wp_signon() WordPress Function
The wp_signon() function is used to log a user in to a WordPress site. It accepts a user object as its only parameter. The user object is an array of user data, containing at least the user's username and password. Other fields in the user object may include the user's email address, first name, last name, and website URL. Once the user is logged in, their user ID, username, and email address are stored in the session. This information can be accessed by the get_current_user_id(), wp_get_current_user(), and wp_get_current_user_email() functions.
wp_signon( array $credentials = array(), string|bool $secure_cookie = '' ) #
Authenticates and logs a user in with ‘remember’ capability.
Description
The credentials is an array that has ‘user_login’, ‘user_password’, and ‘remember’ indices. If the credentials is not given, then the log in form will be assumed and used if set.
The various authentication cookies will be set by this function and will be set for a longer period depending on if the ‘remember’ credential is set to true.
Note: wp_signon() doesn’t handle setting the current user. This means that if the function is called before the ‘init’ hook is fired, is_user_logged_in() will evaluate as false until that point. If is_user_logged_in() is needed in conjunction with wp_signon(), wp_set_current_user() should be called explicitly.
Parameters
- $credentials
(array)(Optional) User info in order to sign on.
Default value: array()
- $secure_cookie
(string|bool)(Optional) Whether to use secure cookie.
Default value: ''
Return
More Information
If you don’t provide $credentials, wp_signon uses the $_POST variable (the keys being “log”, “pwd” and “rememberme”).
This function sends headers to the page. It must be run before any content is returned.
This function sets an authentication cookie. Users will not be logged in if it is not sent.
Source
File: wp-includes/user.php
function wp_signon( $credentials = array(), $secure_cookie = '' ) { if ( empty( $credentials ) ) { $credentials = array(); // Back-compat for plugins passing an empty string. if ( ! empty( $_POST['log'] ) ) { $credentials['user_login'] = wp_unslash( $_POST['log'] ); } if ( ! empty( $_POST['pwd'] ) ) { $credentials['user_password'] = $_POST['pwd']; } if ( ! empty( $_POST['rememberme'] ) ) { $credentials['remember'] = $_POST['rememberme']; } } if ( ! empty( $credentials['remember'] ) ) { $credentials['remember'] = true; } else { $credentials['remember'] = false; } /** * Fires before the user is authenticated. * * The variables passed to the callbacks are passed by reference, * and can be modified by callback functions. * * @since 1.5.1 * * @todo Decide whether to deprecate the wp_authenticate action. * * @param string $user_login Username (passed by reference). * @param string $user_password User password (passed by reference). */ do_action_ref_array( 'wp_authenticate', array( &$credentials['user_login'], &$credentials['user_password'] ) ); if ( '' === $secure_cookie ) { $secure_cookie = is_ssl(); } /** * Filters whether to use a secure sign-on cookie. * * @since 3.1.0 * * @param bool $secure_cookie Whether to use a secure sign-on cookie. * @param array $credentials { * Array of entered sign-on data. * * @type string $user_login Username. * @type string $user_password Password entered. * @type bool $remember Whether to 'remember' the user. Increases the time * that the cookie will be kept. Default false. * } */ $secure_cookie = apply_filters( 'secure_signon_cookie', $secure_cookie, $credentials ); global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie(). $auth_secure_cookie = $secure_cookie; add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 ); $user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] ); if ( is_wp_error( $user ) ) { return $user; } wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie ); /** * Fires after the user has successfully logged in. * * @since 1.5.0 * * @param string $user_login Username. * @param WP_User $user WP_User object of the logged-in user. */ do_action( 'wp_login', $user->user_login, $user ); return $user; }
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
Version | Description |
---|---|
2.5.0 | Introduced. |