wp_create_user not properly entering password

I’m trying to create a new user after someone fills out a form. I’m using wp_create_user to do so. A user is being created properly, but, for whatever reason, no password is being submitted to the users table. It’s simply a blank value.

First of all, I should note that, unfortunately, for this project I’m on 3.1.3 and there is very little chance that I’d be able to use 3.2.1.

Read More

I’ve checked to make sure that the password is correct up to the point that it is passed to the wp_create_user function and the value is as expected. I’ve also gone so far as to trace the password to the wp_insert_user function. It passes through the wp_hash_password function and comes out as a 34 character password hash. I then checked to see what the value of the password is before the $wpdb->insert method is executed to insert the user. The password is still the beautiful hash, not an empty value. I then kept on down the rabbit whole into the _insert_replace_helper method of the $wpdb class. The data fed to that function was just fine; however, the function returns:

return $this->query( $this->prepare( $sql, $data ) );

I went to look at the prepare method and it is defined as:

function prepare( $query = null ) { // ( $query, *$args )

Yes that little comment is from the actual code. When I saw it, I thought the previous dev had made this alteration. I was initially furious until I diffed it against the real file and found it to be identical. So, my confusion here is that the _insert_replace_helper method is calling the prepare method and sending it two arguments when it expects 1. What in the world is going on here?

Ultimately, I have two questions:

1) Why isn’t my password being sent to the database
2) What is going on with the _insert_replace_helper method sending two arguments to the prepare method?

I should note that the function I’m using to add the user looks like:

// Function for registering user
function gov_register_user($name, $password, $email, $company, $phone)
{
    // If user is registered, don't register him/her again, but return true so no error is flagged
    if(email_exists($email))
        return true;

    // If any of the necessary fields are not filled, return false
    if($name == '' || $password == '' || $email == '')
        return false;

    // It's now safe to register the user
    $user_id = wp_create_user($name, $password, $email);
    if($user_id)
    {
        // Email user
        add_filter('wp_mail_content_type',create_function('', 'return "text/html"; '));
        wp_mail($email, 'Registration', get_mail_user_registration($name, $email));

        // Set meta fields
        set_cimyFieldValue($user_id, 'COMPANY', $company);
        set_cimyFieldValue($user_id, 'PHONE', $phone);

        // Log user in
        $gov_creds = array(
            'user_login' => $name,
            'user_password' => $password,
            'remember' => true
        );
        wp_signon($gov_creds, false);   

        return true;
    }
    else
        return false;
}

Related posts

Leave a Reply

1 comment

  1. PHP support variable-lengths argument lists. Simply put you can pass as many additional arguments as you want to any function and PHP won’t even blink.

    If you look at the source of $wpdb->prepare() method it simply fetches all arguments with func_get_args() into variable and works with that. It doesn’t care about function signature (older or current either) at all.

    So I think this is completely unrelated to your password issue, I’d try poking that plugin.

    PS 3.2 is not that much different from 3.1, why problem upgrading? Running outdated version is trouble in the long run.