登录页面一直报错,求指教。
浅壹点 2013-05-29 08:43:35 using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection cn = Com.GetConnection();
SqlCommand cmd = new SqlCommand("select password,salt,role from Login where loginID=@loginID", cn);
SqlParameter id = new SqlParameter("@loginID",SqlDbType.VarChar);
id.Value= tbUserID.Text;
cmd.Parameters.Add(id);
SqlDataReader dr = null;
try
{
cn.Open();
dr = cmd.ExecuteReader();
if (dr.Read()) // 返回有记录,即存在该用户ID
{
string pwd = tbPassword.Text + dr["salt"].ToString();
pwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "SHA1");
if (pwd == dr["password"].ToString()) // 认证成功
{
Session["LoginID"] = tbUserID.Text;
string role = dr["role"].ToString();
Session["LoginRole"] = role;
Response.Redirect("Default.aspx");
return;
}
else // 密码不正确
{
Com.MessageBox("密码不正确,请回到登录界面重新登录!", "登录验证", "../Login.aspx");
return;
}
}
else // 不存在该用户ID的记录
{
Com.MessageBox("不存在该用户,请回到登录界面重新登录!", "登录验证", "../Login.aspx");
return;
}
}
catch (SqlException ex)
{
Com.MessageBox("数据库操作出错!出错信息为:\n" + ex.Message + "请回到登录界面重新登录!", "登录验证", "../Login.aspx");
}
finally
{
dr.Close();
cn.Close();
}
}
}