wp_authenticate_email_password

The timeline below displays how wordpress function wp_authenticate_email_password has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.1

/**
 * Authenticates a user using the email and password.
 *
 * @since 4.5.0
 *
 * @param WP_User|WP_Error|null $user     WP_User or WP_Error object if a previous
 *                                        callback failed authentication.
 * @param string                $email    Email address for authentication.
 * @param string                $password Password for authentication.
 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
 */
function wp_authenticate_email_password($user, $email, $password)
{
    if ($user instanceof WP_User) {
        return $user;
    }
    if (empty($email) || empty($password)) {
        if (is_wp_error($user)) {
            return $user;
        }
        $error = new WP_Error();
        if (empty($email)) {
            // Uses 'empty_username' for back-compat with wp_signon().
            $error->add('empty_username', __('<strong>Error:</strong> The email field is empty.'));
        }
        if (empty($password)) {
            $error->add('empty_password', __('<strong>Error:</strong> The password field is empty.'));
        }
        return $error;
    }
    if (!is_email($email)) {
        return $user;
    }
    $user = get_user_by('email', $email);
    if (!$user) {
        return new WP_Error('invalid_email', __('Unknown email address. Check again or try your username.'));
    }
    /** This filter is documented in wp-includes/user.php */
    $user = apply_filters('wp_authenticate_user', $user, $password);
    if (is_wp_error($user)) {
        return $user;
    }
    if (!wp_check_password($password, $user->user_pass, $user->ID)) {
        return new WP_Error('incorrect_password', sprintf(
            /* translators: %s: Email address. */
            __('<strong>Error:</strong> The password you entered for the email address %s is incorrect.'),
            '<strong>' . $email . '</strong>'
        ) . ' <a href="' . wp_lostpassword_url() . '">' . __('Lost your password?') . '</a>');
    }
    return $user;
}

WordPress Version: 5.4

/**
 * Authenticates a user using the email and password.
 *
 * @since 4.5.0
 *
 * @param WP_User|WP_Error|null $user     WP_User or WP_Error object if a previous
 *                                        callback failed authentication.
 * @param string                $email    Email address for authentication.
 * @param string                $password Password for authentication.
 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
 */
function wp_authenticate_email_password($user, $email, $password)
{
    if ($user instanceof WP_User) {
        return $user;
    }
    if (empty($email) || empty($password)) {
        if (is_wp_error($user)) {
            return $user;
        }
        $error = new WP_Error();
        if (empty($email)) {
            // Uses 'empty_username' for back-compat with wp_signon().
            $error->add('empty_username', __('<strong>Error</strong>: The email field is empty.'));
        }
        if (empty($password)) {
            $error->add('empty_password', __('<strong>Error</strong>: The password field is empty.'));
        }
        return $error;
    }
    if (!is_email($email)) {
        return $user;
    }
    $user = get_user_by('email', $email);
    if (!$user) {
        return new WP_Error('invalid_email', __('Unknown email address. Check again or try your username.'));
    }
    /** This filter is documented in wp-includes/user.php */
    $user = apply_filters('wp_authenticate_user', $user, $password);
    if (is_wp_error($user)) {
        return $user;
    }
    if (!wp_check_password($password, $user->user_pass, $user->ID)) {
        return new WP_Error('incorrect_password', sprintf(
            /* translators: %s: Email address. */
            __('<strong>Error</strong>: The password you entered for the email address %s is incorrect.'),
            '<strong>' . $email . '</strong>'
        ) . ' <a href="' . wp_lostpassword_url() . '">' . __('Lost your password?') . '</a>');
    }
    return $user;
}

WordPress Version: 5.3

/**
 * Authenticates a user using the email and password.
 *
 * @since 4.5.0
 *
 * @param WP_User|WP_Error|null $user     WP_User or WP_Error object if a previous
 *                                        callback failed authentication.
 * @param string                $email    Email address for authentication.
 * @param string                $password Password for authentication.
 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
 */
function wp_authenticate_email_password($user, $email, $password)
{
    if ($user instanceof WP_User) {
        return $user;
    }
    if (empty($email) || empty($password)) {
        if (is_wp_error($user)) {
            return $user;
        }
        $error = new WP_Error();
        if (empty($email)) {
            $error->add('empty_username', __('<strong>ERROR</strong>: The email field is empty.'));
            // Uses 'empty_username' for back-compat with wp_signon()
        }
        if (empty($password)) {
            $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
        }
        return $error;
    }
    if (!is_email($email)) {
        return $user;
    }
    $user = get_user_by('email', $email);
    if (!$user) {
        return new WP_Error('invalid_email', __('Unknown email address. Check again or try your username.'));
    }
    /** This filter is documented in wp-includes/user.php */
    $user = apply_filters('wp_authenticate_user', $user, $password);
    if (is_wp_error($user)) {
        return $user;
    }
    if (!wp_check_password($password, $user->user_pass, $user->ID)) {
        return new WP_Error('incorrect_password', sprintf(
            /* translators: %s: Email address. */
            __('<strong>ERROR</strong>: The password you entered for the email address %s is incorrect.'),
            '<strong>' . $email . '</strong>'
        ) . ' <a href="' . wp_lostpassword_url() . '">' . __('Lost your password?') . '</a>');
    }
    return $user;
}

WordPress Version: 4.5

/**
 * Authenticates a user using the email and password.
 *
 * @since 4.5.0
 *
 * @param WP_User|WP_Error|null $user     WP_User or WP_Error object if a previous
 *                                        callback failed authentication.
 * @param string                $email    Email address for authentication.
 * @param string                $password Password for authentication.
 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
 */
function wp_authenticate_email_password($user, $email, $password)
{
    if ($user instanceof WP_User) {
        return $user;
    }
    if (empty($email) || empty($password)) {
        if (is_wp_error($user)) {
            return $user;
        }
        $error = new WP_Error();
        if (empty($email)) {
            $error->add('empty_username', __('<strong>ERROR</strong>: The email field is empty.'));
            // Uses 'empty_username' for back-compat with wp_signon()
        }
        if (empty($password)) {
            $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
        }
        return $error;
    }
    if (!is_email($email)) {
        return $user;
    }
    $user = get_user_by('email', $email);
    if (!$user) {
        return new WP_Error('invalid_email', __('<strong>ERROR</strong>: Invalid email address.') . ' <a href="' . wp_lostpassword_url() . '">' . __('Lost your password?') . '</a>');
    }
    /** This filter is documented in wp-includes/user.php */
    $user = apply_filters('wp_authenticate_user', $user, $password);
    if (is_wp_error($user)) {
        return $user;
    }
    if (!wp_check_password($password, $user->user_pass, $user->ID)) {
        return new WP_Error('incorrect_password', sprintf(
            /* translators: %s: email address */
            __('<strong>ERROR</strong>: The password you entered for the email address %s is incorrect.'),
            '<strong>' . $email . '</strong>'
        ) . ' <a href="' . wp_lostpassword_url() . '">' . __('Lost your password?') . '</a>');
    }
    return $user;
}