function wp_authenticate($username, $password)
{
global $wpdb, $error;
global $loginlockdownOptions;
$username = sanitize_user($username);
$password = trim($password);
if ("" != isLockedDown()) {
return new WP_Error('incorrect_password', "<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " . "failed login attempts.<br /><br />Please try again later.");
}
$user = apply_filters('authenticate', null, $username, $password);
if ($user == null) {
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
}
$ignore_codes = array('empty_username', 'empty_password');
if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes)) {
incrementFails($username);
if ($loginlockdownOptions['max_login_retries'] <= countFails($username)) {
lockDown($username);
return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " . "failed login attempts.<br /><br />Please try again later."));
}
if ('yes' == $loginlockdownOptions['mask_login_errors']) {
return new WP_Error('authentication_failed', sprintf(__('<strong>ERROR</strong>: Invalid username or incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login')));
} else {
do_action('wp_login_failed', $username);
}
}
return $user;
}
function wp_authenticate($username, $password)
{
global $wpdb, $error;
global $loginlockdownOptions;
if (0 < isLockedDown()) {
return new WP_Error('incorrect_password', "<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " . "failed login attempts.<br /><br />Please try again later.");
}
if ('' == $username) {
return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
}
if ('' == $password) {
return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
}
$user = get_userdatabylogin($username);
if (!$user || $user->user_login != $username) {
do_action('wp_login_failed', $username);
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
}
$user = apply_filters('wp_authenticate_user', $user, $password);
if (is_wp_error($user)) {
incrementFails($username);
if ($loginlockdownOptions['max_login_retries'] <= countFails($username)) {
lockDown($username);
return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " . "failed login attempts.<br /><br />Please try again later."));
}
do_action('wp_login_failed', $username);
return $user;
}
if (!wp_check_password($password, $user->user_pass, $user->ID)) {
incrementFails($username);
if ($loginlockdownOptions['max_login_retries'] <= countFails($username)) {
lockDown($username);
return new WP_Error('incorrect_password', __("<strong>ERROR</strong>: We're sorry, but this IP range has been blocked due to too many recent " . "failed login attempts.<br /><br />Please try again later."));
}
do_action('wp_login_failed', $username);
return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
}
return new WP_User($user->ID);
}