_cookie
-
(string|bool) (Optional) Whether to use secure cookie.
Default value: ''
Return Return
Source Source
File: wp-includes/user.php
function wp_signon( $credentials = array(), $secure_cookie = '' ) {
if ( empty( $credentials ) ) {
$credentials = array(); // Back-compat for plugins passing an empty string.
if ( ! empty( $_POST['log'] ) ) {
$credentials['user_login'] = $_POST['log'];
}
if ( ! empty( $_POST['pwd'] ) ) {
$credentials['user_password'] = $_POST['pwd'];
}
if ( ! empty( $_POST['rememberme'] ) ) {
$credentials['remember'] = $_POST['rememberme'];
}
}
if ( ! empty( $credentials['remember'] ) ) {
$credentials['remember'] = true;
} else {
$credentials['remember'] = false;
}
/**
* Fires before the user is authenticated.
*
* The variables passed to the callbacks are passed by reference,
* and can be modified by callback functions.
*
* @since 1.5.1
*
* @todo Decide whether to deprecate the wp_authenticate action.
*
* @param string $user_login Username (passed by reference).
* @param string $user_password User password (passed by reference).
*/
do_action_ref_array( 'wp_authenticate', array( &$credentials['user_login'], &$credentials['user_password'] ) );
if ( '' === $secure_cookie ) {
$secure_cookie = is_ssl();
}
/**
* Filters whether to use a secure sign-on cookie.
*
* @since 3.1.0
*
* @param bool $secure_cookie Whether to use a secure sign-on cookie.
* @param array $credentials {
* Array of entered sign-on data.
*
* @type string $user_login Username.
* @type string $user_password Password entered.
* @type bool $remember Whether to 'remember' the user. Increases the time
* that the cookie will be kept. Default false.
* }
*/
$secure_cookie = apply_filters( 'secure_signon_cookie', $secure_cookie, $credentials );
global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie
$auth_secure_cookie = $secure_cookie;
add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );
$user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] );
if ( is_wp_error( $user ) ) {
if ( $user->get_error_codes() == array( 'empty_username', 'empty_password' ) ) {
$user = new WP_Error( '', '' );
}
return $user;
}
wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie );
/**
* Fires after the user has successfully logged in.
*
* @since 1.5.0
*
* @param string $user_login Username.
* @param WP_User $user WP_User object of the logged-in user.
*/
do_action( 'wp_login', $user->user_login, $user );
return $user;
}
Expand full source code Collapse full source code View on Trac
Changelog Changelog
| Version | Description |
|---|---|
| 2.5.0 | Introduced. |
User Contributed Notes User Contributed Notes
You must log in before being able to contribute a note or feedback.
I have some sites where in code I log in a visitor to a hidden account (to enable media uploads form front end form), admin bar is hidden, and access to dashboard is blocked. But I have a report where
wp_signon()fails and my hunch is because it is on site with SSL. I am guessing I need to use the$secure_cookieoption, but I cannot find any info on how to do this.My guess is I need to set the cookie first with
wp_set_auth_cookie()?? The option there for$securetoo is unclear.And if this is a case, do I need to test first if the host is running SSL? Will setting this cookie on an http:// site break the universe?
If you want to cover your bases for SSL sites that need a secure cookie, I use (where
$credsis the array of login credentials)$autologin_user = wp_signon( $creds, is_ssl() );
This function and action can be placed in functions.php of the theme.
Using the hook after_setup_theme will make it run before the headers and cookies are sent, so it can set the needed cookie for login.
/** * Perform automatic login. */ function wpdocs_custom_login() { $creds = array( 'user_login' => 'example', 'user_password' => 'plaintextpw', 'remember' => true ); $user = wp_signon( $creds, false ); if ( is_wp_error( $user ) ) { echo $user->get_error_message(); } } // Run before the headers and cookies are sent. add_action( 'after_setup_theme', 'wpdocs_custom_login' );Expand full source codeCollapse full source code