wp_signon

Source code

function wp_signon( $credentials = '', $secure_cookie = '' ) {

	if ( empty($credentials) ) {

		if ( ! empty($_POST['log']) )

			$credentials['user_login'] = $_POST['log'];

		if ( ! empty($_POST['pwd']) )

			$credentials['user_password'] = $_POST['pwd'];

		if ( ! empty($_POST['rememberme']) )

			$credentials['remember'] = $_POST['rememberme'];

	}



	if ( !empty($credentials['remember']) )

		$credentials['remember'] = true;

	else

		$credentials['remember'] = false;



	// TODO do we deprecate the wp_authentication action?

	do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));



	if ( '' === $secure_cookie )

		$secure_cookie = is_ssl();



	$secure_cookie = apply_filters('secure_signon_cookie', $secure_cookie, $credentials);



	global $auth_secure_cookie; // XXX ugly hack to pass this to wp_authenticate_cookie

	$auth_secure_cookie = $secure_cookie;



	add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);



	$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);



	if ( is_wp_error($user) ) {

		if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {

			$user = new WP_Error('', '');

		}



		return $user;

	}



	wp_set_auth_cookie($user->ID, $credentials['remember'], $secure_cookie);

	do_action('wp_login', $user->user_login, $user);

	return $user;

}