I assume that your function is called before any output is printed – otherwise redirection won’t work.
The easiest way to redirect user to given URL is using:
wp_redirect( $url );
exit;
So your code might look like this:
function authentication($emailAdd, $password) {
include_once('././wp-includes/class-phpass.php');
global $wpdb, $formErr;
if(1 > count($formErr->get_error_messages())){
$hasher = new PasswordHash(8, TRUE);
$table = $wpdb->prefix.'finusers';
$results=$wpdb->get_row("SELECT * FROM $table WHERE email_address="$emailAdd"");
$hashed_pwd = $results->password;
//echo $hashed_pwd;
if($hasher->CheckPassword($password, $hashed_pwd)){
wp_redirect( $url ); // change to correct URL
exit;
}else{
echo "Please check email address of password";
}
}
}
PS. There are a lot of errors and problems with your code, though… And I really wouldn’t use that on any site, I guess… At least not in current form… See my comments in code below
function authentication($emailAdd, $password) {
// using ././ won't work. It should be ../../. And even that is risky, because the structure may be changed - you should use ABSPATH instead.
include_once('././wp-includes/class-phpass.php');
global $wpdb, $formErr;
// so if there is exactly one error, everything is fine and user can be logged in? ;)
if(1 > count($formErr->get_error_messages())){
$hasher = new PasswordHash(8, TRUE);
$table = $wpdb->prefix.'finusers';
// Why no escaping? What if $emailAdd will contain special characters to perform SQL injection?
// Another problem is that you query all rows, why no limit?
$results=$wpdb->get_row("SELECT * FROM $table WHERE email_address="$emailAdd"");
// And what if there are no such rows? Line below will cause error
$hashed_pwd = $results->password;
//echo $hashed_pwd;
if($hasher->CheckPassword($password, $hashed_pwd)){
wp_redirect( $url ); // change to correct URL
exit;
}else{
echo "Please check email address of password";
}
}
}