验证用户,确认登录凭据有效。

原型

wp_authenticate( string $username, string $password )

参数

$username (string) (Required) 用户的用户名或电子邮件地址。

$password (string) (Required) 用户密码

返回值

(WP_User|WP_Error)  

源文件

路径:wp-includes/pluggable.php

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
...
function wp_authenticate($username, $password) {
	$username = sanitize_user($username);
	$password = trim($password);

	/**
	 * Filters whether a set of user login credentials are valid.
	 *
	 * A WP_User object is returned if the credentials authenticate a user.
	 * WP_Error or null otherwise.
	 *
	 * @since 2.8.0
	 * @since 4.5.0 `$username` now accepts an email address.
	 *
	 * @param null|WP_User|WP_Error $user     WP_User if the user is authenticated.
	 *                                        WP_Error or null otherwise.
	 * @param string                $username Username or email address.
	 * @param string                $password User password
	 */
	$user = apply_filters( 'authenticate', null, $username, $password );

	if ( $user == null ) {
		// TODO what should the error message be? (Or would these even happen?)
		// Only needed if all authentication handlers fail to return anything.
		$user = new WP_Error( 'authentication_failed', __( '<strong>ERROR</strong>: Invalid username, email address or incorrect password.' ) );
	}

	$ignore_codes = array('empty_username', 'empty_password');

	if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
		/**
		 * Fires after a user login has failed.
		 *
		 * @since 2.5.0
		 * @since 4.5.0 The value of `$username` can now be an email address.
		 *
		 * @param string $username Username or email address.
		 */
		do_action( 'wp_login_failed', $username );
	}

	return $user;
}

...
?>

其他

英文文档:https://developer.wordpress.org/reference/functions/wp_authenticate/