function user_register_submit in Drupal 6

Submit handler for the user registration form.

This function is shared by the installation form and the normal registration form, which is why it can't be in the file.


modules/user/user.module, line 2381
Enables the user registration and login system.


function user_register_submit($form, &$form_state) {
  global $base_url;
  $admin = user_access('administer users');
  $mail = $form_state['values']['mail'];
  $name = $form_state['values']['name'];
  if (!variable_get('user_email_verification', TRUE) || $admin) {
    $pass = $form_state['values']['pass'];
  else {
    $pass = user_password();
  $notify = isset($form_state['values']['notify']) ? $form_state['values']['notify'] : NULL;
  $from = variable_get('site_mail', ini_get('sendmail_from'));
  if (isset($form_state['values']['roles'])) {

    // Remove unset roles.
    $roles = array_filter($form_state['values']['roles']);
  else {
    $roles = array();
  if (!$admin && array_intersect(array_keys($form_state['values']), array(
  ))) {
    watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
    $form_state['redirect'] = 'user/register';

  // The unset below is needed to prevent these form values from being saved as
  // user data.
  unset($form_state['values']['form_token'], $form_state['values']['submit'], $form_state['values']['op'], $form_state['values']['notify'], $form_state['values']['form_id'], $form_state['values']['affiliates'], $form_state['values']['destination']);
  $merge_data = array(
    'pass' => $pass,
    'init' => $mail,
    'roles' => $roles,
  if (!$admin) {

    // Set the user's status because it was not displayed in the form.
    $merge_data['status'] = variable_get('user_register', 1) == 1;
  $account = user_save('', array_merge($form_state['values'], $merge_data));

  // Terminate if an error occured during user_save().
  if (!$account) {
    drupal_set_message(t("Error saving user account."), 'error');
    $form_state['redirect'] = '';
  $form_state['user'] = $account;
  watchdog('user', 'New user: %name (%email).', array(
    '%name' => $name,
    '%email' => $mail,
  ), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $account->uid . '/edit'));

  // The first user may login immediately, and receives a customized welcome e-mail.
  if ($account->uid == 1) {
    drupal_set_message(t('Welcome to Drupal. You are now logged in as user #1, which gives you full control over your website.'));
    if (variable_get('user_email_verification', TRUE)) {
      drupal_set_message(t('</p><p> Your password is <strong>%pass</strong>. You may change your password below.</p>', array(
        '%pass' => $pass,
    user_authenticate(array_merge($form_state['values'], $merge_data));
    $form_state['redirect'] = 'user/1/edit';
  else {

    // Add plain text password into user account to generate mail tokens.
    $account->password = $pass;
    if ($admin && !$notify) {
      drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array(
        '@url' => url("user/{$account->uid}"),
        '%name' => $account->name,
    else {
      if (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) {

        // No e-mail verification is required, create new user account, and login
        // user immediately.
        _user_mail_notify('register_no_approval_required', $account);
        if (user_authenticate(array_merge($form_state['values'], $merge_data))) {
          drupal_set_message(t('Registration successful. You are now logged in.'));
        $form_state['redirect'] = '';
      else {
        if ($account->status || $notify) {

          // Create new user account, no administrator approval required.
          $op = $notify ? 'register_admin_created' : 'register_no_approval_required';
          _user_mail_notify($op, $account);
          if ($notify) {
            drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array(
              '@url' => url("user/{$account->uid}"),
              '%name' => $account->name,
          else {
            drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
            $form_state['redirect'] = '';
        else {

          // Create new user account, administrator approval required.
          _user_mail_notify('register_pending_approval', $account);
          drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.'));
          $form_state['redirect'] = '';