Index: src/wp-includes/default-filters.php
===================================================================
--- src/wp-includes/default-filters.php (revision 36603)
+++ src/wp-includes/default-filters.php (working copy)
@@ -342,6 +342,7 @@
// Default authentication filters
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
+add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
add_filter( 'determine_current_user', 'wp_validate_auth_cookie' );
add_filter( 'determine_current_user', 'wp_validate_logged_in_cookie', 20 );
Index: src/wp-includes/pluggable.php
===================================================================
--- src/wp-includes/pluggable.php (revision 36603)
+++ src/wp-includes/pluggable.php (working copy)
@@ -548,7 +548,7 @@
*
* @since 2.5.0
*
- * @param string $username User's username.
+ * @param string $username User's username or email address.
* @param string $password User's password.
* @return WP_User|WP_Error WP_User object if the credentials are valid,
* otherwise WP_Error.
@@ -575,7 +575,7 @@
if ( $user == null ) {
// TODO what should the error message be? (Or would these even happen?)
// Only needed if all authentication handlers fail to return anything.
- $user = new WP_Error('authentication_failed', __('ERROR: Invalid username or incorrect password.'));
+ $user = new WP_Error( 'authentication_failed', __( 'ERROR: Invalid username, email address or incorrect password.' ) );
}
$ignore_codes = array('empty_username', 'empty_password');
Index: src/wp-includes/user.php
===================================================================
--- src/wp-includes/user.php (revision 36603)
+++ src/wp-includes/user.php (working copy)
@@ -174,6 +174,79 @@
}
/**
+ * Authenticate the user using the email and password.
+ *
+ * @since 4.5.0
+ *
+ * @param WP_User|WP_Error|null $user WP_User or WP_Error object if a previous
+ * callback failed authentication.
+ * @param string $email Email address for authentication.
+ * @param string $password Password for authentication.
+ * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
+ */
+function wp_authenticate_email_password( $user, $email, $password ) {
+ if ( $user instanceof WP_User ) {
+ return $user;
+ }
+
+ if ( empty( $email ) || empty( $password ) ) {
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
+
+ $error = new WP_Error();
+
+ if ( empty( $email ) ) {
+ $error->add( 'empty_username', __( 'ERROR: The email field is empty.' ) );
+ }
+
+ if ( empty( $password ) ) {
+ $error->add( 'empty_password', __( 'ERROR: The password field is empty.' ) );
+ }
+
+ return $error;
+ }
+
+ if ( ! is_email( $email ) ) {
+ return $user;
+ }
+
+ $user = get_user_by( 'email', $email );
+
+ if ( ! $user ) {
+ return new WP_Error( 'invalid_email',
+ __( 'ERROR: Invalid email address.' ) .
+ ' ' .
+ __( 'Lost your password?' ) .
+ ''
+ );
+ }
+
+ /** This filter is documented in wp-includes/user.php */
+ $user = apply_filters( 'wp_authenticate_user', $user, $password );
+
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
+
+ if ( ! wp_check_password( $password, $user->user_pass, $user->ID ) ) {
+ return new WP_Error( 'incorrect_password',
+ sprintf(
+ /* translators: %s: email address */
+ __( 'ERROR: The password you entered for the email address %s is incorrect.' ),
+ '' . $email . ''
+ ) .
+ ' ' .
+ __( 'Lost your password?' ) .
+ ''
+ );
+ }
+
+ return $user;
+}
+
+
+/**
* Authenticate the user using the WordPress auth cookie.
*
* @since 2.8.0
Index: src/wp-login.php
===================================================================
--- src/wp-login.php (revision 36603)
+++ src/wp-login.php (working copy)
@@ -529,7 +529,7 @@