wp_authenticate_spam_check( WP_User|WP_Error|null $user ): WP_User|WP_Error

In this article

For Multisite blogs, checks if the authenticated user has been marked as a spammer, or if the user’s primary blog has been marked as spam.

Parameters

$userWP_User|WP_Error|nullrequired
WP_User or WP_Error object from a previous callback. Default null.

Return

WP_User|WP_Error WP_User on success, WP_Error if the user is considered a spammer.

Source

if ( ! empty( $input_user ) ) {
	return $input_user;
}

if ( ! wp_is_application_passwords_available() ) {
	return $input_user;
}

// Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication.
if ( ! isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) {
	return $input_user;
}

$authenticated = wp_authenticate_application_password( null, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );

if ( $authenticated instanceof WP_User ) {
	return $authenticated->ID;
}

Changelog

VersionDescription
3.7.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.