用户和密码身份验证

本文关键字:身份验证 密码 用户 | 更新日期: 2023-09-27 18:15:04

用户名和密码正确,但返回为错误。会是什么呢?

重要的是,密码用md5加密。

public static bool logarUsuario(string user, string pw)
    {
        try
        {
            const string checkUser = "SELECT COUNT(*) FROM tbUsuario WHERE userName = '@user'";
            SqlConnection con = Banco.con();
            con.Open();
            SqlCommand cmd = new SqlCommand(checkUser, con);
            int temp = Convert.ToInt32(cmd.ExecuteNonQuery().ToString());
            cmd.Parameters.AddWithValue("@user", user);
            con.Close();
            if (temp == 1)
            {
                con.Open();
                string checkPw = "SELECT pw FROM tbUsuario WHERE userName = '@user'";
                SqlCommand passConn = new SqlCommand(checkPw, con);
                cmd.Parameters.AddWithValue("@user", user);
                string password = passConn.ExecuteScalar().ToString();
                Registrar criptografia = new Registrar();
                if (password == pw)
                {
                    return true;
                }                    
            }
        }
        catch (SqlException ex)
        {
            Console.WriteLine("Erro " + ex.Message);                
        }
        return false;
    }

btnLogar点击事件中:

已检查数据库,用户名和密码正确,但密码不正确。

 protected void bntLogar_Click(object sender, EventArgs e)
    {
        Registrar criptografia = new Registrar();
        if (Login.logarUsuario(txtUser.Text, criptografia.CriptografiaMD5(txtSenha.Text)))
        {
            //Cria um cookie do lado do servidor
            HttpCookie cookie = new HttpCookie("estado", "conectado");
            //Define a validade do cookie (10 dias a partir de hoje)
            cookie.Expires = DateTime.Now.AddMonths(12);
            //Envia o cookie para o cliente
            Response.Cookies.Set(cookie);
            //Redireciona para a pagina inicial
            Response.Redirect("Admin.aspx");
        }
        else
        {
            lblErro.Text = "Usuário ou Senha Incorretos";
            lblErro.Visible = true;
            lblErro.CssClass = "alert alert-danger";
        }
    }

用户和密码身份验证

'@user'不正确。不要用单引号括住参数名。它应该看起来像

SELECT pw FROM tbUsuario WHERE userName = @user

MD5不再被认为是安全的,我建议使用SHA-256。

您可以使用单个SELECT语句

public static bool logarUsuario(string user, string pw)
{
 const string checkUser = 
   @"SELECT COUNT(*) FROM tbUsuario 
      WHERE userName = @u AND pw = @p";
 using (SqlConnection con = Banco.con())
 {
   con.Open();
   SqlCommand cmd = new SqlCommand(checkUser, con);
   cmd.Parameters.AddWithValue("@u", user);
   cmd.Parameters.AddWithValue("@p", pw);
   return 1 == (int) cmd.ExecuteNonQuery();
 }
}

假设pw已经散列了

相关文章: