• Knowledge Base
    • All Articles
    • BuddyBoss Platform
    • BuddyBoss Theme
    • BuddyBoss App
    • Integrations
    • Advanced Setup
    • Troubleshooting
    • Release Notes
      • BuddyBoss Platform
      • BuddyBoss Platform Pro
      • BuddyBoss Theme
      • BuddyBoss App
      • BuddyBoss App Plugin
      • Other Products
  • Developers
    • Developer Tutorials
      • Web Development
      • App Development
    • Code Reference
      • Functions
      • Hooks
      • Classes
      • Methods
      • Commands
      • App Codex
    • REST API
      • BuddyBoss Platform
      • BuddyBoss App
    • Font Cheatsheet
    • Github Project
  • Roadmap
  • Go to BuddyBoss
    Contact Support
    Filter
    • Knowledge Base
      • All Articles
      • BuddyBoss Platform
      • BuddyBoss Theme
      • BuddyBoss App
      • Integrations
      • Advanced Setup
      • Troubleshooting
      • Release Notes
        • BuddyBoss Platform
        • BuddyBoss Platform Pro
        • BuddyBoss Theme
        • BuddyBoss App
        • BuddyBoss App Plugin
        • Other Products
    • Developers
      • Developer Tutorials
        • Web Development
        • App Development
      • Code Reference
        • Functions
        • Hooks
        • Classes
        • Methods
        • Commands
        • App Codex
      • REST API
        • BuddyBoss Platform
        • BuddyBoss App
      • Font Cheatsheet
      • Github Project
    • Roadmap
    • Go to BuddyBoss
    Filter
    Filter

    Contents

    • Description
    • Parameters
    • Return
    • Source
    • Changelog
    • Related
    Code Reference Classes BP_REST_Signup_Endpoint BP_REST_Signup_Endpoint::create_item()

    BP_REST_Signup_Endpoint::create_item( WP_REST_Request $request )

    Create signup.

    Description

    Parameters

    $request

    (Required) Full data about the request.

    Return

    (WP_REST_Response) | WP_Error

    Source

    File: bp-members/classes/class-bp-rest-signup-endpoint.php

    	public function create_item( $request ) {
    		$bp = buddypress();
    
    		$request->set_param( 'context', 'edit' );
    
    		$form_fields = $this->signup_form_items( $request );
    		$form_fields = $form_fields->get_data();
    		$param       = $request->get_params();
    
    		$posted_data = array();
    		if ( ! empty( $form_fields ) ) {
    			$form_fields = array_column( $form_fields, 'id' );
    			$form_fields = array_flip( $form_fields );
    			$posted_data = array_intersect_key( $param, $form_fields );
    		}
    
    		if ( empty( $posted_data ) ) {
    			return new WP_Error(
    				'bp_rest_signup_cannot_create',
    				__( 'Cannot create new signup.', 'buddyboss' ),
    				array(
    					'status' => 500,
    				)
    			);
    		}
    
    		// verification for phpcs.
    		wp_verify_nonce( wp_create_nonce( 'rest_signup' ), 'rest_signup' );
    
    		$_POST = array();
    		$_POST = $posted_data;
    
    		$user_name  = (
    			function_exists( 'bp_get_signup_username_value' )
    			? bp_get_signup_username_value()
    			: (
    				isset( $_POST['signup_username'] )
    				? filter_input( INPUT_POST, 'signup_username' )
    				: ''
    			)
    		);
    		$user_email = (
    			function_exists( 'bp_get_signup_email_value' )
    			? bp_get_signup_email_value()
    			: (
    				isset( $_POST['signup_email'] )
    				? filter_input( INPUT_POST, 'signup_email' )
    				: ''
    			)
    		);
    
    		// Check the base account details for problems.
    		$account_details = bp_core_validate_user_signup( $user_name, $user_email );
    
    		$email_opt    = function_exists( 'bp_register_confirm_email' ) && true === bp_register_confirm_email() ? true : false;
    		$password_opt = function_exists( 'bp_register_confirm_password' ) ? bp_register_confirm_password() : true;
    
    		// If there are errors with account details, set them for display.
    		if ( ! empty( $account_details['errors']->errors['user_name'] ) ) {
    			$bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0];
    		}
    
    		if ( ! empty( $account_details['errors']->errors['user_email'] ) ) {
    			$bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0];
    		}
    
    		// Check that both password fields are filled in.
    		if ( isset( $_POST['signup_password'] ) && empty( $_POST['signup_password'] ) ) {
    			$bp->signup->errors['signup_password'] = __( 'Please make sure to enter your password.', 'buddyboss' );
    		}
    
    		// if email opt enabled.
    		if ( true === $email_opt ) {
    
    			// Check that both password fields are filled in.
    			if ( empty( $_POST['signup_email'] ) || empty( $_POST['signup_email_confirm'] ) ) {
    				$bp->signup->errors['signup_email'] = __( 'Please make sure to enter your email twice.', 'buddyboss' );
    			}
    
    			// Check that the passwords match.
    			if (
    				( ! empty( $_POST['signup_email'] ) && ! empty( $_POST['signup_email_confirm'] ) )
    				&& $_POST['signup_email'] !== $_POST['signup_email_confirm']
    			) {
    				$bp->signup->errors['signup_email'] = __( 'The emails entered do not match.', 'buddyboss' );
    			}
    		}
    
    		// if password opt enabled.
    		if ( true === $password_opt ) {
    
    			// Check that both password fields are filled in.
    			if ( empty( $_POST['signup_password'] ) || empty( $_POST['signup_password_confirm'] ) ) {
    				$bp->signup->errors['signup_password'] = __( 'Please make sure to enter your password twice.', 'buddyboss' );
    			}
    
    			// Check that the passwords match.
    			if (
    				( ! empty( $_POST['signup_password'] ) && ! empty( $_POST['signup_password_confirm'] ) )
    				&& $_POST['signup_password'] !== $_POST['signup_password_confirm']
    			) {
    				$bp->signup->errors['signup_password'] = __( 'The passwords entered do not match.', 'buddyboss' );
    			}
    		}
    
    		$bp->signup->username = $user_name;
    		$bp->signup->email    = $user_email;
    
    		// Now we've checked account details, we can check profile information.
    		if ( bp_is_active( 'xprofile' ) ) {
    
    			$xprofile_fields = array_filter(
    				$posted_data,
    				function ( $v, $k ) {
    					return strpos( $k, 'field_' ) === 0;
    				},
    				ARRAY_FILTER_USE_BOTH
    			);
    
    			$profile_field_ids = array();
    
    			// Make sure hidden field is passed and populated.
    			if ( isset( $xprofile_fields ) && ! empty( $xprofile_fields ) ) {
    
    				// Loop through the posted fields formatting any datebox values then validate the field.
    				foreach ( (array) $xprofile_fields as $field => $value ) {
    					$field_id            = str_replace( 'field_', '', $field );
    					$profile_field_ids[] = $field_id;
    					bp_xprofile_maybe_format_datebox_post_data( $field_id );
    
    					// Trim post fields.
    					if ( isset( $_POST[ 'field_' . $field_id ] ) ) {
    						if ( is_array( $_POST[ 'field_' . $field_id ] ) ) {
    							$_POST[ 'field_' . $field_id ] = array_map( 'trim', $_POST[ 'field_' . $field_id ] ); // phpcs:ignore
    						} else {
    							$_POST[ 'field_' . $field_id ] = trim( $_POST[ 'field_' . $field_id ] ); // phpcs:ignore
    						}
    					}
    
    					// Create errors for required fields without values.
    					if ( xprofile_check_is_required_field( $field_id ) && empty( $_POST[ 'field_' . $field_id ] ) && ! bp_current_user_can( 'bp_moderate' ) ) {
    						$bp->signup->errors[ 'field_' . $field_id ] = __( 'This is a required field.', 'buddyboss' );
    					} else {
    						// Validate xprofile.
    						$message = ( function_exists( 'xprofile_validate_field' ) ? xprofile_validate_field( $field_id, $_POST[ 'field_' . $field_id ], '' ) : '' ); // phpcs:ignore
    						if ( isset( $_POST[ 'field_' . $field_id ] ) && ! empty( $message ) ) {
    							$bp->signup->errors[ 'field_' . $field_id ] = $message;
    						}
    					}
    				}
    			}
    		}
    
    		// Finally, let's check the blog details, if the user wants a blog and blog creation is enabled.
    		if ( isset( $_POST['signup_with_blog'] ) ) {
    			$active_signup = bp_core_get_root_option( 'registration' );
    
    			if ( 'blog' === $active_signup || 'all' === $active_signup ) {
    				$blog_details = bp_core_validate_blog_signup( $_POST['signup_blog_url'], $_POST['signup_blog_title'] ); // phpcs:ignore
    
    				// If there are errors with blog details, set them for display.
    				if ( ! empty( $blog_details['errors']->errors['blogname'] ) ) {
    					$bp->signup->errors['signup_blog_url'] = $blog_details['errors']->errors['blogname'][0];
    				}
    
    				if ( ! empty( $blog_details['errors']->errors['blog_title'] ) ) {
    					$bp->signup->errors['signup_blog_title'] = $blog_details['errors']->errors['blog_title'][0];
    				}
    			}
    		}
    
    		if ( ! empty( $bp->signup->errors ) ) {
    			if ( function_exists( 'bp_xprofile_nickname_field_id' ) && isset( $bp->signup->errors['signup_username'] ) ) {
    				if ( ! isset( $bp->signup->errors[ 'field_' . bp_xprofile_nickname_field_id() ] ) ) {
    					$bp->signup->errors[ 'field_' . bp_xprofile_nickname_field_id() ] = $bp->signup->errors['signup_username'];
    				}
    				unset( $bp->signup->errors['signup_username'] );
    			}
    
    			return new WP_Error(
    				'bp_rest_register_errors',
    				$bp->signup->errors,
    				array(
    					'status' => 200,
    				)
    			);
    		}
    
    		// No errors! Let's register those deets.
    		$active_signup = bp_core_get_root_option( 'registration' );
    
    		if ( 'none' === $active_signup ) {
    			return new WP_Error(
    				'bp_rest_signup_disabled',
    				__( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ),
    				array(
    					'status' => rest_authorization_required_code(),
    				)
    			);
    		}
    
    		// Make sure the profiles fields module is enabled.
    		if ( bp_is_active( 'xprofile' ) && isset( $profile_field_ids ) && ! empty( $profile_field_ids ) ) {
    
    			/**
    			 * Loop through the posted fields, formatting any
    			 * datebox values, then add to usermeta.
    			 */
    			foreach ( (array) $profile_field_ids as $field_id ) {
    				bp_xprofile_maybe_format_datebox_post_data( $field_id );
    
    				if ( ! empty( $_POST[ 'field_' . $field_id ] ) ) {
    					$usermeta[ 'field_' . $field_id ] = $_POST[ 'field_' . $field_id ]; // phpcs:ignore
    				}
    
    				if ( ! empty( $_POST[ 'field_' . $field_id . '_visibility' ] ) ) {
    					$usermeta[ 'field_' . $field_id . '_visibility' ] = $_POST[ 'field_' . $field_id . '_visibility' ]; // phpcs:ignore
    				}
    			}
    
    			// Store the profile field ID's in usermeta.
    			$usermeta['profile_field_ids'] = implode( ',', $profile_field_ids );
    		}
    
    		// Hash and store the password.
    		$usermeta['password'] = wp_hash_password( $_POST['signup_password'] ); // phpcs:ignore
    
    		// If the user decided to create a blog, save those details to usermeta.
    		if ( 'blog' === $active_signup || 'all' === $active_signup ) {
    			$usermeta['public'] = (
    				(
    					isset( $_POST['signup_blog_privacy'] )
    					&& 'public' === $_POST['signup_blog_privacy']
    				)
    				? true
    				: false
    			);
    		}
    
    		/**
    		 * Filters the user meta used for signup.
    		 *
    		 * @param array $usermeta Array of user meta to add to signup.
    		 *
    		 * @since 0.1.0
    		 */
    		$usermeta = apply_filters( 'bp_signup_usermeta', $usermeta );
    
    		// Finally, sign up the user and/or blog.
    		if ( isset( $_POST['signup_with_blog'] ) && is_multisite() ) {
    			$wp_user_id = bp_core_signup_blog(
    				$blog_details['domain'],
    				$blog_details['path'],
    				$blog_details['blog_title'],
    				$user_name,
    				$user_email,
    				$usermeta
    			);
    		} else {
    			$wp_user_id = bp_core_signup_user(
    				$user_name,
    				filter_input( INPUT_POST, 'signup_password' ),
    				$user_email,
    				$usermeta
    			);
    		}
    
    		if ( is_wp_error( $wp_user_id ) ) {
    			return new WP_Error(
    				'bp_rest_signup_cannot_create',
    				$wp_user_id->get_error_message(),
    				array(
    					'status' => 500,
    				)
    			);
    		}
    
    		$signup        = $this->get_signup_object( $user_name );
    		$signup_update = $this->update_additional_fields_for_object( $signup, $request );
    
    		if ( is_wp_error( $signup_update ) ) {
    			return new WP_Error(
    				'bp_rest_rest_errors',
    				__( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ),
    				array(
    					'status' => rest_authorization_required_code(),
    				)
    			);
    		}
    
    		$retval            = array();
    		$retval['success'] = true;
    		$retval['message'] = __( 'Before you can login, you need to confirm your email address via the email we just sent to you.', 'buddyboss' );
    		$retval['data']    = array();
    
    		$retval['data'] = $this->prepare_response_for_collection(
    			$this->prepare_item_for_response( $signup, $request )
    		);
    
    		$response = rest_ensure_response( $retval );
    
    		/**
    		 * Fires after a signup item is created via the REST API.
    		 *
    		 * @param BP_Signup        $signup   The created signup.
    		 * @param WP_REST_Response $response The response data.
    		 * @param WP_REST_Request  $request  The request sent to the API.
    		 *
    		 * @since 0.1.0
    		 */
    		do_action( 'bp_rest_signup_create_item', $signup, $response, $request );
    
    		return $response;
    	}
    

    Expand full source code Collapse full source code

    Changelog

    Changelog
    Version Description
    0.1.0 Introduced.

    Related

    Uses

    Uses
    Uses Description
    bp-members/classes/class-bp-rest-signup-endpoint.php: BP_REST_Signup_Endpoint::signup_form_items()

    Retrieve Signup Form Fields.

    bp-members/classes/class-bp-rest-signup-endpoint.php: BP_REST_Signup_Endpoint::get_signup_object()

    Get signup object.

    bp-members/classes/class-bp-rest-signup-endpoint.php: BP_REST_Signup_Endpoint::prepare_item_for_response()

    Prepares signup to return as an object.

    bp-members/classes/class-bp-rest-signup-endpoint.php: bp_rest_signup_create_item

    Fires after a signup item is created via the REST API.

    bp-core/bp-core-options.php: bp_register_confirm_email()

    Display email confirmation field in registrations.

    bp-core/bp-core-options.php: bp_register_confirm_password()

    Display password confirmation field in registrations.

    bp-loader.php: buddypress()

    The main function responsible for returning the one true BuddyBoss Instance to functions everywhere.

    bp-xprofile/bp-xprofile-functions.php: bp_xprofile_maybe_format_datebox_post_data()

    Formats datebox field values passed through a POST request.

    bp-xprofile/bp-xprofile-functions.php: bp_xprofile_nickname_field_id()

    Get the field id of the nick name field, fallback to default fullname field

    bp-xprofile/bp-xprofile-functions.php: xprofile_check_is_required_field()

    Check if field is a required field.

    bp-xprofile/bp-xprofile-functions.php: xprofile_validate_field()

    Validate profile field.

    bp-members/bp-members-functions.php: bp_core_validate_user_signup()

    Validate a user name and email address when creating a new user.

    bp-members/bp-members-functions.php: bp_core_validate_blog_signup()

    Validate blog URL and title provided at signup.

    bp-members/bp-members-functions.php: bp_core_signup_blog()

    Create a blog and user based on data supplied at user registration.

    bp-members/bp-members-functions.php: bp_core_signup_user()

    Process data submitted at user registration and convert to a signup object.

    bp-members/screens/register.php: bp_signup_usermeta

    Filters the user meta used for signup.

    bp-members/bp-members-template.php: bp_get_signup_email_value()

    Get the email address submitted during signup.

    bp-members/bp-members-template.php: bp_get_signup_username_value()

    Get the username submitted during signup.

    bp-core/bp-core-template.php: bp_is_active()

    Check whether a given component (or feature of a component) is active.

    bp-core/bp-core-caps.php: bp_current_user_can()

    Check whether the current user has a given capability.

    bp-core/bp-core-options.php: bp_core_get_root_option()

    Get a root option.

    Show 16 more uses Hide more uses

    Questions?

    We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.

    © 2025 • BuddyBoss