MDL-25027 Web Service: added email validation to create_users() - just like GUI
authorAparup Banerjee <aparup@moodle.com>
Tue, 21 Feb 2012 07:23:57 +0000 (15:23 +0800)
committerAparup Banerjee <aparup@moodle.com>
Tue, 21 Feb 2012 07:23:57 +0000 (15:23 +0800)
user/externallib.php

index 488568f..e61b209 100644 (file)
@@ -86,6 +86,7 @@ class core_user_external extends external_api {
      */
     public static function create_users($users) {
         global $CFG, $DB;
+        require_once($CFG->dirroot."/lib/weblib.php");
         require_once($CFG->dirroot."/user/lib.php");
         require_once($CFG->dirroot."/user/profile/lib.php"); //required for customfields related function
                                                              //TODO: move the functions somewhere else as
@@ -134,15 +135,20 @@ class core_user_external extends external_api {
                 throw new invalid_parameter_exception('Invalid theme: '.$user['theme']);
             }
 
-            // Start of User info validation.
-            // Lets make sure we validate current user info as handled by current GUI. see user/editadvanced_form.php function validation()
-            // ok, there is no validation currently.
-            // End of user info validation.
-
             $user['confirmed'] = true;
             $user['mnethostid'] = $CFG->mnet_localhost_id;
             $user['id'] = user_create_user($user);
 
+            // Start of user info validation.
+            // Lets make sure we validate current user info as handled by current GUI. see user/editadvanced_form.php function validation()
+            if (!validate_email($user['email'])) {
+                throw new invalid_parameter_exception('Email address is invalid: '.$user['email']);
+            } else if ($DB->record_exists('user', array('email'=>$user['email'], 'mnethostid'=>$user['mnethostid']))) {
+                throw new invalid_parameter_exception('Email address already exists: '.$user['email']);
+            }
+            // End of user info validation.
+
+
             // custom fields
             if(!empty($user['customfields'])) {
                 foreach($user['customfields'] as $customfield) {