Two ways to add Joomla users using your custom code

The task of adding Joomla users, login/logout, activating/deactivating of users and password reset tasks etc are handled by the component com_users. In this post I will show how to add a joomla user from an external page.

Adding users externally can be done in two ways:
1. Create an html form with correct fields and submit it the correct Joomla url so that Joomla handles the registration, or
2. If you want to do it in your custom method, you need to create both the html form and the and the script that will add the user to the Joomla.

First, the regular way:

We create an html form with the correct field names and place the form in the joomla root. The field names should match with that of the general joomla registration form.

If we view the source of a Joomla registration form then we can see that the form has text fields named name, username, Email, password, password2 and hidden fields task, id, gid. There is another hidden field whose name is generated by JUtility::getToken() and the value of the field is 1. This field value is checked at the time of submitting the registration information. More about this in a moment. On submitting the registration form the registration information is processed by the register_save method of the UserController in com_user, which has been specified by the hidden field named task in the registration form.

Now we come to the UserController in the com_user. In the register_save method there is a line which checks the token value from the submitted form. As we are using a static html form we either need to generate the token name on the html form or if we don’t want to include the token in the form then we need to bypass the line of code which checks for the token.

JRequest::checkToken() or jexit( 'Invalid Token' );

In the register_save method of the UserController in the com_user. Since we will be using a html form commonly so we go for the second option and comment the line for checking token

// JRequest::checkToken() or jexit( 'Invalid Token' );

The submitted registration information is then processed by the register_save method. The data is actually saved in the save method of the UserController.

Now, the Other way:

Here we use the previously created form and submit it to the custom script that we create. This approach is basically to copy the functionality of the register_save() method in the UserController in com_user to an external script and submit the html registration form to that script.

Now onto the script:
To access the joomla environment in an external script, the following snippet is added to the start of the script:

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );
 
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
 
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();

This snippet basically makes available the joomla framework available in the script. The code snippet is found in the index.php of the joomla root.

Now we import the functionality of the register_save() method in the script.

#1. Check for request forgeries, we comment this out since tokens are not generated in the html page

//JRequest::checkToken() or jexit( 'Invalid Token' );

#2. Get required system objects

$user 	      = clone(JFactory::getUser());
$pathway 	      = & $mainframe->getPathway();
$config	      = & JFactory::getConfig();
$authorize	      = & JFactory::getACL();
$document       = & JFactory::getDocument();

#3. If user registration is not allowed, show 403 not authorized(Not needed)

$usersConfig = &JComponentHelper::getParams( 'com_users' );
if ($usersConfig->get('allowUserRegistration') == '0')
	{
		JError::raiseError( 403, JText::_( 'Access Forbidden' ));
		return;
	}

#4. Initialize new usertype setting

$newUsertype = $usersConfig->get( 'new_usertype' );
if (!$newUsertype)
	{
		$newUsertype = 'Registered';
	}

#5. Bind the post array to the user object

if (!$user->bind( JRequest::get('post'), 'usertype' ))
	{
		JError::raiseError( 500, $user->getError());
	}

#6. Set some initial user values

$user->set('id', 0);
$user->set('usertype', '');
$user->set('gid', $authorize->get_group_id( '', $newUsertype, 'ARO' ));
 
$date =& JFactory::getDate();
$user->set('registerDate', $date->toMySQL());

#7. If user activation is turned on, we need to set the activation information(Not needed)

$useractivation = $usersConfig->get( 'useractivation' );
if ($useractivation == '1')
	{
		jimport('joomla.user.helper');
		$user->set('activation', md5( JUserHelper::genRandomPassword()) );
		$user->set('block', '1');
	}

#8. Save the details of the user

$user->save();

After this we can use the php header function to redirect the user to the desired location.

That’s it! I hope Joomla developers find this helpful and please feel to post your views and comments to this post.

1 Star2 Stars3 Stars4 Stars5 Stars (23 votes, average: 3.74 out of 5)
Loading ... Loading ...

Tags: ,

22 Responses to “Two ways to add Joomla users using your custom code”

  1. KT says:

    Very good tutorial, thanks!

  2. Vasan says:

    Excellent tutorial, just what i needed, thanks a heap!!

  3. bryan says:

    hi this was not very useful and I wasted several hours trying to implement it, finally got user registrations from the following site. Too bad this site came to the top of google.

    http://docs.joomla.org/JUser

  4. mike says:

    Maybe there’s something going on here? I tried what Bryan did and it didn’t work… then I tried this and it worked first try!

  5. dharprog says:

    Its working like a charm, I have gone through the second way and it is working very perfect in the first instance i mean in the first verification itself.

    Thanks alot. My time has saved alot to do this.

    Hey Bryan Are you a designer or programmer??? It does have syntax error thats why It might not worked for you.

  6. tours says:

    Hmmmm, dont like the security that is needed by commenting out //JRequest::checkToken() or jexit( ‘Invalid Token’ ); if you do that you are really putting your joomla site at risk.

  7. Cort says:

    Is commenting out //JRequest::checkToken() or jexit( ‘Invalid Token’ ) a significant security concern??

  8. naveen says:

    i didn’t tried the top method but what brian said is absolutely correct way to create user.
    http://docs.joomla.org/JUser

    everything is handled by joomla so is best way to create user

  9. kokila says:

    hi i can’t understand anybody help me or attach sample forms.I dont know how to give database connection.Plz give me sample forms

  10. TBS says:

    I get the error:

    Fatal error: Call to a member function bind() on a non-object in /home/…..user.php on line 495

    I try to insert the new user from a model and all is ok right up to the line $user->save()

  11. Luciano says:

    Hello,

    How do you sent activation mail after user registered?
    I’m trying now to create a new way for user registration in joomla with custom form, but, I have this issue.

    Thank you.

    All the best.

  12. molo says:

    @Luciano

    Hi,

    I have faced with the same issue – after registration I don’t have welcome and activation emails.

    Did you figure out how to sent email after registration?

    Thanks

  13. Ashish Kumar says:

    Informative post, Joomla development empowers you to build up informative websites and competent applications.

  14. Dayo says:

    Thanks for this. Can you kindly provide similar for v1.6+?

  15. Sergey says:

    At least i found excellent tutorial, about user register! Thanks a lot!)

  16. joomla, joomla template…

    [...]Two ways to add Joomla users using your custom code | Diadem Tech Weblogs[...]…

  17. GC says:

    I m a newbie, but have a task that requires addition of joomla user from an external script.

    Can you elaborate the last statement

    “After this we can use the php header function to redirect the user to the desired location.”

    Would appreciate if an example of this is provided.

  18. @GC’s Comment RE: redirecting after save.
    What you actually want to do is:
    redirect(“New User Created”);
    ?>

  19. Victor says:

    Works for joomla 2.5?

  20. Stergios says:

    it’s big security hole….a bot can register thousand users via CURL in only few seconds!

  21. jasa seo says:

    good info gus, joomla com_user in vulnerability -_-

Leave a Reply