我正在尝试根据用户的角色将用户重定向到管理员主页或客户主页。
使用SQL,用户必须使用他们的电子邮件和密码登录,然后我将Admin列设置为Bit,因此它们是Admin true或false。
这是我的代码,我不确定我遗失/做错了什么,因为用户被重定向到“AdminDefault”页面,无论他们的角色如何。
P.S我还是一个新手还在学习。
using System;
using System.Configuration;
using System.Data.SqlClient;
namespace Shotz.Pages
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
bool isLoggedIn = false;
string email = string.Empty;
string password = string.Empty;
if (IsPostBack)
{
email = txtEmail.Text;
password = txtPassword.Text;
isLoggedIn = IsValidLoginCredentials(email, password);
if (isLoggedIn)
{
//if the user name is valid add the username to the session and redirect the user to the admin home page
Session.Add("email", email);
Boolean checkUserType = checkUser();
if (checkUserType)
Response.Redirect("~/Pages/AdminDefault.aspx");
else
Response.Redirect("~/Pages/Default.aspx");
}
else
{
//if the login is invald tell the user
lblLoginDetails.Text = "Invalid Login Details - please try again!";
}
}
}
private bool IsValidLoginCredentials(string email, string password)
{
int rowCount = 0;
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["AppConnectionString"].ConnectionString);
string query = "SELECT COUNT(*) FROM [Users] WHERE [Email] = @email AND [Password] = @password";
SqlCommand command = new SqlCommand(query, connection);
command.Parameters.AddWithValue("@email", email);
command.Parameters.AddWithValue("@password", password);
connection.Open();
rowCount = (int)command.ExecuteScalar();
connection.Close();
return (rowCount == 1);
}
protected Boolean checkUser()
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["AppConnectionString"].ConnectionString);
//define sql query
connection.Open();
string query = "SELECT Admin FROM Users WHERE [Admin] = 'True'";
SqlCommand command = new SqlCommand(query, connection);
String Admin = command.ExecuteScalar().ToString();
if (Admin == "True")
{
return true;
}
connection.Close();
return false;
}
}
}
答案 0 :(得分:0)
问题在于checkUser功能,您需要验证此登录用户是否管理,否则用户将 Admin [Users]表上存在 Admin 。
因此,在checkUser(string email, string password)电子邮件和passwrod上添加两个参数是参数
代码就是这样。
protected Boolean checkUser(string email, string password)
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["AppConnectionString"].ConnectionString);
//define sql query
connection.Open();
string query = "SELECT Admin FROM Users WHERE [Admin] = 'True' and [Email] = @email AND [Password] = @password";
SqlCommand command = new SqlCommand(query, connection);
command.Parameters.AddWithValue("@email", email);
command.Parameters.AddWithValue("@password", password);
String Admin = command.ExecuteScalar().ToString();
if (Admin == "True")
{
return true;
}
connection.Close();
return false;
}
当你使用时,你就像
protected void Page_Load(object sender, EventArgs e)
{
bool isLoggedIn = false;
string email = string.Empty;
string password = string.Empty;
if (IsPostBack)
{
email = txtEmail.Text;
password = txtPassword.Text;
isLoggedIn = IsValidLoginCredentials(email, password);
if (isLoggedIn)
{
Session.Add("email", email);
Boolean checkUserType = checkUser(email, password);
if (checkUserType)
Response.Redirect("~/Pages/AdminDefault.aspx");
else
Response.Redirect("~/Pages/Default.aspx");
}
else
{
lblLoginDetails.Text = "Invalid Login Details - please try again!";
}
}
}
修改
您可以尝试使用DataTable
protected Boolean checkUser(string email, string password)
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["AppConnectionString"].ConnectionString);
//define sql query
connection.Open();
string query = "SELECT Admin FROM Users WHERE [Admin] = 1 and [Email] = @email AND [Password] = @password";
DataTable dt = new DataTable();
SqlCommand command = new SqlCommand(query, connection);
command.Parameters.AddWithValue("@email", email);
command.Parameters.AddWithValue("@password", password);
using (SqlDataAdapter adapter = new SqlDataAdapter(command))
{
adapter.Fill(dt);
if (dt.Rows.Count > 0)
{
return true;
}
}
connection.Close();
return false;
}