登录.aspx:我必须检查用户id,密码以及用户的标题
本文关键字:用户 密码 标题 id 登录 检查 aspx | 更新日期: 2023-09-27 18:04:11
实际上,我的系统有3个用户,分别是管理员、主任和会员。因此,我有3个不同的主页。登录系统时,我想检查ID和密码,以及检查特定ID的标题,以便将其重定向到相应的主页。但它不工作,这是我的代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace CTIPerfAppraisalSystFINAL
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btn_login_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationCTIConnectionString"].ConnectionString);
conn.Open();
string checkuser = "Select count(*) from [tblEmployee] where UserID= '" + txt_userID + "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp != 1)
{
conn.Open();
string checkPassword = "Select Password from [tblEmployee] where UserID= @ID";
SqlCommand Pass = new SqlCommand(checkPassword, conn);
Pass.Parameters.Add(new SqlParameter("@ID", txt_userID.Text));
string Password = Pass.ExecuteScalar() as string;
if (!String.IsNullOrEmpty(Password)) Password.Replace(" ", "");
if (Password == txt_password.Text)
{
if ( string checktitle="Select Title from [tblEmployee] where Title='Administrator'")
{
SqlCommand cmd = new SqlCommand(checktitle, conn);
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Administrator Home Page.aspx");
conn.Close();
}
if ( string checktitle="Select Title from [tblEmployee] where Title='Director'")
{
SqlCommand cmd = new SqlCommand(checktitle, conn);
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Director Home Page.aspx");
conn.Close();
}
if ( string checktitle="Select Title from [tblEmployee] where Title='Member'");
{
SqlCommand cmd = new SqlCommand(checktitle, conn);
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Member Home Page.aspx");
conn.Close();
}
}
else
{
Response.Write("Login is incorrect.");
}
}
}
}
}
你把本来很简单的事情复杂化了。只需对Title字段调用一个select,并在WHERE子句中传递要满足的条件。(用户名和密码)。如果满足WHERE子句中的条件,调用ExecuteReader返回Title。此时,只需检查返回的标题并跳转到相应的页面
protected void btn_login_Click(object sender, EventArgs e)
{
using(SqlConnection conn = new SqlConnection(...))
{
conn.Open();
string cmdText = @"Select Title
from [tblEmployee]
where UserID= @id AND Password = @pwd";
SqlCommand com = new SqlCommand(cmdText, conn);
com.Parameters.AddWithValue("@id", txt_userID.Text)
com.Parameters.AddWithValue("@pwd", txt_password.Text);
using(SqlDataReader reader = com.ExecuteReader())
{
if(reader.Read())
{
string title = reader["Title"].ToString();
switch(title)
{
case "Administrator":
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Administrator Home Page.aspx");
break;
case "Director":
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Director Home Page.aspx");
break;
case "Member":
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Member Home Page.aspx");
break;
default:
Response.Write("Unknown title: " + title);
break;
}
}
else
Response.Write("Login is incorrect.");
}
}
}
语句
if ( string checktitle="Select Title from [tblEmployee] where Title='Administrator'")
将始终为true
。
我认为你是连接变量"txt_userID"与你的Sql而不是"txt_userID. text "。在后面的代码中,看起来您做得"正确"。
BTW:永远不要连接字符串,即使它不是生产代码-总是使用参数,否则你会邀请SQL注入