Same name and namespace in other branches
  1. 4.6.x modules/user.module \user_authenticate()
  2. 4.7.x modules/user.module \user_authenticate()
  3. 5.x modules/user/user.module \user_authenticate()
  4. 7.x modules/user/user.module \user_authenticate()

Try to log in the user locally.

Parameters

$form_values: Form values with at least 'name' and 'pass' keys, as well as anything else which should be passed along to hook_user op 'login'.

Return value

A $user object, if successful.

4 calls to user_authenticate()
blogapi_validate_user in modules/blogapi/blogapi.module
Ensure that the given user has permission to edit a blog.
install_configure_form_submit in ./install.php
Form API submit for the site configuration form.
user_login_authenticate_validate in modules/user/user.module
A validate handler on the login form. Check supplied username/password against local users table. If successful, sets the global $user object.
user_register_submit in modules/user/user.module
Submit handler for the user registration form.

File

modules/user/user.module, line 1389
Enables the user registration and login system.

Code

function user_authenticate($form_values = array()) {
  global $user;

  // Load the account to check if the e-mail is denied by an access rule.
  // Doing this check here saves us a user_load() in user_login_name_validate()
  // and introduces less code change for a security fix.
  $account = user_load(array(
    'name' => $form_values['name'],
    'pass' => trim($form_values['pass']),
    'status' => 1,
  ));
  if ($account && drupal_is_denied('mail', $account->mail)) {
    form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array(
      '%name' => $account->name,
    )));
  }

  // Name and pass keys are required.
  // The user is about to be logged in, so make sure no error was previously
  // encountered in the validation process.
  if (!form_get_errors() && !empty($form_values['name']) && !empty($form_values['pass']) && $account) {
    $user = $account;
    user_authenticate_finalize($form_values);
    return $user;
  }
  else {
    watchdog('user', 'Login attempt failed for %user.', array(
      '%user' => $form_values['name'],
    ));
  }
}