public JsonResult CreatePlayer(db_Player playerInfo) { var success = true; var errors = new List <string>(); if (!base.SanitizeHandle(playerInfo.Handle)) { success = false; errors.Add("Handles can only contain letters, numbers, _ and -."); } if (!base.SanitizePassword(playerInfo.Password)) { success = false; errors.Add("Passwords can only contain letters, numbers, and the following characters: _ - ! ? @ $ &"); } // If the sanitation methods have passed, we can safely use them in our DB methods if (success) { if (base.HandleExists(playerInfo.Handle)) { success = false; errors.Add("Handle already in use."); } if (success) { var unhashedPassword = playerInfo.Password; playerInfo.Salt = base.GenerateSalt(); playerInfo.Password = base.HashPassword(unhashedPassword, playerInfo.Salt); _playerRepo.AddNewPlayer(playerInfo); // Adding the player to the database with a random salt and hashed password } } var result = new { success, errors }; return(Json(result)); }
/// <summary> /// Adds a new player to the database. /// </summary> /// <param name="player"></param> public void AddNewPlayer(db_Player player) { _context.MySqlDb.Query <Player>( "INSERT INTO player (password, handle, salt) VALUES ('" + player.Password + "', '" + player.Handle + "', '" + player.Salt + "');", commandType: CommandType.Text); }