Switch language
wpseek on Twitter


A WordPress-centric search engine for devs and theme authors




wp_authenticate ›

wp_authenticate ( $username, $password )
Parameters: (2)
  • (string) $username User's username
    Required: Yes
    Default:
  • (string) $password User's password
    Required: Yes
    Default:
Returns:
  • (WP_User|WP_Error) WP_User object if login successful, otherwise WP_Error object.
Defined at:
Codex:



Checks a user's login information and logs them in if it checks out.

Source

function wp_authenticate($username, $password) {
	$username = sanitize_user($username);
	$password = trim($password);

	/**
	 * Filter the user to authenticate.
	 *
	 * If a non-null value is passed, the filter will effectively short-circuit
	 * authentication, returning an error instead.
	 *
	 * @since 2.8.0
	 *
	 * @param null|WP_User $user     User to authenticate.
	 * @param string       $username User login.
	 * @param string       $password User password
	 */
	$user = apply_filters( 'authenticate', null, $username, $password );

	if ( $user == null ) {
		// TODO what should the error message be? (Or would these even happen?)
		// Only needed if all authentication handlers fail to return anything.
		$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
	}

	$ignore_codes = array('empty_username', 'empty_password');

	if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
		/**
		 * Fires after a user login has failed.
		 *
		 * @since 2.5.0
		 *
		 * @param string $username User login.
		 */
		do_action( 'wp_login_failed', $username );
	}

	return $user;
}

Top Google Search Results

More ...

User Note(s)