WordPress Plugin Development from Scratch – Lesson -2

In last session we have learned about add_action() and add_filters() hooks , please go through the last session once if you have missed it click link below

• WordPress plugin development from scratch – Lesson-1

Most of the beginners search for custom form creator plugins to create forms in your wordpress website, some of them may have different requirements , to full fill their requirement , they need to try to create their own wordpress custom plugins , today I want to show you a small and simple registration form , which creates users. Let’s create a function in my_demo_plugin.php.

Here in this function we are creating html form code to display in frontend, let’s check the function below.

function ektree_add_registration_form()
{
echo' <form class="form-horizontal" action="' . esc_url($_SERVER['REQUEST_URI']) . '" method="POST">';
echo '<fieldset>';
echo '<div id="legend">';
echo ' <legend class="">Register</legend>';
echo '</div>';
echo '<div class="control-group">';

echo  '<label class="control-label"  for="username">Username</label>';
echo '<div class="controls">';
echo ' <input type="text" id="username" name="username" placeholder="" value="' . ( isset( $_POST['username']) ? esc_attr( $_POST['username'] ) : '' ) . '" class="input-xlarge">';
echo '<p class="help-block">Username can contain any letters or numbers, without spaces</p>';
echo '</div>';
echo ' </div>';

echo '<div class="control-group">';

echo ' <label class="control-label" for="email">E-mail</label>';
echo ' <div class="controls">';
echo ' <input type="text" id="email" name="email" placeholder="" value="' . ( isset( $_POST['email']) ? esc_attr( $_POST['email'] ) : '' ) . '" class="input-xlarge">';
echo '<p class="help-block">Please provide your E-mail</p>';
echo '</div>';
echo'</div>';

echo '<div class="control-group">';
echo   '<label class="control-label" for="password">Password</label>';
echo '<div class="controls">';
echo '<input type="password" id="password" name="password" placeholder="" value="' . ( isset( $_POST['password']) ? esc_attr( $_POST['password'] ) : '' ) . '" class="input-xlarge">';
echo '<p class="help-block">Password should be at least 4 characters</p>';
echo '</div>';
echo '</div>';

echo '<div class="control-group">';
echo '<div class="controls">';
echo '<input type="submit" name="submit" value="Register" class="btn btn-success"/>';
echo '</div>';
echo '</div>';
echo '</fieldset>';
echo '</form>';

}

To display form in your post or page we need to create shortcode for this form, to add Shortcode we need to create a function as below.

// The Registration form shortcode function
function ektree_reg_shortcode() {
ob_start();
ektree_add_registration_form();
return ob_get_clean();
}
add_shortcode( 'ektree_registration', 'ektree_reg_shortcode' );

Now above function is registered to wordpress ,we can use form in any page or post by adding [ektree_registration].
Now we need to write code to insert form data to wordpress database, let’s check the function below.

function ektree_insert_registration() {
if ( isset($_POST['submit'] ) ) {
ektree_reg_validation($_POST['username'],$_POST['password'],$_POST['email']);

// sanitize user form input
global $wpdb,$ektree_errors;

if ( 1 > count( $ektree_errors->get_error_messages() ) )
{
$table_name = $wpdb->prefix . "ektreeuser";
$wpdb->insert($table_name,array('user_login' =>sanitize_user( $_POST['username'] ),'user_email' =>sanitize_email( $_POST['email'] ) ,'user_pass' =>esc_attr( $_POST['password'] )));
}

}
}

Here in the above function, I am trying to insert the form data to ektreeuser table, before we are inserting the data we need to sanitize the user data using wordpress escaping functions, which helps in to avoid cross site scripting attacks. We can also add validations to avoid wrong inputs from users, for this we created a function as.

function ektree_reg_validation( $username, $password, $email) 
{
global $ektree_errors;
$ektree_errors = new WP_Error;
if ( empty( $username ) || empty( $password ) || empty( $email ) ) {
$ektree_errors->add('field', 'Required form field is missing');
}
if ( username_exists( $username ) ){
$ektree_errors->add('user_name', 'Sorry, that username already exists!');

}
if ( ! validate_username( $username ) ) {
$ektree_errors->add( 'username_invalid', 'Sorry, the username you entered is not valid' );
}
if ( 5 > strlen( $password ) ) {
$ektree_errors->add( 'password', 'Password length must be greater than 5' );
}
if ( !is_email( $email ) ) {
$ektree_errors->add( 'email_invalid', 'Email is not valid' );
}
if ( email_exists( $email ) ) {
$ektree_errors->add( 'email', 'Email Already in use' );
}
if ( is_wp_error( $ektree_errors ) ) {

foreach ( $ektree_errors->get_error_messages() as $error ) {

echo '<div>';
echo '<strong>ERROR</strong>:';
echo $error . '<br/>';
echo '</div>';

}

}
}

Above code helps us to check the unique username, email validation and password strength, by using validations we can avoid duplicate data entries from users.
Thanks for reading this article