我希望员工表中角色为 A (A =管理员)的唯一员工可以访问管理员模块。我希望Mary Tan只能访问登录,而其他员工无法访问。
这是输出:
数据库:
这是我的代码:
SqlConnection conn = null;
SqlCommand cmd = null;
string connectionString = null;
string staffName = null;
protected void Page_Load(object sender, EventArgs e)
{
}
public bool CheckValidUser(string Username, string Password)
{
bool valid = false;
SqlDataReader dr = null;
connectionString = ConfigurationManager.ConnectionStrings["LeaveManagementCS"].ConnectionString;
string sql = "SELECT * from Staff WHERE Username=@Username AND Password=@Pwd";
try
{
conn = new SqlConnection(connectionString);
cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@Username", Username);
cmd.Parameters.AddWithValue("@Pwd", Password);
conn.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
staffName = dr["StaffName"].ToString();
valid = true;
}
else
{
lblOutput.Text = "There is an error logging in. Please check username or password.";
}
dr.Close();
}
catch (Exception ex)
{
lblOutput.Text = "Error Message: " + ex.Message;
}
finally
{
if (conn != null)
conn.Close();
}
return valid;
}
protected void tbLogin_Click(object sender, EventArgs e)
{
bool validUser = CheckValidUser(tbUsername.Text, tbPassword.Text);
if (validUser)
{
Session["StaffName"] = staffName;
FormsAuthentication.SetAuthCookie(staffName, false);
FormsAuthentication.RedirectFromLoginPage(staffName, false);
}
else
{
lblOutput.Text = "Invalid User. Please try again.";
}
}
答案 0 :(得分:0)
像这样更改sql查询:
string sql = "SELECT * from Staff WHERE Username=@Username AND Password=@Pwd And Role=N'A';