W3cubDocs

/WordPress

wpmu_validate_user_signup( string $user_name, string $user_email )

Sanitize and validate data required for a user sign-up.

Description

Verifies the validity and uniqueness of user names and user email addresses, and checks email addresses against allowed and disallowed domains provided by administrators.

The ‘wpmu_validate_user_signup’ hook provides an easy way to modify the sign-up process. The value $result, which is passed to the hook, contains both the user-provided info and the error messages created by the function. ‘wpmu_validate_user_signup’ allows you to process the data in any way you’d like, and unset the relevant errors if necessary.

Parameters

$user_name: (string) (Required) The login name provided by the user.
$user_email: (string) (Required) The email provided by the user.

Return

(array) The array of user name, email, and the error messages.

'user_name'
(string) Sanitized and unique username.
'orig_username'
(string) Original username.
'user_email'
(string) User email address.
'errors'
(WP_Error) WP_Error object containing any errors found.

Source

File: wp-includes/ms-functions.php

function wpmu_validate_user_signup( $user_name, $user_email ) {
	global $wpdb;

	$errors = new WP_Error();

	$orig_username = $user_name;
	$user_name     = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) );

	if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) {
		$errors->add( 'user_name', __( 'Usernames can only contain lowercase letters (a-z) and numbers.' ) );
		$user_name = $orig_username;
	}

	$user_email = sanitize_email( $user_email );

	if ( empty( $user_name ) ) {
		$errors->add( 'user_name', __( 'Please enter a username.' ) );
	}

	$illegal_names = get_site_option( 'illegal_names' );
	if ( ! is_array( $illegal_names ) ) {
		$illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' );
		add_site_option( 'illegal_names', $illegal_names );
	}
	if ( in_array( $user_name, $illegal_names, true ) ) {
		$errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );
	}

	/** This filter is documented in wp-includes/user.php */
	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );

	if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ), true ) ) {
		$errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );
	}

	if ( ! is_email( $user_email ) ) {
		$errors->add( 'user_email', __( 'Please enter a valid email address.' ) );
	} elseif ( is_email_address_unsafe( $user_email ) ) {
		$errors->add( 'user_email', __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' ) );
	}

	if ( strlen( $user_name ) < 4 ) {
		$errors->add( 'user_name', __( 'Username must be at least 4 characters.' ) );
	}

	if ( strlen( $user_name ) > 60 ) {
		$errors->add( 'user_name', __( 'Username may not be longer than 60 characters.' ) );
	}

	// All numeric?
	if ( preg_match( '/^[0-9]*$/', $user_name ) ) {
		$errors->add( 'user_name', __( 'Sorry, usernames must have letters too!' ) );
	}

	$limited_email_domains = get_site_option( 'limited_email_domains' );
	if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) {
		$limited_email_domains = array_map( 'strtolower', $limited_email_domains );
		$emaildomain           = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) );
		if ( ! in_array( $emaildomain, $limited_email_domains, true ) ) {
			$errors->add( 'user_email', __( 'Sorry, that email address is not allowed!' ) );
		}
	}

	// Check if the username has been used already.
	if ( username_exists( $user_name ) ) {
		$errors->add( 'user_name', __( 'Sorry, that username already exists!' ) );
	}

	// Check if the email address has been used already.
	if ( email_exists( $user_email ) ) {
		$errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) );
	}

	// Has someone already signed up for this username?
	$signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name ) );
	if ( null != $signup ) {
		$registered_at = mysql2date( 'U', $signup->registered );
		$now           = time();
		$diff          = $now - $registered_at;
		// If registered more than two days ago, cancel registration and let this signup go through.
		if ( $diff > 2 * DAY_IN_SECONDS ) {
			$wpdb->delete( $wpdb->signups, array( 'user_login' => $user_name ) );
		} else {
			$errors->add( 'user_name', __( 'That username is currently reserved but may be available in a couple of days.' ) );
		}
	}

	$signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email ) );
	if ( null != $signup ) {
		$diff = time() - mysql2date( 'U', $signup->registered );
		// If registered more than two days ago, cancel registration and let this signup go through.
		if ( $diff > 2 * DAY_IN_SECONDS ) {
			$wpdb->delete( $wpdb->signups, array( 'user_email' => $user_email ) );
		} else {
			$errors->add( 'user_email', __( 'That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.' ) );
		}
	}

	$result = array(
		'user_name'     => $user_name,
		'orig_username' => $orig_username,
		'user_email'    => $user_email,
		'errors'        => $errors,
	);

	/**
	 * Filters the validated user registration details.
	 *
	 * This does not allow you to override the username or email of the user during
	 * registration. The values are solely used for validation and error handling.
	 *
	 * @since MU (3.0.0)
	 *
	 * @param array $result {
	 *     The array of user name, email, and the error messages.
	 *
	 *     @type string   $user_name     Sanitized and unique username.
	 *     @type string   $orig_username Original username.
	 *     @type string   $user_email    User email address.
	 *     @type WP_Error $errors        WP_Error object containing any errors found.
	 * }
	 */
	return apply_filters( 'wpmu_validate_user_signup', $result );
}

Uses

Uses	Description
wp-includes/user.php: illegal_user_logins	Filters the list of disallowed usernames.
wp-includes/l10n.php: __()	Retrieve the translation of $text.
wp-includes/formatting.php: sanitize_email()	Strips out all characters that are not allowable in an email.
wp-includes/formatting.php: is_email()	Verifies that an email is valid.
wp-includes/formatting.php: sanitize_user()	Sanitizes a username, stripping out unsafe characters.
wp-includes/functions.php: mysql2date()	Convert given MySQL date string into a different format.
wp-includes/plugin.php: apply_filters()	Calls the callback functions that have been added to a filter hook.
wp-includes/option.php: add_site_option()	Adds a new option for the current network.
wp-includes/option.php: get_site_option()	Retrieve an option value for the current network based on name of option.
wp-includes/user.php: username_exists()	Determines whether the given username exists.
wp-includes/user.php: email_exists()	Determines whether the given email exists.
wp-includes/ms-functions.php: is_email_address_unsafe()	Checks an email address against a list of banned domains.
wp-includes/ms-functions.php: wpmu_validate_user_signup	Filters the validated user registration details.
wp-includes/wp-db.php: wpdb::get_row()	Retrieves one row from the database.
wp-includes/wp-db.php: wpdb::delete()	Deletes a row in the table.
wp-includes/wp-db.php: wpdb::prepare()	Prepares a SQL query for safe execution.
wp-includes/class-wp-error.php: WP_Error::__construct()	Initialize the error.

Used By

Used By	Description
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php: WP_REST_Users_Controller::create_item()	Creates a single user.
wp-signup.php: validate_user_form()	Validate user signup name and email
wp-signup.php: validate_blog_signup()	Validate new site signup

Changelog

Version	Description
MU (3.0.0)	Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wpmu_validate_user_signup