public static string Register(kuroneko.Pages.Database.Entities.User user)
{
// validation done beore this
// count number of user with this name , hoping it to be zero;
string query = string.Format("SELECT COUNT(*) FROM Login WHERE username = @username ");
command.CommandText = query;
try
{
connection.Open();
command.Parameters.Add(new SqlParameter("@username", user.username));
int amountOFUsers = (int)command.ExecuteScalar();
command.Parameters.Clear();
if (amountOFUsers < 1) // user does not exist
{
query = string.Format("INSERT INTO Login VALUES (@username, @user_type, @password, @pass_salt, @tries, @wait_time)");
command.CommandText = query;
Security.Hasher hasher = new Security.Hasher();
string passSalt;
string password = hasher.GenSaltSHA256(user.password, out passSalt);
command.Parameters.Add(new SqlParameter("@username", user.username)); //parameter to store the hashed username
command.Parameters.Add(new SqlParameter("@user_type", user.user_type)); // maybe hash too mmm
command.Parameters.Add(new SqlParameter("@password", password)); //parameter to store the hashed password
command.Parameters.Add(new SqlParameter("@pass_salt", passSalt));
int tries = 0; // no failed password logins yes
DateTime time = DateTime.Now;
command.Parameters.Add(new SqlParameter("@tries", System.Data.SqlDbType.Int));
command.Parameters["@tries"].Value = tries;
command.Parameters.Add(new SqlParameter("@wait_time", System.Data.SqlDbType.DateTime));
command.Parameters["@wait_time"].Value = time;
command.ExecuteNonQuery(); // store user
command.Parameters.Clear();
return("registration successful");
}
else
{
return("a User with this name exists");
}
}
finally
{
connection.Close();
}
}
