检查案例/大小写 [英] Check for cases/capitalization
问题描述
我正在尝试实施一个系统日志,它甚至会检查密码和用户名中字母的大小写,例如,如果保存在数据库中的用户名是account_name;然后当用户输入ACCOUNT_NAME作为他/她的用户名与密码相同时,用户无法登录。
请帮助我,这是我的代码:
$ VB页面上的b $ b
如果 blUser.checkLogin(txtUN.Text,txtPW.Text)= True 然后
Dim idUser As 整数
idUser = blUser.UserID
Response.Cookies( UserID)。Value = Convert。 ToString(idUser)
Response.Cookies( UserType)。Value = Convert.ToString (blUser.UserType)
Response.Cookies( FirstName)。 = Convert.ToString(blUser.FirstName)
Response.Cookies( SchoolOfficeID)。 Value = Convert.ToString(blUser.SchoolOfficeID)
Response.Cookies( 密码) .Value = Convert.ToString(blUser.Password)
Response.Redirect( 〜/ Transactions03.aspx)
on BL
public Boolean checkLogin( string UserName, string 密码)
{
DataTable退出;
DAUsers daUser = new DAUsers();
exiting = daUser.loginCheckDA(UserName,Password);
if (exiting.Rows.Count> 0 )
{
UserID = Convert.ToInt32(exiting.Rows [ 0 ] [ 用户ID跨度>]的ToString());
UserType = exiting.Rows [ 0 ] [ 用户类型跨度>]的ToString();
LastName = exiting.Rows [ 0 ] [ 名字跨度>]的ToString();
FirstName = exiting.Rows [ 0 ] [ 姓跨度>]的ToString();
MiddleName = exiting.Rows [ 0 ] [ 中间名跨度>]的ToString();
SchoolOfficeID = Convert.ToInt32(exiting.Rows [ 0 ] [ SchoolOfficeID跨度>]的ToString());
返回 true;
} 其他 {
return false;
}
}
关于DA
public DataTable loginCheckDA( string username, string password)
{
string sql = SELECT * FROM UserAccount WHERE AccntStatus喜欢'Active'AND UserName like' + username + '和密码类似' +密码+ '跨度>;
DataTable dt = GetDataTable(sql,null);
return dt;
}
您可以使用此提示。 ;)
[这里:D ]
你在设计中犯了几个重大的错误。第一个是在数据库中以明文形式存储用户密码。
第二个错误是使用字符串连接来构建SQL查询。
想想这个:如果用户键入whocares,该怎么办? DROP TABLE UserAccount; -进入用户名框?我会给你一个提示:你会被当场终止。不要以为它会发生?再想想。它只需要发生一次。
阅读这些 [ ^ ]和这些 [< a href =https://www.google.com/#psj=1&q=hash+and+salt+passwords+in+c%23\"target =_ blanktitle =New Window> ^ 一>]。
I'am trying to implement a system log in where it checks even the cases of the letters in passwords and username, for example if the username saved on the database was account_name; then the user cannot log in when he/she enters ACCOUNT_NAME as his/her username same with password.
Please help me, here's my code:
on VB page
If blUser.checkLogin(txtUN.Text, txtPW.Text) = True Then
Dim idUser As Integer
idUser = blUser.UserID
Response.Cookies("UserID").Value = Convert.ToString(idUser)
Response.Cookies("UserType").Value = Convert.ToString(blUser.UserType)
Response.Cookies("FirstName").Value = Convert.ToString(blUser.FirstName)
Response.Cookies("SchoolOfficeID").Value = Convert.ToString(blUser.SchoolOfficeID)
Response.Cookies("Password").Value = Convert.ToString(blUser.Password)
Response.Redirect("~/Transactions03.aspx")
on BL
public Boolean checkLogin(string UserName, string Password)
{
DataTable exiting;
DAUsers daUser = new DAUsers();
exiting = daUser.loginCheckDA(UserName, Password);
if (exiting.Rows.Count > 0)
{
UserID = Convert.ToInt32(exiting.Rows[0]["UserID"].ToString());
UserType = exiting.Rows[0]["UserType"].ToString();
LastName = exiting.Rows[0]["LastName"].ToString();
FirstName = exiting.Rows[0]["FirstName"].ToString();
MiddleName = exiting.Rows[0]["MiddleName"].ToString();
SchoolOfficeID =Convert.ToInt32( exiting.Rows[0]["SchoolOfficeID"].ToString());
return true;
}else{
return false;
}
}
on DA
public DataTable loginCheckDA(string username, string password)
{
string sql = "SELECT * FROM UserAccount WHERE AccntStatus like 'Active' AND UserName like '" + username + "' AND Password like '" + password + "'";
DataTable dt = GetDataTable(sql, null);
return dt;
}
You can use this tip. ;)
[Here :D]
You're making a couple of monsterous mistakes in your design. The first of which is storing user passwords in clear text in your database.
The second mistake is using string concatenation to build your SQL query.
Think about this one: What if a user typedwhocares; DROP TABLE UserAccount; --into the Username box?? I'll give you a hint: You'd be terminated on the spot. Don't think it'll happen?? Think again. It only has to happen once.
Read these[^] and these[^].
这篇关于检查案例/大小写的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!