程序代码:
下面是代码,看下应该怎么修改
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
public partial class LoginLibrary : System.Web.UI.Page
{
private string connString = ConfigurationManager.ConnectionStrings["LibraryConnectionString"].ToString();
private SqlConnection sqlCon;
private SqlDataReader sqlDa;
protected void Page_Load(object sender, EventArgs e)
{
if (Session["UserName"] == null || Session["UserName"].ToString() == "")
{
txtName.Focus();
}
else
{
Response.Redirect("LoginManage/LoginOk.aspx");
}
}
protected void imgCancel_Click(object sender, ImageClickEventArgs e)
{
Response.Write("<script>window.close();</script>");
}
protected void imgSubmit_Click(object sender, ImageClickEventArgs e)
{
try
{
sqlCon = new SqlConnection(connString);
if (sqlCon.State == ConnectionState.Closed)
{
sqlCon.Open();
}
SqlCommand sqlCmd = new SqlCommand();
sqlCmd.Connection = sqlCon;
= "Select * from tb_admin Where username='" + txtName.Text.Trim() + "'";
sqlDa = sqlCmd.ExecuteReader();
if (Session["UserName"] == null || Session["UserName"].ToString() == "")
{
if (sqlDa.HasRows)
{
while (sqlDa.Read())
{
if (txtPwd.Text.Trim() == sqlDa["password"].ToString().Trim() && txtCode.Text.ToLower() == Session["CheckCode"].ToString()&&txtName.Text.Trim()=="admin")
{
//Session["User"] = dr.GetValue(0)
Session["UserName"] = txtName.Text.Trim();
FormsAuthentication.RedirectFromLoginPage(txtName.Text, false);
FormsAuthentication.SetAuthCookie(txtName.Text, false);
Response.Redirect("Default.aspx");
}
else if(txtPwd.Text.Trim() == sqlDa["password"].ToString().Trim() && txtCode.Text.ToLower() == Session["CheckCode"].ToString())
{
Session["UserName"] = txtName.Text.Trim();
FormsAuthentication.RedirectFromLoginPage(txtName.Text, false);
FormsAuthentication.SetAuthCookie(txtName.Text, false);
Response.Redirect("User/Default.aspx");
}
else if (txtPwd.Text.Trim() != sqlDa["password"].ToString())
{
Response.Write("<script>alert('密码输入错误!')</script>");
}
else if (txtCode.Text.ToLower() != Session["CheckCode"].ToString())
{
Response.Write("<script>alert('验证码输入错误!')</script>");
}
}
}
else
{
Response.Write("<script>alert('非法登录,没有此用户!')</script>");
}
}
else
{
Response.Redirect("LoginManage/LoginOk.aspx");
}
}
catch (SqlException ex)
{
Response.Write("<scrip>alert('"+ex.Message+"')</script>");
}
finally
{
if (sqlCon.State == ConnectionState.Open)
{
sqlCon.Close();
}
}
}
}