110,533
社区成员
发帖
与我相关
我的任务
分享
//数据库底层类
//业务实体类
namespace Model
{
public class User
{
private string userNo;
public string UserNo
{
get { return userNo; }
set { userNo = value; }
}
private string loginName;
public string LoginName
{
get { return loginName; }
set { loginName = value; }
}
private string loginPassward;
public string LoginPassward
{
get { return loginPassward; }
set { loginPassward = value; }
}
private string roleNo;
public string RoleNo
{
get { return roleNo; }
set { roleNo = value; }
}
}
}
//接口层我省略了
//业务逻辑层
namespace BLL
{
public class UserService
{
SqlHelper sqlhelper = new SqlHelper();
/// <summary>
/// 验证用户登录,返回用户登录信息
/// </summary>
/// <param name="user">用户实体类</param>
/// <returns>用户信息</returns>
public string UserLogin(User user)
{
string returnstr = "";
string safeString = "select * from tb_User where LoginName=" + "'" + user.LoginName + "'";
DataTable datatable = sqlhelper.RunSafeSqlGetDt(safeString);
if (datatable.Rows.Count>0)
{
string safeString1 = "select * from tb_User where LoginName="+"'"+ user.LoginName +"'"+ " and LoginPassward=" +"'"+ user.LoginPassward+"'";
DataTable datatable1 = sqlhelper.RunSafeSqlGetDt(safeString1);
if (datatable1.Rows.Count>0)
{
string safeString2 = "select a.UserNo,a.LoginName,b.RoleName from tb_User a inner join tb_Role b on a.RoleNo=b.RoleNo where a.LoginName=" + "'" + user.LoginName + "'" + " and a.LoginPassward=" + "'" + user.LoginPassward + "'";
DataTable dt = sqlhelper.RunSafeSqlGetDt(safeString2);
returnstr += dt.Rows[0][0].ToString() + ",";
returnstr += dt.Rows[0][1].ToString() + ",";
returnstr += dt.Rows[0][2].ToString() + ",";
}
else
{
returnstr = "2";
}
}
else
{
returnstr = "1";
}
return returnstr;
}
}
}
//前台登陆
protected void btnAdminLogin_Click(object sender, EventArgs e)
{
if (this.txtLoginName.Value.ToString().Trim() == string.Empty || this.txtLoginPassward.Value.ToString().Trim() == string.Empty || this.txtCheckCode.Value.ToString().Trim() == string.Empty)
{
this.spanCheckUserLogin.InnerHtml = "<font color=red>用户名或密码或验证码不能为空!</font>";
}
else if (this.txtCheckCode.Value.ToString().Trim() != Request.Cookies["CheckCode"].Value.ToString())
{
this.spanCheckUserLogin.InnerHtml = "<font color=red>验证码错误!</font>";
}
else
{
UserService userservice = new UserService();
User user = new User();
user.LoginName = this.txtLoginName.Value.ToString().Trim();
user.LoginPassward = this.txtLoginPassward.Value.ToString().Trim();
string userinfo = userservice.UserLogin(user);
if (userinfo.Trim() == "1")
this.spanCheckUserLogin.InnerHtml = "<font color=red>用户名不存在!</font>";
else if (userinfo.Trim() == "2")
this.spanCheckUserLogin.InnerHtml = "<font color=red>密码错!</font>";
else
{
string[] array = userinfo.Split(',');
Session["LoginName"] = array[1];
Session["UserNo"] = array[0];
Session["RoleName"] = array[2];
Response.Redirect("AdminDefault.aspx");
}
}
}
namespace BYJ.SQLServerDAL
{
public class UserDAL:IUserDAL
{
public bool IsRight(String zgxm, string password)
{
string sql = "select 1 from yhxx where 你数据库里面表示用户名的字段='"+zgxm+"'"; //这里你验证他是不是本站用户 只需要验证数据库存在不存在用户名就好了
DataTable dt=这里调用那个执行语句返回数据表的方法(sql);
if(dt.Rows.Count>0)
return true
else
return false;
}
}