Conn.Open();
namespace case21
{
/// <summary>
/// WebForm1 的摘要说明。
/// </summary>
public class WebForm1 : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label login_title;
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.Label Label2;
protected System.Web.UI.WebControls.TextBox txtlogname;
protected System.Web.UI.WebControls.TextBox txtlogpwd;
protected System.Web.UI.WebControls.Button submit;
protected System.Web.UI.WebControls.Button cancel;
protected System.Web.UI.WebControls.Label message;
private string strConnectionString;
SqlConnection conn;
SqlCommand com;
private void Page_Load(object sender, System.EventArgs e)
{
// 在此处放置用户代码以初始化页面
strConnectionString = System.Configuration.ConfigurationSettings.AppSettings["ConnectionString"];
conn = new SqlConnection(strConnectionString);
}
#region Web 窗体设计器生成的代码
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// 设计器支持所需的方法 - 不要使用代码编辑器修改
/// 此方法的内容。
/// </summary>
private void InitializeComponent()
{
this.submit.Click += new System.EventHandler(this.submit_Click);
this.cancel.Click += new System.EventHandler(this.cancel_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void cancel_Click(object sender, System.EventArgs e)
{
txtlogname.Text="";
txtlogpwd.Text="";
}
//检测用户输入的用户名和密码的正确性
private void submit_Click(object sender, System.EventArgs e)
{
string str;
if(txtlogname.Text==""||txtlogpwd.Text=="")
{
Response.Write("<script>javascript:alert('您输入的用户名或密码有一项为空,为了安全起见,请每项都输入!');</script>");
Response.Write("javascript:window.location='Login.aspx'");
}
else
{
str="select username from login where login_ID='" + txtlogname.Text + "' and password='" + txtlogpwd.Text + "'";
com=new SqlCommand(str,conn);
conn.Open();
string user_name=Convert.ToString(com.ExecuteScalar());
if(user_name!=null)
{
Input(user_name);
}
else
{
message.Visible=true;
message.Text="您不是公司的员工,无权访问!";
}
conn.Close();
}
}
private void Input(string name)
{
Session["UserID"]=txtlogname.Text;
Session["username"]=name;
string level="select login_level from login where login_ID='" + txtlogname.Text + "'";
conn.Open();
com=new SqlCommand(level,conn);
string lev=Convert.ToString(com.ExecuteScalar()); //执行查询,并返回查询所返回的结果集中第一行的第一列
Session["login_level"]=Convert.ToInt32(lev);
if(Convert.ToInt32(lev)==0)
{
Response.Write("<script>javascript:alert('您是超级用户,具有管理员工信息的权限!');</script>");
Response.Redirect("manage.aspx");
}
else
{
Response.Write("<script>javascript:alert('您是普通用户,只具有一般的浏览和查询的权限!');</script>");
Response.Redirect("search_person.aspx");
}
}
}
}