Edit File by line
/home/zeestwma/richards.../wp-inclu...
File: user.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* Core User API
[2] Fix | Delete
*
[3] Fix | Delete
* @package WordPress
[4] Fix | Delete
* @subpackage Users
[5] Fix | Delete
*/
[6] Fix | Delete
[7] Fix | Delete
/**
[8] Fix | Delete
* Authenticates and logs a user in with 'remember' capability.
[9] Fix | Delete
*
[10] Fix | Delete
* The credentials is an array that has 'user_login', 'user_password', and
[11] Fix | Delete
* 'remember' indices. If the credentials is not given, then the log in form
[12] Fix | Delete
* will be assumed and used if set.
[13] Fix | Delete
*
[14] Fix | Delete
* The various authentication cookies will be set by this function and will be
[15] Fix | Delete
* set for a longer period depending on if the 'remember' credential is set to
[16] Fix | Delete
* true.
[17] Fix | Delete
*
[18] Fix | Delete
* Note: wp_signon() doesn't handle setting the current user. This means that if the
[19] Fix | Delete
* function is called before the {@see 'init'} hook is fired, is_user_logged_in() will
[20] Fix | Delete
* evaluate as false until that point. If is_user_logged_in() is needed in conjunction
[21] Fix | Delete
* with wp_signon(), wp_set_current_user() should be called explicitly.
[22] Fix | Delete
*
[23] Fix | Delete
* @since 2.5.0
[24] Fix | Delete
*
[25] Fix | Delete
* @global string $auth_secure_cookie
[26] Fix | Delete
* @global wpdb $wpdb WordPress database abstraction object.
[27] Fix | Delete
*
[28] Fix | Delete
* @param array $credentials {
[29] Fix | Delete
* Optional. User info in order to sign on.
[30] Fix | Delete
*
[31] Fix | Delete
* @type string $user_login Username.
[32] Fix | Delete
* @type string $user_password User password.
[33] Fix | Delete
* @type bool $remember Whether to 'remember' the user. Increases the time
[34] Fix | Delete
* that the cookie will be kept. Default false.
[35] Fix | Delete
* }
[36] Fix | Delete
* @param string|bool $secure_cookie Optional. Whether to use secure cookie.
[37] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[38] Fix | Delete
*/
[39] Fix | Delete
function wp_signon( $credentials = array(), $secure_cookie = '' ) {
[40] Fix | Delete
global $auth_secure_cookie, $wpdb;
[41] Fix | Delete
[42] Fix | Delete
if ( empty( $credentials ) ) {
[43] Fix | Delete
$credentials = array(
[44] Fix | Delete
'user_login' => '',
[45] Fix | Delete
'user_password' => '',
[46] Fix | Delete
'remember' => false,
[47] Fix | Delete
);
[48] Fix | Delete
[49] Fix | Delete
if ( ! empty( $_POST['log'] ) && is_string( $_POST['log'] ) ) {
[50] Fix | Delete
$credentials['user_login'] = wp_unslash( $_POST['log'] );
[51] Fix | Delete
}
[52] Fix | Delete
if ( ! empty( $_POST['pwd'] ) && is_string( $_POST['pwd'] ) ) {
[53] Fix | Delete
$credentials['user_password'] = $_POST['pwd'];
[54] Fix | Delete
}
[55] Fix | Delete
if ( ! empty( $_POST['rememberme'] ) ) {
[56] Fix | Delete
$credentials['remember'] = $_POST['rememberme'];
[57] Fix | Delete
}
[58] Fix | Delete
}
[59] Fix | Delete
[60] Fix | Delete
if ( ! empty( $credentials['remember'] ) ) {
[61] Fix | Delete
$credentials['remember'] = true;
[62] Fix | Delete
} else {
[63] Fix | Delete
$credentials['remember'] = false;
[64] Fix | Delete
}
[65] Fix | Delete
[66] Fix | Delete
/**
[67] Fix | Delete
* Fires before the user is authenticated.
[68] Fix | Delete
*
[69] Fix | Delete
* The variables passed to the callbacks are passed by reference,
[70] Fix | Delete
* and can be modified by callback functions.
[71] Fix | Delete
*
[72] Fix | Delete
* @since 1.5.1
[73] Fix | Delete
*
[74] Fix | Delete
* @todo Decide whether to deprecate the wp_authenticate action.
[75] Fix | Delete
*
[76] Fix | Delete
* @param string $user_login Username (passed by reference).
[77] Fix | Delete
* @param string $user_password User password (passed by reference).
[78] Fix | Delete
*/
[79] Fix | Delete
do_action_ref_array( 'wp_authenticate', array( &$credentials['user_login'], &$credentials['user_password'] ) );
[80] Fix | Delete
[81] Fix | Delete
if ( '' === $secure_cookie ) {
[82] Fix | Delete
$secure_cookie = is_ssl();
[83] Fix | Delete
}
[84] Fix | Delete
[85] Fix | Delete
/**
[86] Fix | Delete
* Filters whether to use a secure sign-on cookie.
[87] Fix | Delete
*
[88] Fix | Delete
* @since 3.1.0
[89] Fix | Delete
*
[90] Fix | Delete
* @param bool $secure_cookie Whether to use a secure sign-on cookie.
[91] Fix | Delete
* @param array $credentials {
[92] Fix | Delete
* Array of entered sign-on data.
[93] Fix | Delete
*
[94] Fix | Delete
* @type string $user_login Username.
[95] Fix | Delete
* @type string $user_password Password entered.
[96] Fix | Delete
* @type bool $remember Whether to 'remember' the user. Increases the time
[97] Fix | Delete
* that the cookie will be kept. Default false.
[98] Fix | Delete
* }
[99] Fix | Delete
*/
[100] Fix | Delete
$secure_cookie = apply_filters( 'secure_signon_cookie', $secure_cookie, $credentials );
[101] Fix | Delete
[102] Fix | Delete
// XXX ugly hack to pass this to wp_authenticate_cookie().
[103] Fix | Delete
$auth_secure_cookie = $secure_cookie;
[104] Fix | Delete
[105] Fix | Delete
add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );
[106] Fix | Delete
[107] Fix | Delete
$user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] );
[108] Fix | Delete
[109] Fix | Delete
if ( is_wp_error( $user ) ) {
[110] Fix | Delete
return $user;
[111] Fix | Delete
}
[112] Fix | Delete
[113] Fix | Delete
wp_set_auth_cookie( $user->ID, $credentials['remember'], $secure_cookie );
[114] Fix | Delete
[115] Fix | Delete
// Clear `user_activation_key` after a successful login.
[116] Fix | Delete
if ( ! empty( $user->user_activation_key ) ) {
[117] Fix | Delete
$wpdb->update(
[118] Fix | Delete
$wpdb->users,
[119] Fix | Delete
array(
[120] Fix | Delete
'user_activation_key' => '',
[121] Fix | Delete
),
[122] Fix | Delete
array( 'ID' => $user->ID )
[123] Fix | Delete
);
[124] Fix | Delete
[125] Fix | Delete
$user->user_activation_key = '';
[126] Fix | Delete
}
[127] Fix | Delete
[128] Fix | Delete
/**
[129] Fix | Delete
* Fires after the user has successfully logged in.
[130] Fix | Delete
*
[131] Fix | Delete
* @since 1.5.0
[132] Fix | Delete
*
[133] Fix | Delete
* @param string $user_login Username.
[134] Fix | Delete
* @param WP_User $user WP_User object of the logged-in user.
[135] Fix | Delete
*/
[136] Fix | Delete
do_action( 'wp_login', $user->user_login, $user );
[137] Fix | Delete
[138] Fix | Delete
return $user;
[139] Fix | Delete
}
[140] Fix | Delete
[141] Fix | Delete
/**
[142] Fix | Delete
* Authenticates a user, confirming the username and password are valid.
[143] Fix | Delete
*
[144] Fix | Delete
* @since 2.8.0
[145] Fix | Delete
*
[146] Fix | Delete
* @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null.
[147] Fix | Delete
* @param string $username Username for authentication.
[148] Fix | Delete
* @param string $password Password for authentication.
[149] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[150] Fix | Delete
*/
[151] Fix | Delete
function wp_authenticate_username_password(
[152] Fix | Delete
$user,
[153] Fix | Delete
$username,
[154] Fix | Delete
#[\SensitiveParameter]
[155] Fix | Delete
$password
[156] Fix | Delete
) {
[157] Fix | Delete
if ( $user instanceof WP_User ) {
[158] Fix | Delete
return $user;
[159] Fix | Delete
}
[160] Fix | Delete
[161] Fix | Delete
if ( empty( $username ) || empty( $password ) ) {
[162] Fix | Delete
if ( is_wp_error( $user ) ) {
[163] Fix | Delete
return $user;
[164] Fix | Delete
}
[165] Fix | Delete
[166] Fix | Delete
$error = new WP_Error();
[167] Fix | Delete
[168] Fix | Delete
if ( empty( $username ) ) {
[169] Fix | Delete
$error->add( 'empty_username', __( '<strong>Error:</strong> The username field is empty.' ) );
[170] Fix | Delete
}
[171] Fix | Delete
[172] Fix | Delete
if ( empty( $password ) ) {
[173] Fix | Delete
$error->add( 'empty_password', __( '<strong>Error:</strong> The password field is empty.' ) );
[174] Fix | Delete
}
[175] Fix | Delete
[176] Fix | Delete
return $error;
[177] Fix | Delete
}
[178] Fix | Delete
[179] Fix | Delete
$user = get_user_by( 'login', $username );
[180] Fix | Delete
[181] Fix | Delete
if ( ! $user ) {
[182] Fix | Delete
return new WP_Error(
[183] Fix | Delete
'invalid_username',
[184] Fix | Delete
sprintf(
[185] Fix | Delete
/* translators: %s: User name. */
[186] Fix | Delete
__( '<strong>Error:</strong> The username <strong>%s</strong> is not registered on this site. If you are unsure of your username, try your email address instead.' ),
[187] Fix | Delete
$username
[188] Fix | Delete
)
[189] Fix | Delete
);
[190] Fix | Delete
}
[191] Fix | Delete
[192] Fix | Delete
/**
[193] Fix | Delete
* Filters whether the given user can be authenticated with the provided password.
[194] Fix | Delete
*
[195] Fix | Delete
* @since 2.5.0
[196] Fix | Delete
*
[197] Fix | Delete
* @param WP_User|WP_Error $user WP_User or WP_Error object if a previous
[198] Fix | Delete
* callback failed authentication.
[199] Fix | Delete
* @param string $password Password to check against the user.
[200] Fix | Delete
*/
[201] Fix | Delete
$user = apply_filters( 'wp_authenticate_user', $user, $password );
[202] Fix | Delete
if ( is_wp_error( $user ) ) {
[203] Fix | Delete
return $user;
[204] Fix | Delete
}
[205] Fix | Delete
[206] Fix | Delete
$valid = wp_check_password( $password, $user->user_pass, $user->ID );
[207] Fix | Delete
[208] Fix | Delete
if ( ! $valid ) {
[209] Fix | Delete
return new WP_Error(
[210] Fix | Delete
'incorrect_password',
[211] Fix | Delete
sprintf(
[212] Fix | Delete
/* translators: %s: User name. */
[213] Fix | Delete
__( '<strong>Error:</strong> The password you entered for the username %s is incorrect.' ),
[214] Fix | Delete
'<strong>' . $username . '</strong>'
[215] Fix | Delete
) .
[216] Fix | Delete
' <a href="' . wp_lostpassword_url() . '">' .
[217] Fix | Delete
__( 'Lost your password?' ) .
[218] Fix | Delete
'</a>'
[219] Fix | Delete
);
[220] Fix | Delete
}
[221] Fix | Delete
[222] Fix | Delete
if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) {
[223] Fix | Delete
wp_set_password( $password, $user->ID );
[224] Fix | Delete
}
[225] Fix | Delete
[226] Fix | Delete
return $user;
[227] Fix | Delete
}
[228] Fix | Delete
[229] Fix | Delete
/**
[230] Fix | Delete
* Authenticates a user using the email and password.
[231] Fix | Delete
*
[232] Fix | Delete
* @since 4.5.0
[233] Fix | Delete
*
[234] Fix | Delete
* @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous
[235] Fix | Delete
* callback failed authentication.
[236] Fix | Delete
* @param string $email Email address for authentication.
[237] Fix | Delete
* @param string $password Password for authentication.
[238] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[239] Fix | Delete
*/
[240] Fix | Delete
function wp_authenticate_email_password(
[241] Fix | Delete
$user,
[242] Fix | Delete
$email,
[243] Fix | Delete
#[\SensitiveParameter]
[244] Fix | Delete
$password
[245] Fix | Delete
) {
[246] Fix | Delete
if ( $user instanceof WP_User ) {
[247] Fix | Delete
return $user;
[248] Fix | Delete
}
[249] Fix | Delete
[250] Fix | Delete
if ( empty( $email ) || empty( $password ) ) {
[251] Fix | Delete
if ( is_wp_error( $user ) ) {
[252] Fix | Delete
return $user;
[253] Fix | Delete
}
[254] Fix | Delete
[255] Fix | Delete
$error = new WP_Error();
[256] Fix | Delete
[257] Fix | Delete
if ( empty( $email ) ) {
[258] Fix | Delete
// Uses 'empty_username' for back-compat with wp_signon().
[259] Fix | Delete
$error->add( 'empty_username', __( '<strong>Error:</strong> The email field is empty.' ) );
[260] Fix | Delete
}
[261] Fix | Delete
[262] Fix | Delete
if ( empty( $password ) ) {
[263] Fix | Delete
$error->add( 'empty_password', __( '<strong>Error:</strong> The password field is empty.' ) );
[264] Fix | Delete
}
[265] Fix | Delete
[266] Fix | Delete
return $error;
[267] Fix | Delete
}
[268] Fix | Delete
[269] Fix | Delete
if ( ! is_email( $email ) ) {
[270] Fix | Delete
return $user;
[271] Fix | Delete
}
[272] Fix | Delete
[273] Fix | Delete
$user = get_user_by( 'email', $email );
[274] Fix | Delete
[275] Fix | Delete
if ( ! $user ) {
[276] Fix | Delete
return new WP_Error(
[277] Fix | Delete
'invalid_email',
[278] Fix | Delete
__( 'Unknown email address. Check again or try your username.' )
[279] Fix | Delete
);
[280] Fix | Delete
}
[281] Fix | Delete
[282] Fix | Delete
/** This filter is documented in wp-includes/user.php */
[283] Fix | Delete
$user = apply_filters( 'wp_authenticate_user', $user, $password );
[284] Fix | Delete
[285] Fix | Delete
if ( is_wp_error( $user ) ) {
[286] Fix | Delete
return $user;
[287] Fix | Delete
}
[288] Fix | Delete
[289] Fix | Delete
$valid = wp_check_password( $password, $user->user_pass, $user->ID );
[290] Fix | Delete
[291] Fix | Delete
if ( ! $valid ) {
[292] Fix | Delete
return new WP_Error(
[293] Fix | Delete
'incorrect_password',
[294] Fix | Delete
sprintf(
[295] Fix | Delete
/* translators: %s: Email address. */
[296] Fix | Delete
__( '<strong>Error:</strong> The password you entered for the email address %s is incorrect.' ),
[297] Fix | Delete
'<strong>' . $email . '</strong>'
[298] Fix | Delete
) .
[299] Fix | Delete
' <a href="' . wp_lostpassword_url() . '">' .
[300] Fix | Delete
__( 'Lost your password?' ) .
[301] Fix | Delete
'</a>'
[302] Fix | Delete
);
[303] Fix | Delete
}
[304] Fix | Delete
[305] Fix | Delete
if ( wp_password_needs_rehash( $user->user_pass, $user->ID ) ) {
[306] Fix | Delete
wp_set_password( $password, $user->ID );
[307] Fix | Delete
}
[308] Fix | Delete
[309] Fix | Delete
return $user;
[310] Fix | Delete
}
[311] Fix | Delete
[312] Fix | Delete
/**
[313] Fix | Delete
* Authenticates the user using the WordPress auth cookie.
[314] Fix | Delete
*
[315] Fix | Delete
* @since 2.8.0
[316] Fix | Delete
*
[317] Fix | Delete
* @global string $auth_secure_cookie
[318] Fix | Delete
*
[319] Fix | Delete
* @param WP_User|WP_Error|null $user WP_User or WP_Error object from a previous callback. Default null.
[320] Fix | Delete
* @param string $username Username. If not empty, cancels the cookie authentication.
[321] Fix | Delete
* @param string $password Password. If not empty, cancels the cookie authentication.
[322] Fix | Delete
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
[323] Fix | Delete
*/
[324] Fix | Delete
function wp_authenticate_cookie(
[325] Fix | Delete
$user,
[326] Fix | Delete
$username,
[327] Fix | Delete
#[\SensitiveParameter]
[328] Fix | Delete
$password
[329] Fix | Delete
) {
[330] Fix | Delete
global $auth_secure_cookie;
[331] Fix | Delete
[332] Fix | Delete
if ( $user instanceof WP_User ) {
[333] Fix | Delete
return $user;
[334] Fix | Delete
}
[335] Fix | Delete
[336] Fix | Delete
if ( empty( $username ) && empty( $password ) ) {
[337] Fix | Delete
$user_id = wp_validate_auth_cookie();
[338] Fix | Delete
if ( $user_id ) {
[339] Fix | Delete
return new WP_User( $user_id );
[340] Fix | Delete
}
[341] Fix | Delete
[342] Fix | Delete
if ( $auth_secure_cookie ) {
[343] Fix | Delete
$auth_cookie = SECURE_AUTH_COOKIE;
[344] Fix | Delete
} else {
[345] Fix | Delete
$auth_cookie = AUTH_COOKIE;
[346] Fix | Delete
}
[347] Fix | Delete
[348] Fix | Delete
if ( ! empty( $_COOKIE[ $auth_cookie ] ) ) {
[349] Fix | Delete
return new WP_Error( 'expired_session', __( 'Please log in again.' ) );
[350] Fix | Delete
}
[351] Fix | Delete
[352] Fix | Delete
// If the cookie is not set, be silent.
[353] Fix | Delete
}
[354] Fix | Delete
[355] Fix | Delete
return $user;
[356] Fix | Delete
}
[357] Fix | Delete
[358] Fix | Delete
/**
[359] Fix | Delete
* Authenticates the user using an application password.
[360] Fix | Delete
*
[361] Fix | Delete
* @since 5.6.0
[362] Fix | Delete
*
[363] Fix | Delete
* @param WP_User|WP_Error|null $input_user WP_User or WP_Error object if a previous
[364] Fix | Delete
* callback failed authentication.
[365] Fix | Delete
* @param string $username Username for authentication.
[366] Fix | Delete
* @param string $password Password for authentication.
[367] Fix | Delete
* @return WP_User|WP_Error|null WP_User on success, WP_Error on failure, null if
[368] Fix | Delete
* null is passed in and this isn't an API request.
[369] Fix | Delete
*/
[370] Fix | Delete
function wp_authenticate_application_password(
[371] Fix | Delete
$input_user,
[372] Fix | Delete
$username,
[373] Fix | Delete
#[\SensitiveParameter]
[374] Fix | Delete
$password
[375] Fix | Delete
) {
[376] Fix | Delete
if ( $input_user instanceof WP_User ) {
[377] Fix | Delete
return $input_user;
[378] Fix | Delete
}
[379] Fix | Delete
[380] Fix | Delete
if ( ! WP_Application_Passwords::is_in_use() ) {
[381] Fix | Delete
return $input_user;
[382] Fix | Delete
}
[383] Fix | Delete
[384] Fix | Delete
// The 'REST_REQUEST' check here may happen too early for the constant to be available.
[385] Fix | Delete
$is_api_request = ( ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) );
[386] Fix | Delete
[387] Fix | Delete
/**
[388] Fix | Delete
* Filters whether this is an API request that Application Passwords can be used on.
[389] Fix | Delete
*
[390] Fix | Delete
* By default, Application Passwords is available for the REST API and XML-RPC.
[391] Fix | Delete
*
[392] Fix | Delete
* @since 5.6.0
[393] Fix | Delete
*
[394] Fix | Delete
* @param bool $is_api_request If this is an acceptable API request.
[395] Fix | Delete
*/
[396] Fix | Delete
$is_api_request = apply_filters( 'application_password_is_api_request', $is_api_request );
[397] Fix | Delete
[398] Fix | Delete
if ( ! $is_api_request ) {
[399] Fix | Delete
return $input_user;
[400] Fix | Delete
}
[401] Fix | Delete
[402] Fix | Delete
$error = null;
[403] Fix | Delete
$user = get_user_by( 'login', $username );
[404] Fix | Delete
[405] Fix | Delete
if ( ! $user && is_email( $username ) ) {
[406] Fix | Delete
$user = get_user_by( 'email', $username );
[407] Fix | Delete
}
[408] Fix | Delete
[409] Fix | Delete
// If the login name is invalid, short circuit.
[410] Fix | Delete
if ( ! $user ) {
[411] Fix | Delete
if ( is_email( $username ) ) {
[412] Fix | Delete
$error = new WP_Error(
[413] Fix | Delete
'invalid_email',
[414] Fix | Delete
__( '<strong>Error:</strong> Unknown email address. Check again or try your username.' )
[415] Fix | Delete
);
[416] Fix | Delete
} else {
[417] Fix | Delete
$error = new WP_Error(
[418] Fix | Delete
'invalid_username',
[419] Fix | Delete
__( '<strong>Error:</strong> Unknown username. Check again or try your email address.' )
[420] Fix | Delete
);
[421] Fix | Delete
}
[422] Fix | Delete
} elseif ( ! wp_is_application_passwords_available() ) {
[423] Fix | Delete
$error = new WP_Error(
[424] Fix | Delete
'application_passwords_disabled',
[425] Fix | Delete
__( 'Application passwords are not available.' )
[426] Fix | Delete
);
[427] Fix | Delete
} elseif ( ! wp_is_application_passwords_available_for_user( $user ) ) {
[428] Fix | Delete
$error = new WP_Error(
[429] Fix | Delete
'application_passwords_disabled_for_user',
[430] Fix | Delete
__( 'Application passwords are not available for your account. Please contact the site administrator for assistance.' )
[431] Fix | Delete
);
[432] Fix | Delete
}
[433] Fix | Delete
[434] Fix | Delete
if ( $error ) {
[435] Fix | Delete
/**
[436] Fix | Delete
* Fires when an application password failed to authenticate the user.
[437] Fix | Delete
*
[438] Fix | Delete
* @since 5.6.0
[439] Fix | Delete
*
[440] Fix | Delete
* @param WP_Error $error The authentication error.
[441] Fix | Delete
*/
[442] Fix | Delete
do_action( 'application_password_failed_authentication', $error );
[443] Fix | Delete
[444] Fix | Delete
return $error;
[445] Fix | Delete
}
[446] Fix | Delete
[447] Fix | Delete
/*
[448] Fix | Delete
* Strips out anything non-alphanumeric. This is so passwords can be used with
[449] Fix | Delete
* or without spaces to indicate the groupings for readability.
[450] Fix | Delete
*
[451] Fix | Delete
* Generated application passwords are exclusively alphanumeric.
[452] Fix | Delete
*/
[453] Fix | Delete
$password = preg_replace( '/[^a-z\d]/i', '', $password );
[454] Fix | Delete
[455] Fix | Delete
$hashed_passwords = WP_Application_Passwords::get_user_application_passwords( $user->ID );
[456] Fix | Delete
[457] Fix | Delete
foreach ( $hashed_passwords as $key => $item ) {
[458] Fix | Delete
if ( ! WP_Application_Passwords::check_password( $password, $item['password'] ) ) {
[459] Fix | Delete
continue;
[460] Fix | Delete
}
[461] Fix | Delete
[462] Fix | Delete
$error = new WP_Error();
[463] Fix | Delete
[464] Fix | Delete
/**
[465] Fix | Delete
* Fires when an application password has been successfully checked as valid.
[466] Fix | Delete
*
[467] Fix | Delete
* This allows for plugins to add additional constraints to prevent an application password from being used.
[468] Fix | Delete
*
[469] Fix | Delete
* @since 5.6.0
[470] Fix | Delete
*
[471] Fix | Delete
* @param WP_Error $error The error object.
[472] Fix | Delete
* @param WP_User $user The user authenticating.
[473] Fix | Delete
* @param array $item The details about the application password.
[474] Fix | Delete
* @param string $password The raw supplied password.
[475] Fix | Delete
*/
[476] Fix | Delete
do_action( 'wp_authenticate_application_password_errors', $error, $user, $item, $password );
[477] Fix | Delete
[478] Fix | Delete
if ( is_wp_error( $error ) && $error->has_errors() ) {
[479] Fix | Delete
/** This action is documented in wp-includes/user.php */
[480] Fix | Delete
do_action( 'application_password_failed_authentication', $error );
[481] Fix | Delete
[482] Fix | Delete
return $error;
[483] Fix | Delete
}
[484] Fix | Delete
[485] Fix | Delete
WP_Application_Passwords::record_application_password_usage( $user->ID, $item['uuid'] );
[486] Fix | Delete
[487] Fix | Delete
/**
[488] Fix | Delete
* Fires after an application password was used for authentication.
[489] Fix | Delete
*
[490] Fix | Delete
* @since 5.6.0
[491] Fix | Delete
*
[492] Fix | Delete
* @param WP_User $user The user who was authenticated.
[493] Fix | Delete
* @param array $item The application password used.
[494] Fix | Delete
*/
[495] Fix | Delete
do_action( 'application_password_did_authenticate', $user, $item );
[496] Fix | Delete
[497] Fix | Delete
return $user;
[498] Fix | Delete
}
[499] Fix | Delete
123456...11
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function