Email confirmation in user registration form without a plugin

by

Actually, the arguments you are passing for the wp_new_user_notification() function are incorrect – it requires the user ID, not the username. Also, that may not be what you want to use in this case since it generates a link that will require the user to set a password (which is preferred).

I’ll go through two examples – one without the password, which the user would then set upon confirmation; and one with the password, which would require using a custom email instead of wp_new_user_notification().

Preferred Method (no password)

This assumes you’ll take out the password fields in your form and allow the user to set their password when they return via the link included in the new user notification email. Other issues are discussed after the code:

if($_POST){
     $username= sanitize_user($_POST['txtusername']);
     $email= sanitize_email($_POST['txtEmail']);

     $error=array();

     if(strpos($username,' ')!==FALSE){
       $error['username_space']="username has space";

     }

     if(empty($username)){
         $error['username_empty']="username needed";
     }
     if(username_exists($username)){
     $error['username_exist']="username already exists";

     }

  if(!is_email($email)){
      $error['email_valid']="enter valid email id";

     }

     if(email_exists($email)){
      $error['email_existence']="email already exists";

     }

     if(count($error)==0) {
      $user_id = wp_create_user($username,$password,$email);
      echo "you have registered succesfully.. ";

    wp_new_user_notification($user_id);
    exit();
     }

     else{
        print_r($error);
        }
}

Important changes here to note:

  1. The escape method you were using is specifically for the WPDB object. Instead, when handling posted form data, you want to sanitize. There are appropriate WP functions for this, including the two I changed in your function – sanitize_user() and sanitize_email().
  2. You’re using wp_create_user() and then immediately using wp_insert_user(). Unless you have code outside of this snippet that is assembling the $userdata value you have in that function, this is unnecessary. wp_create_user() actually runs wp_insert_user() and then returns the user ID. So I removed that unnecessary function (since the data it was passing was an undefined variable in your code anyway).
  3. The arguments you’re passing to wp_new_user_notification() are incorrect. The function accepts two arguments separated by a deprecated argument that no longer is used. So it’s $user_id (not username), the empty deprecated argument (empty since it’s ignored), then the optional $notify (empty, user, admin, or both) – wp_new_user_notification( $user_id, '', ''). The $user_id value comes from wp_create_user(). The second two arguments I left off since the one is ignored by the function, and the other is optional (if not set, it will just send to the user).

Note carefully, #3 above, because what you were sending to that function is probably why you were having trouble with it. First, you were passing the user’s username instead of the user ID, so the function would never find the user. But more importantly, if you look at the actual function, if the third argument is anything other than ‘user’, ‘admin’ , ‘both’ or default ”, the function quits right there. You were passing the user’s email in this position, so the function would quit right away.

I’ve linked the documentation for these functions – it’s a good idea to review that information when you’re using WP core functions to make sure you’re using them correctly.

Alternate method:

Here’s the alternate method I promised. This corrects similar issues, such as only using wp_create_user(). But the difference is that you’ll need to create and send your own customized email, since the wp_new_user_notification() function assumes you’re sending a link for the user to set their password (which you’re already collecting in your form).

In order to send your custom email, it uses wp_mail() (which, like the above code, you should take some time to review the function’s documentation so you know what it does and how to use it).

if($_POST){
     $username= sanitize_user($_POST['txtusername']);
     $email= sanitize_email($_POST['txtEmail']);
    $password= $_POST['txtpassword'];
     $confpassword= $_POST['txtconfirmpassword']);

     $error=array();

     if(strpos($username,' ')!==FALSE){
       $error['username_space']="username has space";

     }

     if(empty($username)){
         $error['username_empty']="username needed";
     }
     if(username_exists($username)){
     $error['username_exist']="username already exists";

     }

  if(!is_email($email)){
      $error['email_valid']="enter valid email id";

     }

     if(email_exists($email)){
      $error['email_existence']="email already exists";

     }

     if(strcmp($password, $confpassword)){
      $error['password']="password doesnt match";

     }

     if(count($error)==0) {
      $user_id = wp_create_user($username,$password,$email);
      echo "you have registered succesfully.. ";

        $subject="Thanks for registering";
        $message="Thanks for registering. 

            Please return to the site to log in:

            https://example.com/my-login/";

        wp_mail( $email, $subject, $message );

        exit();
     }

     else{
        print_r($error);
        }
}