c#如何分离管理员和用户登录
本文关键字:管理员 用户 登录 分离 何分离 | 更新日期: 2023-09-27 18:04:57
所以基本上Admin和User会进入不同的窗口,这里是代码
private void cmdEnter_Click(object sender, EventArgs e)
{
if (txtUsername.Text == "" && txtPassword.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Username and Password", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (txtUsername.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Username", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (txtPassword.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Password", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
try
{
string myConnection = "datasource=localhost;port=3306;username=root";
MySqlConnection myConn = new MySqlConnection(myConnection);
MySqlCommand SelectCommand = new MySqlCommand("select * from boardinghousedb.employee_table where username='" + this.txtUsername.Text + "' and password='" + this.txtPassword.Text + "' ;", myConn);
MySqlDataReader myReader;
myConn.Open();
myReader = SelectCommand.ExecuteReader();
int count = 0;
while (myReader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("Username and Password . . . is Correct", "Confirmation Message", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
this.Hide();
Menu mm = new Menu();
mm.ShowDialog();
}
else if (count > 1)
{
MessageBox.Show("Duplicate Username and Password . . . Access Denied", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
MessageBox.Show("Username and Password is Not Correct . . . Please try again", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
myConn.Close();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
我不知道怎么用,其他教程讲的是本地数据库但我用的是mysql这里是员工表,title=admin或user
你的代码有几个问题。
- 您应该在数据库中创建唯一的约束,以避免用户使用重复的用户名
- 你应该保持你的密码散列,而不是纯文本。这样,如果有人进入你的数据库,他仍然无法读取密码。 你应该使用SQL参数化查询来避免SQL注入。您的查询容易受到SQL注入。SQL注入是在查询中注入SQL命令的一种方式。某些用户可以在您的用户名文本框中写入
- 在catch之后使用
finally块关闭数据库连接。
someName' OR 1=1--,那么您的查询将被翻译为select * from boardinghousedb.employee_table where username='someName' OR 1=1--。注意最后的--,它将查询的其余部分注释掉。你可以在这个链接上阅读更多内容。如果允许,我建议您查看EntityFramework。它是查询数据库的强大工具。关于你的问题,如果你想区分admin和user,你需要引入某种角色,或者至少是bool值,在此为该用户声明IsAdmin。
然后你可以把你的代码放到一个单独的函数/函数/类中,根据你的需要,用WHERE Role='Admin'或类似的查询用户。
例如
public bool IsValidLogin(string username, string password);
或
public bool IsValieLoginForAdmin(string username, string password);
或任何其他您喜欢的实现。
然后以以下方式重新使用它:
private void cmdEnter_Click(object sender, EventArgs e)
{
if(IsValidLogin("username", "password"))
//or
if(IsValidLoginForAdmin("username", "password"))
//do something
}
您还可以在表中引入新的列,称为UserRole。为了简单起见,我将按原样修改您的代码,您可以在了解后对其进行重构。
MySqlCommand SelectCommand = new MySqlCommand("select * from boardinghousedb.employee_table where username='" + this.txtUsername.Text + "' and password='" + this.txtPassword.Text + "' ;", myConn);
MySqlDataReader myReader;
myConn.Open();
myReader = SelectCommand.ExecuteReader();
int count = 0;
string userRole = string.Empty;
while (myReader.Read())
{
count = count + 1;
userRole = myReader["UserRole"].ToString();
}
if (count == 1)
{
MessageBox.Show("Username and Password . . . is Correct", "Confirmation Message", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
this.Hide();
if(userRole =="Admin")
//show admin window
else
//show user window
Menu mm = new Menu();
mm.ShowDialog();
}
MySqlCommand SelectCommand = new MySqlCommand("select * from boardinghousedb.employee_table where username='" + this.txtUsername.Text + "' and password='" + this.txtPassword.Text + "' ;", myConn);
MySqlDataReader myReader;
myConn.Open();
myReader = SelectCommand.ExecuteReader();
int count = 0;
string userRole = string.Empty;
while (myReader.Read())
{
count = count + 1;
userRole = myReader["UserRole"].ToString();
}
if (count == 1)
{
MessageBox.Show("Username and Password . . . is Correct", "Confirmation Message", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
this.Hide();
if(userRole =="Admin")
//show admin window
else
//show user window
Menu mm = new Menu();
mm.ShowDialog();
}
else if (count > 1)
{ MessageBox.Show("Duplicate User And Password"); }
else
MessageBox.Show("Username and Password Incorrect", "Login Error:");
myConn.Close();
}
你的代码
if (txtUsername.Text == "" && txtPassword.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Username and Password", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (txtUsername.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Username", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (txtPassword.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Password", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
try
{
string myConnection = "datasource=localhost;port=3306;username=root";
MySqlConnection myConn = new MySqlConnection(myConnection);
MySqlCommand SelectCommand = new MySqlCommand("select * from boardinghousedb.employee_table where username='" + this.txtUsername.Text + "' and password='" + this.txtPassword.Text + "' ;", myConn);
MySqlDataReader myReader;
myConn.Open();
myReader = SelectCommand.ExecuteReader();
int count = 0;
while (myReader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("Username and Password . . . is Correct", "Confirmation Message", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
this.Hide();
Menu mm = new Menu();
mm.ShowDialog();
}
else if (count > 1)
{
MessageBox.Show("Duplicate Username and Password . . . Access Denied", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
MessageBox.Show("Username and Password is Not Correct . . . Please try again", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
myConn.Close();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
这段代码缺少返回类型错误提示