登录页面未正确重定向
[英]Login Page not getting redirected properly
问题描述
I've made a basic Login Page using textboxes. 
我已经使用文本框制作了一个基本的登录页面。 I'm validating the users from the database created. 我正在从创建的数据库验证用户。 Below is my backend code: 以下是我的后端代码:
protected void btnSubmit_Click(object sender, EventArgs e)
{
SqlDataReader sdrDatanew = null; //Read rows one by one.
string strnew;
string connectionString = WebConfigurationManager.ConnectionStrings["Gen_LicConnectionString"].ConnectionString; //Define new connectionstring
SqlConnection connew = new SqlConnection(connectionString); //establishes a new sql connection
connew.Open(); //Opens Connection
strnew = "select User_Type from User_Details where User_Type='" + ddlUserSel.SelectedItem.Value + "' AND LoginID = '" + txtUserName.Text + "' AND Password = '" + txtPassword.Text + "'";
SqlCommand sqlCommnew = new SqlCommand(strnew, connew); //passes the command and connection
sdrDatanew = sqlCommnew.ExecuteReader(); //For select command
int userType = 0;
if (sdrDatanew.HasRows)
{
if (sdrDatanew.Read())
{
userType = Convert.ToInt32(sdrDatanew["User_Type"].ToString());
}
}
switch (userType)
{
case 0:
Response.Redirect("Lic_Gen.aspx");
break;
case 1:
Response.Redirect("Cust_Page.aspx");
break;
default:
lblDisp.Text= "Invalid User/Password";
break;
}
connew.Close();
}
This is my frontend code: 这是我的前端代码:
<div>
<h2 class="style12">
LOGIN</h2>
<p class="style10">
</p>
<table align="center" cellpadding="2" cellspacing="5" style="border-width: thick;
border-style: outset; height: 195px;" class="style14">
<tr>
<td class="style16" style="border-style: none; font-family: 'Times New Roman', Times, serif;
font-size: 17.5px; font-weight: bold; font-style: normal">
User Type</td>
<td class="style17">
<asp:DropDownList ID="ddlUserSel" runat="server" Height="25px" Width="260px" CssClass="drp">
<asp:ListItem Value="0">Admin</asp:ListItem>
<asp:ListItem Value="1">Customer</asp:ListItem>
</asp:DropDownList>
</td>
</tr>
<tr>
<td class="style16" style="border-style: none; font-family: 'Times New Roman', Times, serif;
font-size: 17.5px; font-weight: bold; font-style: normal">
Login
</td>
<td class="style17">
<asp:TextBox ID="txtUserName" runat="server" Width="250px" CssClass="Textbox1" MaxLength="15"></asp:TextBox>
<asp:RequiredFieldValidator ID="reqUserName" runat="server" ErrorMessage="*" ForeColor="Red"
ControlToValidate="txtUserName" Font-Size="Large"></asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td class="style16" style="font-family: 'Times New Roman', Times, serif; font-size: 17.5px;
font-weight: bold; font-style: normal">
Password
</td>
<td class="style17">
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password" Width="250px" CssClass="Textbox1" MaxLength="15"></asp:TextBox>
<asp:RequiredFieldValidator ID="reqPassword" runat="server" ErrorMessage="*" ForeColor="Red"
ControlToValidate="txtPassword" Font-Size="Large"></asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<asp:Label ID="lblDisp" runat="server" ForeColor="Red"></asp:Label>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<asp:Button ID="btnSubmit" runat="server" CssClass="btn1" Text="Submit"
OnClick="btnSubmit_Click" Width="80px"/>
<asp:Button ID="btnCancel" runat="server" CssClass="btn1" Text="Cancel"
OnClick="btnCancel_Click" Width="80px"/>
</td>
</tr>
</table>
</div>
Now I'm having the following issues: 现在,我遇到以下问题:
- Irrespective of the user type, the page always gets redirected to
Lic_Gen.aspx.无论用户类型如何,页面总是会重定向到Lic_Gen.aspx。 - Even if I enter the wrong password, the page still gets redirected to
Lic_Gen.aspx.即使我输入了错误的密码,页面仍会重定向到Lic_Gen.aspx。 - The page should also check whether the userType entered ie
AdminorCustomershould be valid with that particularLogin IDandPassword.该页面还应检查输入的userType(即Admin或Customer对于该特定的Login ID和Password是否有效。 But I can't get to that either.但是我也无法做到这一点。
I know these issues are arriving because of the fact I've explicitly defined UserType value as 0 . 我知道这些问题已经到来,因为我已经将UserType值明确定义为0 。
When I tried converting it with the following code: int userType = Convert.ToInt32(strnew); 当我尝试使用以下代码进行转换时: int userType = Convert.ToInt32(strnew); it doesn't work. 它不起作用。
So any guidelines on how to improve my basic page? 那么关于如何改善我的基本页面的任何准则?
3 个解决方案
解决方案1
2 2012-12-17 07:25:35
The code you have written is wrong. 您编写的代码是错误的。 It will redirect even if wrong password is entered since you give a value 0 to userType even if no results is returned from the sql query. 即使您输入了错误的密码,它也会重定向,因为您给userType赋予了0值,即使sql查询未返回任何结果。 Also I am assuming that the query is not returning any values which is creating the page to get redirected everytime to Lic_Gen.aspx . 我也假设查询没有返回任何值,该值正在创建要每次重定向到Lic_Gen.aspx的页面。 I recommend you to have a look at ASP membership framework which provides all this functions without all these codes... 我建议您看一下ASP成员资格框架,该框架无需所有这些代码即可提供所有这些功能。
解决方案2
1 已采纳 2012-12-17 07:24:47
Based on provided code, possible problems are : 根据提供的代码,可能出现的问题是:
- No data returned in
sdrDatanew, hence theuserTypealways remains0sdrDatanew没有返回数据,因此userType始终为0 - Data from DB returned under
sdrDatanew["User_Type"]is always 0 (string), hence theuserTypealways remains0在sdrDatanew["User_Type"]下从DB返回的数据始终为0(字符串),因此userType始终为0
Please use above points to debug further and I see no issues in code. 请使用以上几点进行进一步调试,我发现代码中没有问题。
CAUTION : Your code is vulnerable to SQL Injection attack. 注意:您的代码容易受到SQL Injection攻击。 Please read details @ http://en.wikipedia.org/wiki/SQL_injection . 请阅读详细信息@ http://en.wikipedia.org/wiki/SQL_injection 。 If you are planning to publish this web site somewhere, you will be in trouble for sure. 如果您打算将该网站发布在某个地方,那么肯定会遇到麻烦。
解决方案3
0 2012-12-17 07:43:17
Do not use sdrDatanew.HasRows , only check Data reader Read() method: 不要使用sdrDatanew.HasRows ,仅检查Data reader的Read()方法:
int userType = -1;
if (sdrDatanew.Read())
{
userType = Convert.ToInt32(sdrDatanew["User_Type"].ToString());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.