Allow for custom authentication handlers for all requests.

Turn the logic used by wp_get_current_user() into a determine_current_user filter.

props rmccue.
fixes #26706.

Built from https://develop.svn.wordpress.org/trunk@27484


git-svn-id: http://core.svn.wordpress.org/trunk@27328 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/user.php

@@ -219,6 +219,32 @@ function wp_authenticate_spam_check( $user ) {
 	return $user;
 }
 
+/**
+ * Validates logged in cookie.
+ *
+ * Checks the logged_in cookie if the previous auth cookie could not be
+ * validated and parsed.
+ *
+ * This is a callback for the determine_current_user filter, rather than API.
+ *
+ * @since 3.9.0
+ *
+ * @param int|boolean $user The user ID (or false) as received from the determine_current_user filter.
+ * @return int|boolean User ID if validated, or false otherwise. If it receives a user ID from
+ *                     an earlier filter callback, that value is returned.
+ */
+function wp_validate_logged_in_cookie( $user_id ) {
+	if ( $user_id ) {
+		return $user_id;
+	}
+
+	if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) ) {
+		return false;
+	}
+
+	return wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );
+}
+
 /**
  * Number of posts user has written.
  *