WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_authenticate_username_password()

wp_authenticate_username_password( WP_User|WP_Error|null $user, string $username, string $password ): WP_User|WP_Error

In this article

Back to top

Authenticates a user, confirming the username and password are valid.

Parameters

$userWP_User|WP_Error|nullrequired
WP_User or WP_Error object from a previous callback. Default null.
$usernamestringrequired
Username for authentication.
$passwordstringrequired
Password for authentication.

Return

WP_User|WP_Error WP_User on success, WP_Error on failure.

Source

function wp_authenticate_username_password( $user, $username, $password ) {
	if ( $user instanceof WP_User ) {
		return $user;
	}

	if ( empty( $username ) || empty( $password ) ) {
		if ( is_wp_error( $user ) ) {
			return $user;
		}

		$error = new WP_Error();

		if ( empty( $username ) ) {
			$error->add( 'empty_username', __( '<strong>Error:</strong> The username field is empty.' ) );
		}

		if ( empty( $password ) ) {
			$error->add( 'empty_password', __( '<strong>Error:</strong> The password field is empty.' ) );
		}

		return $error;
	}

	$user = get_user_by( 'login', $username );

	if ( ! $user ) {
		return new WP_Error(
			'invalid_username',
			sprintf(
				/* translators: %s: User name. */
				__( '<strong>Error:</strong> The username <strong>%s</strong> is not registered on this site. If you are unsure of your username, try your email address instead.' ),
				$username
			)
		);
	}

	/**
	 * Filters whether the given user can be authenticated with the provided password.
	 *
	 * @since 2.5.0
	 *
	 * @param WP_User|WP_Error $user     WP_User or WP_Error object if a previous
	 *                                   callback failed authentication.
	 * @param string           $password Password to check against the user.
	 */
	$user = apply_filters( 'wp_authenticate_user', $user, $password );
	if ( is_wp_error( $user ) ) {
		return $user;
	}

	if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
		return new WP_Error(
			'incorrect_password',
			sprintf(
				/* translators: %s: User name. */
				__( '<strong>Error:</strong> The password you entered for the username %s is incorrect.' ),
				'<strong>' . $username . '</strong>'
			) .
			' <a href="' . wp_lostpassword_url() . '">' .
			__( 'Lost your password?' ) .
			'</a>'
		);
	}

	return $user;
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘wp_authenticate_user’, WP_User|WP_Error $user, string $password )

Filters whether the given user can be authenticated with the provided password.

UsesDescription
wp_check_password()wp-includes/pluggable.php

Checks the plaintext password against the encrypted Password.

get_user_by()wp-includes/pluggable.php

Retrieves user info by a given field.

wp_lostpassword_url()wp-includes/general-template.php

Returns the URL that allows the user to reset the lost password.

__()wp-includes/l10n.php

Retrieves the translation of $text.

apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

is_wp_error()wp-includes/load.php

Checks whether the given variable is a WordPress Error.

WP_Error::__construct()wp-includes/class-wp-error.php

Initializes the error.

Show 4 moreShow less

Changelog

VersionDescription
2.8.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.