+ $userdata = get_userdatabylogin($username);
+
+ if ( !$userdata ) {
+ return new WP_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login')));
+ }
+
+ $userdata = apply_filters('wp_authenticate_user', $userdata, $password);
+ if ( is_wp_error($userdata) ) {
+ return $userdata;
+ }
+
+ if ( !wp_check_password($password, $userdata->user_pass, $userdata->ID) ) {
+ return new WP_Error('incorrect_password', sprintf(__('<strong>ERROR</strong>: Incorrect password. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), site_url('wp-login.php?action=lostpassword', 'login')));
+ }
+
+ $user = new WP_User($userdata->ID);
+ return $user;
+}
+
+/**
+ * Authenticate the user using the WordPress auth cookie.
+ */
+function wp_authenticate_cookie($user, $username, $password) {
+ if ( is_a($user, 'WP_User') ) { return $user; }
+
+ if ( empty($username) && empty($password) ) {
+ $user_id = wp_validate_auth_cookie();
+ if ( $user_id )
+ return new WP_User($user_id);
+
+ global $auth_secure_cookie;
+
+ if ( $auth_secure_cookie )
+ $auth_cookie = SECURE_AUTH_COOKIE;
+ else
+ $auth_cookie = AUTH_COOKIE;
+
+ if ( !empty($_COOKIE[$auth_cookie]) )
+ return new WP_Error('expired_session', __('Please log in again.'));
+
+ // If the cookie is not set, be silent.
+ }