Create not-activated user in code, wordpress

1 Views

I’m doing a site in wordpress and I need some help.
I have a custom registration form where users can sign up and get special roles, but I want to save the users to the database as not activated so that the admin activates them through a plugin. Problem is that the code I’m using, just saves the user in the db immediately and the account is usable.

Any ideas on how to create a new user as not activated?

$newUser = wp_create_user($un, $pw, $em);    
        if (!$newUser || is_wp_error($newUser)) {       
            $error = "[:en]Please fill in all fields.[:it]Please fill in all fields.";
        } else {
            $userinfo = array('ID'=>$newUser, 'first_name' => $fn, 'last_name' => $ln);   
            wp_update_user($userinfo);
            update_usermeta($newUser, 'company', $co);
            $user = new WP_User($newUser);
            $user->remove_role('subscriber');
            $user->add_role($tp);
            $success = "[:en]Your registration has been submitted for approval.[:it]Your registration has been submitted for approval.";
            wp_new_user_notification($newUser, $pw);
        }
Post Views: 1

Related posts

Leave a Reply

5 comments

  1. WordPress does not have a active/deactivate function out of the box
    This worked for me to create users with aditional data.

    wp_insert_user(array(
        'user_login' => $username,
        'user_pass' => $password,
        'user_email' => $email,
        'wp_user_level' => $role,
        'show_admin_bar_front' => 'false' //you probably won't want normal users to see the admin bar
    ));

    http://codex.wordpress.org/Function_Reference/wp_insert_user
    Try adding a temporary role with no rights at all.

    PS.
    I see you are directly trying to insert the user without validating your data first.
    That’s not very safe.

  2. On user creation you should write into a database field the fact that the created account is not activated.

    Then on user’s log in you should check back that field, if it says 0 (account not activated) you shouldn’t let the user log in, else if it says 1 (account activated) then you could proceed with the log in process.

    The table (let’s say pending_accounts) should look like:

    user_id | activated
  1234  |     1
   42   |     0

    Or even better: the activated accounts could be removed from that table (pending_accounts), so you’ll only have to check if a user_id exists there, if it exists that means that the account was not activated by an admin.

    When an admin activates an account the corresponding entry from the pending_accounts gets deleted.

    Unfortunately I don’t know wordpress’s internal structure and the way it sets up the database, but it should be easy to create an auxiliary table (pending_accounts).

  4. As a general direction, Id say just don’t email the user their password right away.

    The wp_new_user_notification function is pluggable, so if you add something like the following to your functions file or to a plugin, admins will still get new user notifications, but the users themselves won’t.

    if ( !function_exists('wp_new_user_notification') ) :
/**
 * Notify the blog admin of a new user, normally via email.
 *
 * @since 2.0
 *
 * @param int $user_id User ID
 * @param string $plaintext_pass Optional. The user's plaintext password
 */
function wp_new_user_notification($user_id, $plaintext_pass = '') {
    $user = new WP_User($user_id);

    $user_login = stripslashes($user->user_login);
    $user_email = stripslashes($user->user_email);

    // The blogname option is escaped with esc_html on the way into the database in sanitize_option
    // we want to reverse this for the plain text arena of emails.
    $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);

    $message  = sprintf(__('New user registration on your site %s:'), $blogname) . "rnrn";
    $message .= sprintf(__('Username: %s'), $user_login) . "rnrn";
    $message .= sprintf(__('E-mail: %s'), $user_email) . "rn";

    @wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);

}
endif;

    The only step left to figure out is, how do you “activate” users (send them their password). Depending on your user approval workflow, you might create a function that resets a user’s password to something random, and emails it to them. You could then hook this function to a button on the user listings screen.

    The downside to this entire approach is that it’s hard to tell which users are “inactive” (haven’t yet been emailed a password). For this, you could reply on the default_password_nag user option, or a custom user option that you set on registration, I suppose.

  5. Very easy and smart one:

    Just add some text/numbers in front or end of username and email, so when user will try to login-he will get bad username.. and when admin aprove user then your script will remove that added text/number from username/email and will send email that your account now is open 🙂

    easy and smart and almost zero coding 😀