wpmu_validate_user_signup

Sanitize and validate data required for a user sign-up.

Description

(array) wpmu_validate_user_signup( (string) $user_name, (string) $user_email ); 

Verifies the validity and uniqueness of user names and user email addresses, and checks email addresses against admin-provided domain whitelists and blacklists.

The hook provides an easy way to modify the sign-up process. The value $result, which is passed to the hook, contains both the user-provided info and the error messages created by the function. allows you to process the data in any way you'd like, and unset the relevant errors if necessary.

Returns (array)

Contains username, email, and error messages.

Parameters (2)

0. $user_name (string)
The login name provided by the user.
1. $user_email (string)
The email provided by the user.

Usage

  1. if ( !function_exists( 'wpmu_validate_user_signup' ) ) { 
  2. require_once ABSPATH . WPINC . '/ms-functions.php'; 
  3.  
  4. // The login name provided by the user. 
  5. $user_name = ''; 
  6.  
  7. // The email provided by the user. 
  8. $user_email = ''; 
  9.  
  10. // NOTICE! Understand what this does before running. 
  11. $result = wpmu_validate_user_signup($user_name, $user_email); 
  12.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/ms-functions.php  
  1. function wpmu_validate_user_signup($user_name, $user_email) { 
  2. global $wpdb; 
  3.  
  4. $errors = new WP_Error(); 
  5.  
  6. $orig_username = $user_name; 
  7. $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); 
  8.  
  9. if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { 
  10. $errors->add( 'user_name', __( 'Usernames can only contain lowercase letters (a-z) and numbers.' ) ); 
  11. $user_name = $orig_username; 
  12.  
  13. $user_email = sanitize_email( $user_email ); 
  14.  
  15. if ( empty( $user_name ) ) 
  16. $errors->add('user_name', __( 'Please enter a username.' ) ); 
  17.  
  18. $illegal_names = get_site_option( 'illegal_names' ); 
  19. if ( ! is_array( $illegal_names ) ) { 
  20. $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); 
  21. add_site_option( 'illegal_names', $illegal_names ); 
  22. if ( in_array( $user_name, $illegal_names ) ) { 
  23. $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); 
  24.  
  25. /** This filter is documented in wp-includes/user.php */ 
  26. $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); 
  27.  
  28. if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) { 
  29. $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); 
  30.  
  31. if ( is_email_address_unsafe( $user_email ) ) 
  32. $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); 
  33.  
  34. if ( strlen( $user_name ) < 4 ) 
  35. $errors->add('user_name', __( 'Username must be at least 4 characters.' ) ); 
  36.  
  37. if ( strlen( $user_name ) > 60 ) { 
  38. $errors->add( 'user_name', __( 'Username may not be longer than 60 characters.' ) ); 
  39.  
  40. // all numeric? 
  41. if ( preg_match( '/^[0-9]*$/', $user_name ) ) 
  42. $errors->add('user_name', __('Sorry, usernames must have letters too!')); 
  43.  
  44. if ( !is_email( $user_email ) ) 
  45. $errors->add('user_email', __( 'Please enter a valid email address.' ) ); 
  46.  
  47. $limited_email_domains = get_site_option( 'limited_email_domains' ); 
  48. if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) { 
  49. $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); 
  50. if ( ! in_array( $emaildomain, $limited_email_domains ) ) { 
  51. $errors->add('user_email', __('Sorry, that email address is not allowed!')); 
  52.  
  53. // Check if the username has been used already. 
  54. if ( username_exists($user_name) ) 
  55. $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) ); 
  56.  
  57. // Check if the email address has been used already. 
  58. if ( email_exists($user_email) ) 
  59. $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) ); 
  60.  
  61. // Has someone already signed up for this username? 
  62. $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) ); 
  63. if ( $signup != null ) { 
  64. $registered_at = mysql2date('U', $signup->registered); 
  65. $now = current_time( 'timestamp', true ); 
  66. $diff = $now - $registered_at; 
  67. // If registered more than two days ago, cancel registration and let this signup go through. 
  68. if ( $diff > 2 * DAY_IN_SECONDS
  69. $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_name ) ); 
  70. else 
  71. $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.')); 
  72.  
  73. $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email) ); 
  74. if ( $signup != null ) { 
  75. $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); 
  76. // If registered more than two days ago, cancel registration and let this signup go through. 
  77. if ( $diff > 2 * DAY_IN_SECONDS
  78. $wpdb->delete( $wpdb->signups, array( 'user_email' => $user_email ) ); 
  79. else 
  80. $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.')); 
  81.  
  82. $result = array('user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors); 
  83.  
  84. /** 
  85. * Filters the validated user registration details. 
  86. * This does not allow you to override the username or email of the user during 
  87. * registration. The values are solely used for validation anderrorhandling. 
  88. * @since MU 
  89. * @param array $result { 
  90. * The array of user name, email and theerrormessages. 
  91. * @type string $user_name Sanitized and unique username. 
  92. * @type string $orig_username Original username. 
  93. * @type string $user_email User email address. 
  94. * @type WP_Error $errors WP_Error object containing any errors found. 
  95. * } 
  96. */