/**
* Entry point for Create a User API
*
* @param Request $r
* @return array
* @throws InvalidDatabaseOperationException
* @throws DuplicatedEntryInDatabaseException
*/
public static function apiCreate(Request $r)
{
// Validate request
Validators::isValidUsername($r['username'], 'username');
Validators::isEmail($r['email'], 'email');
// Check password
$hashedPassword = null;
if (!isset($r['ignore_password'])) {
SecurityTools::testStrongPassword($r['password']);
$hashedPassword = SecurityTools::hashString($r['password']);
}
// Does user or email already exists?
try {
$user = UsersDAO::FindByUsername($r['username']);
$userByEmail = UsersDAO::FindByEmail($r['email']);
} catch (Exception $e) {
throw new InvalidDatabaseOperationException($e);
}
if (!is_null($userByEmail)) {
throw new DuplicatedEntryInDatabaseException('mailInUse');
}
if (!is_null($user)) {
throw new DuplicatedEntryInDatabaseException('usernameInUse');
}
// Prepare DAOs
$user_data = array('username' => $r['username'], 'password' => $hashedPassword, 'solved' => 0, 'submissions' => 0, 'verified' => 0, 'verification_id' => self::randomString(50));
if (isset($r['name'])) {
$user_data['name'] = $r['name'];
}
if (isset($r['facebook_user_id'])) {
$user_data['facebook_user_id'] = $r['facebook_user_id'];
}
if (!is_null(self::$permissionKey) && self::$permissionKey == $r['permission_key']) {
$user_data['verified'] = 1;
} elseif (OMEGAUP_VALIDATE_CAPTCHA) {
// Validate captcha
if (!isset($r['recaptcha'])) {
throw new InvalidParameterException('parameterNotFound', 'recaptcha');
}
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array('secret' => OMEGAUP_RECAPTCHA_SECRET, 'response' => $r['recaptcha'], 'remoteip' => $_SERVER['REMOTE_ADDR']);
// use key 'http' even if you send the request to https://...
$options = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data)));
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
if ($result === false) {
self::$log->error('POST Request to Google Recaptcha failed.');
throw new CaptchaVerificationFailedException();
}
$resultAsJson = json_decode($result, true);
if (is_null($resultAsJson)) {
self::$log->error('Captcha response was not a json');
self::$log->error('Here is the result:' . $result);
throw new CaptchaVerificationFailedException();
}
if (!(array_key_exists('success', $resultAsJson) && $resultAsJson['success'])) {
self::$log->error('Captcha response said no');
throw new CaptchaVerificationFailedException();
}
}
$user = new Users($user_data);
$email = new Emails(array('email' => $r['email']));
// Save objects into DB
try {
DAO::transBegin();
UsersDAO::save($user);
$email->setUserId($user->getUserId());
EmailsDAO::save($email);
$user->setMainEmailId($email->getEmailId());
UsersDAO::save($user);
DAO::transEnd();
} catch (Exception $e) {
DAO::transRollback();
throw new InvalidDatabaseOperationException($e);
}
$r['user'] = $user;
if (!$user->verified) {
self::$log->info('User ' . $user->getUsername() . ' created, sending verification mail');
self::sendVerificationEmail($r);
} else {
self::$log->info('User ' . $user->getUsername() . ' created, trusting e-mail');
}
return array('status' => 'ok', 'user_id' => $user->getUserId());
}