public static string Register(kuroneko.Pages.Database.Entities.User user) { // validation done beore this // count number of user with this name , hoping it to be zero; string query = string.Format("SELECT COUNT(*) FROM Login WHERE username = @username "); command.CommandText = query; try { connection.Open(); command.Parameters.Add(new SqlParameter("@username", user.username)); int amountOFUsers = (int)command.ExecuteScalar(); command.Parameters.Clear(); if (amountOFUsers < 1) // user does not exist { query = string.Format("INSERT INTO Login VALUES (@username, @user_type, @password, @pass_salt, @tries, @wait_time)"); command.CommandText = query; Security.Hasher hasher = new Security.Hasher(); string passSalt; string password = hasher.GenSaltSHA256(user.password, out passSalt); command.Parameters.Add(new SqlParameter("@username", user.username)); //parameter to store the hashed username command.Parameters.Add(new SqlParameter("@user_type", user.user_type)); // maybe hash too mmm command.Parameters.Add(new SqlParameter("@password", password)); //parameter to store the hashed password command.Parameters.Add(new SqlParameter("@pass_salt", passSalt)); int tries = 0; // no failed password logins yes DateTime time = DateTime.Now; command.Parameters.Add(new SqlParameter("@tries", System.Data.SqlDbType.Int)); command.Parameters["@tries"].Value = tries; command.Parameters.Add(new SqlParameter("@wait_time", System.Data.SqlDbType.DateTime)); command.Parameters["@wait_time"].Value = time; command.ExecuteNonQuery(); // store user command.Parameters.Clear(); return("registration successful"); } else { return("a User with this name exists"); } } finally { connection.Close(); } }