I should have changed false
to true
in the line $login = wp_signon( $creds, false );
so the final working code is
if($_POST){
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$creds = array(
'user_login' => $_POST['username'],
'user_password' => $_POST['password'],
'remember' => true
);
$login = wp_signon( $creds, true);
if ( is_wp_error( $login ) ) {
$exiturl = get_site_url().'/account/auth';
header("Location: $exiturl");
exit();
}
} else {
echo "access denied";
}