62,046
社区成员
发帖
与我相关
我的任务
分享
protected void CustomLogin_Login(object sender, EventArgs e)
{
//定义IRET初始值
int iRet = -1;
try
{
//建立ADO连接,并调用VERFIUSER存储过程
SqlCommand cmd = Conn.CreateCommand();
Conn.Open();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "VerfiUser";
cmd.Parameters.Add("@username", SqlDbType.VarChar).Value = CustomLogin.username;
cmd.Parameters.Add("@password", SqlDbType.VarChar).Value = CustomLogin.password;
//返回存储过程值
SqlParameter paraOut = cmd.Parameters.Add("@RETURN_VALUE",SqlDbType.Int);
paraOut.Direction = ParameterDirection.ReturnValue;
SqlDataReader dr = cmd.ExecuteReader(CommandBehavior.CloseConnection);
iRet = Convert.ToInt32(cmd.Parameters["@RETURN_VALUE"].Value);
//校验验证码
if (Request.Cookies["CheckCode"] == null)
{
lblErrMsg.Text = "您的浏览器禁用了COOKIES,您必须设置浏览器允许使用COOKIES才能使用本系统!";
lblErrMsg.Visible = true;
return;
}
if (String.Compare(Request.Cookies["CheckCode"].Value, CustomLogin.chkcode.ToString(), true) != 0)
{
lblErrMsg.Text = "验证码错误,请重新输入";
lblErrMsg.Visible = true;
return;
}
//判断返回值
switch (iRet)
{
case 0: //通过验证 重定向页面
while (dr.Read())
{
Session["Logon"] = dr["client_code"].ToString();
Session["user"] = dr["UserName"].ToString();
}
dr.Close();
if (Request.Params["type"] != null)
{
Response.Redirect("Report.aspx?type=" + Request.QueryString["type"].ToString() + "");
}
else
{
if (RequestUrl != "")
{
Response.Redirect("Logon.aspx?RequestUrl=" + RequestUrl);
}
Response.Redirect("Logon.aspx");
}
break;
case 1://密码错误
lblErrMsg.Text = "密码输入错误,请重试";
dr.Close();
break;
case 2://用户名不存在
lblErrMsg.Text = "不存在\"" + CustomLogin.username + "\"的用户!";
dr.Close();
break;
default:
break;
}
}
catch (SqlException ex)
{
lblErrMsg.Text = "SQL语句错误\n" + ex.Message;
}
finally
{
//关闭数据库
Conn.Close();
}
}
CREATE procedure [dbo].[VerfiUser]
(
@username varchar(50),
@password varchar(50)
)
as
declare @strSQL varchar(1000)
set @strSQL='select * from UserTable where UserName='''+@username+''' and PassWord='''+@password+''''
print @strSQL
if exists
(
select C_id from UserTable where UserName=@username
and PassWord=@password
)
begin
exec(@strSQL)
return 0 --验证成功
end
if exists
(
select C_id from UserTable where UserName=@username
)
return 1 --密码错误
return 2 --用户不存在