I'm presently focusing on wordpress .Like me a new comer to wordpress, I needed to understand how Wordpress authenticate the consumer. I search the code and also at wp-login.php page i discovered that-

$user = wp_signon('', $secure_cookie);

this function returns the authentication of user . after i visit the meaning of wordpress_signon I acquired both of these functions-

// TODO do we deprecate the wp_authentication action?
    do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));


$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);

But finally I never got the page OR code where actual authentication happens ??and in which the user password is encoded and complement database??.

Help, thanks.

Have a look in wordpress-includes/user.php there's a function known as "wordpress_authenticate_username_password" that does the particular authentication this function then calls "wordpress_check_password" within wordpress-includes/pluggable.php the username is basically in comparison in plaintext towards the database understandably in inside the same file, hope this points you within the right direction.