登录.aspx:我必须检查用户id,密码以及用户的标题

本文关键字:用户 密码 标题 id 登录 检查 aspx | 更新日期: 2023-09-27 18:04:11

实际上,我的系统有3个用户,分别是管理员、主任和会员。因此,我有3个不同的主页。登录系统时,我想检查ID和密码,以及检查特定ID的标题,以便将其重定向到相应的主页。但它不工作,这是我的代码:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

namespace CTIPerfAppraisalSystFINAL
{
public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }

    protected void btn_login_Click(object sender, EventArgs e)
    {
        SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationCTIConnectionString"].ConnectionString);
        conn.Open();
        string checkuser = "Select count(*) from [tblEmployee] where UserID= '" + txt_userID + "'";
        SqlCommand com = new SqlCommand(checkuser, conn);
        int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
        conn.Close();
        if (temp != 1)
        {
            conn.Open();
            string checkPassword = "Select Password from [tblEmployee] where UserID= @ID";
            SqlCommand Pass = new SqlCommand(checkPassword, conn);
            Pass.Parameters.Add(new SqlParameter("@ID", txt_userID.Text));
            string Password = Pass.ExecuteScalar() as string;
            if (!String.IsNullOrEmpty(Password)) Password.Replace(" ", "");
            if (Password == txt_password.Text)
            {
                if ( string checktitle="Select Title from [tblEmployee] where Title='Administrator'")
                {
                SqlCommand cmd = new SqlCommand(checktitle, conn);
                Session["New"] = txt_userID.Text;
                Response.Write("Password is correct.");
                Response.Redirect("~/Administrator Home Page.aspx");
                conn.Close();
                }
                if ( string checktitle="Select Title from [tblEmployee] where Title='Director'")
                {
                SqlCommand cmd = new SqlCommand(checktitle, conn);
                Session["New"] = txt_userID.Text;
                Response.Write("Password is correct.");
                Response.Redirect("~/Director Home Page.aspx");
                conn.Close();
                }

                if ( string checktitle="Select Title from [tblEmployee] where Title='Member'");
                {
                SqlCommand cmd = new SqlCommand(checktitle, conn);
                Session["New"] = txt_userID.Text;
                Response.Write("Password is correct.");
                Response.Redirect("~/Member Home Page.aspx");
                conn.Close();
                }
            }
            else
            {
                Response.Write("Login is incorrect.");
            }
        }
    }
}

}

登录.aspx:我必须检查用户id,密码以及用户的标题

你把本来很简单的事情复杂化了。只需对Title字段调用一个select,并在WHERE子句中传递要满足的条件。(用户名和密码)。如果满足WHERE子句中的条件,调用ExecuteReader返回Title。此时,只需检查返回的标题并跳转到相应的页面

protected void btn_login_Click(object sender, EventArgs e)
{
    using(SqlConnection conn = new SqlConnection(...))
    {
        conn.Open();
        string cmdText = @"Select Title 
                           from [tblEmployee] 
                           where UserID= @id AND Password = @pwd";
        SqlCommand com = new SqlCommand(cmdText, conn);
        com.Parameters.AddWithValue("@id", txt_userID.Text)
        com.Parameters.AddWithValue("@pwd", txt_password.Text);
        using(SqlDataReader reader = com.ExecuteReader())
        {
            if(reader.Read())
            {
                string title = reader["Title"].ToString();
                switch(title)
                {
                    case "Administrator":
                       Session["New"] = txt_userID.Text;
                       Response.Write("Password is correct.");
                       Response.Redirect("~/Administrator Home Page.aspx");
                       break;
                    case "Director":
                       Session["New"] = txt_userID.Text;
                       Response.Write("Password is correct.");
                       Response.Redirect("~/Director Home Page.aspx");
                       break;
                    case "Member":
                       Session["New"] = txt_userID.Text;
                       Response.Write("Password is correct.");
                       Response.Redirect("~/Member Home Page.aspx");
                       break;
                    default:
                       Response.Write("Unknown title: " + title);
                       break;
                }
           }
           else
              Response.Write("Login is incorrect.");
       }
   }
}
语句
if ( string checktitle="Select Title from [tblEmployee] where Title='Administrator'")

将始终为true

我认为你是连接变量"txt_userID"与你的Sql而不是"txt_userID. text "。在后面的代码中,看起来您做得"正确"。

BTW:永远不要连接字符串,即使它不是生产代码-总是使用参数,否则你会邀请SQL注入