因此,基本上我希望它具有用户和管理员访问权限级别,因此当我单击表单中的登录名时,它将检查用户名和密码是否在admin上设置,然后转到admin表单,然后如果其用户将转到用户形式...我在这里有我的代码,它可以完美地工作,只是我无法弄清楚系统在转到另一种形式之前如何检查通行证和用户名是用户还是管理员,这里是代码btw 预先感谢!
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btLogin.Click
If tbUser.Text = Nothing Or tbPass.Text = Nothing Then
MsgBox("Please Enter Valid Username and Password", MsgBoxStyle.Exclamation)
Else
If connection.State = ConnectionState.Closed Then
connection.Open()
End If
Dim cmd As New OleDbCommand("select count(*) from dbLogin where dbUser=? and dbPass=?", connection)
cmd.Parameters.AddWithValue("@1", OleDbType.VarChar).Value = tbUser.Text
cmd.Parameters.AddWithValue("@2", OleDbType.VarChar).Value = tbPass.Text
Dim count = Convert.ToInt32(cmd.ExecuteScalar())
If (count > 0) Then
MsgBox("Login Succeed", MsgBoxStyle.Information)
Menuvb.Show()
Me.Hide()
Else
MsgBox("Account not Registered", MsgBoxStyle.Critical)
End If
End If
End Sub
答案 0 :(得分:0)
您应该查看数据库的返回结果,而不是简单地检查用户是否存在。假设您有一个用户角色字段,例如dbRole
。您可以使用以下代码:
Dim connectionString As String = "provider=Microsoft.ACE.OLEDB.12.0;data source=" & dbPath
Dim connection As New OleDbConnection(connectionString)
connection.Open()
Dim cmd As New OleDbCommand("", connection)
Dim adapter As New OleDbDataAdapter(cmd)
Dim SQL As String = "SELECT * FROM dbLogin WHERE dbUser = @USER"
adapter.SelectCommand.CommandText = SQL
adapter.SelectCommand.Parameters.Add("@USER", OleDbType.VarChar).Value = userName
Dim dtTbl As New DataTable()
adapter.Fill(dtTbl)
connection.Close()
If (dtTbl.Rows.Count() = 0) Then
' user not found, don't tell your user or they might be able to brute force all valid user names. just say login failed as if the password were wrong.
Else If (dtTbl.Rows.Count() > 1) Then
' db error. user should only appear once
Else
' 1 user found.
Dim row As DataRow = dtTbl.Rows(0)
Dim dbPwd As String = If(IsDBNull(row("dbPass")), String.Empty, row("dbPass").ToString())
Dim dbRole As String = If(IsDBNull(row("dbRole")), String.Empty, row("dbRole").ToString())
'
' Do what you need to do here. (if dbRole = "admin", password check, etc)
End If
最好有一个函数,该函数需要一个SQL查询和一个Dictionary(Of String, Tuple(Of Object, OleDbType))
并为您返回数据表。
''' <summary>
''' Fills a DataTable from an SQL Query
''' </summary>
''' <param name="SQL">SQL Query, Parameters start with @</param>
''' <param name="parameters">Parameters. Key = parameterName, without @. value = (parameter value, OleDbType)</param>
''' <returns>Filled DataTable</returns>
Public Function QueryDatasource(SQL As String, parameters As Dictionary(Of String, Tuple(Of Object, OleDbType))) As DataTable
Dim ret As DataTable = New DataTable()
Dim cmd As OleDbCommand ' IDbCommand
Dim adapter As OleDbDataAdapter ' IDbDataAdapter
connection.Open() ' connection is an OleDbConnection in class scope here.
cmd = New OleDbCommand("", connection)
adapter = New OleDbDataAdapter(cmd)
adapter.SelectCommand.CommandText = SQL
If (parameters IsNot Nothing) Then
For Each parameterName As String In parameters.Keys
If (SQL.Contains("@" + parameterName)) Then
adapter.SelectCommand.Parameters.Add("@" + parameterName, parameters(parameterName).Item2).Value = parameters(parameterName).Item1
End If
Next
End If
adapter.Fill(ret)
connection.Close()
Return ret
End Function
请注意:切勿将您的密码以明文形式存储在数据库中。使用摘要功能,例如BCrypt。 BCrypt-Next是可用于DotNet的nuget,并且易于使用。