Invoked when a POST request is made with non-null $_POST['auth-params'] such as from the login form.
If the hook handler does not set the 'authenticated' parameter of the passed array, normal login functions continue;
The 'user_record' is in fact an account DB record. To provide automatic provisioning of accounts from other authentication realms, this record should be generated and stored during the verification phase.
$addon_auth = array(
'username' => trim($_POST['username']),
'password' => trim($_POST['password']),
'authenticated' => 0,
'user_record' => null
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
* and later plugins should not interfere with an earlier one that succeeded.