登录页面逻辑错误

时间:2012-09-04 09:53:12

标签: c# asp.net sql

我正在使用ASP.NET 4.0,C#和SQL Server 2008开发网站。在我的登录页面中,同一用户在注册时应多次登录。在“Step-I”注册后,用户将等待Admin Approval。在“仅限管理员批准”之后,用户可以重定向到“Step-II”注册页面。所以我写下面的代码。但根据我的代码,如果没有管理员批准,当用户第二次登录时,页面会重定向到“第二步”注册。怎么预防呢?需要帮助。

   protected void BtnHomeUserSubmit_Click(object sender, EventArgs e)
   {
    SqlConnection SqlCon = new SqlConnection(GetConnectionString());
    try
    {          
     var da1 = new SqlDataAdapter
           ("select * from User_Info2 where Vendor_ID ='" +   txtHomeUsername.Text.Trim() + "'
   AND User_Password='" + txtHomePassword.Text.Trim() + "'", SqlCon);
   var dt1 = new DataTable();
   da1.Fill(dt1);
   if (dt1.Rows.Count == 0)
   {
           ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert",
   "alert('Enter valid Vendor ID and Password');", true);
  }
  else
  {
  var da2 = new SqlDataAdapter
  ("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"' 
      AND Approval_Status='NO' OR Approval_Status='PEN'", SqlCon);
  var dt2 = new DataTable();
  da2.Fill(dt2);
  if (dt2.Rows.Count > 0)
  {
   string url = "../ApprovalStatus2.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text);
   ClientScript.RegisterStartupScript(this.GetType(),
   "callfunction","alert('Vendor ID is waiting for Approval');
    window.location.href = '" + url + "';", true);
  }
  var da3 = new SqlDataAdapter
("select Vendor_ID from RegPage1 where Vendor_ID='" + txtHomeUsername.Text.Trim() + "'",SqlCon);
  var dt3 = new DataTable();
  da3.Fill(dt3);
  if (dt3.Rows.Count > 0)
  {
   string url = "../UserLogin.aspx";
   ClientScript.RegisterStartupScript(this.GetType(),"callfunction","alert
   ('Vendor ID already completed the registration');window.location.href ='" + url + "';", true);
  }
  else
  {
    Response.Redirect("~/RegPage1.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text));
  }
  }
  }
  finally
  {
  SqlCon.Close();
  }

2 个答案:

答案 0 :(得分:0)

更改您的编码:

var da2 = new SqlDataAdapter
  ("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"' 
      AND (Approval_Status='NO' OR Approval_Status='PEN')", SqlCon);

如果有帮助,请告诉我。

答案 1 :(得分:0)

代码更改:请检查并告诉我

protected void BtnHomeUserSubmit_Click(object sender, EventArgs e)
   {
    SqlConnection SqlCon = new SqlConnection(GetConnectionString());
    try
    {          
        var da1 = new SqlDataAdapter
           ("select * from User_Info2 where Vendor_ID ='" +   txtHomeUsername.Text.Trim() + "'
   AND User_Password='" + txtHomePassword.Text.Trim() + "'", SqlCon);
   var dt1 = new DataTable();
   da1.Fill(dt1);
   if (dt1.Rows.Count == 0)
   {
           ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert",
        "alert('Enter valid Vendor ID and Password');", true);
   }
  else
  {
     var da2 = new SqlDataAdapter
      ("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"' 
      AND (Approval_Status='NO' OR Approval_Status='PEN')", SqlCon);
      var dt2 = new DataTable();
      da2.Fill(dt2);
      if (dt2.Rows.Count > 0)
     {
           string url = "../ApprovalStatus2.aspx?Parameter=" +
                 Server.UrlEncode(txtHomeUsername.Text);
                 ClientScript.RegisterStartupScript(this.GetType(),
                "callfunction","alert('Vendor ID is waiting for Approval');
              window.location.href = '" + url + "';", true);
      }
      else
     {
             var da3 = new SqlDataAdapter
            ("select Vendor_ID from RegPage1 where Vendor_ID='" + 
              txtHomeUsername.Text.Trim() + "'",SqlCon);
            var dt3 = new DataTable();
            da3.Fill(dt3);
            if (dt3.Rows.Count > 0)
            {
                 string url = "../UserLogin.aspx";
                 ClientScript.RegisterStartupScript(this.GetType(),"callfunction",
                 "alert('Vendor ID already completed the 
                  registration');window.location.href ='" + url + "';", true);
             }
             else
             {
                  Response.Redirect("~/RegPage1.aspx?Parameter=" + 
                  Server.UrlEncode(txtHomeUsername.Text));
             }
       }
  }
  }
  finally
  {
  SqlCon.Close();
  }