I'm presently focusing on wordpress .Like me a new comer to wordpress, I needed to understand how Wordpress authenticate the consumer.
I search the code and also at
wp-login.php page i discovered that-
$user = wp_signon('', $secure_cookie);
this function returns the authentication of user . after i visit the meaning of wordpress_signon I acquired both of these functions-
// TODO do we deprecate the wp_authentication action? do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
But finally I never got the page OR code where actual authentication happens ??and in which the user password is encoded and complement database??.
Have a look in wordpress-includes/user.php there's a function known as "wordpress_authenticate_username_password" that does the particular authentication this function then calls "wordpress_check_password" within wordpress-includes/pluggable.php the username is basically in comparison in plaintext towards the database understandably in inside the same file, hope this points you within the right direction.