function myplugin_auth_signon($user, $username, $password)
 {
     if (!session_id()) {
         @session_start();
     }
     $lla = new login_log_adds();
     $captcha_on_admin_login = get_option('captcha_on_admin_login') == 'Yes' ? true : false;
     if ($captcha_on_admin_login) {
         if (isset($_POST['admin_captcha']) and sanitize_text_field($_POST['admin_captcha']) != $_SESSION['captcha_code']) {
             $lla->log_add($_SERVER['REMOTE_ADDR'], 'security code do not match', date("Y-m-d H:i:s"), 'failed');
             return new WP_Error('error_security_code', __("Security code do not match.", "flp"));
         }
     }
     $captcha_on_user_login = get_option('captcha_on_user_login') == 'Yes' ? true : false;
     if ($captcha_on_user_login and (isset($_POST['user_captcha']) and sanitize_text_field($_POST['user_captcha']) != $_SESSION['captcha_code'])) {
         $lla->log_add($_SERVER['REMOTE_ADDR'], 'security code do not match', date("Y-m-d H:i:s"), 'failed');
         return new WP_Error('error_security_code', __("Security code do not match.", "flp"));
     }
     return $user;
 }
function login_validate()
{
    $lla = new login_log_adds();
    if (isset($_POST['option']) and $_POST['option'] == "afo_user_login") {
        if (!session_id()) {
            session_start();
        }
        global $post;
        if ($_POST['user_username'] != "" and $_POST['user_password'] != "") {
            $creds = array();
            $creds['user_login'] = sanitize_text_field($_POST['user_username']);
            $creds['user_password'] = sanitize_text_field($_POST['user_password']);
            if (sanitize_text_field($_POST['remember']) == 'Yes') {
                $remember = true;
            } else {
                $remember = false;
            }
            $creds['remember'] = $remember;
            $user = wp_signon($creds, true);
            if (isset($user->ID) and $user->ID != '') {
                wp_set_auth_cookie($user->ID, $remember);
                $lla->log_add($_SERVER['REMOTE_ADDR'], 'login success', date("Y-m-d H:i:s"), 'success');
                wp_redirect($_POST['redirect']);
                exit;
            } else {
                $_SESSION['msg_class'] = 'error_wid_login';
                $_SESSION['msg'] = __($user->get_error_message(), 'login-sidebar-widget');
                do_action('afo_login_log_front', $user);
            }
        } else {
            $_SESSION['msg_class'] = 'error_wid_login';
            $_SESSION['msg'] = __('Username or password is empty!', 'login-sidebar-widget');
            $lla->log_add($_SERVER['REMOTE_ADDR'], 'username or password is empty', date("Y-m-d H:i:s"), 'failed');
        }
    }
}