I have a case that I am registering a user with wp_insert_user() and logging in with wp_signon(). Registration is successful but when I use wp_signon(), I get error:
‘Invalid username or password. Please try again!’.
Here are my efforts, I couldn’t find the issue.
function wp_create_user_my($username, $password, $email = '', $fname, $lname) {
$first_name = wp_slash($fname);
$last_name = wp_slash($lname);
$user_login = wp_slash($username);
$user_email = wp_slash($email);
$user_pass = $password;
$userdata = compact('user_login', 'user_email', 'user_pass','first_name','last_name');
return wp_insert_user($userdata);
}
Here is code of signon()
$login_data['user_login'] = esc_attr($username);
$login_data['user_password'] = esc_attr($new_password);
$login_data['remember'] = true;
$user_verify = wp_signon($login_data, false);
See this:
The
esc_attrfunction encodes the<, >, &, " and 'signs/symbols. If the user has any of those in their usernames or passwords, it’s going to be different from what was originally stored/saved in the database, since what is passed to the compared against the database stored value is the escaped version of any or all of those characters.I’d suggest you use the
wp_slashfunction you used when inserting the user:That way, what you get is consistent with what was inserted into the database.