Want to make a custom wordpress registration form. It uses WordPress optimized security/ hackproof functionality to check and validate before inserting data to the database and creating a new user.
<?php /** * Template Name: Registration */ $error_msg = ''; $success_msg = ''; // check to make sure user registration is enabled $registration_enabled = get_option('users_can_register'); if( ! $registration_enabled ): wp_redirect( site_url() ); elseif( ! is_user_logged_in() ): if(! isset($_POST['submit']) && isset($_POST['vb_new_user_nonce']) ) { $firstname = sanitize_text_field($_POST['firstname']); $lastname = sanitize_text_field($_POST['lastname']); $nickname = sanitize_text_field($_POST['nickname']); $email_address = sanitize_email($_POST['email']); $username = sanitize_text_field($_POST['username']); $password1 = sanitize_text_field($_POST['password1']); $password2 = sanitize_text_field($_POST['password2']); $website = esc_url($_POST['website']); $description = sanitize_text_field($_POST['info']); $dob = sanitize_text_field($_POST['dob']); $tel =sanitize_text_field($_POST['telephone']); if( empty($username)){ $error_msg.= 'Username can not be left blank.<br/>'; } if( empty($password1) || empty($password2) ){ $error_msg.= 'One or both password field/s is/are blank.<br/>'; } if( username_exists( $username ) ) { $error_msg.= 'Username already exists!<br/>'; } if( email_exists($email_address) ){ $error_msg.= 'Email already exists!'; } if( !filter_var($website, FILTER_VALIDATE_URL) ) { $error_msg.= 'Website is not a valid URL'; } if( wp_verify_nonce( $_POST['vb_new_user_nonce'], 'vb_new_user' ) ){ $error_msg.= 'Something went wrong. Please try again.'; } if( $error_msg == '' ) { global $wpdb; // Store values to save in user meta. $meta = array(); // Filter a user's first name before the user is created or updated. $meta['first_name'] = apply_filters( 'pre_user_first_name', $firstname ); // Filter a user's last name before the user is created or updated. $meta['last_name'] = apply_filters( 'pre_user_last_name', $lastname ); // Sanitizing username $user = sanitize_user( $username, true ); // Filter a username after it has been sanitized. This filter is called before the user is created or updated. $user = apply_filters( 'pre_user_login', $user ); //Remove any non-printable chars from the login string to see if we have ended up with an empty username $userdata['user_login'] = trim( $user ); $userdata['user_pass'] = wp_hash_password( $password2 ); // Sanitizing nickname $nick = sanitize_title( $nickname ); // Filter a user's nicename before the user is created or updated. $userdata['user_nicename'] = apply_filters( 'pre_user_nicename', strtolower( $nick ) ); $meta['nickname'] = $userdata['user_login']; // Filter a user's URL before the user is created or updated. $userdata['user_url'] = apply_filters( 'pre_user_url', $website ); // Filter a user's email before the user is created or updated. $userdata['user_email'] = apply_filters( 'pre_user_email', $email_address ); // Filter a user's description before the user is created or updated. $meta['description'] = apply_filters( 'pre_user_description', $description ); $userdata['user_registered'] = empty( $_POST['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $_POST['user_registered']; $userdata['user_activation_key'] = ''; $userdata['user_status'] = 0; $userdata['display_name'] = $meta['first_name'] . ' ' . $meta['last_name']; $meta['date_of_birth'] = $dob; $meta['mobile'] = $tel; $meta['rich_editing'] = 'true'; $meta['comment_shortcuts'] = 'false'; $meta['admin_color'] = 'fresh'; $meta['use_ssl'] = 0; $meta['show_admin_bar_front'] = 'false'; $wpdb->insert( $wpdb->users, $userdata ); $user_id = (int) $wpdb->insert_id; $user = new WP_User( $user_id ); // Update user meta. foreach ( $meta as $key => $value ) { update_user_meta( $user_id, $key, $value ); } foreach ( wp_get_user_contact_methods( $user ) as $key => $value ) { if ( isset( $userdata[ $key ] ) ) { update_user_meta( $user_id, $key, $userdata[ $key ] ); } } $user->set_role(get_option('default_role')); wp_cache_delete( $user_id, 'users' ); do_action( 'user_register', $user_id ); $success_msg = "Registration successful. Please <a href='" . get_permalink( 96 ) . "'>login</a>."; $_POST = array(); } } get_header(); ?>
<div id="content"> <?php if( $error_msg != '' ): ?> <div class="error-box msg-box"><?php echo $error_msg; ?></div> <?php endif; ?> <?php if( $success_msg != '' ): ?> <div class="success-box msg-box"><?php echo $success_msg; ?></div> <?php endif; ?> <form name="registration" action="<?php echo get_permalink(); ?>" method="POST"> <legend>Registration Form</legend> <p class="required-info"><span>*</span> = required field</p> <p> <label>First Name</label> <input type="text" name="firstname" value="<?php echo ( ! empty( $_POST['firstname'] ) )? $_POST['firstname']:''; ?>" /> </p> <p> <label>Last Name</label> <input type="text" name="lastname" value="<?php echo ( ! empty( $_POST['lastname'] ) )? $_POST['lastname']:''; ?>" /> </p> <p> <label>Display Name</label> <input type="text" name="nickname" value="<?php echo ( ! empty( $_POST['nickname'] ) )? $_POST['nickname']:''; ?>" /> </p> <p> <label>Email Address</label> <input type="email" name="email" value="<?php echo ( ! empty( $_POST['email'] ) )? $_POST['email']:''; ?>" /> </p> <p> <label>Username<span>*</span></label> <input type="text" name="username" value="<?php echo ( ! empty( $_POST['username'] ) )? $_POST['username']:''; ?>" /> </p> <p> <label>Password<span>*</span></label> <input type="password" name="password1" /> </p> <p> <label>Repeat Password<span>*</span></label> <input type="password" name="password2" /> </p> <p> <label>Website</label> <input type="text" name="website" value="<?php echo ( ! empty( $_POST['website'] ) )? $_POST['website']:''; ?>" /> </p> <p> <label>Introduction</label> <textarea name="info"><?php echo ( ! empty( $_POST['info'] ) )? $_POST['info']:''; ?></textarea> </p> <p> <label>Date of Birth <em>Format: DD/MM/YYYY e.g. 17/09/1991</em></label> <input type="text" name="dob" value="<?php echo ( ! empty( $_POST['dob'] ) )? $_POST['dob']:''; ?>" /> </p> <p> <label>Telephone</label> <input type="tel" name="telephone" value="<?php echo ( ! empty( $_POST['telephone'] ) )? $_POST['telephone']:''; ?>" /> </p> <?php wp_nonce_field('vb_new_user','vb_new_user_nonce', true, true ); ?> <p> <input type="hidden" name="user_registered" value="<?php echo gmdate( 'Y-m-d H:i:s' ) ?>"/> <input type="reset"/> <input type="submit" name="submit" value="Signup!" /> </p> </form> </div> <?php else: wp_redirect( site_url() ); endif; /** * Customizing alert function for notifying Admin & new user * You may/should include this function to your theme functions.php file */ if ( !function_exists('wp_new_user_notification') ) { function wp_new_user_notification( $user_id, $plaintext_pass = '' ) { $user = new WP_User( $user_id ); $user_login = stripslashes( $user->user_login ); $user_email = stripslashes( $user->user_email ); $message = sprintf( __('New user registration on %s:'), get_option('blogname') ) . "\r\n\r\n"; $message .= sprintf( __('Username: %s'), $user_login ) . "\r\n\r\n"; $message .= sprintf( __('E-mail: %s'), $user_email ) . "\r\n"; @wp_mail( get_option('admin_email'), sprintf(__('[%s] New User Registration'), get_option('blogname') ), $message ); if ( empty( $plaintext_pass ) ) return; $message = __('Hi there,') . "\r\n\r\n"; $message .= sprintf( __("Welcome to %s! Here's how to log in:"), get_option('blogname')) . "\r\n\r\n"; $message .= wp_login_url() . "\r\n"; $message .= sprintf( __('Username: %s'), $user_login ) . "\r\n"; $message .= sprintf( __('Password: %s'), $plaintext_pass ) . "\r\n\r\n"; $message .= sprintf( __('If you have any problems, please contact me at %s.'), get_option('admin_email') ) . "\r\n\r\n"; $message .= __('Adios!'); wp_mail( $user_email, sprintf( __('[%s] Your username and password'), get_option('blogname') ), $message ); } } get_footer(); ?>