我创建了一个名为[reg]的数据库表,该表存储着包括角色在内的用户详细信息。该表中有一列称为角色,这是父母和老师这两个角色。所以我想根据他们的角色将他们重定向到不同的主页。我怎样才能做到这一点??请帮助。
这是我的login.cs代码,如下所示:
public partial class Login : System.Web.UI.Page
{
SqlConnection con = new SqlConnection();
protected void Page_Load(object sender, EventArgs e)
{
}
protected void ButtonLogin_Click1(object sender, EventArgs e)
{
con.ConnectionString = "Data Source=DESKTOP-H7KQUT1;Initial Catalog=Registration;Integrated Security=True";
con.Open();
string checkuser = "select count(*) from [reg] where Username = '" + TextBoxUser.Text + "'";
SqlCommand cmd = new SqlCommand(checkuser, con);
int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
if (temp == 1)
{
string checkPasswordQuery = "select Pass from [reg] where Username= '" + TextBoxUser.Text + "'";
SqlCommand passCom = new SqlCommand(checkPasswordQuery, con);
string password = passCom.ExecuteScalar().ToString().Replace(" ","");
if (password == TextBoxPass.Text)
{
Session["New"] = TextBoxUser.Text;
Session["Username"] = TextBoxUser.Text;
MessageBox.Show("Password is correct");
Response.Redirect("HomeTeacher.aspx");
}
else
{
MessageBox.Show("Password is not correct");
}
}
else
{
MessageBox.Show("Username is not correct");
}
con.Close();
}
}
答案 0 :(得分:1)
这里有很多东西,所以我添加了很多评论来解释这些变化。
protected void ButtonLogin_Click1(object sender, EventArgs e)
{
//Don't re-use the connection object.
// ADO.Net has a feature called connection pooling, and re-using the
// connection object interferes with it.
// This is the rare case where you really do want to create
// a new instance almost every time
string checkuser = "select Role, Salt, PwdHash from [reg] where Username = @Username";
string role = "", goodHash = "", salt = "";
//The using blocks will make sure the connection is closed,
// **even if an exception is thrown**.
using (var con = new SqlConnection("Data Source=DESKTOP-H7KQUT1;Initial Catalog=Registration;Integrated Security=True"))
using (var cmd = new SqlCommand(checkuser, con))
{
//**ALWAYS** use parameters like this to include data in the query that
// has any chance to be influenced in any way by the user
cmd.Parameters.Add("@Username",SqlDbType.NVarChar, 50).Value = TextBoxUser.Text;
con.Open();
using (var rdr = cmd.ExecuteReader())
{
if (!rdr.Read()) // no record for this user
{
//Common practice is to NOT make it obvious whether the username or password was wrong,
// though there is debate in security circles whether that's really necessary.
//Also, **DON'T USE MESSAGEBOX IN WEB APPS!**
// It doesn't work at all the way you think.
Response.Redirect("InvalidLogin.aspx");
return;
}
//For convenience, I'll assume nothing is NULL if we actually have a record
//Done right, the salt and password are often byte arrays, but base64 strings are common, too.
salt = (string)rdr["Salt"];
goodHash = (string)rdr["PwdHash"];
role = (string)rdr["Role"];
}
}
//You'll need to write this function on your own,
// but there are libraries on NuGet that make it easy
var attemptedHash = GetBCryptHash(salt, TextBoxPass.Text);
if (attemptedHash != goodHash)
{
Response.Redirect("InvalidLogin.aspx");
return;
}
Session["New"] = TextBoxUser.Text;
Session["Username"] = TextBoxUser.Text;
Session["Role"] = role;
if (role == "Teacher")
{
Response.Redirect("HomeTeacher.aspx");
}
else
{
Response.Redirect("HomeStudent.aspx");
}
}
这里还是没有所有多余的注释:
protected void ButtonLogin_Click1(object sender, EventArgs e)
{
string checkuser = "select Role, Salt, PwdHash from [reg] where Username = @Username";
string role = "", goodHash = "", salt = "";
using (var con = new SqlConnection("Data Source=DESKTOP-H7KQUT1;Initial Catalog=Registration;Integrated Security=True"))
using (var cmd = new SqlCommand(checkuser, con))
{
cmd.Parameters.Add("@Username",SqlDbType.NVarChar, 50).Value = TextBoxUser.Text;
con.Open();
using (var rdr = cmd.ExecuteReader())
{
if (!rdr.Read()) // no record for this user
{
Response.Redirect("InvalidLogin.aspx");
return;
}
salt = (string)rdr["Salt"];
goodHash = (string)rdr["PwdHash"];
role = (string)rdr["Role"];
}
}
// You still need to write this function, and you'll still want to rely on nuget
var attemptedHash = GetBCryptHash(salt, TextBoxPass.Text);
if (attemptedHash != goodHash)
{
Response.Redirect("InvalidLogin.aspx");
return;
}
Session["New"] = TextBoxUser.Text;
Session["Username"] = TextBoxUser.Text;
Session["Role"] = role;
if (role == "Teacher")
{
Response.Redirect("HomeTeacher.aspx");
}
else
{
Response.Redirect("HomeStudent.aspx");
}
}
答案 1 :(得分:0)
如果要根据用户角色重定向用户,这很简单:
string getUserRole = "SELECT Role from [reg] where Username= @User";
Using;
SqlCommand sqlCmd = new SqlCommand(sql, con);
sqlCmd.Parameters.Add("@User", SqlDbType.String).Value = TextBoxUser.Text;
String userRole = roleCmd.ExecuteScalar().ToString().Replace(" ","");
End Using;
con.Close();
if userRole = your_user_role
//redirect 1
else
// redirect 2
我建议您看看:
sqlCmd.Parameters.Add("@User", SqlDbType.String).Value = TextBoxUser.Text;
始终使用参数非常容易。
以这一行为例,在需要从用户输入中获取数据的每个查询中添加参数。