2 files changed, 25 insertions, 14 deletions

diff --git a/application/controllers/user.php b/application/controllers/user.php
index 21d5d21f5..ab411d7d2 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -217,13 +217,7 @@ class User extends MY_Controller {
 			}
 
 			if (empty($error)) {
-				$this->db->set(array(
-						'username' => $username,
-						'password' => $this->muser->hash_password($password),
-						'email'    => $email,
-						'referrer' => $referrer
-					))
-					->insert('users');
+				$this->muser->add_user($username, $password, $email, $referrer);
 
 				$this->db->where('key', $key)
 					->delete('actions');
@@ -649,13 +643,7 @@ class User extends MY_Controller {
 			return true;
 		});
 
-		$this->db->set(array(
-				'username' => $username,
-				'password' => $this->muser->hash_password($password),
-				'email'    => $email,
-				'referrer' => NULL
-			))
-			->insert('users');
+		$this->muser->add_user($username, $password, $email, NULL);
 
 		echo "User added\n";
 	}
diff --git a/application/models/muser.php b/application/models/muser.php
index 4ec821f4d..7a4b65e4b 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -159,6 +159,29 @@ class Muser extends CI_Model {
 		return valid_email($email);
 	}
 
+	public function add_user($username, $password, $email, $referrer)
+	{
+		if (!$this->valid_username($username)) {
+			throw new \exceptions\PublicApiException("user/invalid-username", "Invalid username (only up to 32 chars of a-z0-9 are allowed)");
+		} else {
+			if ($this->muser->username_exists($username)) {
+				throw new \exceptions\PublicApiException("user/username-already-exists", "Username already exists");
+			}
+		}
+
+		if (!$this->valid_email($email)) {
+			throw new \exceptions\PublicApiException("user/invalid-email", "Invalid email");
+		}
+
+		$this->db->set(array(
+			'username' => $username,
+			'password' => $this->hash_password($password),
+			'email'    => $email,
+			'referrer' => $referrer
+		))
+		->insert('users');
+	}
+
 	function get_userid()
 	{
 		if (!$this->logged_in()) {