public JsonResult CreatePlayer(db_Player playerInfo)
{
var success = true;
var errors = new List <string>();
if (!base.SanitizeHandle(playerInfo.Handle))
{
success = false;
errors.Add("Handles can only contain letters, numbers, _ and -.");
}
if (!base.SanitizePassword(playerInfo.Password))
{
success = false;
errors.Add("Passwords can only contain letters, numbers, and the following characters: _ - ! ? @ $ &");
}
// If the sanitation methods have passed, we can safely use them in our DB methods
if (success)
{
if (base.HandleExists(playerInfo.Handle))
{
success = false;
errors.Add("Handle already in use.");
}
if (success)
{
var unhashedPassword = playerInfo.Password;
playerInfo.Salt = base.GenerateSalt();
playerInfo.Password = base.HashPassword(unhashedPassword, playerInfo.Salt);
_playerRepo.AddNewPlayer(playerInfo); // Adding the player to the database with a random salt and hashed password
}
}
var result = new
{
success,
errors
};
return(Json(result));
}
/// <summary>
/// Adds a new player to the database.
/// </summary>
/// <param name="player"></param>
public void AddNewPlayer(db_Player player)
{
_context.MySqlDb.Query <Player>(
"INSERT INTO player (password, handle, salt) VALUES ('" + player.Password + "', '" + player.Handle + "', '" + player.Salt + "');",
commandType: CommandType.Text);
}
