New User Registration in WordPress 3.X

There is a certain magic in many well-constructed marvels.  This definitely applies to a WordPress.  Just recently I needed to fix something inside user registration procedure, and with very limited PHP knowledge, I was able to figure out, what was going on and fix the problem.

On the way there, I couldn’t help but admire, how well everything is documented and linked-in to minimize code duplication.  There is an obvious truth in saying that “the best things in life are free”.

When user clicks on a link to register, a wp_login.php page opens up.  This page is a conglomerate of  3 different page-forms:
— login, — register and — recover a password.

Proper form opens up by reading a query string from the URL:

/wp-login.php?action=register

When user provides a new user name and email and presses Register button, the same page wp-login.php is reloaded, but this time a POST is requested:

if ( $http_post ) {
 $user_login = $_POST['user_login'];
 $user_email = $_POST['user_email'];
 $errors = register_new_user($user_login, $user_email); ...

Variable $http_post contains  true or false depending on result of the following evaluation:

$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);

If it is a POST, we do not need to display a form, we need to grab content of 2 fields, populated by user, and call a function register_new_user($user_login, $user_email) with 2 parameters.

Function  register_new_user() checks for obvious problems (blanks, invalid characters, duplicate name or email address) and returns a string that contains an error message.

If everything checks out, function proceeds, and calls function wp_create_user() and returns a string that represents a new user ID.

function register_new_user( $user_login, $user_email ) {
$errors = new WP_Error();

$sanitized_user_login = sanitize_user( $user_login );
$user_email = apply_filters( ‘user_registration_email’, $user_email );

// Check the username
if ( $sanitized_user_login == ” ) {
$errors->add( ’empty_username’, __( ‘<strong>ERROR</strong>: Please enter a username.’ ) );
} elseif ( ! validate_username( $user_login ) ) {
$errors->add( ‘invalid_username’, __( ‘<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.’ ) );
$sanitized_user_login = ”;
} elseif ( username_exists( $sanitized_user_login ) ) {
$errors->add( ‘username_exists’, __( ‘<strong>ERROR</strong>: This username is already registered, please choose another one.’ ) );
}

// Check the e-mail address
if ( $user_email == ” ) {
$errors->add( ’empty_email’, __( ‘<strong>ERROR</strong>: Please type your e-mail address.’ ) );
} elseif ( ! is_email( $user_email ) ) {
$errors->add( ‘invalid_email’, __( ‘<strong>ERROR</strong>: The email address isn&#8217;t correct.’ ) );
$user_email = ”;
} elseif ( email_exists( $user_email ) ) {
$errors->add( ’email_exists’, __( ‘<strong>ERROR</strong>: This email is already registered, please choose another one.’ ) );
}

do_action( ‘register_post’, $sanitized_user_login, $user_email, $errors );

$errors = apply_filters( ‘registration_errors’, $errors, $sanitized_user_login, $user_email );

if ( $errors->get_error_code() )
return $errors;

$user_pass = wp_generate_password( 12, false);
$user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
if ( ! $user_id ) {
$errors->add( ‘registerfail’, sprintf( __( ‘<strong>ERROR</strong>: Couldn&#8217;t register you… please contact the <a href=”mailto:%s”>webmaster</a> !’ ), get_option( ‘admin_email’ ) ) );
return $errors;
}

update_user_option( $user_id, ‘default_password_nag’, true, true ); //Set up the Password change nag.

wp_new_user_notification( $user_id, $user_pass );

return $user_id;
}

As you can see at the end of the code-snippet above function also marks that user was given a default password (‘default_password_nag‘ is recorded into  database file prefix_usermeta).  It also sends an email notification to user with new user name and password.

Simple, elegant, breathtaking.