如何访问只为管理员登录页面
本文关键字:管理员 登录 何访问 访问 | 更新日期: 2023-09-27 17:59:07
我希望只有在人员表中角色为A(A=管理员)的人员才能访问管理员模块。我希望谭只能访问登录,而其他员工不能访问。
这是输出:
点击图像
数据库:
点击数据库表
这是我的代码:
SqlConnection conn = null;
SqlCommand cmd = null;
string connectionString = null;
string staffName = null;
protected void Page_Load(object sender, EventArgs e)
{
}
public bool CheckValidUser(string Username, string Password)
{
bool valid = false;
SqlDataReader dr = null;
connectionString = ConfigurationManager.ConnectionStrings["LeaveManagementCS"].ConnectionString;
string sql = "SELECT * from Staff WHERE Username=@Username AND Password=@Pwd";
try
{
conn = new SqlConnection(connectionString);
cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@Username", Username);
cmd.Parameters.AddWithValue("@Pwd", Password);
conn.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
staffName = dr["StaffName"].ToString();
valid = true;
}
else
{
lblOutput.Text = "There is an error logging in. Please check username or password.";
}
dr.Close();
}
catch (Exception ex)
{
lblOutput.Text = "Error Message: " + ex.Message;
}
finally
{
if (conn != null)
conn.Close();
}
return valid;
}
protected void tbLogin_Click(object sender, EventArgs e)
{
bool validUser = CheckValidUser(tbUsername.Text, tbPassword.Text);
if (validUser)
{
Session["StaffName"] = staffName;
FormsAuthentication.SetAuthCookie(staffName, false);
FormsAuthentication.RedirectFromLoginPage(staffName, false);
}
else
{
lblOutput.Text = "Invalid User. Please try again.";
}
}
像这样更改sql查询:
string sql = "SELECT * from Staff WHERE Username=@Username AND Password=@Pwd And Role=N'A';