sanitize_user example


    function wp_authenticate( $username$password ) {
        $username = sanitize_user( $username );
        $password = trim( $password );

        /** * Filters whether a set of user login credentials are valid. * * A WP_User object is returned if the credentials authenticate a user. * WP_Error or null otherwise. * * @since 2.8.0 * @since 4.5.0 `$username` now accepts an email address. * * @param null|WP_User|WP_Error $user WP_User if the user is authenticated. * WP_Error or null otherwise. * @param string $username Username or email address. * @param string $password User password. */

function wp_normalize_site_data( $data ) {
    // Sanitize domain if passed.     if ( array_key_exists( 'domain', $data ) ) {
        $data['domain'] = trim( $data['domain'] );
        $data['domain'] = preg_replace( '/\s+/', '', sanitize_user( $data['domain'], true ) );
        if ( is_subdomain_install() ) {
            $data['domain'] = str_replace( '@', '', $data['domain'] );
        }
    }

    // Sanitize path if passed.     if ( array_key_exists( 'path', $data ) ) {
        $data['path'] = trailingslashit( '/' . trim( $data['path'], '/' ) );
    }

    // Sanitize network ID if passed.
case 'login':
    default:
        $secure_cookie   = '';
        $customize_login = isset( $_REQUEST['customize-login'] );

        if ( $customize_login ) {
            wp_enqueue_script( 'customize-base' );
        }

        // If the user wants SSL but the session is not SSL, force a secure cookie.         if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) {
            $user_name = sanitize_user( wp_unslash( $_POST['log'] ) );
            $user      = get_user_by( 'login', $user_name );

            if ( ! $user && strpos( $user_name, '@' ) ) {
                $user = get_user_by( 'email', $user_name );
            }

            if ( $user ) {
                if ( get_user_option( 'use_ssl', $user->ID ) ) {
                    $secure_cookie = true;
                    force_ssl_admin( true );
                }
            }
$db_field = 'ID';
                break;
            case 'slug':
                $user_id  = wp_cache_get( $value, 'userslugs' );
                $db_field = 'user_nicename';
                break;
            case 'email':
                $user_id  = wp_cache_get( $value, 'useremail' );
                $db_field = 'user_email';
                break;
            case 'login':
                $value    = sanitize_user( $value );
                $user_id  = wp_cache_get( $value, 'userlogins' );
                $db_field = 'user_login';
                break;
            default:
                return false;
        }

        if ( false !== $user_id ) {
            $user = wp_cache_get( $user_id, 'users' );
            if ( $user ) {
                return $user;
            }
wp_redirect( $redirect );
            die();
        }
    } else {
        // Adding a new user to this site.         $new_user_email = wp_unslash( $_REQUEST['email'] );
        $user_details   = wpmu_validate_user_signup( $_REQUEST['user_login']$new_user_email );
        if ( is_wp_error( $user_details['errors'] ) && $user_details['errors']->has_errors() ) {
            $add_user_errors = $user_details['errors'];
        } else {
            /** This filter is documented in wp-includes/user.php */
            $new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
            if ( isset( $_POST['noconfirmation'] ) && current_user_can( 'manage_network_users' ) ) {
                add_filter( 'wpmu_signup_user_notification', '__return_false' );  // Disable confirmation email.                 add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email.             }
            wpmu_signup_user(
                $new_user_login,
                $new_user_email,
                array(
                    'add_to_blog' => get_current_blog_id(),
                    'new_role'    => $_REQUEST['role'],
                )
            );
$user_id  = (int) $user_id;
    if ( $user_id ) {
        $update           = true;
        $user->ID         = $user_id;
        $userdata         = get_userdata( $user_id );
        $user->user_login = wp_slash( $userdata->user_login );
    } else {
        $update = false;
    }

    if ( ! $update && isset( $_POST['user_login'] ) ) {
        $user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true );
    }

    $pass1 = '';
    $pass2 = '';
    if ( isset( $_POST['pass1'] ) ) {
        $pass1 = trim( $_POST['pass1'] );
    }
    if ( isset( $_POST['pass2'] ) ) {
        $pass2 = trim( $_POST['pass2'] );
    }

    
/** * Checks whether a username is valid. * * @since 2.0.1 * @since 4.4.0 Empty sanitized usernames are now considered invalid. * * @param string $username Username. * @return bool Whether username given is valid. */
function validate_username( $username ) {
    $sanitized = sanitize_user( $username, true );
    $valid     = ( $sanitized == $username && ! empty( $sanitized ) );

    /** * Filters whether the provided username is valid. * * @since 2.0.1 * * @param bool $valid Whether given username is valid. * @param string $username Username to check. */
    return apply_filters( 'validate_username', $valid$username );
}
<?php echo esc_attr( $weblog_title ); ?>" /></td> </tr> <tr> <th scope="row"><label for="user_login"><?php _e( 'Username' ); ?></label></th> <td> <?php             if ( $user_table ) {
                _e( 'User(s) already exists.' );
                echo '<input name="user_name" type="hidden" value="admin" />';
            } else {
                ?> <input name="user_name" type="text" id="user_login" size="25" aria-describedby="user-name-desc" value="<?php echo esc_attr( sanitize_user( $user_name, true ) ); ?>" /> <p id="user-name-desc"><?php _e( 'Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.' ); ?></p> <?php             }
            ?> </td> </tr> <?php if ( ! $user_table ) : ?> <tr class="form-field form-required user-pass1-wrap"> <th scope="row"> <label for="pass1"> <?php _e( 'Password' ); ?>

function wpmu_validate_user_signup( $user_name$user_email ) {
    global $wpdb;

    $errors = new WP_Error();

    $orig_username = $user_name;
    $user_name     = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) );

    if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) {
        $errors->add( 'user_name', __( 'Usernames can only contain lowercase letters (a-z) and numbers.' ) );
        $user_name = $orig_username;
    }

    $user_email = sanitize_email( $user_email );

    if ( empty( $user_name ) ) {
        $errors->add( 'user_name', __( 'Please enter a username.' ) );
    }

    
Home | Imprint | This part of the site doesn't use cookies.