Signup, Login and Reset Password System in C#.NET in using Visual Studio and SQL Server Database

By Er. Ran Bahadur B.K. Last updated Jun 16, 2025

Database connection:


using Microsoft.Data.SqlClient;

namespace LoginSignupResetPassword
{
public static class DatabaseConnection
{
private static readonly string connectionString = "your-connection-string";

public static SqlConnection GetConnection()
{
return new SqlConnection(connectionString);
}
}

}

Is email already registered or not?

namespace LoginSignupResetPassword
{
public static class EmailAlreadyRegistered
{
public static bool isEmailRegistered(string email)
{
using (SqlConnection conn = DatabaseConnection.GetConnection())
{
conn.Open();
string query = "SELECT COUNT(*) FROM signuploginreset WHERE email = @Email";
SqlCommand cmd = new(query, conn);
cmd.Parameters.AddWithValue("@Email", email);
int count = (int)cmd.ExecuteScalar();
return count > 0;
}
}
}
}

Hashing password


using System.Security.Cryptography;

namespace LoginSignupResetPassword
{
internal class SecurityHelper
{
public static string HashPassword(string password)
{
if (string.IsNullOrWhiteSpace(password))
{
throw new ArgumentException("password can not be empty");
}
byte[] bytes = SHA256.HashData(Encoding.UTF8.GetBytes(password));
StringBuilder builer = new();
foreach(byte b in bytes)
{
builer.Append(b.ToString("x2"));
}
return builer.ToString();
}
}
}

Signup code


private void btnSignup_Click(object sender, EventArgs e)
{
string username = txtUser.Text;
string email = txtEmail.Text;
string password = SecurityHelper.HashPassword(txtPass.Text);
if (string.IsNullOrWhiteSpace(username) ||
string.IsNullOrWhiteSpace(email) ||
string.IsNullOrWhiteSpace(password))
{
MessageBox.Show("please fill up all the fields");

}
else
{
if (EmailAlreadyRegistered.isEmailRegistered(email))
{
MessageBox.Show("email already registered, try new email");
return;
}
using (SqlConnection conn = DatabaseConnection.GetConnection())
{
conn.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO signuploginreset (username, email, password) VALUES (@Username, @Email, @Password)", conn);
cmd.Parameters.AddWithValue("@Username", username);
cmd.Parameters.AddWithValue("@Email", email);
cmd.Parameters.AddWithValue("@Password", password);
cmd.ExecuteNonQuery();
}
MessageBox.Show("Signup Successful", "info", MessageBoxButtons.OK, MessageBoxIcon.Information);

}

}

Login code


private void btnLogin_Click(object sender, EventArgs e)
{
string email = txtEmail.Text;
string username = txtUser.Text;
string password = SecurityHelper.HashPassword(txtPass.Text);
using (SqlConnection conn = DatabaseConnection.GetConnection())
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM signuploginreset WHERE (email =@Email or username=@Username) AND password=@Password", conn);
cmd.Parameters.AddWithValue("@Email", email);
cmd.Parameters.AddWithValue("@Username", username);
cmd.Parameters.AddWithValue("@Password", password);
int count = (int)cmd.ExecuteScalar();
if (count == 1)
{
MessageBox.Show("login Successful", "info", MessageBoxButtons.OK, MessageBoxIcon.Information);
LoginSuccess ls = new LoginSuccess();
this.Hide();
ls.Show();
}

else
{
MessageBox.Show("invalid credentials", "error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}

show hide password


private void checkBox1_CheckedChanged(object sender, EventArgs e)
{
txtPass.UseSystemPasswordChar = !checkBox1.Checked;
}

Send OTP Code


using System.Net;
using System.Net.Mail;

private void btnSend_Click(object sender, EventArgs e)
{
string email = txtEmail.Text.Trim();
if (!EmailAlreadyRegistered.isEmailRegistered(email))
{
MessageBox.Show("email not fount");
return;
}
string otp = GenereateOtp();
SendOtpToEmail(email, otp);
VerifyOtp vt = new VerifyOtp(otp, email);
vt.Show();
this.Hide();
}
private string GenereateOtp()
{
Random rand = new();
return rand.Next(100000, 999999).ToString();
}
private void SendOtpToEmail(string toEmail, string otp)
{
MailMessage mail = new("your-receiving-email", toEmail);
mail.Subject = "Password Reset OTP";
mail.Body = $"your OTP for password reset is:{otp}";
SmtpClient smtp = new("smtp.gmail.com", 587);
smtp.Credentials = new NetworkCredential("your-sender-email", "apppassword");
smtp.EnableSsl = true;
smtp.Send(mail);

}

Verify OTP


namespace LoginSignupResetPassword
{
public partial class VerifyOtp : Form
{
private string generatedOtp;
private string userEmail;
public VerifyOtp(string otp, string email)
{
InitializeComponent();
generatedOtp = otp;
userEmail = email;

}

private void btnVerify_Click(object sender, EventArgs e)
{
string enteredOtp = txtOTP.Text.Trim();
if (enteredOtp == generatedOtp)
{
ResetPassword rs = new ResetPassword(userEmail);
rs.Show();
this.Hide();
}
else
{
MessageBox.Show("incorrect otp");
}
}
}
}

Reset Password


namespace LoginSignupResetPassword
{
public partial class ResetPassword : Form
{
private string email;
public ResetPassword(string userEmail)
{
InitializeComponent();
email = userEmail;
}

private void btnUpdate_Click(object sender, EventArgs e)
{
string newPassword = txtPass.Text.Trim();
string hashPassword = SecurityHelper.HashPassword(newPassword);
using (SqlConnection con = DatabaseConnection.GetConnection())
{
con.Open();
string query = "UPDATE signuploginreset SET password=@Password WHERE email =@Email";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@Password", hashPassword);
cmd.Parameters.AddWithValue("@Email", email);
cmd.ExecuteNonQuery();
}
MessageBox.Show("Password reset successfully", "info", MessageBoxButtons.OK, MessageBoxIcon.Information);

}

}

TUTORIAL