Create WP account from an external email form submission?

Sure WordPress can. But … do you really want to do this? It could be a bit risky. OK, you want to do it, let’s start with it.

At first you need a php file where you send the data to. Let’s assume your submission form is on www.domain-send.tld and your WP install is on www.domain-receive.tld.

You have to create a php file on www.domain-receive.tld, name it e.g. remote_user_registration.php. You send the data from www.domain-send.tld with <form action="http://www.domain-receive.tld/path/to/remote_user_registration.php' method="post">. Put the php file in a subdirectory and protect it with a .htaccess from illegal requests

order deny allow
deny from all
allow from www.domain-send.tld

There are a lot of tutorials how to protect a directory and/or a singel file with a .htaccess. Please read some, this is not the topic of this question.

Now we create the php file. We have to include some files from WordPress so all needed functions are available, fetch the post data comes from www.domain-send.tld, do some checks and create an array with the user data. The last step is to insert the new user. Easy, isn’t it? Here is the script:

<?php
// define some vars
if ( defined( 'ABSPATH' ) )
    $abspath = ABSPATH;
else
    $abspath="/your/path/to/wordpress";

/*
 * define the role of the new user here
 * @see http://codex.wordpress.org/Roles_and_Capabilities
 */
$role="subscriber";

/*
 * fetch post data
 */
$user_email = ( isset( $_POST['email'] ) && ! empty( $_POST['email'] ) ) ?
    filter_input( INPUT_POST, 'email', FILTER_SANITIZE_EMAIL ) : '';

// no email, no registration!
if ( empty( $user_email ) ) {
// TODO: More error handling like an email to yourself or something else
    exit();
}

// needed to prevent wordpress to load the complete environment. we need only a basic wordpress
define( 'SHORTINIT', TRUE );

// include the needed files which are excluded by SHORTINIT
require_once $abspath . '/wp-load.php';
require_once $abspath . '/wp-includes/user.php';
require_once $abspath . '/wp-includes/pluggable.php';
require_once $abspath . '/wp-includes/formatting.php';
require_once $abspath . '/wp-includes/capabilities.php';
require_once $abspath . '/wp-includes/kses.php';
require_once $abspath . '/wp-includes/meta.php';
require_once $abspath . '/wp-includes/l10n.php';

// create a random password
$random_password = wp_generate_password( $length=12, $include_standard_special_chars=false );

/*
 * setup the registration data
 * here we use the user email as login name!
 * the minimum of data is user_pass (password) and user_login (login name)
 * 
 * @see http://codex.wordpress.org/Function_Reference/wp_insert_user
 */
$data = array(
        'user_pass'     => $random_password,
        'user_login'    => $user_email,
        'role'          => $role // optional but usefull if you create a special role for remote registered users
);

$new_user = wp_insert_user( $data );

Now you want to send the user a email with login name and password. And maybe you want to inform yourself if a user was registered remotely. Extend the code above a bit:

if ( ! is_wp_error( $new_user ) ) {

    $subject = "Remote registration to www.domain-receive.tld"; 
    $message = "Hi there! You have successfull registered to my blog. Your login name is {$user_email} and your password is {$random_password}\nPlease change your password immediately!";
    $headers="From: My Name <[email protected]>" . "\r\n";

    // @see http://codex.wordpress.org/Function_Reference/wp_mail
    $success = wp_mail( $user_email, $subject, $message, $headers, $attachments );

    // maybe you want to be informed if the registration was successfull
    if ( true == $success ) {
        wp_mail( '[email protected]', 'Remote registration', "User {$user_email} was registered on " . date ('d.m. Y H:i:s', time() ) );
    }
}

From now on everybody who see our submission form can register to your blog as subscriber (or whatever role you will use for new users). I think this is a bit risky.

tech