FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  WordPress  »  Fast and Easy Custom WordPress New User Registration

by 8 comments


Normally when you register on a WordPress blog you enter in a Username and Email to register.

Then a password is auto-generated and emailed to you to verify your email.

Finally you can login to the blog but if you don't change your password right then you'll have to check the email again later when you forget it.

Maybe you have a secured site and you want to make registration a fool-proof process for your peeps? Read on.


Easier WordPress Registration

Fast and Easy Custom WordPress New User RegistrationInstead of the safer and more secure method employed by WP, this article shows you the code that lets you create your own register form like the one below, and registration is as simple as typing in an email address and password.

Here's how this script works:

  1. Enter Email Addy and Password (Email used as username)
  2. Hitting Submit creates a new user, emails user login info to user, logs in the user, and redirects the user wherever.

Bad Idea to implement, Cool to think about

For one thing this would let web robots and spammers register for your blog without having to validate an email address. That could get very bad very fast in terms of comments and other data in your database. But there are probably a lot of reasons why this would be a very bad idea to actually implement.

Register Form Example XHTML


PHP Script autologin.php

This is pretty rough code but it works for WP 2.5, some things to note are that adequate checking of user-input is missing so a blank password will work. Another bit of roughness is how this script will DIE with an error message upon failure.

It will also send a new user notification email including the plaintext username and plaintext password, then it will login the user and redirect them to /wordpress/.

<?php
define('WP_USE_THEMES', false);
require('../wp-blog-header.php');
require_once( ABSPATH . WPINC . '/registration.php');
if('POST' != $_SERVER['REQUEST_METHOD'])die('not post');
$user_login = sanitize_user($_POST['email']);
$user_email=$_POST['email'];
$user_pass = $_POST['user_pass'];
$redirect_to = $_POST['redirect_to'];
if(username_exists( $user_login ) || !validate_username( $user_login ) || !is_email( $user_email ) || email_exists( $user_email ))die('error');
$user_id = wp_create_user( $user_login, $user_pass, $user_email );
if ( !$user_id )die('bad user_id');
wp_new_user_notification($user_id, $user_pass);
$credentials=array('remember'=>true,'user_login'=>$user_login,'user_password'=>$user_pass);
do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
wp_set_auth_cookie($user_id, $credentials['remember']);
do_action('wp_login', $credentials['user_login']);
wp_safe_redirect($redirect_to);
exit();
?>

Implementation

In case you want to try it out, it will work as is above.

This code is danger danger

Tags

May 31st, 2008

Comments Welcome

  • http://thatNorwegianGuy.com Eystein

    Can this be used to let allready logged in users change their password without entering the wp-admin area? I'm trying to use the wordpress functionality, with my own front-end design, to display only the change password form. I'm not getting very far with my own copy-pasting :S

  • http://www.askapache.com/ AskApache

    Yeah that is exactly one of the reasons I started hacking it. I know WP has the functions to do that sure no problem, its just tough learning all these new functions.

    I'm sure its called wp_update_user or wp_insert_user or something like that. Just look around in the source code a bit.

  • http://www.netpreneur.my J. Maideen

    How about if you can add some more features such as:

    1) captcha before new user submit the registration

    2) choose as drop down menu either as subscriber, contributor, author or editor

    If previously we already set as (role manager plugin) default any new user as contributor, then, they already can instantly submit their articles/messages to the blogs.

    What you think man :)?

  • http://suhanto.net/ Agus Suhanto

    Thanks, this is usefull for implementing custom register/login pages in WordPress. Currently I'm creating a plugin that required those functionlities, glad I found it here.

  • http://suhanto.net/ Agus Suhanto

    Hey, while I'm working on it a little bit deeper, I found this function can replace some line of codes above (at least in WordPress 3, I haven't checked it in other versions):

    wp_signon($credentials);
    • http://www.askapache.com/ AskApache

      @ Agus
      Thanks for the code!

  • http://www.seowebsiteflipping.com Thomas Bodetti

    Ok, I can see how it might be interesting but what about the bots, that seems like risky behavior, still its something that needs to be done, registering should be intuitive.

  • AndyRichter

    Hi there, You are the man,

    We were searching for this everywhere, they all want to increase security.
    We read so much security blah blah on our way to find this site.
    Ha ha ha.
    We have nothing to lose on our website.
    We need users to be logged in easy.
    Without email.
    Just for fun.
    Easy password.
    ( Our website has a game running , user just needs a name to get credits)
    Nobody wants to create an email account ( or give his actual account).
    That turns 99% of our users off.
    We need these 99% users.
    You are our man.

    Now the question:

    Where do we put Your magic code?
    What do we have to do to run this?
    (We use wordpress since 5 days)

Popular Articles
My Online Tools

Related Articles
Newest Posts
Twitter


  •  t.co/ShKrGdqXuJ 
  • RUN GCC! This is a typical shirt I wear, from the  t.co/46LYbFr4k2  shop. A clerk at the LQ recognized it!  t.co/jjmT0dkCPu 
  • Merlin the Magician  t.co/iMmRbanUi4 
  • ROGUE CODE - Latest novel from @markrussinovich  t.co/apkn0LoPIt 
  • RTFM - surprisingly very helpful and way more comprehensive than it looks! @redteamfieldman #pwnAllTheThings  t.co/xiaJ5g0aC9 
  • Dear Hacker - Letters to the Editor of 2600, from Emmanuel Goldstein  t.co/JCfLab7FAJ 
  • The Mythical Man-Month - Essays on Software Engineering, by Frederick P. Brooks, Jr.  t.co/ilWN5GHElr 
  • "where wizards stay up late" - The Origins of the Internet. Favorite book detailing the birth of the net and IMPs  t.co/gY9VTGJgZz 
  • ZERO DAY - read before Trojan horse  t.co/pPMLGDJv8P 
  • Trojan Horse, a novel!  t.co/Hf8EtYaZVa 
  • The Hacker Playbook - very nice high level overview of attacks  t.co/lHwNVWi61u 
  • Clean Code - A Handbook of Agile Software Craftsmanship  t.co/hnJX0x1qIc 
  • Secrets of the JavaScript Ninja - By my absolute favorite JS hacker John Resig!  t.co/tZ42ljmcCl 
  • Hacking Exposed 7: Network Security Secrets & SolutionsMy all time favorite, basic but thorough and accurate.  t.co/jycW0RDVtZ 

Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman






[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

| Google+ | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain