public User Save(User user)
        {
            string query = @"INSERT INTO [User] (
                                Username,
                                Password,
                                IsAdmin
                            ) VALUES (
                                @Username,
                                @Password,
                                @IsAdmin
                            )";

            using (SqlConnection db = new SqlConnection(CONN_STR))
            {
                if (db.State != System.Data.ConnectionState.Open)
                {
                    db.Open();
                }

                using (SqlCommand cmd = db.CreateCommand())
                {
                    cmd.CommandText = query;
                    cmd.Parameters.AddWithValue("Username", user.Username);
                    cmd.Parameters.AddWithValue("Password", user.Password);
                    cmd.Parameters.AddWithValue("IsAdmin", user.IsAdmin);
                    cmd.ExecuteNonQuery();

                    cmd.CommandText = "SELECT @@Identity";
                    user.UserID = (int)(decimal)cmd.ExecuteScalar();
                }
            }

            return user;
        }
        public List<User> FindAll()
        {
            List<User> Users = new List<User>();
            string query = "SELECT * FROM [User]";

            using (SqlConnection db = new SqlConnection(CONN_STR))
            {
                if (db.State != System.Data.ConnectionState.Open)
                {
                    db.Open();
                }

                using (SqlCommand cmd = db.CreateCommand())
                {
                    cmd.CommandText = query;

                    using (SqlDataReader reader = cmd.ExecuteReader())
                    {
                        while (reader.Read())
                        {
                            User u = new User();
                            u.UserID = reader.GetInt32(reader.GetOrdinal("UserID"));
                            u.Username = reader.GetString(reader.GetOrdinal("Username"));
                            u.Password = reader.GetString(reader.GetOrdinal("Password"));
                            u.IsAdmin = reader.GetBoolean(reader.GetOrdinal("IsAdmin"));
                            Users.Add(u);
                        }
                    }
                }
            }
            return Users;
        }
        public void Delete(User user)
        {
            string query = "DELETE FROM User";

            using (SqlConnection db = new SqlConnection(CONN_STR))
            {
                if (db.State != System.Data.ConnectionState.Open)
                {
                    db.Open();
                }

                using (SqlCommand cmd = db.CreateCommand())
                {
                    cmd.CommandText = query;
                    cmd.ExecuteNonQuery();
                }
            }
        }
 public ActionResult Index(UserForm userForm)
 {
     if (ModelState.IsValid)
     {
         if (UserRepository.UsernameNotTaken(userForm.Username))
         {
             User newUser = new User();
             newUser.Username = userForm.Username;
             newUser.Password = userForm.Password;
             newUser.IsAdmin = false;
             newUser = UserRepository.Save(newUser);
             newUser.Password = "******";
             Session["CurrentUser"] = newUser;
             return RedirectToAction("Index", "Home", new { Area = "" });
         }
     }
     return View(userForm);
 }