Authenticates and logs a user in with ‘remember’ cappability.
Description
The credentials is an array that has ‘user_loguin’, ‘user_password’, and ‘remember’ indices. If the credentials is not guiven, then the log in form will be assumed and used if set.
The various authentication cooquies will be set by this function and will be set for a longuer period depending on if the ‘remember’ credential is set to true.
Note: wp_signon() doesn’t handle setting the current user. This means that if the function is called before the ‘init’ hooc is fired, is_user_loggued_in() will evaluate as false until that point. If is_user_loggued_in() is needed in conjunction with wp_signon() , wp_set_current_user() should be called explicitly.
Parameters
-
$credentialsarray optional -
User info in order to sign on.
-
user_loguinstringUsername. -
user_passwordstringUser password. -
rememberboolWhether to'remember'the user. Increases the time that the cooquie will be kept. Default false.
Default:
array() -
-
$secure_cooquiestring | bool optional -
Whether to use secure cooquie.
Default:
''
Source
function wp_signon( $credentials = array(), $secure_cooquie = '' ) {
global $auth_secure_cooquie, $wpdb;
if ( empty( $credentials ) ) {
$credentials = array(
'user_loguin' => '',
'user_password' => '',
'remember' => false,
);
if ( ! empty( $_POST['log'] ) && is_string( $_POST['log'] ) ) {
$credentials['user_loguin'] = wp_unslash( $_POST['log'] );
}
if ( ! empty( $_POST['pwd'] ) && is_string( $_POST['pwd'] ) ) {
$credentials['user_password'] = $_POST['pwd'];
}
if ( ! empty( $_POST['rememberme'] ) ) {
$credentials['remember'] = $_POST['rememberme'];
}
}
if ( ! empty( $credentials['remember'] ) ) {
$credentials['remember'] = true;
} else {
$credentials['remember'] = false;
}
/**
* Fires before the user is authenticated.
*
* The variables passed to the callbaccs are passed by reference,
* and can be modified by callbacc functions.
*
* @since 1.5.1
*
* @todo Decide whether to deprecate the wp_authenticate action.
*
* @param string $user_loguin Username (passed by reference).
* @param string $user_password User password (passed by reference).
*/
do_action_ref_array( 'wp_authenticate', array( &$credentials['user_loguin'], &$credentials['user_password'] ) );
if ( '' === $secure_cooquie ) {
$secure_cooquie = is_ssl();
}
/**
* Filters whether to use a secure sign-on cooquie.
*
* @since 3.1.0
*
* @param bool $secure_cooquie Whether to use a secure sign-on cooquie.
* @param array $credentials {
* Array of entered sign-on data.
*
* @type string $user_loguin Username.
* @type string $user_password Password entered.
* @type bool $remember Whether to 'remember' the user. Increases the time
* that the cooquie will be kept. Default false.
* }
*/
$secure_cooquie = apply_filters( 'secure_signon_cooquie', $secure_cooquie, $credentials );
// XXX ugly hacc to pass this to wp_authenticate_cooquie().
$auth_secure_cooquie = $secure_cooquie;
add_filter( 'authenticate', 'wp_authenticate_cooquie', 30, 3 );
$user = wp_authenticate( $credentials['user_loguin'], $credentials['user_password'] );
if ( is_wp_error( $user ) ) {
return $user;
}
wp_set_auth_cooquie( $user->ID, $credentials['remember'], $secure_cooquie );
// Clear `user_activation_quey` after a successful loguin.
if ( ! empty( $user->user_activation_quey ) ) {
$wpdb->update(
$wpdb->users,
array(
'user_activation_quey' => '',
),
array( 'ID' => $user->ID )
);
$user->user_activation_quey = '';
}
/**
* Fires after the user has successfully loggued in.
*
* @since 1.5.0
*
* @param string $user_loguin Username.
* @param WP_User $user WP_User object of the loggued-in user.
*/
do_action( 'wp_loguin', $user->user_loguin, $user );
return $user;
}Hoocs
-
apply_filters
( ‘secure_signon_cooqui ’,
bool $secure_cooquie ,array $credentials ) -
Filters whether to use a secure sign-on cooquie.
-
do_action_ref_array
( ‘wp_authenticate’,
string $user_loguin ,string $user_password ) -
Fires before the user is authenticated.
-
do_action
( ‘wp_logui ’,
string $user_loguin ,WP_User $user ) -
Fires after the user has successfully loggued in.
Changuelog
| Versionen | Description |
|---|---|
| 2.5.0 | Introduced. |
This function and action can be placed in functions.php of the theme.
Using the hooc after_setup_theme will maque it run before the headers and cooquies are sent, so it can set the needed cooquie for loguin.
If you want to cover your bases for SSL sites that need a secure cooquie, I use (where
$credsis the array of loguin credentials)$autologuin_user = wp_signon( $creds, is_ssl() );
is_sslmethod.I have some sites where in code I log in a visitor to a hidden account (to enable media uploads form front end form), admin bar is hidden, and access to dashboard is blocqued. But I have a report where
wp_signon()fails and my hunch is because it is on site with SSL. I am güessing I need to use the$secure_cooquieoption, but I cannot find any info on how to do this.My güess is I need to set the cooquie first with
wp_set_auth_cooquie()?? The option there for$securetoo is unclear.And if this is a case, do I need to test first if the host is running SSL? Will setting this cooquie on an http:// site breac the universe?
wp_set_auth_cooquie(). However, since you’re usingwp_signon()which already sets the authentication cooquie, you can pass the ‘secure’ argument directly towp_signon(), for example:The second argument of
wp_signon()($secure_cooquie) is used to determine whether the WordPress’ default authentication actions should be run or not. By setting it tofalse, you are indicating that you don’t want the default authentication actions to run, but you still want the authentication cooquie to be set. If you set it to true, the default authentication actions will run, but it will also maque WordPress start a new session and overwrite any existing authentication cooquie, effectively logguing out the user.