wpseek.com
A WordPress-centric search engine for devs and theme authors



wp_signon › WordPress Function

Since2.5.0
Deprecatedn/a
wp_signon ( $credentials = array(), $secure_cookie = '' )
Parameters: (2)
  • (array) $credentials { Optional. User info in order to sign on. @type string $user_login Username. @type string $user_password User password. @type bool $remember Whether to 'remember' the user. Increases the time that the cookie will be kept. Default false. }
    Required: No
    Default: array()
  • (string|bool) $secure_cookie Optional. Whether to use secure cookie.
    Required: No
    Default: (empty)
Returns:
  • (WP_User|WP_Error) WP_User on success, WP_Error on failure.
Defined at:
Codex:

Authenticates and logs a user in with 'remember' capability.

The credentials is an array that has 'user_login', 'user_password', and 'remember' indices. If the credentials is not given, then the log in form will be assumed and used if set. The various authentication cookies will be set by this function and will be set for a longer period depending on if the 'remember' credential is set to true. Note: wp_signon() doesn't handle setting the current user. This means that if the function is called before the {@see 'init'} hook is fired, is_user_logged_in() will evaluate as false until that point. If is_user_logged_in() is needed in conjunction with wp_signon(), wp_set_current_user() should be called explicitly.


Source

function wp_signon( $credentials = array(), $secure_cookie = '' ) {
	global $auth_secure_cookie, $wpdb;

	if ( empty( $credentials ) ) {
		$credentials = array(
			'user_login'    => '',
			'user_password' => '',
			'remember'      => false,
		);

		if ( ! empty( $_POST['log'] ) ) {
			$credentials['user_login'] = wp_unslash( $_POST['log'] );
		}
		if ( ! empty( $_POST['pwd'] ) ) {
			$credentials['user_password'] = $_POST['pwd'];
		}
		if ( ! empty( $_POST['rememberme'] ) ) {
			$credentials['remember'] = $_POST['rememberme'];
		}
	}

	if ( ! empty( $credentials['remember'] ) ) {
		$credentials['remember'] = true;
	} else {
		$credentials['remember'] = false;
	}

	/**
	 * Fires before the user is authenticated.
	 *
	 * The variables passed to the callbacks are passed by reference,
	 * and can be modified by callback functions.
	 *
	 * @since 1.5.1
	 *
	 * @todo Decide whether to deprecate the wp_authenticate action.
	 *
	 * @param string $user_login    Username (passed by reference).
	 * @param string $user_password User password (passed by reference).
	 */
	do_action_ref_array( 'wp_authenticate', array( &$credentials['user_login'], &$credentials['user_password'] ) );

	if ( '' === $secure_cookie ) {
		$secure_cookie = is_ssl();
	}

	/**
	 * Filters whether to use a secure sign-on cookie.
	 *
	 * @since 3.1.0
	 *
	 * @param bool  $secure_cookie Whether to use a secure sign-on cookie.
	 * @param array $credentials {
	 *     Array of entered sign-on data.
	 *
	 *     @type string $user_login    Username.
	 *     @type string $user_password Password entered.
	 *     @type bool   $remember      Whether to 'remember' the user. Increases the time
	 *                                 that the cookie will be kept. Default false.
	 * }
	 */
	$secure_cookie = apply_filters( 'secure_signon_cookie', $secure_cookie, $credentials );

	// XXX ugly hack to pass this to wp_authenticate_cookie().
	$auth_secure_cookie = $secure_cookie;

	add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );

	$user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] );

	if ( is_wp_error( $user ) ) {
		return $user;
	}

	wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie );

	// Clear `user_activation_key` after a successful login.
	if ( ! empty( $user->user_activation_key ) ) {
		$wpdb->update(
			$wpdb->users,
			array(
				'user_activation_key' => '',
			),
			array( 'ID' => $user->ID )
		);

		$user->user_activation_key = '';
	}

	/**
	 * Fires after the user has successfully logged in.
	 *
	 * @since 1.5.0
	 *
	 * @param string  $user_login Username.
	 * @param WP_User $user       WP_User object of the logged-in user.
	 */
	do_action( 'wp_login', $user->user_login, $user );

	return $user;
}