wp_authenticate_email_password() WordPress Function

The wp_authenticate_email_password() function authenticates a user using their email address and password. This is a secure way to authenticate a user, and is the recommended method of authentication for WordPress.

wp_authenticate_email_password( WP_User|WP_Error|null $user, string $email, string $password ) #

Authenticates a user using the email and password.

Contents

Parameters

$user

(WP_User|WP_Error|null)(Required)WP_User or WP_Error object if a previous callback failed authentication.

$email

(string)(Required)Email address for authentication.

$password

(string)(Required)Password for authentication.

Top ↑

Return

(WP_User|WP_Error) WP_User on success, WP_Error on failure.

Top ↑

Source

File: wp-includes/user.php

function wp_authenticate_email_password( $user, $email, $password ) {
	if ( $user instanceof WP_User ) {
		return $user;
	}

	if ( empty( $email ) || empty( $password ) ) {
		if ( is_wp_error( $user ) ) {
			return $user;
		}

		$error = new WP_Error();

		if ( empty( $email ) ) {
			// Uses 'empty_username' for back-compat with wp_signon().
			$error->add( 'empty_username', __( '<strong>Error</strong>: The email field is empty.' ) );
		}

		if ( empty( $password ) ) {
			$error->add( 'empty_password', __( '<strong>Error</strong>: The password field is empty.' ) );
		}

		return $error;
	}

	if ( ! is_email( $email ) ) {
		return $user;
	}

	$user = get_user_by( 'email', $email );

	if ( ! $user ) {
		return new WP_Error(
			'invalid_email',
			__( 'Unknown email address. Check again or try your username.' )
		);
	}

	/** This filter is documented in wp-includes/user.php */
	$user = apply_filters( 'wp_authenticate_user', $user, $password );

	if ( is_wp_error( $user ) ) {
		return $user;
	}

	if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
		return new WP_Error(
			'incorrect_password',
			sprintf(
				/* translators: %s: Email address. */
				__( '<strong>Error</strong>: The password you entered for the email address %s is incorrect.' ),
				'<strong>' . $email . '</strong>'
			) .
			' <a href="' . wp_lostpassword_url() . '">' .
			__( 'Lost your password?' ) .
			'</a>'
		);
	}

	return $user;
}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/l10n.php:__()

Retrieve the translation of $text.

wp-includes/formatting.php:is_email()

Verifies that an email is valid.

wp-includes/pluggable.php:wp_check_password()

Checks the plaintext password against the encrypted Password.

wp-includes/pluggable.php:get_user_by()

Retrieve user info by a given field

wp-includes/general-template.php:wp_lostpassword_url()

Returns the URL that allows the user to retrieve the lost password

wp-includes/plugin.php:apply_filters()

Calls the callback functions that have been added to a filter hook.

wp-includes/user.php:wp_authenticate_user

Filters whether the given user can be authenticated with the provided password.

wp-includes/load.php:is_wp_error()

Checks whether the given variable is a WordPress Error.

wp-includes/class-wp-error.php:WP_Error::__construct()

Initializes the error.

Show 4 more usesHide more uses

Top ↑

Changelog

Changelog
VersionDescription
4.5.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.

Show More
Show More